Standard Error Messages can be added in the Model Annotation A customised Error

Standard error messages can be added in the model

  • Monash University
  • FIT 5032
  • Notes
  • JackyZh
  • 21
  • 100% (4) 4 out of 4 people found this document helpful

This preview shows page 12 - 16 out of 21 pages.

Standard Error Messages can be added in the Model Annotation A customised Error message can be given in the view @Html.ValidationMessageFor(model => model.Name, "Please Enter a Name", new { @class = "text-danger" }) A Summary of the Validation Errors (excluding those already given) can be made @Html.ValidationSummary(true, "", new { @class = "text-danger" }) All the error messages can be summarised by setting excludePropertyErrors = false @Html.ValidationSummary(false, "", new { @class = "text-danger" }) Usability: 1.Overall Application design motivated by what the user wants or needs Not what the technology can deliver 2.Once User Stories provide the design usability features can further enhance the usability of the application 3.We’ll look at features such astool tips Html Helper in ASP.Net MVC can take additional parameters (either directly) or via HtmlAttributes specifying pass through parameters for the HTML @Html.TextBox("MyTextbox", new { title = "I'm a Tooltip!"}) Or for some Html helpers using the htmlattributes @Html.EditorFor(model => model.Name, new { htmlAttributes = new { title = "This is where you type in your name"} }) tab index on user input @Html.EditorFor(model => model.phone, new { htmlAttributes = new { @class =
Background image
"form-control", tabindex = 1 } }) and relevant hot keys. Hotkeys allow the user to jump to a specific input element based on the key pressed (e.g. ALT-d) use htmlAttribute with accesskey to the relevent ASP.Net MVC Html helper for the input element @Html.EditorFor(model => model.todaysDate, new { htmlAttributes = new { @class = "form-control" , accesskey = "d" } })
Background image
OWASP Top 10 Web Application Security Risks 1. Injection 2. Broken Authentication and Session Management 3. Sensitive Data Exposure 4. XML External Entity 5. Broken Access Control 6. Security Misconfiguration 7. Cross-Site Scripting 8. Insecure deserialization 9. Using Components With Known Vulnerabilities 10.Insufficient Logging and Monitoring Hash Hashing is an ideal way to store passwords, as hashes are inherently one-way in their nature. When storing a password, hash it with a salt, and then with any future login attempts, hash the password the user enters and compare it with the stored hash. --[Authorize]: Securing an action We can specify roles in the application by adding entries in the AspNetRoles table
Background image
Secured controller, can have unsecured action "[AllowAnonymous]" annotation for that action. secured using the roles:Use '[Authorize(Roles = "Administrator")]‘Multiple Roles [Authorize(Roles = "HRManager,Finance")] Allowing Access to Own Data (Only) using Microsoft.AspNet.Identity; ......string currentUserId = User.Identity.GetUserId(); User id to select just the items that are created by the user (for viewing in the index view.) // GET: Articles public ActionResult IndexUserNames() { //return View(db.Articles.ToList()); string currentUserId = User.Identity.GetUserId(); return View(db.Articles.Where(m=> m.AuthorId == currentUserId).ToList()); } // GET: Articles/Create public ActionResult CreateIndividual() { Article article = new Article(); string currentUserId = User.Identity.GetUserId(); article.AuthorId = currentUserId; return View(article); }
Background image
Image of page 16

You've reached the end of your free preview.

Want to read all 21 pages?

  • Three '18
  • Staff

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture