Archives
-
Looking at how the ASP.NET MVC Authorize interacts with ASP.NET Forms Authorization
ASP.NET MVC includes an [Authorize] attribute, which when placed on any controller actions will forbid unauthorized access. The AuthorizeAttribute allows you to specify a list of roles or users, like this:
-
Preventing Javascript Encoding XSS attacks in ASP.NET MVC
I just posted about cross-site scripting, or XSS attacks, in ASP.NET - take a quick look at that post for some background on XSS attacks. I wanted to take a deeper look at Javascript Encoding XSS attacks. They're a particularly tricky form of XSS, since Javascript encoded values are valid HTML and will pass through default HTML encoding. Here's an example - let's assume we want to add a special welcome message to our home page if a UserName parameter is present so we can send out personalized links to the site in an e-mail promotion. We start by modifying the HomeController / Index method:
-
Using AntiXSS 4.1 Beta as the Default Encoder in ASP.NET
Cross-site scripting attacks, or XSS, are a common web application vulnerability in which an attacker uses your website to present malicious code to another user. OWASP sums it up like this:
-
Better ways to watch the MIX11 videos, Part 2: PowerShell
I just posted about my favorite way to watch videos: streaming the playlist at high speed using VLC. But there are times where you'd like a local copy of the videos, too, e.g. watching them while commuting without internet access.
-
Better ways to watch the MIX11 videos, Part 1: VLC
I'm still catching up on all the great content at MIX 11. There is a ton of great content - 116 videos when I last looked. Scott Hanselman already posted a great summary of ways to get and watch them. With this many videos to watch, though, you might want to bring out some big guns, and that's what this post is all about.