Skip to main content

Posts

Showing posts with the label .net

Introduction to Blazor

Introduction to Blazor with C# Blazor is a modern web framework developed by Microsoft that allows developers to Build interactive web applications using C# and .NET instead of traditional web technologies like JavaScript. Blazor enables you to create web applications using the same language and tools you use to build other .NET applications, such as desktop and mobile applications. It provides a way to write client-side code that runs directly in the browser while leveraging the power of C# and the .NET runtime. How Blazor Works Blazor offers two hosting models: Blazor WebAssembly and Blazor Server. Blazor WebAssembly In the WebAssembly hosting model, the Blazor application is compiled into WebAssembly bytecode, which is a binary instruction format designed for safe and efficient execution in web browsers. This bytecode is downloaded by the browser and executed directly in a secure sandbox environment. The application communicates with the server only during initial dow
Post a Comment
Read more

Preventing iFrame injection in a .net MVC web app

The Problem Statement There is an issue that an malicious attacker can inject iframes within the app so that the iframe can have a source to an external application that is outside of the parent app's domain. Sample Lets consider the app to be hosted at https://app.com/. The attacker could inject an iframe that will contain a source to https://malicious.com/ In this case, we have to prevent any iFrames injected in our app that can point to a domain that is different from ours. To fix this issue, add the following header in the response for each request Solution X-Frame-Options : SAMEORIGIN Web.config Solution <system.webServer> <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> </system.webServer> Global.asax solution protected void Application_Start () { AntiForgeryConfig . SuppressXFrameOptionsHeader = true ; }
Post a Comment
Read more

Custom serialization Using Newtonsoft.Json

When using Newtonsoft. Json to serialize objects, we can avoid few properties from being included in the output for some use case and the same property be included in the serialized output in other cases. There's a feature in the Newtonsoft.Json.NET library, that lets us  determine at runtime whether or not to serialize a particular property of a class / object. During the process of creating a class, we have to include a public method named ShouldSerialize{MemberName} returning a boolean value. Json.NET will call that method during serialization to determine whether or not to serialize the corresponding property of the class. If this method returns true, the property will be serialized; otherwise, it will be ignored. The following illustration shows how this can be achieved. The following is a data definition / class that may be serialized using Newtonsoft.Json.Net public class AuthTypeClaimMapViewModel {     [JsonIgnore]     public bool? _canSerializeName { get;
Post a Comment
Read more

Could not load library when hosting the app in IIS

When an application is deployed in the server and if it throws the could not load library exception, we can enable the x86 support in application pool. In case any assembly was built targeting the x86 platform, this would be the right fix to make the site available. However, it is strongly advised not to target specific platform unless a firm reason be found.
Post a Comment
Read more

Internals of Active Directory Federation Services [ADFS]

The following is an image that illustrates the working internals of Active Directory Federation Services [ADFS]. This image was created out of reading lengthy text contents from various web pages.
Post a Comment
Read more