Playing further with ASP.Net Core whilst on my hols... VSCode fun and cool new Anti Forgery Validation

I'm on vacation, 10 days in Norfolk with extremely limited connectivity and action packed days with the kids. Whilst here on two nights everyone has fallen asleep before me so I decided it would be a good time to poke around further at ASP.Net Core as I've still not produced any production code with it yet, only small samples.

Now I don't have my laptop on me but I do an old one that's here purely for any work emergencies and for childcare emergencies, (you know the ones, its 6am and the 2 year old is awake, peppa pig at 6am is an emergency!). This means I have literally nothing on me and I can only tether internet via my wife's iPhone 6 which has barely a bar of signal, this rules out a cloud VM running VS. So I turned to VSCode, its sooo lightweight its easy to download, install and run on this laptop. Get the .Net Core 2.0 SDK and the VSCode C# extension and you are literally running within 30 mins.

I won't go to much into the projects setup and stuff as its well documented but I want to highlight a few things I've stumbled upon and thought worth sharing.

Installing Packages

In Visual Studio I would just use the Nuget package manager UI to manage all of my dependencies, I know I could use the package manager console but I've become lazy and use my mouse too much..... But in VSCode this doesn't exist without further extensions.

So how do you install packages?

Turns out its really simple, bring up your terminal window (be this console, powershell, bash etc) and use the .Net Core CLI. You simply type:

dotnet add package [packagename]

where [packagename] is what you want to install. This then uses Nuget to find the package and install appropriately. Very quick and powerful.

Anti-Forgery Validation

If you have done any ASP.Net MVC applications you have discovered and used Anti Forgery Validation. I won't go into the details as many places discuss its benefits and importance. Within ASP.Net Core I've found things have improved further. Previously with Razor you had the @HTML.AntiForgeryToken helper syntax and attributes which you start to litter your views and controllers with.

Within ASP.Net Core things have been tidied up, Red Gate have a great post covering the specifics, but essentially if you use the asp tag helpers to generate a form post url (which you almost always will be when building mvc applications) and add a global anti forgery filter you never have to worry about decorating actions with attributes or using the html helpers within your razor views. You get excellent protection pretty much for free which is ace!

That's it for tonight, I'll blog more as I try out more :)

Comments

Post a Comment

Popular posts from this blog

WebUSB - An unexpected update...

Image
In January at my new(ish) user group Momentum Meetups , I presented on "Reaching out beyond the Chrome" (although suffering from food poisoning so I was definitely going green at points!). It included  WebUSB and WebBluetooth . I was excited by how powerful it was and even had a colleague present something we had been prototyping in out work place. During the talk I mentioned security and how it had been designed so it only works on https and there's a permission model where you have to approve the device before it can be used. Unfortunately this week it came to light that Authentication devices could be bypassed via USB. These devices are a great way of proving you are who you say you are on the web beyond basic 2FA text's or applications. So being able to be able to bypass them via WebUSB is a big deal :( My Original Security Slide A few days later Google then disabled WebUSB by default effectively killing it off until such a time where its made secure
Read more

Can you use BuildRoot with Windows Subsystem for Linux......

Image
A quick note I started this blog post back in August of 2018 and never completed it. Essentially I wrote most of it and then found I just couldn't run BuildRoot properly, I came back to it every Windows 10 release due to performance improvements etc however its only now with WSL2 that this is possible. Read on to find out the full story :) Original Post I love Windows Subsystem for Linux , I mention it all the time in work, done "brown bag" sessions on it, even did a lightning talk on it at DDDSW 18 . This week I've been working with a contractor to produce essentially an Embedded OS for a project. Previously I've always used existing distributions and made them "lite" or used preconfigured ones, Raspbian Lite for example however he promptly told me I'm doing it wrong and that I shoudl be using BuildRoot. Buildroot is a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation. Sound's interest
Read more

DotNet CLI , private NuGet feeds and Linux...

Today I hit an issue whilst trying to run dotnet run for some of our benchmarkdotnet tests which I like to run all new hardware I try out. My pair of Raspberry PI 4's arrived and I wanted to compare the performance of our Fingerprint capture code. I've hit the issue before and last time I figured it out I swore I'd blog and write it up as I knew I would forget! My benchmark project is a straight forward BenchmarkDotNet project however it consumers NuGet packages from both nuget.org as well as our private NuGet repository which requires authentication. For all of our windows machines this works without an issue for machines on the domain they authenticate seemlessly however when using Linux devices this is a different issue :( Instead on Linux devices we always get: /home/pi/dotnet/sdk/2.2.300/NuGet.targets(121,5): error :   GSSAPI operation failed with error - An invalid status code was supplied (SPNEGO cannot find mechanisms to negotiate). This essentially means it
Read more