Your official information source from the .NET Web Development and Tools group at Microsoft.
I’ve published a tutorial shows you how to build a secure ASP.NET MVC 4 web application that enables users to log in with credentials from Facebook, Yahoo, and Google and deploy the application to Windows Azure.
This tutorial assumes that you have no prior experience using Windows Azure. On completing this tutorial, you'll have a secure data-driven web application up and running in the cloud and using a cloud database.
You'll learn:
You'll build a simple contact list web application that is built on ASP.NET MVC 4 and uses the ADO.NET Entity Framework for database access. The following illustration shows the login page for the completed application:
This tutorial and the sample application was written by Rick Anderson (Twitter @RickAndMSFT) with assistance from Tom Dykstra, Tom FitzMacken and Barry Dorrans (Twitter @blowdart).
Please leave feedback on what you liked or what you would like to see improved, not only about the tutorial itself but also about the products that it demonstrates. Your feedback will help us prioritize improvements. We are especially interested in finding out how much interest there is in more automation for the process of configuring and deploying the membership database.
Hats off! What a post. Thanks for sharing this resourceful information.
Gr8 Post
Very nice post.
Awesome post, I can finally deploy a secure app.
If we follow some technique then our ASP.NET applications will be more secured. Some of them are
Prevent Cross Site Scripting (XSS)
Prevent SQL Injection
Encrypt Connection String in web.config File
Always Set a Custom Error Page
Encrypt Sensitive Data
Use Session instead of Cookies
Use Validation
for more with example please visit:
cybarlab.blogspot.com/.../aspnet-web-application-security.html[^]
Thanks.
I thought multiple DB contexts were not possible on the same database. This seems to show that it is possible. What is the disconnect?
Also, even if it is allowed, why not combine them into a single context. In most cases, you'll want to query by user anyway, so the UserProfile would then need to be connected to two contexts. So why not just make it one?
@Dan Friedman - multiple DB contexts - combine them
Yes, multiple contexts are allowed - and you're right, merge them so you can include users in your queries. To do this:
1. Delete the UsersContext class
2. Add the UserProfiles DbSet to your application’s context
3. Update the InitializeSimpleMembershipAttribute. SimpleMembershipInitializer class to look like the following:
private class SimpleMembershipInitializer
{
public SimpleMembershipInitializer()
try
using (var context = new MyContext())
// Ensure the database has been initialized
context.Database.Initialize(force: false);
}
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
catch (Exception ex)
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see go.microsoft.com/fwlink, ex);
After doing this, you can easily query the UserProfiles, and even reference the UserProfile entity from other entities in your application’s context.
please, Rick_Anderson i want a link to download the project code, thanks
@jahuira - download- The code portion of the tutorial is pretty easy to follow and much of it is about tools and procedures, so we won't be providing a download.