public class ApplicationAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var httpContext = filterContext.HttpContext;
var request = httpContext.Request;
var response = httpContext.Response;
var user = httpContext.User;
if (request.IsAjaxRequest())
{
if (user.Identity.IsAuthenticated == false)
response.StatusCode = (int)HttpStatusCode.Unauthorized;
else
response.StatusCode = (int)HttpStatusCode.Forbidden;
response.SuppressFormsAuthenticationRedirect = true;
response.End();
}
base.HandleUnauthorizedRequest(filterContext);
}
}
[HttpPost]
public ActionResult GetData1()
{
return Json(new
{
Items = new[] { "String 1", "String 2", "String 3" }
});
}
[HttpPost]
[ApplicationAuthorize]
public ActionResult GetData2()
{
return Json(new
{
Items = new[] { "String 1", "String 2", "String 3" }
});
}
[HttpPost]
[ApplicationAuthorize(Roles = "admin")]
public ActionResult GetData3()
{
return Json(new
{
Items = new[] { "String 1", "String 2", "String 3" }
});
}
<button id="btnGetData" type="button" class="btn btn-primary"> @Resources.GetData</button>
The complete list of objects is (they all receive the ControllerContext as the contructor parameter):
FromBodyAttribute Class (System.Web.Http)
// POST /api/Product/Post
[HttpPost]
public HttpResponseMessage Post([FromBody] Product product)
{
var name = product.Name; // "Product Name"
var price = product.Price; // 0.50
}
You can use one of the following attributes to specify the source to use for any given target:
// a complex object
public class Product
{
public string Name { get; set; }
public decimal Price { get; set; }
}
{ "Name" : "Product Name", "Price" : 0.50 }
// GET: /Home/GetData
[HttpGet]
public ActionResult GetData()
{
try
{
string actionName = this.ControllerContext.RouteData.Values["action"].ToString();
string controllerName = this.ControllerContext.RouteData.Values["controller"].ToString();
string redirectUrl = Utilities.GetPageUrl(actionName, controllerName);
string loginUrl = Utilities.GetLoginUrl();
string loginUrlEncrypted = loginUrl;
ViewBag.Url = loginUrl + redirectUrl;
return Json(new { Success = true, Data = loginUrlEncrypted }, JsonRequestBehavior.AllowGet);
}
catch
{
return Json(new { Success = false }, JsonRequestBehavior.AllowGet);
}
}
// POST: /Home/SaveData
[HttpPost]
public ActionResult SaveData([FromBody] Product product)
{
try
{
string actionName = this.ControllerContext.RouteData.Values["action"].ToString();
string controllerName = this.ControllerContext.RouteData.Values["controller"].ToString();
bool success = Utilities.SaveProduct(product);
return Json(new { Success = success, Message = "Success" }, JsonRequestBehavior.AllowGet);
}
catch (Exception ex)
{
return Json(new { Success = false, Message = ex.ToString() }, JsonRequestBehavior.AllowGet);
}
}
<script>
window.HomeSaveData = '@Url.Action("SaveData", "Home")';
$(function () {
var obj =
{
"Name" : "Product Name",
"Price" : 0.50
};
debugger;
$.ajax({
url: window.HomeSaveData,
type: "POST",
dataType: "json",
data: JSON.stringify(obj);
contentType: 'application/json; charset=utf-8',
success: function (resultData) {
debugger;
if (resultData.Success = false) {
debugger;
} else {
var message = resultData.Message;
debugger;
}
},
error: function (jqXHR, textStatus, errorThrown) {
},
timeout: 120000
});
});
</script>
<script>
window.HomeGetData = '@Url.Action("GetData", "Home")';
$(function () {
$.ajax({
url: window.HomeGetData,
type: "GET",
dataType: "json",
contentType: 'application/json; charset=utf-8',
success: function (resultData) {
debugger;
if (resultData.Success = false) {
debugger;
} else {
var data = resultData.Data;
debugger;
}
},
error: function (jqXHR, textStatus, errorThrown) {
},
timeout: 120000
});
});
</script>
+ Check null trước khi sử dụng .Name, .Age
+ Check null trước khi sử dụng .ToString(), .Parse()...
+ Khở tạo list rỗng trong constructor để tránh trường hợp sử dụng list đó khi mà list null
+ Không sử dụng return default value khi xảy ra Exception
+ Không sử dụng Cache cho những dữ liệu người dùng (private info, User Settings, ...)
+ Chú ý khi trả về từ lệnh return Json(..., );
https://www.tutorialsteacher.com/mvc/mvc-architecture
https://www.c-sharpcorner.com/article/standard-application-architecture-in-mvc/
https://www.danylkoweb.com/Blog/top-10-books-every-net-developer-should-own-QG?quora
https://www.c-sharpcorner.com/article/mvc-5-demo-project-with-entity-framework-db-first/
https://blog.trigent.com/caching-in-asp-net
https://www.codeproject.com/Articles/70061/Architecture-Guide-ASP-NET-MVC-Framework-N-tier-En
https://stackoverflow.com/questions/10515623/architectural-decisions-asp-net-mvc-entity-framework
https://stackoverflow.com/questions/15856660/architecture-for-aspnet-mvc-web-application
TDD With MVC 5 and Entity Framework and Repository pattern
https://code.msdn.microsoft.com/TDD-With-MVC-5-and-Entity-83ade5cf
Developing an ASP.NET MVC 4 Application for TDD using xUnit and Moq
https://github.com/dotnetcurry/tddusingxunit-dncmag-01
ASP.NET MVC 5 application with TDD using Unit testing framework (xUnit.NET) and Moking/Isolation framework (MOQ)
https://github.com/SanjeevForYou/TDDWithxUnitAndMOQ
TDD in ASP.NET MVC Applications with Moq Framework
https://kakimotonline.com/2011/02/13/tdd-in-asp-net-mvc-applications-with-moq-framework/
Unit Testing .NET Application with Moq Framework
https://kakimotonline.com/2011/01/02/unit-testing-net-application-with-moq-framework/
Test Driven Development in ASP.NET MVC 2
https://visualstudiomagazine.com/articles/2015/02/25/code-management-test-driven-dev.aspx
Test Driven Development in ASP.NET MVC 2
https://visualstudiomagazine.com/Articles/2015/05/14/Test-Driven-ASP-NET-MVC-2.aspx
https://asp.net-hacker.rocks/2017/09/27/testing-aspnetcore.html
https://github.com/JuergenGutsch/blog/blob/master/_source/_posts/2017-09-27-testing-aspnetcore.md
https://github.com/chsakell/mvcarchitecture
https://github.com/chsakell/webapiunittesting
ASP.NET MVC Application with a Custom Layout (Login screen)
https://code.msdn.microsoft.com/ASPNET-MVC-Application-b4b0dc3f
A NuGet package for integrating Admin LTE 2.0.4 into ASP.Net MVC 5
https://github.com/eralston/AdminLteMvc (AdminLTE version 2.0.4)
ASP.NET Example Version of Beautiful AdminLTE Template
https://github.com/go2ismail/AdminLTE-ASP-NET-MVC (AdminLTE version 2.4.0)
Tutorials & Samples on adding Charts into ASP.NET MVC Applications
https://canvasjs.com/docs/charts/integration/asp-net-mvc-charts/ (Chart)
CRUD Operations in ASP.NET MVC Using AJAX and Bootstrap
https://dzone.com/articles/crud-operation-in-aspnet-mvc-using-ajax-and-bootst
AdminLTE + ASP.NET MVC 5 + Net Framework 4.8
https://github.com/DiomedesDominguez/AdminLTE.NET
ASP.NET MVC 5 Scaffolding
https://github.com/robinli/MVC5-Scaffolder
ASP.NET MVC 5 SmartCode Scaffolding (HAY HAY HAY)
https://github.com/neozhu/MVC5-Scaffolder
https://www.bbsmax.com/A/kvJ3LkNp5g/
http://www.matools.com/lang-en/blog/190137840
https://www.cnblogs.com/neozhu/p/8744414.html
https://blog.csdn.net/weixin_34235457/article/details/94016484
https://blog.csdn.net/sd7o95o/article/details/78519238
https://blog.csdn.net/weixin_34080951/article/details/94523127
ASP.NET MVC 5 Scaffolding
https://github.com/tzhsweet/MVC5-Scaffolder
ASP.NET Web API Attribute Routing
AdminLTE Template
https://github.com/weituotian/AdminLTE-With-Iframe (HAY HAY HAY)
https://github.com/tzhsweet/MVC5-Scaffolder (HAY HAY HAY) - Demo: http://longle.azurewebsites.net/
Demo: https://weituotian.oschina.io/adminlte-with-iframe/index2.html
Demo: https://weituotian.github.io/AdminLTE-With-Iframe/
Preview on github: https://weituotian.github.io/AdminLTE-With-Iframe/pages/index_iframe.html
Preview on oschina: http://weituotian.oschina.io/adminlte-with-iframe/pages/index_iframe.html
https://www.c-sharpcorner.com/article/dashboard-application-with-asp-net-mvc-5-and-jquery/ (HAY HAY HAY)
https://github.com/cyberzilla/dycms (HAY HAY HAY) - How can I implement Tab Pages in AdminLTE?
https://www.quora.com/Where-can-I-find-free-ASP-NET-dashboard-templates (Where can I find free ASP.NET Dashboard templates?)
https://marketplace.visualstudio.com/items?itemName=c0shea.AdminLTETemplate (AdminLTE version 2.4.9)
https://marketplace.visualstudio.com/items?itemName=DiomedesIgnacioDominguezUrena.N-LayerAdminLTENET (AdminLTE version 2.4.9)
https://awesomeopensource.com/projects/adminlte (AdminLTE version 2.4.9)
http://hjnilsson.github.io/country-flags/ (Country flags)
https://vimeo.com/125426951 (IdentityManager with ASP.NET Identity)
https://github.com/eralston/AdminLteMvc/ (AdminLTE version 2.0.4)
https://www.youtube.com/watch?v=xnncfeFv108 (AdminLTE in ASP.NET Core MVC)
https://www.jerriepelser.com/blog/5-weeks-of-aspnet-weekly-tools-and-libraries-part-1/
https://www.jerriepelser.com/blog/5-weeks-of-aspnet-weekly-tools-and-libraries-part-2/
https://www.jerriepelser.com/blog/5-weeks-of-aspnet-weekly-tools-and-libraries-part-3/
https://github.com/almasaeed2010/AdminLTE/archive/v2.4.10.zip
https://github.com/almasaeed2010/AdminLTE/archive/v2.4.9.zip
https://github.com/almasaeed2010/AdminLTE/archive/v2.4.5.zip
https://github.com/almasaeed2010/AdminLTE/archive/v2.4.0.zip (HAY)
https://adminlte.io/themes/AdminLTE/documentation/index.html
AdminLTE + MVC 5
https://github.com/go2ismail/AdminLTE-ASP-NET-MVC
https://github.com/c0shea/AdminLTE-Template (HAY)
https://code.msdn.microsoft.com/ASPNET-MVC-Application-b4b0dc3f/
https://github.com/Magik3a/Multi-Language-API
Patient Management
https://github.com/Magik3a/PatientManagement_Admin
Design and Print Stickers
https://github.com/Magik3a/DesignAndPrintStickers
jQuery file upload, iTextSharp, Html Agility Pack, Cropper v2.3.3 - jQuery image cropping plugin
Easy Admin Dashboard with MVC
http://prabathsl.blogspot.com/2016/04/easy-admin-dashboard-with-mvc.html
Admin Dashboard
https://www.nuget.org/packages/Admin_Dashboard/
Install-Package Admin_Dashboard -Version 1.0.0
AdminLTE
https://github.com/almasaeed2010/AdminLTE
CMS MVC5
+ AdminLteMvc (https://github.com/eralston/AdminLteMvc)
+ Mvc CMS (https://github.com/jwmcpeak/Building-a-CMS-With-ASP.NET-MVC5)
+ Mr CMS (https://github.com/MrCMS/MrCMS)
+ MVCwCMS (https://github.com/valgen/mvcwcms)
+ Umbraco (https://github.com/umbraco/Umbraco-CMS)
+ sBlog.Net (https://github.com/karthik25/sblog.net)
+ N2CMS (https://github.com/n2cms/n2cms)
+ Better CMS
+ Piranha CMS (https://github.com/PiranhaCMS/Piranha)
+ BlogEngine.NET (https://github.com/rxtur/BlogEngine.NET)
+ Awesome (https://github.com/quozd/awesome-dotnet)
CMS MVC6
+ AdminLte .NET Core (https://github.com/moemura/AdminLTE.Core)
+ Awesome .NET Core (https://github.com/thangchung/awesome-dotnet-core)
Ecommerce MVC5
+ NopCommerce (https://github.com/nopSolutions/nopCommerce)
Ecommerce MVC6
+ SimplCommerce (https://github.com/simplcommerce/simplcommerce)
Scheduler
+ Quartznet (https://github.com/quartznet/quartznet)
+ FluentScheduler (https://github.com/fluentscheduler/FluentScheduler)
+ Hangfire (https://www.hangfire.io/)
Search
+ ElasticSearch (https://github.com/elastic/elasticsearch-net)
Templates
+ Boilerplate (https://github.com/ASP-NET-Core-Boilerplate/Templates)
+ MVC Bootstrap (https://github.com/steve-haar/MVC-Bootstrap)
https://www.guru99.com/asp-net-web-api-interview-questions.html
https://www.fullstack.cafe/blog/asp-net-web-api-interview-questions
https://www.udemy.com/course/complete-aspnet-core-21-course/
https://www.codeproject.com/Articles/5262285/Implementing-CQRS-Pattern-with-Vue-js-ASP-NET-Core
https://www.c-sharpcorner.com/article/implementing-cqrs-pattern-with-vue-js-asp-net-core-mvc/
https://codeload.github.com/ColorlibHQ/AdminLTE/zip/v2.4.18 (HAY HAY HAY)
https://github.com/moemura/AdminLTE.Core (HAY HAY HAY)
https://github.com/moemura/AdminLTE.Core/releases/tag/2.0.1
https://github.com/dotnet-express/AdminLTE-Starter-Kit/releases
https://github.com/dotnet-express/AdminLTE-Starter-Kit/releases/tag/v0.8.0
https://github.com/go2ismail/adminlte-aspnetcore2-version
https://github.com/shehryarkn/Dynamic-User-Defined-Dashboards-Asp-Net-Core
https://github.com/shehryarkn/Asp-net-Core-Project-with-Admin-Template-Setup
Checklist: https://www.michaelagreiler.com/code-review-checklist/
Google: https://blog.fullstory.com/what-we-learned-from-google-code-reviews-arent-just-for-catching-bugs/
https://www.cybersecuritycourses.com/course/dev544-secure-coding-in-net-developing-defensible-applications/ (HAY HAY HAY)
https://niccs.us-cert.gov/training/search/sans-institute/secure-coding-net-developing-defensible-applications (HAY HAY HAY)
1. Readability a.k.a. ‘Understandability’ (Khả năng đọc hoặc Khả năng hiểu được)
2. Maintainability (Bảo trì)
3. Security (Bảo mật)
4. Speed and Performance (Tốc độ và hiệu suất)
5. Documentation (Tài liệu)
6. Reinventing the Wheel (Phát minh lại bánh xe)
7. Reliability (Độ tin cậy)
8. Scalability (Khả năng mở rộng)
9. Reusability (Tái sử dụng)
10. Patterns (Mẫu)
11. Test Coverage and Test Quality (Phạm vi kiểm tra và chất lượng kiểm tra)
12. Fit for Purpose (Phù hợp cho mục đích)
https://www.enosecurity.com/training-tutorials-courses/secure-coding-in-asp-net-training/ (Tranining)
https://forums.asp.net/t/1926690.aspx?Secure+Coding+best+practices+guideline
https://download.microsoft.com/documents/uk/msdn/security/The Developer Highway Code.pdf
http://www.evoketechnologies.com/blog/code-review-checklist-perform-effective-code-reviews/
https://nyu-cds.github.io/effective-code-reviews/01-intro/
https://nyu-cds.github.io/effective-code-reviews/02-best-practices/
https://nyu-cds.github.io/effective-code-reviews/03-checklist/
https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf
https://dzone.com/refcardz/restful-api-lifecycle-management
https://msdn.microsoft.com/en-us/library/bb308959.aspx
https://www.codeproject.com/Reference/593751/Code-Review-Checklist-and-Guidelines-for-Csharp-De
https://www.codeproject.com/Articles/524235/Codeplusreviewplusguidelines
The severity to find issues with code should go as below. Reviewer must focus on issues with High severity first and then to Medium severity and then Low severity issues.
https://weblogs.asp.net/tgraham/44763
In my previous blog post, we discussed about “10 Simple Code Review Tips for Effective Code Reviews”. Now, let’s take this topic further and explore the code review checklist, which would help to perform effective code reviews to deliver best quality software.
This code review checklist also helps the code reviewers and software developers (during self code review) to gain expertise in the code review process, as these points are easy to remember and follow during the code review process.
Let’s first begin with the basic code review checklist and later move on to the detailed code review checklist.
Let’s discuss about the basic code review checklist, which can be very handy if you are a beginner in code reviews and/or during initial code reviews.
While reviewing the code, ask yourself the following basic questions:
If you feel that the answer is not satisfactory to any of the above questions, then you can suggest/recommend code changes.
The following code review checklist gives an idea about the various aspects you need to consider while reviewing the code:
While going through the code, check the code formatting to improve readability and ensure that there are no blockers:
a) Use alignments (left margin), proper white space. Also ensure that code block starting point and ending point are easily identifiable.
b) Ensure that proper naming conventions (Pascal, CamelCase etc.) have been followed.
c) Code should fit in the standard 14 inch laptop screen. There shouldn’t be a need to scroll horizontally to view the code. In a 21 inch monitor, other windows (toolbox, properties etc.) can be opened while modifying code, so always write code keeping in view a 14 inch monitor.
d) Remove the commented code as this is always a blocker, while going through the code. Commented code can be obtained from Source Control (like SVN), if required.
a) The code should follow the defined architecture.
a) Maintainability (Supportability) – The application should require the least amount of effort to support in near future. It should be easy to identify and fix a defect.
b) Reusability
c) Reliability – Exception handling and cleanup (dispose) resources.
d) Extensibility – Easy to add enhancements with minimal changes to the existing code. One component should be easily replaceable by a better component.
e) Security – Authentication, authorization, input data validation against security threats such as SQL injections and Cross Site Scripting (XSS), encrypting the sensitive data (passwords, credit card information etc.)
f) Performance
g) Scalability – Consider if it supports a large user base/data? Can this be deployed into web farms?
h) Usability – Put yourself in the shoes of a end-user and ascertain, if the user interface/API is easy to understand and use. If you are not convinced with the user interface design, then start discussing your ideas with the business analyst.
In most cases the principles are interrelated, following one principle automatically satisfies other principles. For e.g: if the ‘Single Responsibility Principle’ is followed, then Reusability and Testability will automatically increase.
In a few cases, one requirement may contradict with other requirement. So need to trade-off based on the importance of the weight-age, e.g. Performance vs Security. Too many checks and logging at multiple layers (UI, Middle tier, Database) would decrease the performance of an application. But few applications, especially relating to finance and banking require multiple checks, audit logging etc. So it is ok to compromise a little on performance to provide enhanced security.
The above code review checklist is not exhaustive, but provides a direction to the code reviewer to conduct effective code reviews and deliver good quality code. Initially, it would take some time to review the code from various aspects. After a bit of practice, code reviewers can perform effective code reviews, without much effort and time. If you would like to become an expert code reviewer, this code review checklist serves as a great starting point. Happy Code Reviewing!
https://code.msdn.microsoft.com/NET-best-practice-samples-4e9b92a4
I would start with PCI-DSS guidance as a baseline for protecting the data.
PCI-DSS is the Payment Card Industry Data Security Standard. It's the industries first attempt to lay down guidelines for protecting data around the banking area. The guidelines are specifically for cardholder data, but are a great resource for protection of data in general. PCI requirements include yearly onsite audits, and quarterly network scans.
Another good resource is OWASP which offers guidance on security of web applications in general
OWASP goes into a lot of detail about how to perform threat modelling, test for (and correct) common vulnerabilities. For the quick start head to the OWASP Top Ten
AllowHtml, DataAnnotation
https://www.c-sharpcorner.com/article/best-practices-for-asp-net-mvc-application/
Overview MVC 1,2,3,4,5 + @section scripts
https://www.c-sharpcorner.com/article/best-practice-for-mvc/
MVC Solution Architecture (source)
https://chsakell.com/2015/02/15/asp-net-mvc-solution-architecture-best-practices/
Action Filter
https://www.danylkoweb.com/Blog/my-top-5-aspnet-mvc-actionfilters-AD
Unobtrusive Validation
https://stackoverflow.com/questions/28090143/best-practices-viewmodel-validation-in-asp-net-mvc
Data Annotation: Đa ngôn ngữ với Model Metadata
Good Practices
http://www.codemag.com/article/1405071/10-Good-Practices-for-ASP.NET-MVC-Apps
https://www.codeguru.com/csharp/.net/net_asp/mvc/top-10-asp.net-mvc-best-practices.htm
http://nerddinner.codeplex.com/
MVC Music Store is a tutorial application built on ASP.NET MVC. It's a lightweight sample store which demonstrates ASP.NET MVC using Entity Framework.
1) Download and install ASP.NET MVC 3 Tools from the official ASP.NET MVC 3 page or from Microsoft Download Center. It will install the required DLLS into the GAC.
2) Install the corresponding ASP.NET MVC 3 NuGet package into MvcMusicStore project using following command in the Package Manager Console:
Install-Package Microsoft.AspNet.Mvc -Version 3.0.50813.1
or
Install-Package Microsoft.AspNet.Mvc -Version 3.0.20105.1
After using either of the described ways you will be able to successfully build and run the MVC Music Store tutorial application.
Note that these ways are not conflicting with each other, so you may safely install ASP.NET MVC 3 Tools into your OS and install ASP.NET MVC 3 NuGet package into the project.
https://stackify.com/net-core-csharp-next-programming-language/
https://stackify.com/learn-c-sharp-tutorials/
https://www.danylkoweb.com/Blog/what-is-the-best-and-fastest-way-to-learn-aspnet-mvc-8V
https://weblogs.asp.net/jongalloway/learn-asp-net-mvc-3-with-the-mvc-music-store-tutorial
https://mvcmusicstore.codeplex.com/
https://github.com/aspnet/MusicStore
https://github.com/nffish/MvcMusicStore
https://github.com/evilDave/MVC-Music-Store
https://www.codeproject.com/Articles/866143/Learn-MVC-Project-in-days-Day