Validate uploaded image content in ASP.NET

“A very few day ago i had to face the situation where hacker uploaded the malicious ASP script to the web server by changing its extension to .JPG through user interface which allow user to upload image file. Although developer team had put the validation on extension. But unfortunately extension of ASP script was .JPG and hence it is allowed extension. So hacker could upload that malicious script.

After this situation i thought just checking only extension for uploaded file is not the sufficient. We need to check content as well of the uploaded file.”

 

Read More : http://www.dotnetexpertguide.com/2011/05/validate-uploaded-image-content-in.html

 

Web Deployment: Web.Config Transformation

“Usually web applications go through a chain of server deployments before being finally being deployed to production environment. Some of these environments can be Developer box (Debug), QA Server, Staging/Pre-Production, Production (Release). While transitioning between these environments various settings of the web application residing in web.config file change, some of these settings can be items like application settings, connection strings, debug flags, web services end points etc.

VS10’s new web.config transformation model allows you to modify your web.config file in an automated fashion during deployment of your applications to various server environments. To help command line based deployments, Web.Config transformation is implemented as an MSBuild task behind the scene hence you can simply call it even outside of deployment realm.”

Read More : http://blogs.msdn.com/b/webdevtools/archive/2009/05/04/web-deployment-web-config-transformation.aspx

 

How to allow user to input html in ASP.NET MVC

“Whenever we submit HTML or JavaScript as input in ASP.NET MVC application we get an exception like "A potentially dangerous Request.Form value was detected from the client (……)”. Because ASP.NET MVC has built-in request validation that helps you automatically protect against cross-site scripting (XSS) attacks and HTML injection attacks, it will prevent the user from posting HTML or JavaScript as input”…

http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/

…

[ValidateInput(false)] attribute disables request validation on complete model or view model

...

We can [AllowHtml] attribute on properties in model or view model to disable request validation.

HTML5 for the ASP.NET Developer

“HTML standards have been an important part of web development since the beginning of the web. HTML5, the most recent version of HTML, is a work in progress. After several attempts, the World Wide Web Consortium (W3C) formally began work on an update to the HTML specifications. (See "The Past, Present, and Future of HTML5" for detail about the history of HTML5.) This work first bore fruit with the publication of a public draft of HTML5 standards in January 2008. Hopefully, the final specifications will occur over the next several years, but the lack of formal specifications doesn't mean that we as developers can't take advantage of the HTML5 features that browser companies have already incorporated into their products. Specifically, Microsoft, Mozilla, Apple, Google, and Opera have begun implementing parts of the HTML5 specifications in their browsers. In this article, we'll take a look at some of those specifications and discuss what we developers need to do to make our applications compliant with HTML5.”

 

http://www.devproconnections.com/article/html5/html5-aspnet-developer-139543

 

Creating a SOLID Visual Studio Solution

“The SOLID acronym describes five object-oriented design principles that, when followed, produce code that is cleaner and more maintainable.  The last principle, the Dependency Inversion Principle, suggests that details depend upon abstractions.  Unfortunately, typical project relationships in .NET applications can make this principle difficult to follow.  In this article, I'll describe how one can structure a set of projects in a Visual Studio solution such that DIP can be followed, allowing for the creation of a SOLID solution.  You can download the sample solution and use it as a starting point for your new solutions if you like.”

http://aspalliance.com/articleViewer.aspx?aId=2064&pId=-1