I am building a Web Application in ASP.NET 4.0, using VS 2010 Professional.
I have tested the application against Sql injection, and user input.
Is there any other test necessary for me to do? Which tools should I use against external attack?
I suggest you take a look at the OWASP (Open Web Application Security Project) website - start with their top 10.
Troy Hunt wrote a good blog series about the top 10 and how to mitigate against them and released it as a free ebook.
Burps Suite is the generally used penetration testing suite. They offer a free version, but the paid version is fairly inexpensive (as far as these things go, it's $300.. many such tools cost over $1000)
Related
I have a pretty specific scenario that I want to do and wondered how you'd go about making the decision on how to proceed with an ASP.NET solution.
The info:
The existing application is in Classic ASP.
The application runs on IIS on a Windows Server 2003 against a SQL Server 2005 database.
The application serves 3,000 students per semester; they submit papers at certain dates, which is when the peak load occurs.
The application needs to support roles that are determined by semesters. Steve may be an instructor for fall, but not in the spring.
The server runs ASP.NET 3.5 in addition to Classic ASP.
I'm the sole developer.
I know Webforms, and the development cycle is tight so it precludes me from learning MVC. I'd like to continue with webforms.
The major activity of the site is receiving submissions, grading submissions, and getting them back through instructors to students.
The focus of the system going forward is tracking and reporting and monitoring.
I'm the sole developer, dedicated 100% to the job. The last major ASP.NET project I did was in 2.0 with C#.
We don't have a tools budget, though I have Visual Studio 2008 and some older Red Gate SQL Tools running.
Given this scenario, how would you go about determining whether customizing an existing open-source CMS, pulling a framework from elsewhere, or building up something simple from scratch is the best solution?
You can mention possible frameworks in your answer, but for the sake of longevity of the question, I'd also like to have thought processes and determination be the important part.
Point 7 - wrong approach. You will likely spend MORE time for your first complex form in webforms than to learn MVC ;) Going through the same here at the moment.
11.We don't have a tools budget, though I have Visual Studio 2008
What budget do you need? MS pretty much gives tools away for nearly free to education entities.
I have a good amount of knowledge in the ASP.NET Webforms and MVC worlds. Shortly I will be tasked with implementing custom web applications with Sharepoint. I have great flexibility with this project (i.e - I can use custom web apps outside of Sharepoint if that's possible) but like most projects the most limiting factor I have to deal with is time.
Here are some questions that come to mind:
Can I easily integrate a custom MVC project into Sharepoint 2010? What are the pros and cons if I can?
Same as #1 only with Webforms.
If #1 and #2 are not viable solutions, can I easily create custom web applications within the Sharepoint world? What will the learning curve be with my background?
I understand developers can now use Windows 7 to deliver Sharepoint 2010 solutions. It looks like I can use a trial of Microsoft Sharepoint Foundations 2010. If that's correct, are there any development differences or gotchas I need to be aware of before digging into the Foundation version? I don't want to get up to speed on Foundation and then find out that the Server edition (the version that will be deployed) is vastly different.
Thanks!
SharePoint is based on webforms - it is relatively easy to add custom user controls and web parts, though if you want to use SharePoint data in a completely custom web app, especially mvc you will probably need to host it seperately - you can access everything you need through the SharePoint API, but it makes the deployment a lot more complicated.
The workarounds to get webforms mvc running in the SharePoint web app tend to involve stuff that would never get past corporate infrastructure people, but I've been getting good results with precompiled razor views set up based on http://razorengine.codeplex.com/ - my version that produces code which can be included in a SharePoint project is at https://github.com/tqc/RazorEngine
In the 2007 version there were significant architectural differences between WSS and MOSS. With 2010 there aren't as many differences, so you should be ok, but it would still be better to develop on the same version you are deploying to - download a trial of Standard or one of the demo VMs - If you do a lot of .net development, chances are you already have an appropriate dev license.
What are you trying to accomplish? Are you connecting your MVC site to SharePoint or are you building something "MVC" on top of the SharePoint server?
In any case, there is an MVC SharePoint project on Codeplex here http://sharepointmvc.codeplex.com/
Here is an article on the subject http://blogs.msdn.com/tom/archive/2009/03/17/asp-net-mvc-and-sharepoint.aspx
I havent touched it, and it seems a bit abandoned to me, but it might get you along.
Check out it outlines one method of running MVC with SharePoint
Generally, SharePoint will simplify many user-oriented requirements you may have - such as authentication, permissions control and personalised areas (with MySites).
If you go with SharePoint, you almost have to build your product for SharePoint Foundation so that you can keep your customers' total costs low (SharePoint CALs, SQL Server, hardware, etc). You'll want to build friendly user interfaces for managing permission, allowing your users to create their own pages, and other provisioning tasks -- or provide rock-solid documentation on how to do it out of the box with SharePoint. With SharePoint, you should use features and Web Parts to deploy your code either way , whether SaaS or on-premise. That will make it easier to deploy and upgrade.
I'm trying to start on a new project to help enrich my asp.net knowledge, since I'm not completely satisfied with what my class is teaching me. From my (very little) experience with Rails, I recall every application containing its own development web server. Say I were trying to create a local-only application, but I want it to run in a web browser (Therefore ASP.Net). Are there any options in terms of being able to distribute an application and have it launch its own, or just not require IIS/VS/Apache-mono?
You may want to look into aspNETserve. It sounds like it would fit your needs. I haven't worked on it recently, so it probably has some rough edges.
On the plus side its all open source, and if you are just getting started with ASP.NET it would be a real eye opener on how the internals of the ASP.NET lifecycle operate.
The simple answer is that you need a web server to run the application. It cannot run without one.
If we're talking demo purposes or you don't require that many features of a web server there are redistributable web-servers that you can include with your setup package.
Like Alex mentioned the most popular one seems to be Cassini.
I'm assuming that you want to run the site on the same machine you are developing it on.
Visual Studio 2005 and up allows you to run the site from VS itself if you want to view it locally on your development machine.
To my understanding Visual Web Developer allows you to do the same as well.
Visual Web Developer
You can use the cassini web server. Please note that those are different redistributable:
http://www.asp.net/Downloads/archived/cassini/
http://ultidev.com/products/Cassini/
I'm not really certain why you would want to develop a web application (with all the difficulties it entails, due to the fact that you are dealing with a stateless connection to an unknown client machine), but then run the entire thing on the client machine.
Surely it makes more sense to develop a WinForms application?
Follow this guide to setup IIS on your PC to run ASP.NET apps:
http://www.geekpedia.com/tutorial25_Setting-up-your-ASPNET-server-IIS.html
Are there other example projects like the Northwind Starters kit around that show you 'best practices' (layers, unit tests, mocking data, o/r mapping tools, ...) in architecture of ASP.NET development?
Or links to good and clear resources or documentation? (MSDN is a good reference but no good as tutorial)
are there example projects around addressing Visual Studio2008 and/or the AdventureWorks database?
thx, Lieven Cardoen
Check out this Sample Application: DinnerNow.Net
DinnerNow is a fictitious marketplace
where customers can order food from
local restaurants for delivery to
their home or office. This sample is
designed to demonstrate how you can
develop a connected application using
several new Microsoft technologies.
The demo utilizes several technologies
including: IIS7, ASP.NET Ajax
Extensions, LINQ, Windows
Communication Foundation, Windows
Workflow Foundation, Windows
Presentation Foundation, Windows
PowerShell, and the .NET Compact
Framework.
Here is also a link to multiple Sample Projects and Starter Kits that utilize Asp.Net and related Web Development technologies
Here are also some links to get you reading:
Top 10 Best Practices for Production ASP.NET Applications
ASP.NET Best Practices for High Performance Applications
ASP.NET Best Practices (PPT Presentation)
Best Practice Resources For ASP.NET
Addition to Microsoft ASP.NET Starter Kits, here is two important open source ASP.NET Application to check :
DotNetNuke
BlogEngine.NET
Also here is Microsoft's Patterns'n Practices team's Application Architecture for .NET: Designing Applications and Services. Very helpful guide for .NET applications.
I would recommend the book Building a Web 2.0 Portal with ASP.NET 3.5 by Omar Al Zabir.
His blog on ASP.NET Ajax and .NET 3.5 is also very valuable.
If you have an existing project then you could try FxCop. It's static code analyser (it means you provide him with compiled assemblies) and it checks for lots of rules and Microsoft Design Guidelines errors.
Microsoft has a whole slew of sample projects, white papers, etc. covering best practices on a variety of topics. Many of these are focused on ASP.NET but you'll probably want to go right to the MS Best Practices center. They also published a book covering the topic but it is quite old and I wouldn't recommend it any longer.
Of course, you may want to go right to the source for an overall approach to coding best practices and for that I'd recommend Martin and Martin's Agile Principles, Patterns and Practices in C#. I'm just finishing up Robert Martin's Clean Code and, while a fair amount is obvious, it is well written, has tons of examples and has helped push me to be more "craftsmanlike" in my approach to coding.
The last thing is that I consider good Unit Testing to be one of the bedrock "best practices" for any developer. I recommend Pragmatic Unit Testing by Hunt and Thomas there.
That should get you going!
I am a junior developer, doing my last year at college. I'm mostly asp.net oriented and even have a part time job coding in that language. I am interested on converting to linux and since visual studio is unsupported write my code in Mono.
Are there any notable limitations in Mono that I should be aware of (regarding ASP.NET)?
According to the Mono website:
Mono's ASP.Net does not implement the
following features:
Precompiled Websites
Webparts APIs.
Also most if not all 3rd party ASP.Net controls are not compatible with Mono unless otherwise specified. ComponentArt controls for example are not usable in Mono. However, there's no reason to think that this won't change as Mono gains popularity. ComponentArts has already mentioned that they are considering adding support in the future.
I'd say the biggest thing you lose is IIS. ASP.net and IIS were very deeply linked. Many of the advantages from ASP.net come from the utilization of hosting features in IIS. The biggest one I can name is the ability of HTTP.sys to directly respond to a request in kernel mode if the page is in cache. This means that the socket open is responded to immediately and can allow for orders of magnitude more hits to your webserver.
Its a bit of an edge case but Microsoft's Web Service Enhancements are not supported on Mono. I ran into this problem trying to get some WSE services working on Mono.
Regarding web services there are two very good open-source alternatives: ServiceStack.Net (using it) and NANCY.
These area a lot easier implement, use and maintain, IMHO, than services built on top of WCF.