ASP.NET – razor pages

Final project : Client-side Razor pages

Topics covered:

MVC requests and pages
Razor sample pages
HTML input elements
HTML table
Request.Form
Request.Query
Bootstrap intro

Links:

Class code: Razor examples

ASP.NET #66

What are HTML forms?

HTML Forms are one of the main points of interaction between a user and a web site or application. Forms allow users to enter data, generally sending that data to the web server (but a web page can also use form data client side).
An HTML Form is made of one or more widgets. Those widgets can be single or multi-line text fields, select boxes, buttons, check-boxes, or radio buttons. The single line text field widgets can even require data entered to be of a specific format or value. Form widgets should be paired with a properly implemented label that describes their purpose — labels help instruct both sighted and blind users on what to enter into a form input
… full article

How to send HTML form to the server?

We provide a name to each form control. The names are important both browser and server sides; they tell the browser which name to give each piece of data and, on the server side, they let the server handle each piece of data by name. The form data is sent to the server as name/value pairs.
To name the data in a form you need to use the name attribute on each form widget that will collect a specific piece of data.

Example:

How to receive the HTML form’s input in the server-side?

We will create an ASP.NET application with an MVC controller containing a function for the form submitting. in this function, we will use Request.Form to retrieve all of the data that the user has entered into our HTML form. each input data will be stored in a key-value format in the Request.Form dictionary: the key will be the html widget form input-name and the value will be the data entered by the user

More topics covered:

input + required
input type- text, number, password, email
radio-button, check-box
button type submit
form method: GET vs POST
storing the html form on the server
choosing result page depend on the form-input

Links:

ASP.NET #65

htmlcss3

What is HTML?

HTML stands for Hypertext Markup Language. It allows the user to create and structure sections, paragraphs, headings, links, and blockquotes for web pages and applications.
HTML is the standard markup language for Web pages
HTML elements are the building blocks of HTML pages
HTML elements are represented by <> tags
The three block level tags every HTML document needs to contain are:
The html  tag is the highest level element that encloses every HTML page.
The head  tag holds meta information such as the page’s title and charset.
Finally, the  body tag encloses all the content that appears on the page.

What is CSS?

CSS stands for Cascading Style Sheets with an emphasis placed on “Style.” While HTML is used to structure a web document (defining things like headlines and paragraphs, and allowing you to embed images, video, and other media), CSS comes through and specifies your document’s style—page layouts, colors, and fonts are all determined with CSS.
External stylesheets are stored in CSS files

Example:

Whats is Visual Studio Code (VSCode)?

vscode

Visual Studio Code is a source-code editor developed by Microsoft for Windows, Linux and macOS. It includes support for debugging, embedded Git control and GitHub, syntax highlighting, intelligent code completion, snippets, and code refactoring. It is highly customizable, allowing users to change the theme, keyboard shortcuts, preferences, and install extensions that add additional functionality. The source code is free and open source and released under the permissive MIT License. The compiled binaries are freeware and free for private or commercial use.
Visual Studio Code is based on Electron, a framework which is used to deploy Node.js applications for the desktop running on the Blink layout engine.

VSCode Home Page link

More topics covered:

Loading html pages from local hard drive
Embed CSS styles into HTML page: inline, style tag, file
What is Markup language?
VSCode loading from CMD using “code”
VSCode – “!” shortcut
HTML semantics
CSS selectors
HTML Tags: b, u, i, p, div, a, hr, h1..h6, img, ul, ol, li, br, btn
What is Bootstrap?
Developer tools – clicking F12 in Chrome
w3schools

Links:

Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

HTML
HTML stands for Hyper Text Markup Language
HTML is the standard markup language for Web pages
HTML elements are the building blocks of HTML pages
HTML elements are represented by <> tags

More topics covered:

Azure free account
Azure Virtual machines
Azure resource group
Azure MSSQL Server
Upload local MSSQL DB to Azure
Update connection string to the Azure url
Open MSSQL Azure firewall
Azure DTU cost of MSSQL
Basic web architecture
What is a domain?
Visual Studio Code
What is HTML page
User control – flip between controls
Custom dependency property – initial value
Validation error – trigger event

Links:

Azure – open free account
Azure MSSQL Server
Azure – DTU calculation
VSCode – download link!
What is HTML – w3chools
HomeWork: upload your MSSQL to Azure
update the connection string
upload your updated project into the GITHUB
Lesson Summary Video!

ASP.NET #64

mvc2

What is the MVC pattern?

The Model-View-Controller (MVC) architectural pattern separates an application into three main groups of components: Models, Views, and Controllers. This pattern helps to achieve separation of concerns. Using this pattern, user requests are routed to a Controller which is responsible for working with the Model to perform user actions and/or retrieve results of queries. The Controller chooses the View to display to the user, and provides it with any Model data it requires … full article

What is Session?

Session – Is to keep track of each user’s request. So each time the web page is posted back asp.net runtime knows from which user the request is coming from. Now since HTTP is a stateless protocol, meaning each request from the same user is like a new request to it. So, to maintain a session Asp.Net has Session variables.

Session Variables- The session variables are variables maintained on server side by asp.net runtime. Each user is identified by a a unique number called SessioID. This session is stored in a cookie (if browser supports cookie) on client side after the first user request. when the client posts back a page , this cookie is available in the request header. So now server knows that this user request is coming from which user. Besides this you can also store user specific information in session variables, which will be availale on server side.

Sending Email with SendGrid

provides a cloud-based email delivery service that assists businesses with email delivery. The service manages various types of email including shipping notifications, friend requests, sign-up confirmations, and email newsletters. It also handles internet service provider (ISP) monitoring, domain keys, sender policy framework (SPF), and feedback loops.Additionally, the company provides link tracking, open rate reporting. It also allows companies to track email opens, unsubscribes, bounces, and spam reportsfull article

Click here for SendGrid home page

Sending email with local SMTP

for example download: tucows free (10 emails per day)
code demo: download here

Sending email with gmail SMTP

Update security level in gmail (single-factor):
gmail12

gmail34

console app code demo: download here

verify email project: download here

What are ASP.NET Razor Pages?

Razor is an ASP.NET programming syntax used to create dynamic web pages with the C# (or VB.NET) programming languages.
The Razor syntax is a template markup syntax, based on the C# programming language, that enables the programmer to use an HTML construction workflow. Instead of using the ASP.NET Web Forms (.aspx) markup syntax with <%= %> symbols to indicate code blocks, Razor syntax starts code blocks with an @ character and does not require explicit closing of the code-block.
The idea behind Razor is to provide an optimized syntax for HTML generation using a code-focused templating approach, with minimal transition between HTML and code. The design reduces the number of characters and keystrokes, and enables a more fluid coding workflow by not requiring explicitly denoted server blocks within the HTML code.

Other advantages that have been noted: (1) Supports IntelliSense – statement completion support (2) Supports “layouts” – an alternative to the “master page” concept in classic Web Forms (.aspx) (3) Unit testable

Razor was in development in June 2010 and was released for Microsoft Visual Studio 2010 in January 2011. Razor is a simple-syntax view engine and was released as part of MVC 3 and the WebMatrix tool set. Razor became a component of AspNetWebStack and then became a part of ASP.NET Core … full article

Example:

More topics covered:

Creating MVC controller
Creating Razor page
Adding dynamic data to the page
Index is default
return View (” Page Name “)
return Content (“ HTML …“);
return Redirect (” URL “);
return new FilePathResult (” Path-HTML-File “);
Getting query string from url
HttpContext.Application vs Session
Storing data in Session
Storing data in Application
HTML page
MCV default web page – Home
MVC layout template

Links:

ASP.NET #63

jwt

What is JSON Web Token (JWT)?

JSON Web Token is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm [Hash based Message Authentication Code]) or a public/private key pair using RSA or ECDSA. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

When should you use JSON Web Tokens?

Authorization: This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains. Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn’t been tampered with … full article
What is a Public and Private Key Pair?

Public and Private key pair helps to encrypt information that ensures data is protected during transmission. Private Key and public key are a part of encryption that encodes the information. Both keys work in two encryption systems called symmetric and asymmetric. Symmetric encryption (private-key encryption or secret-key encryption) utilize the same key for encryption and decryption. Asymmetric encryption utilizes a pair of keys like public and private key for better security where a message sender encrypts the message with the public key and the receiver decrypts it with his/her private key … full article
What are claims?

Claim is piece of information that describes given identity on some aspect. Take claim as name-value pair. Claims are held in authentication token that may have also signature so you can be sure that token is not tampered on its way from remote machine to your system … full article
HMAC algorithm:

MAC is a great resistant towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of Hashing and MAC, and thus is more secure than any other authentication codes … full article
RSA:

A public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technique. The RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of computer processing power and time. The RSA algorithm has become the de facto standard for industrial-strength encryption, especially for data sent over the Internet. It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer. The technology is so powerful that the U.S. government has restricted exporting it to foreign countries.
ECDSA:

ECDSA, also known as the Elliptic Curve Digital Signature Algorithm, is a version of the widely-used DSA algorithm which can achieve similar levels of security using a smaller key size. It does this by using elliptic curve cryptography, which is a public key cryptography technique developed in the mid-2000s. Rather than basing its security on a large integer that is the product of multiple large prime factors, it uses an ECDLP (elliptic curve discrete logarithmic problem).

More topics covered:

Payload
.NET Core 2.0
.NET Core 2.1
ASP .NET Core WebApi
Using Authentication Role for flight project
Base 64 string in jwt.io

Links:

ASP.NET #62

The Token-Based Authentication works as Follows:

A user enters the name and password into the client (client means the browser or mobile devices etc).
The client then sends these credentials (i.e. username and password) to the Authorization Server.
Then the Authorization Server authenticates the client credentials (i.e. username and password) and then it generates and returns an access token. This Access Token contains enough information to identify a user and also contains the token expiry time
The client application then includes the Access Token in the Authorization header of the HTTP request to access the restricted resources from the Resource Server until the token is expired… full article

Single Sign On (SSO): characteristic of an authentication mechanism that relates to the user’s identity being used to provide access across multiple Service Providers.
Federation: common standards and protocols to manage and map user identities between Identity Providers across organizations (and security domains) via trust relationships (usually established via digital signatures, encryption, and PKI)… full article

The IHttpActionResult interface was introduced in Web API 2. Essentially, it defines an HttpResponseMessage factory. Some advantages of using the IHttpActionResult interface: (1) Simplifies unit testing your controllers (2) Moves common logic for creating HTTP responses into separate classes (3) Makes the intent of the controller action clearer, by hiding the low-level details of constructing the response. IHttpActionResult contains a single method, ExecuteAsync, which asynchronously creates an HttpResponseMessage instance… full article

ResponseType attribute is helpful for autogenerating documentation in tools like Swagger / Swashbuckle

CreatedAtRoute method is intended to return a URI to the newly created resource when you invoke a POST method to store some new object. So if you POST an order item for instance, you might return a route like ‘api/order/11’ (11 being the id of the new order)

ModelState.IsValid will basically tell you if there is any issues with your data posted to the server, based on the data annotations added to the properties of your model. If, for instance, you have a [Required(ErrorMessage = “Please fill”)], and that property is empty when you post your form to the server, ModelState will be invalid. The ModelBinder also checks some basic stuff for you. If, for instance, you have a BirthDate datepicker, and the property that this picker is binding to, is not a nullable DateTime type, your ModelState will also be invalid if you have left the date empty.

Final project Part III:

Click here to download

More topics covered:

[ Authorize ]
WebApi users Table
Password requirements modification

Links:

ASP.NET #61

auth2

Authentication is about validating your credentials such as Username/User ID and password to verify your identity. The system then checks whether you are what you say you are using your credentials. Whether in public or private networks, the system authenticates the user identity through login passwords. Usually authentication is done by a username and password

Authorization occurs after your identity is successfully authenticated by the system, which therefore gives you full access to resources such as information, files, databases, funds, etc. However authorization verifies your rights to grant you access to resources only after determining your ability to access the system and up to what extent. In other words, authorization is the process to determine whether the authenticated user has access to the particular resources. A good example of this is, once verifying and confirming employee ID and passwords through authentication, the next step would be determining which employee has access to which floor and that is done through authorization

Basic authentication is a method for an HTTP user agent (e.g. a web browser, postman) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the base64 encoding of id and password joined by a single colon :

Base64 is generally used to transfer content-based messages over the Internet. It works by dividing every three bits of binary data into six bit units. The newly created data is represented in a 64-radix numeral system and as seven-bit ASCII text. Because each bit is divided into two bits, the converted data is 33 percent, or one-third, larger than the original data. Like binary data, Base64 encoded resultant data is not human readable

A principal (in computer security) is an entity that can be authenticated by a computer system or network. Principals can be individual people, computers, services, computational entities such as processes and threads, etc.

ThreadStatic: A static variable marked with the ThreadStatic attribute is not shared between threads, therefore each thread gets it’s own instance of the static variable.

More topics covered:

Postman – sending username and password
Session
Context
Cookie
Web Api BasicAuthenticaion implementaiton
AuthorizationFilterAttribute
Thread.CurrentPrincipal
RequestContext.Principal
Request.Properties – storage
Passing principle to web api controller

Links:

ASP.NET #60

[Route (..path..) ]
Routing is how Web API matches a URI to an action. As the name implies, attribute routing uses attributes to define routes. Attribute routing gives you more control over the URIs in your web API. For example, you can easily create URIs that describe hierarchies of resources.

Query parameters are a defined set of parameters attached to the end of a url. They are extensions of the URL that are used to help define specific content or actions based on the data being passed. To append query params to the end of a URL, a ‘?’ Is added followed immediately by a query parameter. To add multiple parameters, an ‘&’ is added in between each. These can be created by any variation of object types or lengths such as String, Arrays and Numbers

HTTPResponseMessage represents a HTTP response message including the status code and data. this gives us control over the returned status code and the choice between result data (JSON) and between a text message (which could contain an exception string, etc)

More topics covered:

Query parameters default values
Multiple path parameters
HTTP status code enums

Links:

ASP.NET #59

webapi

What Are HTTP Methods?
Whenever a client submits a request to a server, part of that request is an HTTP method, which is what the client would like the server to do with the specified resource. HTTP methods represent those requested actions. For example, some commonly-used HTTP methods will retrieve data from a server, submit data to a server for processing, delete an item from the server’s data store, etc.

Selecting The Appropriate Method
A large portion of application functionality can be summed up in the acronym CRUD, which stands for Create, Read, Update, Delete. There are four HTTP methods that correspond to these actions, one for each, like so:
C – Create – POST
R – Read – GET
U – Update – PUT
D – Delete – DELETE

More topics covered:

Send POST operation from console app
Placing JSON object in postman app
Method not allowed – error
uploading Web API to azure

Links:

What are HTML forms?

How to send HTML form to the server?

How to receive the HTML form’s input in the server-side?

What is HTML?

What is CSS?

What is the MVC pattern?

What is Session?

Sending Email with SendGrid

Sending email with local SMTP

Sending email with gmail SMTP

What are ASP.NET Razor Pages?

What is JSON Web Token (JWT)?

When should you use JSON Web Tokens?

What is a Public and Private Key Pair?

What are claims?

HMAC algorithm:

RSA:

ECDSA: