ASP.NET Core MVC (Intermediate)_468 x 60 copy.png

asp.tar.gz

ASP.NET

ASP.NET-multi

ASP.NET-Secure

ASP.NET-copy

In this course, you will learn how to create a modular, dynamic web application with ASP.NET Core MVC, Razor, and Razor tag-helpers. Furthermore, you will also learn how to localize that application in several languages, and finally how to publish it.

You will cover many different aspects of ASP.NET development including: how to optimize user interfaces, validate user input, how to write clean and maintainable code with dependency injection and configuration data, and a whole lot more.

By the end of this course, you will be able to build both a public website and a business application based on ASP.NET Core MVC, with advanced features such as caching, authentication, and authorizations, and while conforming to Microsoft best-practices.

ASP.NET Core MVC

## What is a CSRF attack ##

Forms can also be submitted to different websites, so a malicious site, say `www.fake.com`, might contain a form that submits data to the user bank website. Data might be contained in hidden input fields so the user can't see them. Those data might encode a bank transfer to the owners of the `www.fake.com` malicious website.

The user might be convinced to submit the form with a fake message on the submit button, such as "Download your free book about..." In fact, that button submits the form with the bank transfer, and the bad news is that if your browser already contains a not-expired authentication cookie of the bank websites it will be sent and it will authenticate the bank transfer. Cookies are associated with target websites, so if the form is submitted to the bank URL, all cookies associated with the bank websites will be sent together with the submitted data. Therefore, authentication cookies are also sent to the bank website granting the operation specified in the form.

Similar attacks are called Cross-Site Request Forgery attacks, which are abbreviated CSRF or XSRF. The diagram below summarizes the attack.

# What is a CSRF attack ##

Forms can also be submitted to different websites, so a malicious site, say `www.fake.com`, might contain a form that submits data to the user bank website. Data might be contained in hidden input fields so the user can't see them. Those data might encode a bank transfer to the owners of the `www.fake.com` malicious website.

The user might be convinced to submit the form with a fake message on the submit button, such as "Download your free book about..." In fact, that button submits the form with the bank transfer, and the bad news is that if your browser already contains a not-expired authentication cookie of the bank websites it will be sent and it will authenticate the bank transfer. Cookies are associated with target websites, so if the form is submitted to the bank URL, all cookies associated with the bank websites will be sent together with the submitted data. Therefore, authentication cookies are also sent to the bank website granting the operation specified in the form.

Similar attacks are called Cross-Site Request Forgery attacks, which are abbreviated CSRF or XSRF. The diagram below summarizes the attack.

In this lesson, we will learn how to protect our application from malicious sites that might force legitimate users to submit dangerous requests,

Razor Template Language

Razor Language Assessment

Tag Helpers

Tag Helpers Assessment

Controllers and ViewModels

Controllers Assessment

Validation and Metadata

Validation Assessment

Dependency Injection

Configuration and Options Framework

Localization and Globalization

Factoring out UI Logic

Authentication and Authorization

Advanced Topics Assessment

Publishing Your Web Application

Conclusion

Appendix

Antiforgery Validation: Preventing XSRF/CSRF Attacks

What is a CSRF attack