Repository files navigation

This repository contains the code samples forASP.NET Core in Action.

Note Some projects include 1.x versions of projects as well as 2.0 versions. Projects are essentially equivalent and are found in a folder indicating the .NET Core version.

No code samples

• WebApplication1 - A sample web application, based on the .NET Core CLI MVC template
• WebApplication2 - A sample web application, based on the Visual Studio MVC template

• CreatingAHoldingPage - 3.2.1 Simple pipeline scenario 1: A holding page
• CreatingAStaticFileWebsite - 3.2.2 Simple pipeline scenario 2: Handling static files
• SimpleMVCApplication - 3.2.3 Simple pipeline scenario 3: An MVC web application
• SimpleMVCApplicationAndHoldingPage - 3.2.3 Simple pipeline scenario 3: An MVC web application + a holding page for "/"
• DeveloperExceptionPage - 3.3.1 Viewing exceptions in development: the DeveloperExceptionPage
• ExceptionHandlerMiddleware - 3.3.2 Handling exceptions in production: the ExceptionHandlerMiddleware
• StatusCodePages - 3.3.3 Handling other errors: the StatusCodePagesMiddleware
• DisableStatusCodePages - 3.3.4 Disabling error handling middleware for web APIs

• AddingMvcToEmptyProject - Starting from an empty project and adding the MVC middleware.

No code samples

• ToDoList - Basic application demonstrating the application in Figure 6.1
• SimpleCurrencyConverterBindings - Model binding simple properties. Demonstrates Table 6.1, binding to route parameters, form parameters and the querystring
• ExampleBinding - Binding a custom class using Model Binding
• ListBinding - Model binding to collections, as shown in Figure 6.5
• ValidatingWithDataAnnotations - A dummy checkout page, demonstrating Model validation using variousDataAnnotations. Also shows POST-REDIRECT-GET
• CurrencyConverter - A dummy currency converter application. Demonstrates model binding,DataAnnotations, and a custom validation attribute

• DefaultMVCProject - Default MVC template, showing how you can sepecify the template to Render. TheHomeController specifies alternative views to render at the urlshttp://localhost:64594/Home/IndexThatRendersContact andhttp://localhost:64594/Home/IndexThatRendersAbout using two different methods
• DynamicHtml - Example of creating dynamic HTML by using C# in Razor templates.
• ManageUsers - Display a list of users, and allow adding new users, as shown in figure 7.3
• ToDoList - Example of writing model values to HTML in Razor templates, as shown in section 7.2
• NestedLayouts - Demonstrates using a nested layout, where a two column layout,_TwoColumn.cshtml is nested in_Layout.cshtml.
• PartialViews - Demonstrates extracting common code into a partial view, as in section 7.4.3. Also shows adding additional namespace to _ViewImports forPartialViews.Models namespace.

• CurrencyConverter - A demo currency converter application using TagHelpers to generate form elements.
• TagHelpers - Demonstrates the input types generated for various property types andDataAnnotations, as described table 8.1. Also demonstrates displaying a banner based on the current environment, as shown in section 8.5.
• SelectLists - Generating a variety of select lists, as shown in section 8.2.4

• AngularWebApplication1 - A basic Angular web application, as shown in Figure 9.1, created using the JavaScript services template. Follow the instructions athttps://blogs.msdn.microsoft.com/webdev/2017/02/14/building-single-page-applications-on-asp-net-core-with-javascriptservices/ to try it for yourself.
• BasicWebApiProject - A basic web api project, using default MVC conventional routing, returning a list of fruit, as in 9.3
• CarsWebApi - A single Cars WebAPI controller that demonstrates various different response types. Usehttps://www.getpostman.com to make requests to the API

• SendingAnEmailWithoutDI - An example demonstrating a use case where you want to send an email when a user registers. TheEmailSender class is created in code usingnew as shown in section 10.1.1 and Listing 10.3.
• SendingAnEmailWithDI - A refactoring of theSendingAnEmailWithoutDI project to use DI, showing how theUserController has been simplified
• InjectingMultipleImplementations - Example demonstrating the behaviour when registering multiple instances of a service, as in section 10.2.4. Click the buttons shown on the home page and observe the console output to see the effect of the DI configuration
• LifetimeExamples - The effect of lifetime on DI. For details, see section 10.3 - the project broadly follows this outline, with slightly different naming to allow registering all the services in a single project

• StoreViewerApplication - A sample application to demonstrate loading values from configuration, and bindingin them to a strongly typedIOptions object. You can also view how different property types can be bound, such as the example in section 13.3.3 by viewing the path/Test

• RecipeApplication - A sample application created in chapter 12 demonstrating using EF Core. You will need to run the database migrations to create the database, by runningdotnet ef database update from the project folder. The connection string is specified in appsettings.json, and uses SQL Server LocalDb

• FilterPipelineExample - A sample application that contains one of each filter, and logs when the filter runs. Each filter contains commented out code to short-circuit the pipeline. Uncomment the code from each filter in turn to see the effect
• RecipeApplication - The RecipeApplication from chapter 12 plus an API controller. TheNoApiController includes the code from listing 13.6, while theRecipeApiController includes the code from listing 13.7 where the code is refactored to use filters.

• DefaultTemplate - The default MVC template for ASP.NET Core with Authentication, as discussed in seciont 14.3.
• RecipeApplication - The recipe application from chapter 13 with authentication added, as described in section 14.4.
• RecipeApplicationWithNameClaim - The recipe application with an additional field added to theRegisterViewModel to record theFullName, as described in section 14.5. The field is added as an extra claim when the user registers, and is dispayed in the menu bar when a user logs in.

• Airport - An analogy to the airport example presented in section 15.1. There are 4 steps, Home Page, Through security, Enter airport lounge, Board the place. You can set the claims for a user when you register. Which claims you add will determine how far through you can get.
• RecipeApplication - The recipe application from previous chapters, with authorization to prevent unauthorized users creating recipes, and resourec based authorization to ensure only the user which created a recipe can edit it.

• RecipeApplication - The Recipe application from previous chapters, for hosting in IIS. Changed the LocalDb migrations and connection string to use SqlLite as connecting to a LocalDb instance from IIS can be problematic. Also, added additional JS and CSS files to demonstrate bundling aand minifying, and updatedbundleconfig.json
• SettingHostConfiguration - ConfiguringIWebHost by loading from a JSON file instead of using theASPNETCORE_ENVIRONMENT andASPNETCORE_URLS variables, as described in section 16.3.2. Thehosting.json file is loaded into anIConfiguration and passed to theWebHostBuilder usingUseConfiguration.

• RecipeApplication - The recipe application from previous chapters with some additional logging
• FileLogger - A simple Web API Project configured to write log messages to a rolling file by using a rolling file logging provider, as shown in section 17.3.1.
• LogFiltering - A simple Web API Project configured to use the configuration filters defined in section 17.4.
• SerilogLogger - A simple Web API Project configured to write log messages to the console using Serilog, as shown in section 17.3.2
• SeqLogger - A simple web API project to demonstrate structured logging using Seq, and using scopes to add additional properties to a log, as shown in section 17.5.

• KestrelWithHttps - A basic web api using Kestrel with Https directly. Shows using theListen method to specify the URLs to use, overriding the default values set inlaunchSettings.json. The certificate is self-signed as described in section 18.1.

On Windows, you can generate a certificate using theInstall-Certificate.ps1 PowerShell script. This will create a self-signd certificate and trust it on Windows.

You can generate a certificate on Ubuntu usinginstall_certificate.sh. This useslocalhost.conf to create a self signed certificate, and trusts it. On Linux, not all applications use the same store, so you may have to trust it explicitly for those applications. Use passwordtestpassword to create the certificate.

Three endpoints are configured:

1. An http endpoint athttp://localhost:5001/api/values
2. An https endpoint configured directly in code athttps://localhost:5002/api/values
3. An https endpoing configured externally by loading fromhosting.json athttps://localhost:5003/api/values

The path/api/values/1 has been decorated with a[RequireHttps] attribute, which will force the URL to redirect from http to https. Note however, that as we are not using the standard https port (443), the redirect will not work for this example. Alternatively you can enforce SSL across the whole site by uncommenting the RewriterMiddleware inStartup.Configure.

• CrossSiteScripting - A simple app to demonstrate XSS attacks due to not encoding user input. The user submits content which is added to an internal list and is later rendered to the page. Using@Html.Raw renders the provided input exactly as it was entered - if the content is malicious, e.g. a<script> tag, then it is written into the page as a script tag, executing any code it contains. Instead, you should render content with the@ symbol alone - that way the content is rendered as a string, and can be displayed safely.

• CrossSiteRequestForgery - A pair of apps to demonstrate a CSRF vulnerability. You can login to the banking application and view your balance. You can 'withdraw' funds using the provided form, and you'll see your balance reduce. The attacker website contains a form that posts to the banking application and withdraws funds for the currently logged in user. In the example you have to click the button to see the vulnerability, but this could easily be automated. To protect the endpoint, add the[ValidateAntiForgeryToken] attribute to theBalanceController.Withdraw() action.

• CustomMiddleware - Various custom middleware, using,Map,Run,Use, and middleware classes, as described in section 19.1.
• CustomConfiguration - Loading configuration in multiple stages and described in section 19.2.
• StructureMapExample - Replacing the default DI container with Structuremap, as in section 19.3.
• CustomTagHelpers - Creating custom Tag Helpers, anIfTagHelper andSystemInfoTagHelper, as shown in section 19.4.
• RecipeApplication - The Recipe Application from previous chapters, this time with a custom view component, as described in section 19.5.
• CurrencyConverter - The demo Currency converter application, containing a custom validation attribute for validating the selected currencies, as in section 19.6.

• ExchangeRates - A basic exchange rate application. Includes unit tests for theCurrencyConverter class, for theStatusMiddleware, and for both MVC and Web API controllers. Also includes integration tests for theStatusMiddleware and for MVC pages.

• RecipeApplication - Testing a service that relies on an EF CoreDbContext, as described in section 20.6. TheRecipeServiceTests class shows how you can test theRecipeService.