ASP.NET Core in Action

INDEX 673

deployment, optimizing client- multiple times 286–289 choosing database pro-
using objects and vider and installing
side assets (continued) 344–345
lambdas 282–286
using bundling and third-party containers registering data context
minification 488–490 348–349
589–591
using minified files in pro- view templates, injecting ser- benefits of 339–340
duction with Environ- general discussion 336–337
ment Tag Helper vices into 291–292 Identity, updating data
494–495 dictionaries, binding 159–160
directing request to controller model to support
publishing apps to IIS 426–427
470–475 99–100
directives, importing with in production applications
configuring IIS for 366–368
ASP.NET Core 470–472 _ViewImports 200–201
DisableFormValueModel- in-memory database testing
preparing and publishing 637–643
application 473–475 BindingAttribute 385
disabling error handling mapping databases to appli-
URLs, configuring 480 cation code 340–342
using configuration values middleware for web
481–485 APIs 90–92 migrations 349–355
DNS (Domain Name Service) adding second 353–355
using environment 17 creating first 350–352
variable 481–485 domain model 101
don't repeat yourself object-relational mappers,
design pattern, Model-View- (DRY) 251–253 purpose of 337–339
Controller 95–98 dotnet build command 35, 465
dotnet new command 465 querying databases 355–365
DeveloperExceptionPage dotnet restore command 35, creating record 356–358
80–81 465 loading list of records
dotnet run command 36, 465 358–360
DeveloperExceptionPage- dotnet test command 609,
Middleware 48, 62, 329 613–614 loading single record
dotnet xunit command 613 360–361
development environment DotNetCliToolReference
23–27 elements 345 updating model with
DRY (don't repeat yourself) changes 361
for Linux or macOS user 251–253
25–27 duplication in attribute rout- SQL injection attacks, avoid-
ing, reducing 253–254 ing with 566–567
for Windows user 24–25 dynamic web pages, creating
DI (dependency injection) 187–193 __EFMigrationsHistory table
C#, using in Razor templates 417
267–302 188–189
loops and conditionals, EnableCorsAttribute 561–562
action methods, injecting adding 189–191 encapsulating markup with par-
services directly into rendering HTML with
290–291 Raw 191–193 tial views 198–200
endpoints, creating 575–576
ASP.NET Core framework E enrichers 521
services, adding to environment information,
container 278–279 editors, integrating Tag Helpers
in 206–209 printing 592–595
benefits of 269–274 Environment Tag Helper
filter attributes, using with EF Core (Entity Framework
Core) 334–368 overview of 230–233
396–399 using minified files in pro-
adding to applications
in ASP.NET Core 276–277 342–349 duction with 494–495
lifetimes 292–302 environment variable configu-
building data model
captured dependencies 345–348 ration provider
298–302 315–316

scoped 296–297 environment variable, configur-
singleton 297–298 ing URLs with 481–485
transient 295–296
loosely coupled code, EnvironmentName
property 48
creating 274–276
overview of 265 environments 304
registering services in con- environment-specific configura-

tainer tion files, loading
general discussion 327–329

279–282

674 INDEX

EnvironmentTagHelper 231 default scope execution framework-dependent deploy-
error handling middleware order 379 ments (FDD) 468

78–92 overriding default order FromSql( ) method 566
DeveloperExceptionPage 380–381
G
80–81 pipeline short-circuiting
disabling for web APIs 90–92 394–396 generating links, with Anchor
ExceptionHandler- Tag Helper 228–229
first application, creating
Middleware 82–86 29–60 generating URLs 142–147
StatusCodePagesMiddleware based on action names
building 35 143–144
86–90 csproj project file 40–41 based on route names
Error method 55 MVC middleware and home 144–145
ErrorMessage property 169 with ActionResults 145–147
EventId 509 controller 52–54
exception filters 372, 391–392 overview 29–32 GetService( ) method 284, 604
ExceptionHandlerMiddleware Program class 41–43 GetTypedHeaders( ) method
project layout,
49, 62, 82–86 394
exceptions in development, understanding 38–40 Ghost Inspector 610
Razor template views, gener- global filters 377–379
viewing 80–81 global routes 246
explicitly unsupported internet ating HTML with GUI (graphical user interface)
54–60
464 95
extension methods 69 running 36–38 GUIDs (Global Unique
Startup class 44–51
F Identifiers) 40
middleware, handling
Fact unit tests 617–620 requests with 47–51 H
Fail( ) method 449
failure conditions, testing services, adding and hackable URLs 124
configuring 45–47 HandleRequirementAsync
620–621
FDD (framework-dependent templates, using 32–34 method 454
FluentMigrator 349 handlers, creating 444–445,
deployments) 468 FluentValidation library 167
feature toggle 385 for attribute 216 447–451, 454–456
features 90 ForbidResult 439 handling multiple matching
File Not Found error 71 foreach loop 287
file uploads, binding 160–161 <form> element 214 actions for route
FileNotFoundException 311 Form Tag Helper 214–215 140–142
FileResult 116 form values 153 happy path 618
filtering messages 521–526 FormatFilterAttribute 393 helper methods, creating
filters 369–399 formatter 245 classes using 118–119
formatting log messages hiding elements, conditionally
adding to actions, control- 595–597
lers, and globally 512–513 holding pages 67–70
377–379 HomeController class 108
formatting response 258–264 HomeController.Index( )
creating 375–377 customizing default method 124
custom 381–394 formatters 260–262 hosting environment 304,
with content negotiation 326–333
action filters 386–390 262–264 identifying 326–327
authorization filters loading environment-specific
forms, creating 209–228 configuration files
383–384 Form Tag Helper 214–215 327–329
exception filters 391–392 Input and Textarea Tag setting 329–333
resource filters 384–386 Helpers 217–220 hosting model 463–470
result filters 392–394 Label Tag Helper 215–216 deployment method,
dependency injection, using Select Tag Helper 220–224 choosing 468–470
Validation Message and Vali-
with 396–399 dation Summary Tag
general discussion 372–373 Helpers 225–228
middleware versus 373–375
order of execution 379–381 FormTagHelper 214
ForwardedHeadersMiddleware

478, 547

INDEX 675

hosting model (continued) id parameter 133, 240 xUnit test fixtures 635–637
IDE (integrated development integration tests 608
running vs. publishing apps IntelliSense 23, 191
465–468 environment) 24 interface 275
identity provider 408 Intermediate Language (IL)
hosting on Linux 475–479 IdentityServer4 409
preparing for deployment to IE (Internet Explorer) 71 12
Linux 478–479 IEnumerable<> property 325 Internet Explorer (IE) 71
running ASP.NET Core app if-else clause 565 IntRouteConstraint 136
behind reverse proxy IFormFile, binding file uploads InvalidOperationException 56
476–478 inversion of control (IoC) 46,
with 160–161
hostname 17 IHostingEnvironment 272
HSTS (HTTP Strict Transport Invoke( ) function 581
parameter 48, 523 InvokeAsync( ) method 598
Security) header 546, IIS (Internet Information IoC (inversion of control) 46,
580
Html property 193 Services) 470–475 272
Html.Partial 199 configuring for ASP.NET See also DI (dependency
Html.PartialAsync 199
Html.RenderPartial 199 Core 470–472 injection)
HTTP handlers 66 overview of 6 IOptions interface
HTTP modules 66 preparing and publishing
HTTP Strict Transport Security configuring 586–589
(HSTS) header 546, application to 473–475 overview of 321–323
580 setting up encryption IOptionsSnapshot, reloading
HTTP web requests, general
discussion 17–19 538–540 with 323–324
HttpContext object 19, 31, 402 IOrderedFilter interface
HttpContext.User property IIS (Internet Information Ser-
405, 420 vices) Express, setting 379–381
HttpPostAttribute method 141 up encryption 538–540 IRouteBuilder 129
HTTPS 535 IServiceCollection 47
enforcing for whole app IL (Intermediate Language) IsValid pattern 171
545–548 12 IUrlHelper 143
IIS and IIS Express, setting IWebHost 42
up 538–540 ILogger interface 502, 505
Kestrel, using directly in ILoggerFactory 517–521 J
544–545 ILoggerProvider interface 505
self-signed certificate, imperative authorization 452 jQuery 489
creating 541–544 implementation 275
implicit dependency 272 K
I importing common directives,
Kestrel, using HTTPS in
IActionContraint attribute 141 with _ViewImports 544–545
IActionFilter 390 200–201
IActionResult 238 Kubernetes 476
IApplicationBuilder object 48, Index method 53, 109, 250
informational messages 502 L
68 in-memory database 638
IAsyncActionFilter 390 <input> element 205, 212 Label Tag Helper 215–216
IAsyncAuthorizationFilter 384 input formatters, enabling lambda function, registering
IAuthorizationFilter 384
IAuthorizationRequirement additional 255–258 services in DI
input model 149 container 282–286
445–446 Input Tag Helper 217–220, 224 Language Integrated Query
IAuthorizationService 452–454 insecure direct object refer- (LINQ) 11
IClassFixture 635 Layout property 198
IConfigurationRoot 311, 313 ences, preventing 568 layouts 58
IConfigureOptions 586–589 installing EF Core 344–345 parent, overriding with
integrated development envi- sections 196–198
shared markup, using for
ronment (IDE) 24 194–196
integration testing 627–637

rendering Razor views in
632–635

Startup file, using for
630–632

TestServer, creating 628–630

676 INDEX

libraries adding provider to app Microsoft.AspNetCore.Mvc
choosing target framework 527–530 .Formatters.Xml
for shared 657–658 package 261
referencing .NET Framework logging scopes 530–533
libraries from .NET using in production app Microsoft.AspNetCore.Mvc
Standard projects .Testing package
658–662 503–507 632
Loggr 517
lifetimes 292–302 logic, adding to partial Microsoft.DotNet.Analyzers
captured dependencies .Compatibility package
298–302 views 597–601 659
Login action method 141,
scoped 296–297 Microsoft.EntityFramework-
singleton 297–298 420–422 Core .Design 344
transient 295–296 LogInformation method 508
line endings 479 Logout action method 420 Microsoft.EntityFramework-
links, generating, with Anchor LogResourceFilter 377 Core .InMemory 638
loops, adding in Razor
Tag Helper 228–229 Microsoft.EntityFramework-
LINQ (Language Integrated templates 189–191 Core .Sqlite 638
loosely coupled code, creating
Query) 11 Microsoft.EntityFramework-
Linux 274–276 Core.SqlServer package
344, 348
development environment M
for 25–27 Microsoft.EntityFrameworkCore
MacOS .SqlServer.Design 344
hosting on 475–479 development environment
preparing for deployment for 25–27 Microsoft.EntityFramework-
478–479 self-signed certificate, Core.Tools.DotNet
creating 543–544 package 344, 350
running ASP.NET Core
app behind reverse ManageController.Change- Microsoft.Extensions
proxy 476–478 Password action .DependencyInjection
422–423 namespace 605
self-signed certificate,
creating 543–544 manual authorization 452–454 middleware
Map extension 576–578 combining in pipeline 66–78
list of records, loading 358–360 mapping databases to applica- handling static files 70–73
literal value 131 holding pages 67–70
LocalRedirect( ) method 565 tion code 340–342 MVC web application
log level 509–511 MapRoute 129 73–78
Log( ) method 505 marker attribute 562
logging 501–533 metapackage 41 configuring for Identity
method parameters, 424–426
ASP.NET Core logging
abstractions 505–507 simplifying 158–159 CORS, adding 559–560
Microsoft documentation custom 574–583
custom messages, highlight-
ing problems using 664–665 adding to pipeline
504–505 Microsoft.AspNetCore.All 578–581

filtering messages 521–526 metapackage 67, 79 branching pipelines
log messages, adding to Microsoft.AspNetCore.All 576–578

application 507–513 package 425 custom component,
category 511–512 Microsoft.AspNetCore.App building 581–583
formatting messages and
metapackage 41 simple endpoints, creating
capturing parameter Microsoft.AspNetCore.App 575–576
values 512–513
log level 509–511 package 425 testing 621–624
logging providers 514–521 Microsoft.AspNetCore error handling 78–92
adding to application
515–517 .Diagnostics DeveloperExceptionPage
package 79 80–81
replacing default ILogger- Microsoft.AspNetCore.Http
Factory with Serilog namespace 394 ExceptionHandler-
517–521 Microsoft.AspNetCore.Mvc Middleware 82–86
package 107
structured logging 526–533 StatusCodePages-
Middleware 86–90

web APIs, disabling
middleware for 90–92

filters versus 373–375

INDEX 677

middleware (continued) routing to 125–128 .NET Standard
signing in with 420–422 projects 658–662
handling requests with signing out with 420 shared libraries and NuGet
47–51 testing 624–627 packages 657–658
Web API, applying to .NET Framework
Model-View-Controller choosing as platform 21–22
(MVC) 52–54 242–246 referencing libraries from
web application, middleware .NET Standard projects
MvcMiddleware, adding to 658–662
application 104–111 pipeline for 73–78 switching to ASP.NET Core
MVC filter pipeline 369–399 12–16
overview 63–66 .NET Standard 2.0
migrations 349–355, 366 adding filters to actions, con- compatibility shim 654–655
trollers, and globally referencing .NET Framework
adding second 353–355 377–379 libraries from 658–662
creating first 350–352 sharing code between
minification 488–490, 494–495 custom filters 381–394 projects 649–654
model validation 164–173 action filters 386–390 next( ) function 580
DataAnnotations attributes, authorization filters No Managed Code pool 471
383–384 NotFoundResult 116, 118, 242
using for 165–167 exception filters 391–392 NuGet packages
need for 164–165 resource filters 384–386 choosing target framework
on client 171–173 result filters 392–394 for 657–658
on server 168–171 overview of 40
Model-level query filters 365 dependency injection, using NullReferenceException 78
ModelState errors 225 with filter attributes
ModelState property 115 396–399 O
ModelState.IsValid property
filters versus middleware objects, registering services in
625 373–375 DI container 282–286

multiple matching actions, han- general discussion 372–373 OkResult 242
dling with attribute order of filter execution OmniSharp project 23, 465
routing 254–255 OnActionExecuted( ) method
379–381
MVC (Model-View-Controller) pipeline short-circuiting 388, 390
418–423 OnActionExecuting Controller
394–396
action methods 113–119 simple filters, creating method 390
accepting parameters to OnConfiguring method 349
114–116 375–377 OnResourceExecuting method
MvcMiddleware class 63, 93, 99,
using ActionResult 375
116–119 104–111, 235, 242, 436 open generics 285
open redirect attacks 564–571
binding model in 149–152 N Open Web Application Security
changing passwords 422–423
creating new users with nameof operator 390 Project (OWASP) 535
.NET Core 655–662 OpenIddict 409
418–420 OpenReadStream method 161
choosing as platform 22–23 OpenSSL, self-signed certifi-
design pattern 95–98 motivations for 645–647
identifying 111–113 sharing code between cate, creating 543–544
in ASP.NET Core 98–104 <optgroup> element 223
projects 647–655 optimizing client-side assets
actions, executing using compatibility shim
application model 485–497
100–101 654–655 BundlerMinifier, adding to
.NET Standard 649–654
complete requests Portable Class Libraries application 490–494
102–104 bundling and minification
648–649
directing request to con- target framework, choosing 488–490
troller and building
binding model 99–100 for libraries and apps
655–662
view model, generating for ASP.NET Core app
response using 101–102 656–657
referencing .NET Frame-
middleware 52, 54 work libraries from
MvcMiddleware, adding to

application 104–111
rendering user interface

in 175–179

678 INDEX

optimizing client-side assets path directory separator 479 production, handling excep-
PathBase property 578 tions in 82–86
(continued) Path.Combine 479
PCLs (Portable Class Libraries) Program class 41–43
minified files, using in Program.cs, adding configura-
production 494–495 645, 648–649
tion provider in
serving common files from pipelines 310–313
CDN 495–497 bidirectional 65 project layout, understanding
middleware 66–78 38–40
optional values, using 133–135 handling static files 70–73 <ProjectReference> element
options classes, automatic bind- holding pages 67–70 615
MVC web application public key cryptography 541
ing with 324–325 73–78 public methods 114
Orchard project 9 publishing applications
order of filter execution overview of 11 running versus 465–468
plain old CLR object (POCO) to IIS 470–475
379–381 configuring IIS for
Order property 250 149 ASP.NET Core 470–472
ordering, in attribute routing preparing and publishing
PlatformNotSupported- application 473–475
249–251 Exception 653
origins 556 Q
ORM (object-relational platforms, choosing 21–23
PMC (Package Manager query route parameter 152
mapper) query string 144, 153
overview of 336 Console) 350 querying databases 355–365
purpose of 337–339 POCO (plain old CLR object)
output formatters, enabling creating record 356–358
149 loading list of records
additional 260–262
overriding default order of fil- policies for claims-based autho- 358–360
rization loading single record
ter execution 380–381
OWASP (Open Web Applica- custom 443–451 360–361
handlers, creating updating model with changes
tion Security Project) 447–451
535 361
IAuthorization-
P Requirement 445–446 R

Package Manager Console requirements and handlers Raw, rendering HTML
(PMC) 350 444–445 with 191–193

PackageReference elements with multiple Razor code block 189
36, 107, 345 requirements 446–447 Razor expressions 188
Razor templates
parameter values, capturing general discussion 440–443
512–513 Portable Class Libraries (PCLs) creating views with 182–185
generating HTML with
parameterization, SQL injec- 645, 648–649
tion attacks, avoiding 54–60
with 566–567 POST request 141 hiding elements for unautho-
PostAcquireRequestState event
parameters to action methods, rized users 456–460
accepting 114–116 66 injecting services into

parent layouts, overriding with Postman 256 291–292
sections 196–198 POST-REDIRECT-GET design loops and conditionals,

partial views pattern 169 adding 189–191
adding logic to 597–601 PowerShell, Windows, self- Razor views
encapsulating markup with
198–200 signed certificate, creating 179–187
overview of 202 creating 541–542 passing data to views
preflight request 558 185–187
PascalCase 260 primary key 346 selecting view from
passwords printing environment controller 181–182
information 592–595
changing with MVC Process( ) method 594
controllers 422–423 ProcessAsync( ) function 592
processing requests, general
security 568–571 discussion 19–21
path 17 ProducesAttribute 393

INDEX 679

Razor views, creating (continued) reloadOnChange parameter running ASP.NET Core app
with templates 182–185 319, 323 behind 476–478

dynamic web pages, remote procedure call (RPC) 9 RewriteMiddleware 546
creating 187–193 rendering user interface, in route constraints 137
route names, generating URLs
C#, using in Razor MVC 175–179
templates 188–189 REpresentational State Transfer based on 144–145
route parameter 131, 152
loops and conditionals, (REST) 9 route templates
adding 189–191 requests
overview of 126, 246
rendering HTML with Raw complete process 102–104 understanding 131–133
191–193 directing to controller route values 133, 153
RouteUrl method 144
layouts, using for shared 99–100 routing
markup 194–196 attribute 246–255
RequestVerificationToken 215
parent layouts, overriding requirements, for authorization combining route attributes
with sections 196–198 251–253
444–445
partial views, encapsulating multiple matching actions,
markup with 198–200 custom policies with multiple handling with 254–255
requirements 446–447
rendering user interface in ordering of routes
MVC 175–179 IAuthorizationRequirement, 249–251
creating to represent
TestServer integration tests 445–446 token replacement, reduc-
632–635 ing duplication with
resource filters 372, 384–386 253–254
_ViewImports, importing resource-based authorization
common directives general discussion 122–125
with 200–201 451–456 generating URLs 142–147

_ViewStart, running code AuthorizationHandler, based on action name
with 201–203 creating 454–456 143–144

reason phrase 73 manually authorizing based on route name
records, database requests 452–454 144–145

creating 356–358 ResourceExecutedContext with ActionResults
loading list of 358–360 method 376 145–147
loading single 360–361
updating model with changes resources 663–667 multiple matching actions,
announcement blog posts handling 140–142
361 664
to MVC controllers and
RedirectResult 114, 116–117 ASP.NET Core blogs actions 125–128
RedirectToAction method 145, 666–667
using conventions 129–140
168 ASP.NET Core GitHub additional constraints,
repositories 665–666 adding 135–138
RedirectToActionResult 170 anonymous objects
RedirectToRoute method 145 books 663–664 138–139
RedirectToRouteResult 116 Microsoft documentation
reflection 44 catch-all parameter
Register action method 664–665 139–140

418–421 security-related links 665 optional and default val-
tooling and services 666 ues, using 133–135
registering data context video links 667
348–349 response formatting 258–264 route templates,
customizing default understanding 131–133
registering services in DI con-
tainer formatters 260–262 RPC (remote procedure call) 9
with content negotiation Run extension method
conditionally 289
general discussion 279–282 262–264 575–576
multiple times 286–289
using objects and lambdas response, view model 101–102 running apps, versus
ResponseCacheFilter 387 publishing 465–468
282–286 REST (REpresentational State
<RuntimeIdentifiers>
reloading Transfer) 9 element 468
configuration values result filters 372, 392–394
318–320 ResultFilterAttribute 393
returnUrl parameter 564
strongly typed settings reverse proxy
323–324
overview of 19, 464, 478

680 INDEX

S self-signed certificate, creating SQL injection attacks,
541–544 avoiding 566–567
SaaS (Software-as-a-Service)
410 using OpenSSL on Linux or SRP (single responsibility
MacOS 543–544 principle) 46
SaveChanges( ) method 363
SCD (self-contained using PowerShell on Stack Overflow 5, 13
Windows 541–542 Startup class 44–51
deployments) 468
scoped lifetime 296–297 semantic logging 513 middleware, handling
<script> tag 548 SemVer (semantic versioning) requests with 47–51
secrets, storing 315–318
sections, parent layouts, over- 23 overview of 67, 278
services, adding and
riding with 196–198 separation of concerns 102
security 534–571 Seq 517 configuring 45–47
Serilog library 517–521 Startup file, using for integra-
cross-origin resource sharing servers, validation on 168–171
(CORS) 556–564 service locator pattern 277 tion tests 630–632
ServiceFilterAttribute class 370, Startup.Configure( ) method
adding to specific MVC
actions with EnableCors- 398 140, 583
Attribute 561–562
services Startup.ConfigureServices( )
adding with middleware adding and configuring method 559, 590
559–560 45–47
static files, handling 70–73
configuring policies registering 276 static void Main function 41,
562–564 shared libraries, target
463
general discussion framework 657–658
556–559 shared markup, using layouts StaticFileMiddleware 50–51,
67, 70
cross-site request forgery for 194–196
(CSRF) attacks 551–556 sharing code between projects status codes 73
StatusCodePagesMiddleware
cross-site scripting (XSS) 647–655
attacks 548–551 62, 86–87, 89–90, 118
compatibility shim 654–655
HTTPS 535 .NET Standard 649–654 StatusCodeResult method 116,
enforcing for whole app Portable Class Libraries 118, 238, 242
545–548
648–649 strongly typed settings 320–325
IIS and IIS Express, set- IOptions interface 321–323
ting up 538–540 short-circuiting, filter 394–396 options classes, automatic
SignalR 16, 99 binding with 324–325
Kestrel, using directly in signing in reloading with IOptions-
544–545 Snapshot 323–324
MVC controllers 420–422
self-signed certificate, to applications 404–405 structured logging 526–533
creating 541–544 signing out, with MVC adding provider to app
527–530
insecure direct object refer- controllers 420
ences, preventing 568 SignInManager 420 logging scopes 530–533
single responsibility principle overview of 513
open redirect attacks structured text 526
564–571 (SRP) 46 StructureMap 589
SingleOrDefault( ) method subsequent requests, authenti-
SQL injection attacks,
avoiding 566–567 361 cating users for
405–406
user passwords and data, single-page applications (SPAs)
protecting 568–571 9, 33, 94, 202, 235 Succeed( ) method 448
SuppressOutput( ) method
security-related links 665 singleton lifetime 297–298
segments 126 .sln file 39 596
Select Tag Helper 220–224 soft deletion scenarios 365
Select( ) method 358 Software-as-a-Service (SaaS) symbol 206
SelectListItem 221 synchronizer token pattern 552
Selenium 610 410 synchronous commands 366
self-contained deployments systemd 478
Solution Explorer 414–416 <system-info> element 592
(SCD) 468 <span> element 212, 225 System.Security.Claims
SPAs (single-page applications)
namespace 429
9, 33, 94, 202, 235

SQL (Structured Query
Language) 336

INDEX 681

T creating TestServer using creating test project
628–630 611–612
Tag Helpers 175–233
Anchor 228–229 rendering Razor views dotnet test 613–614
Append Version 229–230 632–635 Fact and Theory unit tests
cache-busting query strings
229–230 Startup file, using for inte- 617–620
gration tests 630–632
conditional markup, using failure conditions, testing
with 230–233 xUnit test fixtures 635–637 620–621
unit testing with xUnit
customizing 591–597 referencing app from test
conditionally hiding ele- 610–621 project 614–617
ments with 595–597 creating test project
printing environment Universal Windows Platform
information 592–595 611–612 (UWP) 646
Fact and Theory unit tests
Environment 230–233 unstructured text 526
forms, creating 209–228 617–620 updating entities with EF Core
failure conditions, testing
Form Tag Helper 214–215 361
Input and Textarea Tag 620–621
referencing app from test Url.Action method 145
Helpers 217–220 URLs
Label Tag Helper 215–216 project 614–617
Select Tag Helper 220–224 with dotnet test 613–614 arbitrary, matching with
Validation Message and TestServer, creating with Test catch-all parameter
139–140
Validation Summary Host package 628–630
Tag Helpers 225–228 <textarea> element 220 configuring 480
generating links with Textarea Tag Helper 217–220 using configuration values
228–229 Theory unit tests 617–620 481–485
in editors 206–209 third-party dependency injec-
target frameworks 655–662 using environment
for ASP.NET Core app tion containers variable 481–485
656–657 589–591
tight coupling 103 generating from route
referencing .NET Framework Timestamp_MigrationName.cs parameters 142–147
libraries from .NET format 350
Standard projects to Url.RouteUrl method 145 based on action names
658–662 token replacement, reducing 143–144
duplication with
shared libraries and NuGet 253–254 based on route names
packages 657–658 tooling support 191 144–145
transient dependencies 296
TargetFramework element 41, transient lifetime 295–296 with ActionResults
656 true deletion scenarios 364 145–147
TryAdd 289
TechEmpower 13 TryAddScoped namespace 289 Use extension 578–581
templates two-factor authentication (2FA) UseConfiguration( ) method
410
creating applications 32–34 TypeFilterAttribute class 370, 483
for ASP.NET Core Identity 398
UseDeveloperExceptionPage( )
project 412–414 U method 48
overview of 29
Razor views 54–60 unauthorized users UseEnvironment( ) method
route 131–133 handling unauthorized 331
Solution Explorer 414–416 requests 439–440
test fixtures 635–637 hiding elements for 456–460 UseHttps( ) method 544
testing 607–643 UseIISIntegration( ) method
custom middleware 621–624 unit testing
in ASP.NET Core 608–610 custom middleware 621–624 307, 473, 547
in-memory EF Core MVC controllers 624–627
with xUnit 610–621 UseIntegration( ) method 538
providers 637–643 UseKestrel( ) method 307, 544
MVC controllers 624–627 UseMvc( ) method 107, 129
Test Host package 627–637 User Secrets manager 316–318
UserBindingModel 209
users

in ASP.NET Core 402–403
managing 428–431
passwords and data,

protecting 568–571
UserSecretsId property 318
UserSecretsIdAttribute 318
UseSerilog( ) method 518

682 INDEX

UseSqlite( ) method 638 _ViewImports, importing com- web host, building, Program
UseStartup<> method 42 mon directives with class 41–43
UseStatusCodePages( ) method 200–201
WebForms 209
87 ViewResult 117 WebHostBuilder 42
UseWelcomePage( ) method views, adding for Identity WebHostBuilder.Configure-

69 427–428 Logging( ) method 515
UWP (Universal Windows _ViewStart, running code with WebHost.CreateDefault-

Platfor+m) 646 201–203 Builder( ) method 306,
VSTS (Visual Studio Team 473, 633
V WebRootPath property 48
Services) 469 WebSockets 99
ValidateModelAttribute 387 WelcomePageMiddleware 67,
ValidateScopes option 300 W 69, 179
validation 164–173 Windows
WCF (Windows Communica- development environment
DataAnnotations attributes, tion Foundation) 16 for 24–25
using for 165–167 self-signed certificate,
Web API 234–264 creating 541–542
need for 164–165 attribute routing 246–255 Windows Communication
on client 171–173 combining route attributes Foundation (WCF) 16
on server 168–171 251–253 WithOrigins( ) method 564
validation attributes multiple matching actions,
custom 601–606 handling with 254–255 X
overview of 366 ordering of routes
Validation Message Tag Helper 249–251 X-Forwarded-Proto header 547
token replacement, reduc- XML data
225–228 ing duplication with
Validation Summary Tag 253–254 binding to 255–258
authentication in 383–384, output-formatting support,
Helper 225–228 406–410
ValidationAttribute class 167, controllers, creating 238–242 adding 260–262
error handling middleware, XSS (cross-site scripting)
602 disabling 90–92
ValidationSummary enum formatting response attacks 548–551
258–264 overview of 535
value 225 content negotiation xUnit
video links 667 262–264 creating test project 611–612
view components, custom customizing default dotnet test 613–614
formatters 260–262 Fact and Theory unit tests
597–601 general discussion 235–238
view models input formatters, enabling 617–620
additional 255–258 failure conditions, testing
adding for Identity 427–428 MVC design pattern, apply-
generating response using ing to 242–246 620–621
referencing app from test
101–102 web frameworks, using 4
overview of 53, 151, 175, 245 project 614–617
view rendering logic 598 test fixtures 635–637
view templates, injecting ser- xunit command 613

vices into 291–292
View( ) method 53
ViewData dictionary 57

MORE TITLES FROM MANNING

.NET Core in Action

by Dustin Metzgar
ISBN: 9781617294273
275 pages
$44.99
June 2018

Entity Framework Core in Action

by Jon P Smith
ISBN: 9781617294563
470 pages
$49.99
May 2018

C# in Depth, Third Edition

by Jon Skeet
ISBN: 9781617291340
616 pages
$49.99
September 2013

For ordering information go to www.manning.com

MORE TITLES FROM MANNING

Concurrency in .NET

Modern patterns of concurrent and
parallel programming
by Riccardo Terrell

ISBN: 9781617292996
528 pages
$59.99
May 2018

Get Programming with F#

A guide for .NET developers
by Isaac Abraham

ISBN: 9781617293993
448 pages
$44.99
February 2018

Metaprogramming in .NET

by Kevin Hazzard and Jason Bock
ISBN: 9781617290268
360 pages
$44.99
December 2012

For ordering information go to www.manning.com

Overview of an MVC request using ASP.NET Core

1. HTTP request is 2. Request is forwarded to ASP.NET 15. HTTP response with
made to the server. Core by IIS/NGINX/Apache. HTML is sent to browser.

GET /person/1 HTTP/1.1 Reverse proxy HTTP/1.1 200 OK
Host: thewebsite.com (IIS/NGINX/Apache) Content-Type: text/html
Connection: keep-alive ...

3. ASP.NET Core handles ASP.NET Core web server 14. Both request and response
the request and passes (Kestrel) pass through each middleware.
to middleware.
Static file middleware
4. The request passes
through each middleware.

5. The request is matched to Middleware pipeline
a route using routing table.
Authentication middleware
Routing table
Routing
/person/{id} Controller: Route
PersonController
Values: Id=1

/person Controller: 13. The HTML result passes back
PersonController through the middleware pipeline.

6. The route is used to find a Controller & 12. Both request and response
pass through each filter.
controller and action to execute. action selection
Authorization filter
7. The request passes
through the filter pipeline.

Filter pipeline

8. The action optionally queries Response cache filter
database, and performs CRUD.
Returns data.

Database Action
invocation

9. The action generates a ViewModel 11. The HTML result is passed back
and passes it to the view. through the MVC filter pipeline.

ViewModel HTML

View generation

10. The Razor template is executed, using
the provided ViewModel to generate HTML.

.NET DEVELOPMENT

ASP.NET Core IN ACTION See first page

Andrew Lock

T he dev world has permanently embraced open platforms “Comprehensive coverage
with flexible tooling, and ASP.NET Core has changed with of the latest and greatest
it. This free, open source web framework delivers choice ”.NET technology.
without compromise. You can enjoy the benefits of a mature, —Jason Pike
well-supported stack and the freedom to develop and deploy Atlas RFID Solutions
from and onto any cloud or on-prem platform.
“A thorough and easy-to-
ASP.NET Core in Action opens up the world of cross-platform
web development with .NET. You’ll start with a crash course read training guide to the
in .NET Core, immediately cutting the cord between ASP.NET future of Microsoft cross-
and Windows. Then, you’ll begin to build amazing web appli-
cations step by step, systematically adding essential features ”platform web development.
like logins, configuration, dependency injection, and custom —Mark Harris, Microsoft
components. Along the way, you’ll mix in important process
steps like testing, multiplatform deployment, and security.

What’s Inside “An outstanding

● Covers ASP.NET Core 2.0 presentation of the concepts
● Dynamic page generation with the Razor templating and best practices.

engine Explains not only what to do,
● Developing ASP.NET Core apps for non-Windows servers
● Clear, annotated examples in C# ”but why to do it.

Readers need intermediate experience with C# or a similar —Mark Elston, Advantest America
language.
“Superb starting point
Andrew Lock has been developing professionally with ASP.NET
for the last seven years. His focus is currently on the ASP.NET for .NET Core 2.0 with
Core framework. valid and relevant

”real-world examples.

—George Onofrei, Devex

To download their free eBook in PDF, ePub, and Kindle formats, owners
of this book should visit manning.com/books/asp-net-core-in-action

M A N N I N G $49.99 / Can $65.99 [INCLUDING eBOOK]