The MVC Framework

2016 olympics

Task: Fence Factory

What is Web Application Penetration Testing?

What is a vulnerability?

System.Data.Edm.EdmEntityType: : EntityType '???' has no key defined. Define the key for this EntityType

what is wrong with webforms
1) Less testability ( as long as your data(Data structure class/view model) is fragmented in page, less is it testable . That is where MVVM win over every other models.

2) Viewstate keeps growing( this is a gift to developer initially-- as the page/gets more complicated with more controls, more is the size of network load. Ajax ,jquery supported webforms a lot. But still that did not suffice the demands. that is where MVC started winning.

3) Demand on webdevelopment has increased over time(against windows apps). So is the variations of requirements.

4) The main drawback of the MVC framework is that it is a while before a web application takes shape. You have to begin with model / controller first. you almost have the design and sequence diagram and concrete workflow before you start VIEW or UI) implementation.

5) If you are looking to put together a quick-and-dirty demo, then Web Forms offers a better prospect.v

In asp.net forms page Request (HttpRequest object) gives details of Request

 Request.Path 
 Request.HttpMethod
Request.Querystring["what"]
Request.AcceptTypes
Request.Browser
Request.Cookies
Request.Form
Request.Headers
Request.HttpMethod
Request.IsAuthenticated
Request.IsLocal
Request.Params
Request.Path
Request.QueryString
Request.Url
Request.UserAgent

HttpResponse  useful properties and methods
ContentType ,Cookies ,Headers IsClientConnected ,
RedirectLocation, Status, StatusCode,
AppendCookie(HttpCookie) AppendHeader(string, string) Clear() ClearContent()
ClearHeaders() End() Redirect(string) Redirect(string, bool) Write(string)
 Writes the contents of the string parameter to the response.
 
HttpServerUtility useful methods
ClearError()  GetLastError()  HtmlEncode(string) HtmlDecode(string)
Transfer(string) Transfer(string, bool) UrlEncode(string) UrlDecode(string) 
 
state

Form Input -- whatever you filled in the controls in last render

ViewState  Ex:ViewState["myString"]   save only serializable objects System.Web.UI.StateBag
Sessionstate        This is a propery bag too  System.Web.SessionState.HttpSessionState
applicationstate  System.Web.HttpApplicationState
cookies                     
hiddenfields
session identifier is included in the response the data stored remains on the server. This reduces network load and increases load on server.

session identifier is passed to the client as a cookie.
we can use "cookieless" session state to put session identifier in url. or use autodetect to fallback only if necessaryv

[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode= AspNetCompatibilityRequirementsMode.Allowed)]