Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
This post was edited and submitted for review 8 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
WebAPI 2.0 not created as MVC
What are the security measures that need to be taken care of to prevent XSS attacks in WebAPI? I have gone through the below article
https://learn.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-3.0 but it is representing MVC application. There is no startup.cs. I have this as my Global.asax.cs
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
System.Web.Http.GlobalConfiguration.Configure(WebApiConfig.Register);
System.Web.Http.GlobalConfiguration.Configuration.Formatters.Clear();
System.Web.Http.GlobalConfiguration.Configuration.Formatters.Add(new JsonMediaTypeFormatter());
AreaRegistration.RegisterAllAreas();
RouteConfig.RegisterRoutes(RouteTable.Routes);
Hangfire.GlobalConfiguration.Configuration.UseSqlServerStorage("HangfireConnection");
}
}
I think this does not apply to Web API or .Net Core. Instead, you can read the Angular docs about XSS here: https://angular.io/guide/security#xss
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 months ago.
Improve this question
I currently building in next.js. I am coming from a MEAN app where I was using passport.js for authentication.
I have seen that in NextJs I can still use passport.js or next-auth.
I am wondering what are the pros of cons of using one over the other. And is there one "more suitable" for next.js
since nextauth is designed specifically for nextjs, that one would be more suitable.
and stop using angluar :)
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
Is there a way to use Firebase Authentication in Blazor platform?
I found ways to use facebook and google authentication natively, but I save the firebase user id in my database and I would like to use firebase authentication for this particular reason.
Firebase use OAuth2 you need a Service account and the its private key file.
You can use Google.Apis.Auth. Not sure it work on client-side.
You can take a look at https://github.com/aguacongas/Identity.Firebase/tree/master/src/Aguacongas.Firebase.Authentication to have a sample in .Net.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
How can I get a list of all users in a controller?
I googled and only found solutions for ASP.NET MVC.
That's probably because it really hasn't changed. Assuming you're using Identity:
var users = await context.Users.ToListAsync();
IdentityDbContext<TUser> has a DbSet<TUser> property named Users as it always had. You can utilize it just like any other DbSet.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
So I'm trying to set up Autofac with MVC 5 and Web API 2 but i keep getting this error at runtime:
https://gyazo.com/b29dfb41431684f1b61d0fdd1c359765
I have no clue where to start looking for a potential fix
Thanks in advance!
This is a version problem. You are probably using the wrong version of Autofac.Integration.Mvc (maybe the one for MVC3 or MVC4).
First remove all references to Autofac.MVC you have in your solution.
Then install Autofac ASP.NET MVC 5 Integration running the following command in the Package Manager Console:
Install-Package Autofac.Mvc5
Hope it helps :)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I have been writing my own api for my site, the api will only allow a consumer to read basic information.
Somebody suggested to me that I gave the consumer a public and private API key. The private API key would be for server side scripts such as php so the public can't view it and use it in a wrong way, and then a public key would be for languages such as javascript. For the public api key they told me I would have to check the original source of the request and match it to a url in my database.
But the way I was going to check the URL the request was coming from was by checking the refer, but I know that the referrer can be changed, so this wouldn't be a good idea.
I'm looking for a way to check the referring URL properly which is very reliable. Or could anyone suggest to me a difference way of doing this API?