book

Mastering C# and .NET Framework

Name: Mastering C# and .NET Framework
Author: Marino Posadas
ISBN: 9781785884375

by Marino Posadas

December 2016

Intermediate to advanced

560 pages

13h 4m

English

Packt Publishing

Read now

Unlock full access

Mastering C# and .NET Framework
Table of Contents
Mastering C# and .NET Framework
Credits
About the Author
Acknowledgements
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and moreWhy subscribe?
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Inside the CLR
An annotated reminder of some important computing termsContextThe OS multitask execution modelContext typesThread safetyStateProgram stateSerializationProcessThreadSysInternalsStatic versus dynamic memoryGarbage collectorConcurrent computingParallel computingImperative programmingDeclarative programming
The evolution of .NET
.NET as a reaction to the Java WorldThe open source movement and .NET CoreCommon Language RuntimeCommon Intermediate LanguageManaged executionComponents and languagesStructure of an assembly fileProgram executionMetadataIntroducing metadata with a basic Hello WorldPreJIT, JIT, EconoJIT, and RyuJITCommon Type SystemNaming conventions, rules, and type access modesMembers of a typeA quick tip on the execution and memory analysis of an assembly in Visual Studio 2015The stack and the heapGarbage collectionImplementing algorithms with the CLRData structures, algorithms, and complexityBig O NotationAn approach to performance in the most common sorting algorithmsRelevant features appearing in versions 4.5x, 4.6, and .NET Core 1.0 and 1.1.NET 4.5.x.NET 4.6 (aligned with Visual Studio 2015).NET Core 1.0.NET Core 1.1
Summary
2. Core Concepts of C# and .NET
C# – what's different in the language?
Languages: strongly typed, weakly typed, dynamic, and static
The main differences
The true reason for delegates
The evolution in versions 2.0 and 3.0
GenericsCreating custom generic types and methodsLambda expressions and anonymous typesLambda expressionsIt's all about signaturesThe LINQ syntaxLINQ syntax is based on the SQL languageDeferred executionJoining and grouping collectionsType projectionsExtension methods
Summary
3. Advanced Concepts of C# and .NET
C# 4 and .NET framework 4.0Covariance and contravarianceCovariance in interfacesCovariance in generic typesCovariance in LINQContravarianceTuples: a remembranceTuples: implementation in C#Tuples: support for structural equalityTuples versus anonymous typesLazy initialization and instantiationDynamic programmingDynamic typingThe ExpandoObject objectOptional and named parametersThe Task object and asynchronous calls
C# 5.0: async/await declarations
What's new in C# 6.0
String interpolationException filtersThe nameof operatorThe null-conditional operatorAuto-property initializersStatic using declarationsExpression bodied methodsIndex initializers
What's new in C# 7.0
Binary literals and digit separatorsPattern matching and switch statementsTuplesDecompositionLocal functionsRef return values
Summary
4. Comparing Approaches for Programming
Functional languagesF# 4 and .NET FrameworkThe inevitable Hello World demoIdentifiers and scopeListsFunction declarationsThe pipeline operatorPattern matchingClasses and typesCasting
The TypeScript language
The new JavaScriptTypeScript: a superset of JavaScriptSo, what exactly is TypeScript?Main features and coalitionsInstalling the toolsTranspiling to different versionsAdvantages in the IDEA note on TypeScript's object-oriented syntaxMore details and functionality
Summary
5. Reflection and Dynamic Programming
Reflection in the .NET FrameworkCalling external assembliesGeneric ReflectionEmitting code at runtimeThe System.CodeDOM namespaceThe Reflection.Emit namespace
Interoperability
Primary Interop AssembliesFormatting cellsInserting multimedia in a sheetInterop with Microsoft WordOffice appsThe Office app default projectArchitectural differences
Summary
6. SQL Database Programming
The relational modelProperties of relational tables
The tools – SQL Server 2014
The SQL languageSQL Server from Visual Studio
Data access in Visual Studio
.NET data accessUsing ADO.NET basic objectsConfiguring the user interface
The Entity Framework data model
Summary
7. NoSQL Database Programming
A brief historical context
The NoSQL world
Architectural changes with respect to RDBMSQuerying multiple queriesThe problem of nonnormalized dataData nestingAbout CRUD operations
MongoDB on Windows
File structure and default configurationSome useful commandsOperatorsAltering data – the rest of CRUD operationsText indexes
MongoDB from Visual Studio
First demo: a simple query from Visual StudioCRUD operationsDeletionInsertionModifications and replacements
Summary
8. Open Source Programming
Historical open source movementsOther projects and initiativesOpen source code for the programmerOther languages
The Roslyn project
Differences from traditional compilersGetting started with RoslynA first look at Microsoft Code Analysis ServicesCode AnalyzersAn entire open source sample for you to check: ScriptCSA basic project using Microsoft.CodeAnalysisThe first approach to code refactoringDebugging and testing the demo
TypeScript
Debugging TypeScriptDebugging TypeScript with ChromeInterfaces and strong typingImplementing namespacesDeclarations, scope, and IntellisenseScope and encapsulationClasses and class inheritanceFunctionsArrays and interfacesMore TypeScript in actionThe DOM connection
Summary
9. Architecture
The election of an architectureThe Microsoft platformA universal platformThe MSF application modelThe Team ModelThe Governance ModelThe Risk ModelRisk evaluationRisk assessmentRisk action plans
CASE tools
The role of Visio
A first example
The database design
Creating the demo application in Visual StudioWebsite designReportsMany other optionsBPMN 2.0 (Business Process Model and Notation)UML standard support
Visual Studio architecture, testing, and analysis tools
Application's architecture using Visual StudioClass diagramsTestingTesting our application in Visual StudioThe Analyze menu
The end of the life cycle – publishing the solution
Summary
10. Design Patterns
The origins
The SOLID principles
Single Responsibility principleAn example
Open/Closed principle
Back to our sample
Liskov Substitution principle
Back to the code againOther implementations of LSP in .NET (Generics)
Interface Segregation principle
Dependency Inversion principle
A final version of the sample
Design patterns
SingletonThe Factory patternThe Adapter patternThe Façade patternThe Decorator patternThe Command patternAn example already implemented in .NETThe Observer patternThe Strategy pattern
Other software patterns
Other patterns
Summary
11. Security
The OWASP initiative
The OWASP Top 10
A1 – injection
SQL injectionPreventionThe case for NoSQL databases
A2 – Broken Authentication and Session Management
The causesPrevention.NET coding for A2Desktop applicationsWeb applications
A3 – Cross-Site Scripting (XSS)
Prevention
A4 – Insecure Direct Object References
Prevention
A5 – Security Misconfiguration
Possible examples of attacksPrevention – aspects to considerPrevention – measures
A6 – Sensitive Data Exposure
A7 – Missing Function-level Access Control
Prevention
A8 – Cross-Site Request Forgery
Prevention
A9 – Using components with known vulnerabilities
A10 – Invalidated redirects and forwards
Summary
12. Performance
Application Performance EngineeringThe toolsAdvanced options in Visual Studio 2015Advanced options in the Diagnostic Tools menuOther toolsThe process of performance tuningPerformance CountersBottleneck detectionBottleneck detection in practiceUsing code to evaluate performanceOptimizing web applicationsIIS optimizationASP.NET optimizationGeneral and configurationCachingData accessLoad balancingClient side
Summary
13. Advanced Topics
The Windows messaging subsystemThe MSG structure
Sub-classing techniques
Some useful tools
Platform/Invoke: calling the OS from .NET
The process of platform invocationWindows Management InstrumentationCIM searchable tables
Parallel programming
Difference between multithreading and parallel programming
Parallel LINQ
Dealing with other issuesCanceling execution
The Parallel class
The Parallel.ForEach version
Task Parallel
Communication between threads
.NET Core 1.0
The list of supported environmentsCore FXCore CLRCore RTCore CLIInstallation of .NET CoreThe CLI interface
ASP.NET Core 1.0
What's newA first approachConfiguration and Startup settingsSelf-hosted applicationsASP.NET Core 1.0 MVCManaging scripts
NET Core 1.1
Summary
Index

Content preview from Mastering C# and .NET Framework

A7 – Missing Function-level Access Control

This feature has to do with authorization, as it happened with other previous features. The problem here is accessing some parts of the application for which the user is not authorized, for instance, a non-administrator user accessing the private wage records of the rest of the company). As usual, the official documentation states the problem precisely:

Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781785884375

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mastering C# and .NET Framework

by Marino Posadas

A7 – Missing Function-level Access Control

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.