Don't Use Cookie-Based Authentication for Client Web API Calls Without CSRF Protection

For years, ASP.NET developers have used cookie-based authentication sessions (also called Forms authentication) to secure their Web pages. There's nothing wrong with doing that for your server-rendered pages, but as people start moving into developing Single-Page Applications with frameworks such as Angular, they need to realize that leveraging the cookie-based session for the client JavaScript Web API (AJAX) calls opens them up to a Cross-Site-Request-Forgery (CSRF/XSRF) attack.

More

Posted by Brian Noyes on 05/20/20150 comments


Automatically Sort C# Objects

Whenever you create a C# class definition, consider adding one extra method so you can automatically sort object instances. It's easy and well worth the minimal extra effort. For example, suppose you've defined:

public class Employee
{
  public string name; 
  public string title; 
  // methods here
}

If you enhance the class as follows:

More

Posted by James McCaffrey on 05/18/20150 comments


Boost Business Apps with LightSwitch

The primary reason you might want to use WCF RIA Services with Visual Studio LightSwitch/Cloud Business Apps (SharePoint) is to:

  • Combine more than one entity into a single entity.
  • Eliminate unnecessary columns in an entity to improve performance (otherwise large amounts of data, such as pictures, will be transmitted even when they're not shown).
  • Implement calculated fields that let you search and sort resulting values.
More

Posted by Michael Washington on 05/12/20150 comments


Speaker Profile: Dr. James McCaffrey

If you've ever read MSDN Magazine or Visual Studio Magazine, or attended a Visual Studio Live! event, you've probably come across Dr. James McCaffrey. Dr. McCaffrey works at Microsoft Research in Redmond, Wash., but he spends a lot of time writing articles and presenting at developer events.

Dr. McCaffrey is fascinated by any form of activity that involves human interaction and combinatorial mathematics. Some examples of that include analyzing gambling games, such as "Blackjack Switch," and the study of betting behavior associated with professional sports. He enjoys examining software systems that have designs influenced by the behavior of biological systems, such as genetic algorithms and simulated bee colony algorithms, especially when applied to large-scale data mining and analysis.

More

Posted by Lafe Low on 05/06/20150 comments


Speaker Profile: Laurent Bugnion

If you've read any materials on Model-View-ViewModel (MVVM), Windows Presentation Foundation (WPF) or Xamarin, chances are you've seen the work of Laurent Bugnion. Based in Zurich, Switzerland, he is a prolific writer and speaker in the software development world. He's the author of the well-known open source framework MVVM Light Toolkit for Windows Phone, Windows Store, WPF, Xamarin, and of the popular Pluralsight reference course about MVVM Light. He's also the senior director for IdentityMine, a Microsoft gold partner for technologies such as WPF, Xamarin, Pixelsense, Windows Store, Windows Phone, Xbox and, generally, UX.

More

Posted by Lafe Low on 05/05/20150 comments


Diagnose Web Problems in Mobile Devices with Fiddler

Fiddler is a great help when diagnosing problems with Web sites, investigating performance concerns and modifying requests sent to Web servers. Because mobile devices are responsible for more traffic to Web sites, you should know how to use Fiddler for mobile clients, as well.

You can simply run Fiddler on your PC on its default port of 8888, configure it to "allow remote computers to connect" in Fiddler Options on the Connections tab, and ensure any firewall allows traffic on that port. Use ipconfig on the PC to determine its IP address. Then set the proxy server on the mobile device to point at the given IP address and port 8888.

More

Posted by Robert Boedigheimer on 05/01/20150 comments


5 Great Visual Studio Keyboard Shortcuts

Here are five of my favorite keyboard shortcuts in Visual Studio. There's a good chance at least one of them will be new to you. More

Posted on 04/17/20150 comments


Disable Mobile Redirect on Your Public-Facing SharePoint Sites

Sometimes when you try to navigate to a site from a mobile device, you'll be redirected to the SharePoint mobile version of that site. The mobile view is a bit of a throwback to a bygone era. It gives you a restricted text view designed to work on older devices. Nowadays, mobile browsers are much better and you would much rather see the site rendered using responsive design.

More

Posted by Bill Ayers on 04/16/20150 comments


Use CSS3 Features with Fallbacks for Older Browsers

Yes, it is possible to have your cake and eat it too. A good strategy is to use the latest CSS3 features in browsers that natively support them, but fallback to existing techniques like jQuery plug-ins or polyfills for older browsers. 

Modernizr is a great free JavaScript library that detects what HTML5 and CSS3 features a user agent supports. Opacity controls how transparent an element is. CSS3 now has an "opacity" property you can set from 0 (fully transparent) to 1 (fully opaque). Modernizr supports conditional loading, so if it detects the user agent doesn't support the new opacity property, it can download the jQuery core library, which offers cross-browser support for opacity. This provides the best performance for current devices, while ensuring all users have the same experience with the site. More

Posted by Robert Boedigheimer on 04/16/20150 comments


Remember the Parentheses on Your Knockout Observables

When you use KnockoutJS for data binding, you'll generally want to be binding to observable properties exposed from your ViewModel objects. An observable is an object declared with knockout:

{ customerName = ko.observable("");}

When you go to set that property, remember to call it as a function object with a call like:

More

Posted by Brian Noyes on 04/16/20150 comments


Keep Up-to-Date with Visual Studio Live!

Email address*Country*