| |
browse.develop.com
Browse.develop.com is a community that was established to collect and
organize valuable web information. Our technical staff have selected and
indexed information and courses that they feel will help you stay
current on best practices across the SDLC.
|
6 Articles match "LINQ"
See all articles with
"LINQ"
| The Latest from www.leastprivilege.com | MORE | | Securing WCF Data Services using WIF New up your derived class, set the token and use e.g. LINQ to query the Data Service. This questions comes up every once in a while. Since WCF Data Services is just a normal WCF service (using the web programming model), all the typical security APIs and extensibility points apply. That said, depending on your scenario you might have to be a little more creative for REST-style services. Here’s a quick walkthrough: Enabling WIF in the Data Service. The easiest way to get WIF wired up is by writing a custom service host factory. protected override ServiceHost CreateServiceHost(. www.leastprivilege.com - Monday, February 15, 2010 SQL Data Services Query Injection The “query language” of SQL Data Services is basically a LINQ statement as a string, e.g.: from e in entities where e["username"] == "{0}" && e["password"] == "{1}" select e. use e.g. the Single() LINQ operator on the returned entity list when you know that only one entity should be returned (otherwise something must be wrong). Do you see a problem here? Of course string concatenation combined with "no-schema” flex entities allows all kinds of injections. Marcus and I did some tests, e.g. try entering the following username for the above statement: foo" || "" == ". www.leastprivilege.com - Tuesday, January 20, 2009 LeastPrivilege.IdentityModel v2 This is mostly syntactic sugar because the new model is very LINQ friendly and you can easily write the queries yourself – but it makes the code easier to read IMO. Looking at the download numbers, my add-on library for System.IdentityModel was quite popular. Some days ago I started looking the code to see what could be still useful in the face of Geneva. The good news is, that a lot of my helper classes are not necessary anymore thanks to the easier claims model in Geneva. Like in the first release, I added a bunch of extensions methods that make finding and demanding claims easier. www.leastprivilege.com - Sunday, December 7, 2008 | | The Best from www.leastprivilege.com | MORE | | Securing WCF Data Services using WIF New up your derived class, set the token and use e.g. LINQ to query the Data Service. This questions comes up every once in a while. Since WCF Data Services is just a normal WCF service (using the web programming model), all the typical security APIs and extensibility points apply. That said, depending on your scenario you might have to be a little more creative for REST-style services. Here’s a quick walkthrough: Enabling WIF in the Data Service. The easiest way to get WIF wired up is by writing a custom service host factory. protected override ServiceHost CreateServiceHost(. www.leastprivilege.com - Monday, February 15, 2010 LINQ to SQL and Security Recently I played around with LINQ to SQL and think it is a compelling (and time saving) way to do database interactions. The thing I really like about LINQ to SQL is that it does the right thing by default (security wise) when it comes to parameters. So if you really like ad hoc SQL - but for some reason are too lazy to work with parameters, LINQ is a compelling alternative (again purely from a security view). This is where LINQ to SQL comes in really handy for me - basically as a nice Sproc to C# code generator. What is wrong with SQL parameters? ;). select new. {. www.leastprivilege.com - Friday, March 21, 2008 Installing an IIS 7 Extension For completeness sake, here's how you can find the right management classes in the assembly (and because I was amused about 'Linq to Reflection' ;). Related to cleaning up my authentication module for Codeplex , I needed a way to (semi) automatically install a complete IIS extension (including schema, config sections and management extensions). came up with a batch file that does the necessary steps (anybody out there that wants to write a real installer?). Register all assemblies in the GAC. Gacutil.exe is your friend here (use the /if option). Register schema and config section. www.leastprivilege.com - Saturday, April 19, 2008 | - System Accounts and SQL Server 2005
Here's the long story: I was writing some test code for LINQ to SQL (see here ) in ASP.NET. I recently ran into a strange situation - I was expecting an "access denied" but it didn't happen (yes - security guys are strange people ;). Since this was on a freshly installed box I was expecting an access denied since I hadn't created a SQL login for Network Service yet. But it worked - I could successfully query (and update) data in all databases. Shock. After some investigation I found the reason for this behavior. MACHINESQLServer2005MSSQLUser$.) and puts Network Service in there. www.leastprivilege.com - Monday, May 26, 2008 - LeastPrivilege.IdentityModel v2
This is mostly syntactic sugar because the new model is very LINQ friendly and you can easily write the queries yourself – but it makes the code easier to read IMO. Looking at the download numbers, my add-on library for System.IdentityModel was quite popular. Some days ago I started looking the code to see what could be still useful in the face of Geneva. The good news is, that a lot of my helper classes are not necessary anymore thanks to the easier claims model in Geneva. Like in the first release, I added a bunch of extensions methods that make finding and demanding claims easier. www.leastprivilege.com - Sunday, December 7, 2008 - SQL Data Services Query Injection
The “query language” of SQL Data Services is basically a LINQ statement as a string, e.g.: from e in entities where e["username"] == "{0}" && e["password"] == "{1}" select e. use e.g. the Single() LINQ operator on the returned entity list when you know that only one entity should be returned (otherwise something must be wrong). Do you see a problem here? Of course string concatenation combined with "no-schema” flex entities allows all kinds of injections. Marcus and I did some tests, e.g. try entering the following username for the above statement: foo" || "" == ". www.leastprivilege.com - Tuesday, January 20, 2009 %>
98 Articles match "LINQ"
See all articles with
"LINQ"
| The Latest from DevelopMentor | MORE | | Reblogged: What should I learn to get started in.NET and web development? LINQ (simple focus on LINQ to objects). '[ Note : I am reblogging this post which originally was posted to the LearningLine blog. Hope you all find it useful here as well]. recently had a conversation with someone who is looking to make a fresh start and become a developer (coming from other IT positions). The question they had was: What should I learn to get started in.NET and web development? Now this question was starting from a position of “I’d like to get started with.NET and the web. How do I do that?” That’s another blog post. :). jQuery basics. Michael C. Kennedy's Weblog - Monday, May 6, 2013 A Roundup of MongoDB Management Tools LINQPad lets you interactively query databases in a modern query language: LINQ. Filed under: NoSQL Tagged: LINQ , NoSQL , Open Source. NoSQL LINQ Open Source 'I’ve been working with MongoDB for a long time now. Back in the early days, there really were no management tools analogous to RDBMS tools (e.g. SQL Server Management Studio ). Since then, things have changed significantly. It’s time to look around and see what management / monitoring tooling is around these days for MongoDB. The news is good. link]. Admin GUI). Multiple shells. Multiple results. link]. Michael C. Kennedy's Weblog - Monday, April 22, 2013 Optimistic concurrency in MongoDB using.NET and C# All you do is call save and access entities via LINQ queries. 'This article demonstrates a technique and supporting library for adding optimistic concurrency control to NoSQL databases and MongoDB in particular. Quickly, what is optimistic concurrency control? Ideally, all databases that allow concurrent access or disconnected access need to implement some form of concurrency control. This usually comes in two flavors: Pessimistic concurrency control. Optimistic concurrency control. Pessimistic concurrency control is usually used when working heavily within transactions. Edit in memory. Michael C. Kennedy's Weblog - Monday, April 8, 2013 | -
| The Best from DevelopMentor | MORE | - A Roundup of MongoDB Management Tools
LINQPad lets you interactively query databases in a modern query language: LINQ. Filed under: NoSQL Tagged: LINQ , NoSQL , Open Source. NoSQL LINQ Open Source 'I’ve been working with MongoDB for a long time now. Back in the early days, there really were no management tools analogous to RDBMS tools (e.g. SQL Server Management Studio ). Since then, things have changed significantly. It’s time to look around and see what management / monitoring tooling is around these days for MongoDB. The news is good. link]. Admin GUI). Multiple shells. Multiple results. link]. - The NoSQL Movement, LINQ, and MongoDB - Oh My!
Interact with the database using LINQ. Shortly we’ll look at an example where we build out a disconnected, offline RSS reader that uses MongoDB and LINQ to store its data. You have several options when choosing how to access MongoDB from.NET but generally that means using LINQ and a light-weight object-mapper on top of MongoDB itself. Then we’d use LINQ to SQL or Entity Framework to generate the ORM classes. We begin by generating the objects (Blog, RssEntry, etc) in memory and then serializing them via NoRM to MongoDB much as you would in LINQ to SQL. Ok, ok. Michael C. Kennedy's Weblog - Thursday, April 22, 2010 - What’s new in.NET Framework 4.5
click for larger version): NET ASP.NET C# LINQ VB.NET WCF WF WPFJust came across this great picture of what’s new in.NET Framework 4.5 DevelopMentor Courses - Monday, October 31, 2011 - Streaming XML using LINQ to XML (continued)
Richard Blewett reminded me that the XmlReader.ReadSubtree method makes it even easier to use LINQ to XML with a streaming approach. NET LINQThe code sample below will load nodes from an arbitrary XML files and yield them to the caller as they’re read from file: static IEnumerable Load( string filename, string elementName). {. XmlReaderSettings settings = new XmlReaderSettings(); settings.IgnoreWhitespace = true ; using (XmlReader reader = XmlReader.Create(filename, settings)). {. while (reader.ReadToFollowing(elementName)). {. // build element from subtree. DevelopMentor Courses - Tuesday, November 1, 2011 - Introducing MongoDB and LINQ at Mongo Seattle 2011
forgot to publish it on my … Continue reading → NoSQL.NET Conferences LINQ SpeakingHere’s a video of a short talk I gave at Mongo Seattle 2011 which is a quick getting started with.NET & MongoDB session. Enjoy! mkennedy PS – Yeah, it’s from last year. %>
| |   |
