Notes for BSc CSIT

 METHOD OVERRIDING In method overriding, you need to define the method of a parent class as a virtual method using virtual keyword and the method of child class as an overridden method using override keyword. It only redefines the implementation of the method. Here overriding is an object type. If you do not use the override keyword, then the compiler will not override the method. Instead of the overriding compiler will hide the method. In method overriding, when the base class reference variable pointing to the object of the derived class, then it will call the overridden method in the derived class. METHOD HIDING In method hiding, you just simply create a method in a parent class, and in the child class, you need to define that method using a new keyword. In method hiding, you can completely redefine the method. Here hiding is a reference type. If you do not use the new keyword, then the compiler will automatically hide the method of the base class. In the method hiding, when the bas

 Difference Between ASP.NET Web API and AS.NET MVC. 1. ASP.NET MVC is used to create web applications that return both views and data but ASP.NET Web API is used to create REST full HTTP services with an easy and simple way that returns only data, not view. 2. Web APT helps to build Restful services over the •Net Framework and it also supports content negotiation, self-hosting which are not in MVC. "Content negotiation (it's about deciding the best response format data that could be acceptable by the client. It could be ISON, XML, ATOM, or other formatted data) 3. In Web API the request is mapped to the action based on HTTP verbs but in MVC it's mapped to actions name. 4. Web API also takes care of returning data in particular format Jike JSON, XML, or any other based upon the Accept header in the request and we don't worry about that •MVC only return data in JSON format using JSON Resolt. 5. We can mix WEB API and MVC controller in a single project to handle advanced

 #MSIL (Microsoft Intermediate Language)  MSIL is known as Microsoft Intermediate Language. During the compile time, the compiler converts the source code into Microsoft Intermediate language (MSIL).  MSIL is a CPU-independent set of instructions that can be efficiently converted to the native code. During the run time the common Language Runtime (CLR)'s, Just In Time (JIT) compiler converts the Microsoft Intermediate Language (MSIL) code into native code to the 0S. or, When you write your application for the .NET framework with a language such as (C# or, VB.Net shop), source code is never compiled directly into machine code instead their compiler converts your code into a special named MSIL (Microsoft Intermediate language  Language).

 Introduction to Dot Net  The .NET is the technology from Microsoft, on which all other Microsoft technologies will be depending in the future. .NET is a software framework that is designed and developed by Microsoft. The first version of the Net framework was 1.0 which came in the year 2002. In easy words, it is a virtual machine for compiling and executing programs written in different languages like C#, VB.Net, etc. It is used to develop Form-based applications, Web-based applications, and Web services. There is a variety of programming languages available on the .Net platform, VB.Net and C# being the most common ones. It is used to build applications for Windows, phones, the web, etc. It provides a lot of functionalities and also supports industry standards. Features of .NET The following are features of .NET: Rich Functionality Out of the Box:  The .NET framework gives colorful functionality out of the box. It contains hundreds of modules that present a collection of functionality

 Common Language Runtime  The common language runtime is the foundation of the .NET Framework. CLR is the basic and Virtual Machine component of the .NET Framework. It is the run-time environment in the .NET Framework that runs the codes and helps in making the development process easier by providing various services such as remoting, thread management, type-safety, memory management, robustness, etc.  Basically, it is responsible for managing the execution of .NET programs regardless of any .NET programming language The functionality of the CLR include: Management of code at execution time. Code that targets the runtime is known as Managed code, while code that does into target the runtime is known as Unmanaged code. Memory management  Thread management. Enforcing strict type safety and other forms of code accuracy that promote security and robustness. The language interoperability, and .NET Class Framework, are not possible without all the languages sharing the same data types. Wh

 An HTML helper is just a method that returns an HTML string. The string can represent any type of content that you want. For example: We can use an HTML helper to render standard HTML tags like <input>, <button>, <img> tags etc We can also create our own HTML helper to render more complex content.  Types of HTML Helpers: a. Inline HTML helper: Created in same orang view by using the Razor @ helper tag.  Eg: <h3> Programming languages: </h3>   @Listing Items (new sting [ { "C","#" C++}) b. Builtin HTML: These helpers are extension methods on the Html Helper class.  Eg: TextBox : @ Html: TextBox ("Textbox1", "val")  output :- <input id ="Textbox 1" . name = ""Textbox1" type="text" value="val"/> c) Custom HTML helpers: We can create our own custom helper method by creating an extension method on the Html helper class.  Eg: public static class Custom Helper public stati

 ASP. Net core identity It is an API that supports user interface (UI) login functionality. Manage users, passwords, profile data, roles, claims, tokens, email confirmation, and more.  Identity is typically configured using SQL the server database to store the usernames, passwords, and profile data. 

  Docker Docker images are read-only templates used to build containers. Containers are deployed instances created from those templates · Images and containers are closely related and are essential in powering the Docker software platform. Containers Containerization is defined as a form of operating system virtualization, through which applications are run in isolated user spaces called containers, all using the same shared Operating system

 Deployment of Core Application In general to deploy on ASP.NET Core aa to a hosting environment: Deploy the published app to a folder on the hosting server. Set up a process manager that starts the app when a request arrives and restart the app after it crashes or the server reboots. For the configuration of a reverse proxy, set up a reverse proxy to forward requests to the app.

 Single Page Application: We bring to page application is a web application or website that interacts with the user by dynamically rewriting the current web page with new data of default of method of a web browser loading entire new page.  In SPA, a page occurs all the necessary HTML, CSS, JS  code is either retrieved by browser with a single page load or from appropriate resources that are dynamically loaded and added to the pages as per the user's actions. I by refresh never occurs, all browsers with a single load or from appropriate a resourced page dynamically for the loaded and added to the pages as per user actions. 

We can secure our application by performing the following tests: a)Static Testing  Analyses code at fixed points during its development. Useful for developers to ensure the security is being maintained or not. b) Dynamic testing Analyses during executing. More useful as it can stimulate attacks on production systems and reveal more complex patterns of systems. c)Interactive testing Combines elements of both static and dynamic testing. d)Mobile testing  Designed especially for mobile environments and can examine how others can leverage the mobile OS and apps running on that. e) B y testing the XSS, CSRF, SQL Injection method, by the developer itself by hiring a hacker.

The common vulnerabilities in Asp.NetCore is. a)Cross-Site Scripting (XSS) attacks. b) SQL injection attacks  c)Cross-Site Request Forgery (XSRF/ CSRF) Attacks : d) Open redirect attacks a)Cross-Site Scripting (XSS) attacks. Cross-Site Scripting (XSS) is a security vulnerability that enables an attacker to place client-side scripts (usually JavaScript) into web pages. When other users load affected pages the attacker's scripts will run, enabling the attacker to steal cookies and session tokens, change the contents of the web page through DOM manipulation or redirect the browser to another page. XSS vulnerabilities generally occur when an application takes user input and outputs it to a page without validating, encoding, or escaping it. Protecting your application against   Cross-site Scripting Attacks( XSS) At a basic level XSS works by tricking your application into inserting a <script> tag into your rendered page, or by inserting an On* event into an element. Developers sho

In client-side validation, the input data is checked as soon as they are submitted, for validation. So there is no post back to the server, like in server-side validation, and also there is no page refresh. Here, we are doing form validation using jQuery by using jQuery validation plug-ins. (jquery- validate.min.js and jquery.validate.undrussive.min.js) Step1:- First we create an Employee Model (Employee. cs class file under a Model folder) Using System.Component Model.Data-Annotations;  namespace Client Validation. Models { Public class Employee [Required (Error Message = "Name is Required")"]  public string Name {get ; set; } } } [Required (Emor Message = "username is required")]  publice string Username = { get; set;}  } } Step2:- Creat controller's action method: using System.Web.MVC;  using Client Validation.Models;  namespace Client Validation.Controllers;  { public class Employee Controller: Controller  {  public Action Result Index () { return View

  CACHE CLIENT-SIDE STRATEGIES 1)COOKIES, 2) QUERY STRINGS, 3) HIDDEN FIELDS 1)  Cookies A small file that is stored in the user hard drive using the client's browser. It stores information temporarily. It can be changed according to requirements. Examples Reading Cookie //read cookie from IHttpContext Accessor string cookieValueFromContext = httpContextAccessor.HttpContext.Request.Cookies["key"]; //read cookie from Request object string cookieValueFromReq = Request.Cookies[“key"]; Remove Cookie Response.Cookies.Delete(key); Writing cookie In this example, SetCookie method show how to write cookies. CookieOption is available to extend the cookie behavior. public void SetCookie(string key, string value, int? expireTime) { CookieOptions option = new CookieOptions(); if (expireTime.HasValue) option.Expires = DateTime.Now.AddMinutes(expireTime.Value); else option.Expires = DateTime.Now.AddMilliseconds(10); Response.Cookies.Append(key, value, option); } 2) Query String It

 SERVER-SIDE STRATEGIES: SESSION STATE, TEMP DATA, USING HTTPCONTEXT 1)Session State  Session state is an ASP.NET Core mechanism to store user data while the user browses the application. It uses a store maintained by the application to persist data across requests from a client. We should store critical application data in the user’s database and we should cache it in a session only as a performance optimization if required. ASP.NET Core maintains the session state by providing a cookie to the client that contains a session ID. The browser sends this cookie to the application with each request. The application uses the session ID to fetch the session data. A Session State Example We need to configure the session state before using it in our application. This can be done in the ConfigureServices() method in the Startup. cs class:          services.AddSession();  The order of configuration is important and we should invoke the UseSession() before invoking UseMVC().  Let’s create a contr

 Query String It is generally used for holding values It works temporarily It increases the performance of the app. Example We can pass a limited amount of data from one request to another by adding it to the query string of the new request. This is useful for capturing the state in a persistent manner and allows the sharing of links with the embedded state. public IActionResult GetQueryString(string name, int age) { User newUser = new User() { Name = name, Age = age }; return View(newUser); } Now let’s invoke this method by passing query string parameters:  /welcome/getquerystring?name=John&age=31 We can retrieve both the name and age values from the query string and display it on the page.  As URL query strings are public, we should never use query strings for sensitive data. In addition to unintended sharing, including data in query strings will make our application vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can trick users into visiting malicious sites while

  The HTTP protocol is called a stateless protocol because it only is inactive state until it gets the request and searches for response in the database. By the time, it gets data and responds with the result to the request it closes all the connections with both user and the database instantly. I part The different strategies/techniques we use in •Net core to hold the state of application are:(state management techniques) 1)Client-side :view state/Hidden Fields/Cookies/Query String 1)Server-side: Application state/Session state Client-side Strategies a)View State View state is most used when user wants to maintain and store their data temporarily in ASP.NET applications. It can store any type of data b)Hidden Fields IT used for storing small amounts of id-data on the client-side.  Invisible in the browser. Provide direct functionality access. We can save data in hidden form fields and send it back in the next request. Sometimes we require some data to be stored on the client-side with

 Hidden Fields We can save data in hidden form fields and send it back in the next request. Sometimes we require some data to be stored on the client-side without displaying it on the page. Later when the user takes some action, we’ll need that data to be passed on to the server-side. This is a common scenario in many applications and hidden fields provide a good solution for this. Let’s add two methods in our WelcomeController: [HttpGet] public IActionResult SetHiddenFieldValue() { User newUser = new User() { Id = 101, Name = "John", Age = 31 }; return View(newUser); } [HttpPost] public IActionResult SetHiddenFieldValue(IFormCollection keyValues) { var id = keyValues["Id"]; return View(); } The GET version of the theSetHiddenValue() method creates a user object and passes that into the view. We use the POST version of the SetHiddenValue() method to read the value of a hidden field Id from FormCollection. In the View, we can create a hidden field and bind the Id val

An Object Relational Mappers (ORM)/The benefit of ORM over ADO Net.  ADO.Net provides consistent access to the data sources and as SQL Server and  XML to retrieve, handle and update the data that is present in the database BUT, it also separates data access from data manipulation into discrete components that can be used separately. ADO. Net includes, .Net framework data providers for connecting to a database, executing commands and connecting commands, and retrieving results.  On the other hand, ORM is a programming technique for converting data between incompatible type systems in OOPs languages. This creates "a virtual object database that can be used from within the programming language. Entity Framework (EF) and NHibernates and the ORM. It Means, you do not operate by SQL connections, commands rather ORM tools does it all for you and also allow you to map your database structure in an OOP manner. You (we) can add, read, update, delete records. in your DB-using objects in C#.

 Asynchronous programming techniques Asynchronous programming in C# is an efficient approach towards activities blocked or access is delayed. If an activity is blocked in a synchronous then, the complete application waits and it takes more time. By using the asynchronous approach the applications continue with other ' tasks as well.' The async and await keywords in C# are used in async programming. Using them, we can work with .Net resources, .Net Core, etc. Example: using System; using System. Threading. Tasks; namespace My Console App {  Class Async Await Test  {  Static void Main (string [ ]args) {  Method1();  Method 2();  Console. ReadKey (); public static async Task Method1() {  await Task.Run(() =>  {  for(int & i= 0; i ≤ 100; i++)  Console Write Line ("Methed 1"); } }); }  public static void Method 2  {  for (int i=0; i <25, i++) { Console.WriteLine (Method 2");  } } } }