I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.
Im a fan of the EF code first and with its last preview of the CTP5 I wonder if it would be safe for me to use this for a smaller site for customer? I would love to get your opinions on this? And any good sources for tutorials and information would be sweet. I'm currently reading the post on scottgu's blog about it.
You can find the source code demonstrating this issue @ http://code.google.com/p/contactsctp5/
I have three model objects. Contact,ContactInfo,ContactInfoType. Where a contact has many contactinfo's and each contactinfo is a contactinfotype. Fairly simple I guess. The problem I'm running into is when I go to edit the contact object. I pulled it from my contact repository. Then I run "UpdateModel(contact);" and it updates the object with all the values from my form. (monitoring with debug) When I save the changes though, I get the following error:
The operation failed: The relationship could not be changed because one or more of the foreign-key properties is non-nullable. When a change is made to a relationship, the related foreign-key property is set to a null value. If the foreign-key does not support null values, a new relationship must be defined, the foreign-key property must be assigned another non-null value, or the unrelated object must be deleted.
It seems like after I call update model it nulls out my references and this seems to break everything?
Here are my models:
public partial class Contact { public Contact() { this.ContactInformation = new HashSet<ContactInformation>(); } public int ContactId { get; set; } public string FirstName { get; set; } public string LastName { get; set; } public virtual ICollection<ContactInformation> ContactInformation { get; set; } } public partial class ContactInformation { public int ContactInformationId { get; set; } public int ContactId { get; set; } public int ContactInfoTypeId { get; set; } public string Information { get; set; } public virtual Contact Contact { get; set; } public virtual ContactInfoType ContactInfoType { get; set; } } public partial class ContactInfoType { public ContactInfoType() { this.ContactInformation = new HashSet<ContactInformation>(); } public int ContactInfoTypeId { get; set; } public string Type { get; set; } public virtual ICollection<ContactInformation> ContactInformation { get; set; } }
I've been using EF as my primary ORM for quiet some time now. Today I decided to use EF Code First to create my model for my new project. So I went ahead and read a bunch of documents on MSDN and some blog posts by Scott Guthrie and others. Unfortunately, what I've read does not go beyond the basics of using Code First within an ASP.NET MVC application. But as you might know, in real-world applications the structure of the solution is a little different. Anyway, to make a long story short:
- I created all the POCO files that will be needed.
- I created the SharweEntities class which extends the DbContext class.
- I added the following connection string to my Web.config file
[Code]....
Then I started the application and checked whether a new database was created inside SQL Server 2008 Express, but found nothing. I'm not sure what's wrong but I suspect it might be the way I'm structuring my solution? Here's the structure:
- Sharwe.MVC : The ASP.NET MVC3 Web Application (has nothing except a HomeController and a corresponding simple view at the time being)
- Sharwe.Data : model class and data access logic (contains all the POCO classes and the SharweEntities class)
- Sharwe.Services : Business logic
Here's an image that shows the structure of my solution:
I have a problem with strange generate sql in ef4 ctp5. I have simple model with mapping :
[Table("post_auction")] public class PostAuction { [Key,Column(Name="Id"),DatabaseGenerated(System.ComponentModel.DataAnnotations.DatabaseGenerationOption.Identity)] public int Id { get; set; } [Column(Name = "Number")] public int Number { get; set; } [Column(Name = "Label")] public string Label { get; set; } [Column(Name = "Description")] public string Description { get; set; } [Column(Name = "CategoryId")] public int PostAuctionCategoryId { get; set; } [Column(Name = "PriceCZK")] public int PriceCZK { get; set; } [NotMapped] public bool IsAuctionPhotoExitst { get { if (File.Exists(HttpContext.Current.Server.MapPath("~/Public/Images/Posts/Thumbs/small_" + this.Number + ".jpg"))) return true; return false; } } }
But I am getting error that parameters not found. Looking at the sql trace I can see that CTP5 is sending "default" value if any of my parameters is null instead of the null value.
I'm working on a MVC3 application and I created my POCO classes from my database with the DbContext Code Generator. All goes fine until I got stuck in this situation. Note that I use the repository pattern and I use for every entity a dedicated repository that every get a new instance of the DbContext.
Now, I'm in this situation:
object A has a relation one-to-many with B (A can have one or many B) object B has a relation many-to-one with C (C can have one or many B) object B has a relation many-to-one with D (D can have one or many B)
I should add a new object B, consider that object C and D are yet existing, so I must only do the relation and the object A can be created or updated. In the specific consider that A is customer and B is subscriptions (C and D are virtual objects properties in the B).Now If I try to save I got duplicates in C and D tables, while the management of the object seems to work.
Here's the code: [Code]....
And here the add and the save method of the customer repository: [Code]....
Should I check for every relation and modify the state of the entry to Unchanged or something like that ?
But it creates the relationship (and the third mapping table) with cascade delete switched off by default. How can I tell EF to create the relationship with cascade delete switched on when using many-to-many?
public class Category { public int CategoryId { get; set; } public string Name { get; set; } } public partial class CategoryMap : EntityTypeConfiguration<Category> { public CategoryMap() { this.HasKey(c => c.CategoryId); this.Property(c => c.Name).IsRequired().HasMaxLength(400); } } public class MyObjectContext : DbContext { public MyObjectContext(string connectionStringName) : base(connectionStringName) { } public DbSet<Category> Categories { get; set; } protected override void OnModelCreating(ModelBuilder modelBuilder) { modelBuilder.Configurations.Add(new CategoryMap()); base.OnModelCreating(modelBuilder); } }
Now when I run the following code I get an exception (GenericArguments[0], 'System.Int32', on 'System.Data.Entity.Internal.Linq.ReplacementDbQueryWrapper`1[TEntity]' violates the constraint of type 'TEntity')
DbDatabase.SetInitializer<MyObjectContext>(new DropCreateDatabaseIfModelChanges<MyObjectContext>()); using (var context = new MyObjectContext("NopSqlConnection")) { var query1 = from c in context.Categories select c.CategoryId; var test1 = query1.ToList(); //works fine var query2 = from c in context.Categories where query1.Contains(c.CategoryId) orderby c.Name descending select c; var test2 = query2.ToList(); //throws the exception }
There is not a clear category on the site where to post this, so giving it a shot here.
Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.
The company where I work is thinking about moving to VSS because of the MSDN subscription.
My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.
So is VSS 2008 Really "safe" was VSS 2005 "safe" ?
I've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
When storing a value in a cookie using C#, what is the best way to encode (or escape) the value so that it can be retrieved and decoded/unescaped reliably?
I want to store certain html tags in my database to the layout of content, for example <h3> and <p> tags. The problem is with ValidateInput set to True, you get "Potential Danger error" when you try sending content with html tags.
With it set to False, you open yourself to all sorts of potential dangers. So Here is what I'm wanting to achieve:
I hope you like the image ! lol I spent 10 minutes in Photoshop to create it.
So eventhing that goes in, I want as encoded, but when I get content back, I want to decode only the <h3> and <p> tags. ! What do you think of my solution ? Bad, Good ?
I'm trying to make an existing ASP.NET web forms app more unit testable by using some of the ASP.NET MVC objects, specifically HttpContextWrapper. I've seen examples of its usage and they always create a new object. I disassembled the source with Reflector and see all it does is store the passed HttpContext. But I was curious as to whether or not it's safe to always create a new instance of HttpContextWrapper or follow the singleton pattern somehow? Below is the class I'm using in my app
public static class AppHttpContext { public static HttpContextBase Current { get { return Getter(); } } public static void SetContext(Func<HttpContextBase> getter) { Getter = getter; } private static Func<HttpContextBase> Getter = () => new HttpContextWrapper(HttpContext.Current); }
I'm considering making use of an HttpModule for localization purposes (based on the example in this article) - but I'm curious, is this safe?
Here's the code, for reference:
public class CookieLocalizationModule : IHttpModule { public void Dispose() { }
[code]....
I was under the impression that multiple threads could potentially service a web request. Is it safe to set the Current/Current UI Cultures in an HttpModule like this and have it respected for the life of the web request regardless of how many threads are involved in servicing it?
Is there any way to make asp.net objectdatasources to be type safe. Meaning I get a compile time error if parameters or datatypes change during refactoring?Does anyone know any other method? Or can recommend any other way to do it? I find manual binding tedious. What is other people doing?
I have been in the process of updating my code with security methods, and I've been learning this from [URL](or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input".
Now, what was to use code like:
"DataSet userDataset = new DataSet(); SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection); myCommand.SelectCommand.CommandType = CommandType.StoredProcedure; myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"
So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.
Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, that this should apply to unfiltered input. Also, in their example they only did this for an ID.
So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?
The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources?
I am toying with the idea of enabling CLR on my SQL server, using EXEC sp_configure 'clr enabled', 1
However, I am sharing my database server with several other developers and their projects. I've heard vaguely that their might be security issues with enabling this.
Does anyone know what these issues might be? Is CLR safe to use on SQL Server?
I been reading a bit about SQL injection and I want to be sure my code is lets say "safe" from it, I was planning on using RegExp validators to check the user input but another post in here suggested only using parametrized querys, well Im using them but I want to be sure my code is safe, is it?
I have created a custom Iidentity object to store specific user settings for logged in users. I was wondering is it safe to store sensitive data like userid's or other id's in the object? Is there any security risk to doing so? Also, how much is too much to store in the object?
Probably these are two questions in one, I am using one EF context per request, but I want to use one per thread, because I am going to make some complex task in another thread during the request. So, is it safe? If the answer is yes, how to do it? how to store objects in thread and get them back?