Note that this works just as well with MVC4 as it does MVC3.
So, when is Code First not Code First?
It is possible, even recommended, to use ‘code first’ techniques even when you are not generating the database from the code. This is hinted at in the Creating an Entity Framework Data Model for an ASP.NET MVC Application article on Microsoft’s asp.net web site (http://www.asp.net/mvc/tutorials/getting-started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application). The code first technique will mean that you are using POCO classes for the models which are persistence ignorant. Continue reading
This code will return the first 5 words, change the number in the regular expression as needed: Continue reading
Posted in RegEx
If you just have a link to a file on your web site then you maybe leaving yourself open to other sites linking to the same files thereby giving their users the benefit of content without any hit on their bandwidth. It will also give clues to your site structure that can only be of benefit to anyone wishing to compromise your site’s security.
One workaround to this is to stream the files to your users using a FileStream and the Response object. Here is some C# code that will do that job for you:
/// Write a secure file out to the response stream. Writes piece-meal in 4K chunks to
/// help prevent problems with large files.
/// <code>WriteFileToResponse(@"secureFolder/mysecurefile.pdf", @"test.pdf",
/// <code>WriteFileToResponse(@"secureFolder/mysecurefile helpful hints.pdf", @"test.pdf");</code>
/// <param name="secureFilePath">Relative path to the file to download from our
/// secure folder</param>
/// <param name="userFilename">Name of file the user will see</param>
/// <param name="contentType">MIME type of the file for Response.ContentType,
/// "application/octet-stream" is a good catch all. A list of other possible values
/// can be found at http://msdn.microsoft.com/en-us/library/ms775147.aspx </param>
public void WriteFileToResponse(string secureFilePath, string userFilename,
string contentType = @"application/octet-stream")
// Process the file in 4K blocks
byte dataBlock = new byte[0x1000];
long totalBytesRead = 0;
using (var fs = new FileStream(Server.MapPath(secureFilePath),
FileMode.Open, FileAccess.Read, FileShare.Read))
fileSize = fs.Length;
Response.ContentType = contentType;
"attachment; filename=" + userFilename);
while (totalBytesRead < fileSize)
bytesRead = fs.Read(dataBlock, 0, dataBlock.Length);
Response.OutputStream.Write(dataBlock, 0, bytesRead);
totalBytesRead += bytesRead;
Posted in Security
Readers maybe familiar with the Entity Framework (EF) tutorials on the asp.net web site (http://www.asp.net/entity-framework/tutorials). The latest addition to the series “Continuing with the Entity Framework” is an excellent tutorial on using version 4 of the Entity Framework in a web forms application with the ObjectDataSource control. However, at present there is one omission that prevents it from effective use on a web site where you need to list a large amount of data on a web page, and that is custom paging. With the author’s permission of the original tutorial I have posted this article on implementing custom paging based on his original code. Continue reading