Skip to main content


Showing posts from April, 2010

Securing Controller Actions in ASP.NET MVC for Multi-Tenant Applications

One of the cool things about using the MVC Framework is that you get clean RESTful urls e.g. /Product/Edit/1 This is all well and good but when developing a multi-tenant application which uses a Shared datastore it is extremely important that your controller actions are secure in the sense that the Urls can’t be tampered with. Believe it or not but this level of security is often neglected in a lot of projects or is at the least an afterthought. You could implement in every controller action something like below: public ActionResult Edit( int id) { if (!catalogService.HasAccessToProduct(UserContext.UserId, id)) { HttpContext.Response.Status = "401 Unauthorized" ; HttpContext.Response.StatusCode = 401; Response.End(); } var product = catalogService.GetProductById(id); ViewData.Model = product; return View(); } However

Pre-Generating Views in Entity Framework .NET 4.0

  UPDATED ON: 16/09/2010 If you’re using Entity Framework chances are you’ve come up against performance issues already, especially when instantiating your Object Context. One very reliable way to increase performance is to pre-generate the Views. Depending on the size of your model and in my experience it can shave as much as 40% off the instantiation time. There is a good overview on MSDN , however it only covers .NET 3.5. Step 1 Go to your Model properties and select “ Copy to Output Directory ” for the Metadata Artifact Processing option. The result of this is you will end up with the .ssdl, .csdl and .msl files in your output directory which in this case is bin/Debug. Step 2 Next you need to setup the Pre-build event to use the EDMGen.exe tool. NB: If you use the Command on the MSDN site you will come across this error. “The required parameter ‘mode’ is missing” The correct command to use is: "%windir%\Microsoft.NET\Framework\ v4.0.3031