How to implement securities in Asp.NET MVC.

 

https://www.c-sharpcorner.com/UploadFile/cda5ba/security-feature-in-mvc/

How to Handle Exception in Asp.NET MVC

 5 Ways to do MVC Error Handling

1. Web.Config customErrors
2. MVC HandleErrorAttribute
3. Controller.OnException method
4. HttpApplication Application_Error event
5. Collect exceptions via .NET profiling with Retrace.

There are two critical things that you need accomplish with error handling:

1. Gracefully handling errors and show your users a friendly error page
2. Logging errors so that you are aware of them and can monitor them

1. Web.Config customErrors:

<system.web>
    <customErrors mode="On" defaultRedirect="~/ErrorHandler/Index">
        <error statusCode="404" redirect="~/ErrorHandler/NotFound"/>
    </customErrors>
<system.web/>

There are several ways to do MVC error handling. You should always specify a default error page via your web.config <customErrors> and log unhandled exceptions that get called back to your HttpApplication Error method.

You can use HandleErrorAttribute or OnException to provide fine-grained control of how you display error type messages to your users.

If you want to track all of your application exceptions, be sure to check our Retrace and our error monitoring features. You can also view all application exceptions on your workstation for free with our free profiler, Prefix.

When to Use filter with real time example and Types.

 The ASP.NET MVC framework supports four different types of filters:

1.  Authorization filters – Implements the IAuthorizationFilter attribute.
2. Action filters – Implements the IActionFilter attribute.
3. Result filters – Implements the IResultFilter attribute.
4. Exception filters – Implements the IExceptionFilter attribute.

Filters are executed in the order listed above. For example, authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

Authorization filters are used to implement authentication and authorization for controller actions. For example, the Authorize filter is an example of an Authorization filter.

Action filters contain logic that is executed before and after a controller action executes. You can use an action filter, for instance, to modify the view data that a controller action returns.

Result filters contain logic that is executed before and after a view result is executed. For example, you might want to modify a view result right before the view is rendered to the browser.

Exception filters are the last type of filter to run. You can use an exception filter to handle errors raised by either your controller actions or controller action results. You also can use exception filters to log errors.

What is HTTP Handler and HTTP Module.

HTTP module and HTTP handler are used by MVC to inject pre-processing logic in the request chain.

• HTTP Handlers are extension based pre-processor whereas HTTP Module are event based preprocessor.
• For example: if you want to change how jpg files are processed, you will implement custom HTTP handler versus if you want to execute additional logic during processing of the request, you will implement a custom HTTP module. There is always only one HTTP handler for a specific request but there can be multiple HTTP modules.

• If you want your functionality to only be executed once per Http Request, you should use an HttpModule.