.NET/Java PDF, Tiff, Barcode SDK Library

Regardless of the various equivalent ways we would build the second query, the result of executing it (e.g., by iterating over it in a foreach loop) is, as you d expect, a SQL query that includes an ORDER BY clause as well as a WHERE clause. (And as it happens, that s not hugely useful because in this example database, all the orders have the exact same date. With slightly more realistic data, this would have the expected effect, though.) So LINQ to Entities queries work in a fundamentally different way from the LINQ to Objects queries we saw previously. In LINQ to Objects, the expression in a where clause is simply a delegate in disguise it s a method that the Where operator calls for each item in turn to work out whether to include that in the results. But with LINQ to Entities (and LINQ to SQL for that matter) the LINQ query s where clause has been translated into T-SQL and sent to the database the expression we wrote in C# ends up running in a different language, probably on a different machine. If you want to understand how these kinds of queries are able to work so differently for different providers, see the sidebar on the next page. This translation is obviously very useful for shifting the work to the database, but it brings some limitations. If you try to add arbitrary method calls into the middle of a LINQ query, it ll fail in LINQ to Entities. For example, suppose we have the following helper:

ssrs 2016 qr code, ssrs upc-a, vb.net print barcode zebra, ssrs gs1 128, ssrs ean 13, ssrs pdf 417, c# remove text from pdf, find and replace text in pdf using itextsharp c#, ssrs fixed data matrix, c# remove text from pdf,

static DateTime NextDay(DateTime dt) { return dt + TimeSpan.FromDays(1); }

The browser as the new canvas .................................................................................... 201 Using a template-driven approach ................................................................................. 202 Working with te x t

Security is often a vague and amorphous topic in web application development. We rely on the web server to keep our application secure, and we rely on our programming platform. The rest sometimes seems theoretical and rare. In this chapter, we ll describe possible attacks and exactly what to do to prevent them by using two main approaches. The first is traditional management of authentication and authorization. Authentication is ensuring that the user has supplied the proper credentials to access the system. When a user logs in, usually by providing a username and password, he is authenticated. Authorization is making a decision about whether a given user has permission to do something with the system. When a user accesses a resource not available to other users, he has been specifically authorized to do so. The second approach we ll discuss involves common web attack vectors and technical vulnerabilities that allow attackers to bypass authentication or authorization.

We could try to use this in a LINQ query:

var orders = from order in dbContext.SalesOrderHeaders where order.OrderDate == NextDay(orderDate) select order;

With LINQ to Objects this would work just fine it s all just C# code, and you can use any valid Boolean expression in a where clause, including expressions that invoke methods. But with LINQ to Entities, although this will compile, the EF will throw a NotSupportedException at the point at which you try to execute the query. Its error message will read:

There are several attack vectors, but we ll focus on some common ones: cross-site scripting (XSS), cross-site request forgery (XSRF), and a special cross-site request forgery called JSON hijacking.

LINQ to Entities does not recognize the method 'System.DateTime NextDay(System.DateTime)' method, and this method cannot be translated into a store expression.

. ...................................................................................................... 205 . ................................................. 206

LINQ to Entities queries are limited to the things that the EF knows how to turn into database queries, and since it doesn t know anything about this NextDay method you ve

out-of-the-box authentication and authorization. Developers can apply the attribute to actions to restrict access to them. If the user isn t permitted to access the action, the AuthorizeAttribute will transmit an HTTP status code of 401 Unauthorized to the browser, indicating that the request has been refused. Applications using ASP.NET s forms authentication mechanism and with a login page specified in Web.config will then redirect the browser to the login page, and users may only proceed once they have been authenticated.

written, it can t work out how to do that. Of course, when you bear in mind that a LINQ to Entities query executes on the database, it s hardly surprising that you can t invoke arbitrary methods in your application from the middle of a query. But the EF integrates some database features into your code so seamlessly that it s sometimes easy to forget where the boundary between your application and the database lies.

Because all IDictionary<TKey, TValue> implementations are also enumerable, we can run LINQ queries against them. Given the RecordCache class in Example 9-5, we might choose to implement the cache item removal policy as shown in Example 9-10.