Book Image

ASP.NET MVC 4 Mobile App Development

By : Andy Meadows
Book Image

ASP.NET MVC 4 Mobile App Development

By: Andy Meadows

Overview of this book

The ASP.NET MVC 4 framework is used to build scalable web applications with the help of design patterns and .NET Framework. The Model-View-Controller (MVC) is a design principle which separates the components of a web application. This separation helps you to modify, develop, and test different components of a web application. ASP.NET MVC 4 Mobile App Development helps you to develop next generation applications, while guiding you to deal with the constraints the mobile web places on application development. By the end of the book, you will be well versed with all the aspects of mobile app development. ASP.NET MVC 4 Mobile App Development introduces you to developing mobile web apps using the ASP.NET MVC 4 framework. Walking you through the process of creating a homebrew recipe sharing application, this book teaches you the fundamentals and concepts relevant to developing Internet-ready mobile-enabled web apps. Through the sample application, you will learn how to secure your apps against XSS and CSRF attacks, open up your application to users using third party logins such as Google or Facebook, and how to use Razor, HTML 5, and CSS 3 to create custom views and content targeting mobile devices. Using these custom views, you will then learn how to create web apps with a native mobile device feel using jQuery mobile. By the end of the book, you will be presented with a set of challenges to prove to yourself that you now have the skills to extend your existing web applications to the mobile web or create new mobile web apps.
Table of Contents (23 chapters)
ASP.NET MVC 4 Mobile App Development
Credits
About the Author
Acknowledgment
About the Reviewers
www.PacktPub.com
Preface
7
Separating Functionality Using Routes and Areas
Index

Cross-Site Request Forgery (CSRF)


A Cross-Site Request Forgery is an attack in which a user's browser is clandestinely directed to retrieve information or perform an action on a site without that user's knowledge. In these types of attacks, the user is presumed to have access to the targeted site. It is perhaps better explained with an example.

Let's assume a member of Local Bank and Trust of Bedford Falls just visited the bank's website in their browser. The user logged in, performed some actions, and never explicitly logged out leaving the authentication cookie in their browser's cache. Later, while surfing the seedy side of the Web, they visit a site of questionable repute.

On this site, someone has placed a script file that submits a funds transfer request to the website of Local Bank and Trust of Bedford Falls' website via an AJAX invocation. This script has no visible action the user can see. However, the user is still technically logged into the bank site and this script is successful...