|
|
Posted on 12/12/2018 3:50:20 PM
|
|
|
|
Remove useless view engines
By default, ASP.NET MVCE supports both WebForm and Razor engines, and we usually only use one view engine in the same project, such as Razor, so we can remove the unused view engine and improve the retrieval efficiency of View views. Before the WebForm engine is deleted, when retrieving views that do not exist in the controller, we can see from the following figure that the order of retrieving views is first under the Home directory, and then aspx and ascx files under the Shared directory.
1. Add the following code to Global.asax:
Now let's take a look
Compression merges Css and Js
In APS.NET MVC4, there is an additional BundleConfig.cs class under the App_Start folder, which is specifically designed to compress merged files, and the compression and merge function is enabled by default, of course, we can also use BundleTable.EnableOptimizations = true; to show that the setting is on.
However, note that debug is set to false in Web.config for compression to take effect
Let's take a look at the comparison before and after the compression merge
Before the compression merge:
After the compression is merged
Obviously, we see that the files have been merged, reducing the number of network requests, and at the same time, the size of the files has also decreased, indicating that they have been compressed.
Note: We can only merge files of the same type, which means that we cannot merge js and css files together, we can only merge js files and css files separately.
Use anti-counterfeiting tokens to avoid CSRF attacks
For expression submissions, the concern is security. ASP.NET MVC provides a mechanism to detect certain types of attacks, one of which is anti-counterfeit tokens. This token contains both server-side and client-side components, and the code inserts a hidden domain into the form to hold the user-specific token @Html.AntiForgeryToken()
Note: @Html.AntiForgeryToken() can only be added to forms declared in the form of Html.BeginForm(), not HTML-only <form>tag forms.
The Html.AntiForgeryToken auxiliary method will write an encrypted data to the cookie of the client's browser, and then insert a hidden field called _RequestVerificationToken in the form, the content of the hidden field, the content of the hidden field, each time the page is refreshed, the value of this hidden field will be verified and compared with the encrypted data of the cookie, Validation is required to allow the execution of this Action method.
And the server side will execute these token validation codes before data processing, as follows: [ValidateAntiForgeryToken]
Hide ASP.NET MVC version
By default, the ASP.NET MVC website provides the version number to the browser,
Add MvcHandler.DisableMvcResponseHeader = true in Global.asax;
Determine whether the client request is Ajax:Request.IsAjaxRequest
|
Previous:World Civilization System, PDFNext:C# on DevCloud
|
