The Monsters Weekly - Episode 70 - Accessing View Context from Tag Helpers

In some situations, it might be convenient to have access to some ViewData, ModelSate or even HttpContext information from within a Tag Helper. Join us as Monster Dave shows us how to do just that using ViewContext.


The Monsters Weekly - Episode 69 - Using Scopes To Improve Logging

Logging can help give you critical information about what was going on in your system when things went south. But how do you keep track of details for a request when the logs span multiple services? Join Monster James in this episode to discover how you can leverage logging scopes to help filter out a segment of a request and all the details related to a particular section of code.

The Monsters Weekly - Episode 68 - Creating Custom Conventions for ASP.NET Core MVC

In this episode we examine the way that MVC activates components using a set of default conventions, and we add a new convention that modifies the available actions available at runtime.

Here’s some links related to this episode:


The Monsters Weekly - Episode 67 - Gettting JavaScript to the Client

There are a number of ways to get your JavaScript from the server to the client, using loaders or zipping files. In this episode the Monsters talk off the cuff about how to move files from the server to the client. They also, weirdly, forget to talk about CDNs. 


The Monsters Weekly - Episode 66 - Content Security Policy Headers

Cross site scripting attacks or XSS are still one of the most common ways to attack a website. If you’re not properly sanitizing your inputs then you too could be vulnerable. Thank goodness that Content Security Policy headers came along to offer us a powerful tool to avoid falling pray to these attacks.


CSP header generator



The Monsters Weekly - Episode 65 - Programmatic Authorization with IAuthorizationService

Have you ever wanted to check if a user is authorized in code instead of using the Authorize attributes for a Controller / Action method? In today’s episode we dive in to the IAuthorizationService which allows you to programmatically check if a user is authorized.

The Monsters Weekly - Episode 64 - HTTPS Strict Transport Security

SSL is a fabulous tool for encrypting your HTTP sessions and it is becoming cheaper every single day. However there are still some possible attack vectors even if your site uses HTTPS. In this episode we’ll take a look at the HTTPS Strict Transport Security (HSTS) headers and how you can set them up to close one of the loopholes in SSL.



OWASP cheat sheet on HSTS

HSTS Preload List

Andrew Lock on ASP.NET Core Security Headers


The Monsters Weekly - Episode 63 - Model Binding in ASP.NET Core

Action parameters in ASP.NET Core MVC are automatically populated for you (as best they can be by the default model binder) from the incoming request using a series of conventions. You can bind primitives and complex types, lists, and even lists of complex types. Join Monster James as he walks through all of these concepts.

Be sure to check out our previous episode on routing, which explains the premise of route tokens discussed in this video.

Here's a Handy List of Social Login Providers

If you would like to have your web site use a social identity provider rather than creating or maintaining your own identity store you’ve got options.

The Monsters Weekly - Episode 62 - You are probably using HttpClient wrong

Retrieving data using the HttpClient is a fairly common practice in any number of applications, but HttpClient can easily be used incorrectly frequently with dire consequences. Make sure you’re using it correctly in the latest ASP.NET Monsters video. 

Here are some references and other interesting reads: