ASP.NET Core in Action
Andrew Lock
  • MEAP began February 2017
  • Publication in February 2018 (estimated)
  • ISBN 9781617294617
  • 650 pages (estimated)
  • printed in black & white

ASP.NET Core is a re-imagining of the .NET Framework that frees developers from Visual Studio and Windows. You can now build and run cross-platform .NET applications on any OS, with any IDE, and using the tools that you choose. The entire framework is open-source, and has been developed with many contributions from the community. While ASP.NET Core is relatively new, Microsoft is heavily investing in it, promoting ASP.NET Core as their web framework of choice for the foreseeable future. Whether you are building traditional web applications or highly performant APIs for client side or mobile applications, ASP.NET Core could be the framework for you.

ASP.NET Core in Action is for C# developers without any web development experience who want to get started and productive using ASP.NET Core to build web applications. In the first half of the book, you will work through the basics of a typical ASP.NET Core application, focusing on how to create basic web pages and APIs using MVC controllers and the Razor templating engine. In the second half, you will build on this core knowledge looking at more advanced requirements and how to add extra features to your application. You will learn how to secure your application behind a login screen, how to handle configuration and dependency injection, and how to deploy your application to production. In the last part of the book you will look in depth at further bending the framework to your will by creating custom components and using more advanced features of the framework.

"If you're going to learn any ASP.NET Core, then this is the best resource available."

~ Jonathan Wood

"A wonderfully comprehensive book that quickly guides you from novice to proficient. Awesome illustrations and code examples..."

~ Wilke,

"I would highly recommend this book for both ASP.NET veterans and web development newcomers alike."

~ Matthew Groves

"Highly focused... a must-read if you want to get serious on ASP.NET Core."

~ Emanuele Origgi

Table of Contents detailed table of contents

Part 1: Getting Started with MVC

1. Getting Started with ASP.NET Core

1.1. An introduction to ASP.NET Core

1.1.1. Using a web framework

1.1.2. The benefits and limitations of ASP.NET

1.1.3. What is ASP.NET Core?

1.2. When to choose ASP.NET Core

1.2.1. What type of applications can you build?

1.2.2. If you’re new to .NET development

1.2.3. If you’re a .NET Framework developer creating a new application

1.2.4. Converting an existing ASP.NET application to ASP.NET Core

1.3. How does ASP.NET Core work?

1.3.1. How does an HTTP web request work?

1.3.2. How does ASP.NET Core process a request?

1.4. Choosing a platform for ASP.NET Core

1.4.1. Advantages of using the .NET Framework

1.4.2. Advantages of using .NET Core

1.5. Preparing your development environment

1.5.1. If you’re a Windows user

1.5.2. If you’re a Linux or macOS user

1.6. Summary

2. Your first application

2.1. A brief overview of an ASP.NET Core application

2.2. Creating your first ASP.NET Core application

2.2.1. Using a template to get started

2.2.2. Building the application

2.3. Running the web application

2.4. Understanding the project layout

2.5. The Program class — building a web host

2.6. The Startup class - configuring your application

2.6.1. Configuring application settings

2.6.2. Adding and configuring services

2.6.3. Defining how requests are handled with middleware

2.7. MVC middleware and the Home Controller

2.8. Generating HTML with Razor template Views

2.9. Summary

3. Handling requests with the Middleware pipeline

3.1. What is middleware?

3.2. Combining middleware in a pipeline

3.2.1. Simple pipeline scenario 1: A holding page

3.2.2. Simple pipeline scenario 2: Handling static files

3.2.3. Simple pipeline scenario 3: An MVC web application

3.3. Handling errors using middleware

3.3.1. Viewing exceptions in development: the DeveloperExceptionPage

3.3.2. Handling exceptions in production: the ExceptionHandlerMiddleware

3.3.3. Handling other errors: the StatusCodePagesMiddleware

3.3.4. Disabling error handling middleware for web APIs

3.4. Summary

4. Creating web pages with MVC Controllers

4.1. An introduction to MVC

4.1.1. The MVC design pattern

4.1.2. MVC in ASP.NET Core

4.1.3. Adding the MvcMiddleware to your application

4.1.4. What makes a controller a controller?

4.2. MVC Controllers and action methods

4.2.1. Accepting parameters to action methods

4.2.2. Using ActionResults

4.3. Summary

5. Mapping URLs to methods using conventional routing

5.1. What is routing?

5.2. Routing to MVC controllers and actions

5.3. Routing using conventions

5.3.1. Understanding route templates

5.3.2. Using optional and default values

5.3.3. Adding additional constraints to route parameters

5.3.4. Defining default values and constraints using anonymous objects

5.3.5. Matching arbitrary URLs with the catch-all parameter

5.4. Handling multiple matching actions for a route

5.5. Generating URLs from route parameters

5.5.1. Generating URLs based on an action name

5.5.2. Generating URLs based on a route name

5.5.3. Generating URLs with ActionResults

5.6. Summary

6. The binding model: retrieving and validating user input

6.1. Understanding the M in MVC

6.2. From request to model: making the request useful

6.2.1. Binding simple types

6.2.2. Binding complex types

6.2.3. Choosing a binding source

6.3. Handling user input with model validation

6.3.1. The need for validation

6.3.2. Using DataAnnotations attributes for validation

6.3.3. Validating on the server for safety

6.3.4. Validating on the client for user experience

6.4. Summary

7. Rendering HTML using Razor views

7.1. Views: Rendering the user interface in MVC

7.2. Creating Razor views

7.2.1. Selecting a view from a controller

7.2.2. Introducing Razor templates

7.2.3. Passing data to views

7.3. Creating dynamic web pages with Razor

7.3.1. Using C# in Razor templates

7.3.2. Adding loops and conditionals to Razor templates

7.3.3. Rendering HTML with Raw

7.4. Layouts, partial views and _ViewStart

7.4.1. Using layouts for shared markup

7.4.2. Overriding parent layouts using sections

7.4.3. Using partial views to encapsulate markup

7.4.4. Running code on every view with _ViewStart and _ViewImports

7.5. Summary

8. Building forms with Tag Helpers

8.1. Catering to editors with Tag Helpers

8.2. Creating forms using Tag Helpers

8.2.1. The Form Tag Helper

8.2.2. The Label Tag Helper

8.2.3. The Input and Textarea Tag Helpers

8.2.4. The Select Tag Helper

8.2.5. The Validation Message and Validation Summary Tag Helpers

8.4. Cache-busting with the Append Version Tag Helper

8.5. Using conditional markup with the Environment Tag Helper

8.6. Summary

9. Creating a Web API for mobile and client applications using MVC

9.1. What is a Web API, and when should you use one?

9.2. Creating your first Web API Controller

9.3. Applying the MVC design pattern to a Web API

9.4. Attribute routing: taking fine grained control of your URLs

9.4.1. Ordering of conventional and attribute routes

9.4.2. Combining route attributes to keep your route templates DRY

9.4.3. Using token replacement to reduce duplication in attribute routing

9.4.4. Handling multiple matching actions with attribute routing

9.5. Enabling additional input formatters: binding to XML data

9.6. Generating a response from a model

9.6.1. Customizing the default formatters: adding XML support

9.6.2. Choosing a response format with content negotiation

9.7. Summary

Part 2: Building complete applications

10. Service configuration with dependency injection

10.1. Introduction to dependency injection

10.1.1. Understanding the dependency inversion principle

10.1.2. Creating loosely coupled code

10.1.3. Dependency injection in ASP.NET Core

10.2. Using the dependency injection container

10.2.1. Adding ASP.NET Core framework services to the container

10.2.2. Registering your own services with the container

10.2.3. Registering services using objects and lambdas

10.2.4. Registering a service in the container multiple times

10.3. Understanding lifetimes: when are services created?

10.3.1. Transient: everyone is unique

10.3.2. Scoped: let’s stick together, lads

10.3.3. Singleton: there can be only one

10.3.4. Keeping an eye out for captured dependencies

10.4. Summary

11. Configuring an ASP.NET Core application

11.1. Introducing the ASP.NET Core configuration model

11.2. Building a configuration object for your app

11.2.1. Building a configuration object in ASP.NET Core 1.x

11.2.2. Building a configuration object in ASP.NET Core 2.0

11.2.3. Using multiple providers to override configuration values

11.2.4. Storing configuration secrets safely

11.2.5. Reloading configuration values when they change

11.3. Using strongly typed settings with the options pattern

11.3.1. Introducing the IOptions interface

11.3.2. Reloading strongly typed options with IOptionsSnapshot

11.3.3. Designing your options classes for automatic binding

11.4. Configuring an application for multiple environments

11.4.1. Identifying the hosting environment

11.4.2. Loading environment-specific configuration files

11.4.3. Setting the hosting environment

11.5. Summary

12. Saving data with Entity Framework Core

12.1. Introducing Entity Framework Core

12.1.1. What is Entity Framework Core?

12.1.2. Why use an Object-Relational Mapper?

12.1.3. When should you choose Entity Framework Core?

12.1.4. Mapping a database to your application code

12.2. Adding Entity Framework Core to an application

12.2.1. Choosing a database provider and installing EF Core

12.2.2. Building a data model

12.2.3. Registering a data context

12.3. Managing changes with migrations

12.3.1. Creating your first migration

12.3.2. Adding a second migration

12.4. Querying data from and saving data to the database

12.4.1. Creating a record

12.4.2. Loading a list of records

12.4.3. Loading a single record

12.4.4. Updating a model with changes

12.5. Using Entity Framework Core in production applications

12.6. Summary

13. The MVC filter pipeline

13.1. Understanding filters and when to use them

13.1.1. The MVC filter pipeline

13.1.2. Filters or middleware: which should you choose?

13.1.3. Creating a simple filter

13.1.4. Adding filters to your actions, controllers, and globally

13.1.5. Understanding filter execution order

13.2. Creating custom filters for your application

13.2.1. Authorization filters: protecting your APIs

13.2.2. Resource filters: short-circuiting your action methods

13.2.3. Action filters: customizing model binding and action results

13.2.4. Exception filters: custom exception handling for your action methods

13.2.5. Result filters: customizing action results before they execute

13.3. Understanding pipeline short-circuiting

13.4. Using dependency injection with filter attributes

13.5. Summary

14. Adding users to your application with Identity and authentication

14.1. Introducing authentication and authorization

14.1.1. Understanding users and claims in ASP.NET Core

14.1.2. Authentication in ASP.NET Core: services and middleware

14.1.3. Authentication for APIs and distributed applications

14.2. What is ASP.NET Core Identity?

14.3. Creating a new project that uses ASP.NET Core Identity

14.3.1. Creating the project from a template

14.3.2. Exploring the template in solution explorer

14.3.3. The ASP.NET Core Identity data model

14.3.4. Interacting with ASP.NET Core Identity: the MVC controllers

14.4. Adding ASP.NET Core Identity to an existing project

14.4.1. Configuring the ASP.NET Core Identity services and middleware

14.4.2. Updating the EF Core data model to support Identity

14.4.3. Adding the Controllers, view models and Views

14.5. Managing users: adding new claims to users

14.6. Summary

15. Authorization: securing your application

15.1. Introduction to authorization

15.2. Authorization in ASP.NET Core

15.2.1. Preventing anonymous users accessing your application

15.2.2. Handling unauthorized requests

15.3. Using policies for claims-based authorization

15.4. Creating custom policies for authorization

15.4.1. Requirements and handlers: the building blocks of a policy

15.4.2. Creating a policy with a custom requirement and handler

15.5. Controlling access with resource based authorization

15.5.1. Manually authorizing requests with the IAuthorizationService

15.5.2. Creating a resource based AuthorizationHandler

15.6. Hiding elements in Razor templates for unauthorized users

15.7. Summary

16. Publishing and deploying your application

16.1. Understanding the ASP.NET Core hosting model

16.1.1. Running versus publishing an ASP.NET Core app

16.1.2. Choosing a deployment method for your application

16.2. Publishing your app to IIS

16.2.1. Configuring IIS for ASP.NET Core

16.2.2. Preparing and publishing your application to IIS

16.3. Configuring the URLs for your application

16.3.1. Using an environment variable

16.3.2. Using configuration values

16.4. Optimizing your client-side assets using BundlerMinifier

16.4.1. Speeding up an app using bundling and minification

16.4.2. Adding BundlerMinifier to your application

16.4.3. Using minified files in production with the environment tag helper

16.4.4. Serving common files from a CDN

16.5. Summary

Part 3: Extending your application

17. Monitoring and troubleshooting errors with logging

17.1. Using logging effectively in a production app

17.1.1. Highlighting problems using custom log messages

17.1.2. The ASP.NET Core logging abstractions

17.2. Adding log messages to your application

17.2.1. Log level: how important is the log message?

17.2.2. Log category: which component created the log

17.2.3. Formatting messages and capturing parameter values

17.3. Controlling where logs are written using logging providers

17.3.1. Adding a new logging provider to your application

17.3.2. Replacing the default ILoggerFactory with Serilog

17.4. Changing log verbosity with filtering

17.5. Structured logging: creating searchable, useful logs

17.5.1. Adding a structured logging provider to your app

17.5.2. Using scopes to add additional properties to your logs

17.6. Summary

18. Improving your application’s security

18.1. Adding HTTPS to an application

18.1.1. Setting up IIS and IIS Express to use encryption

18.1.2. Creating a self-signed certificate for local development

18.1.3. Using HTTPS directly in Kestrel

18.1.4. Enforcing HTTPS for your whole app

18.2. Defending against cross-site scripting (XSS) attacks

18.3. Protecting from cross site request forgery (CSRF) attacks

18.4. Calling your web APIs from other domains using CORS

18.4.1. Understanding CORS and how it works

18.4.2. Adding CORS to your whole app with middleware

18.4.3. Adding CORS to specific MVC actions with the EnableCorsAttribute

18.4.4. Configuring CORS policies

18.5. Exploring other attack vectors

18.5.1. Detecting and avoiding open redirect attacks

18.5.2. Avoiding SQL injection attacks with EF Core and parameterization

18.5.3. Preventing insecure direct object references

18.5.4. Protecting your users’ passwords and data

18.6. Summary

19. Building custom components

20. Testing your application


Appendix A: .NET Core vs .NET Framework

Appendix B: Bookmarks for more information

What's inside

  • Using MVC to deliver dynamically generated web pages
  • Securing applications with login requirements
  • Interacting with a RDMS using Entity Framework Core
  • Publishing an ASP.NET Core application to a server
  • Unit and integration testing
  • Creating custom middleware and filters

About the reader

Readers should have experience with C#. No web development experience needed.

About the author

Andrew Lock graduated with an Engineering degree from Cambridge University, specializing in Software Engineering, and went on to obtain a PhD in Digital Image Processing. He has been developing professionally with .NET for the last 7 years. His focus is currently on the new ASP.NET Core framework. Andrew currently has a very active blog at dedicated to ASP.NET Core.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $49.99 pBook + eBook + liveBook
MEAP eBook $39.99 pdf + ePub + kindle + liveBook

FREE domestic shipping on three or more pBooks