Skip to main content

Programmatically create a Zip Archive file and send it as ActionResult using native ASP.NET MVC C#

If you’re working with ASP.NET or ASP.NET Core and you need to create a zip file on-the-fly within your controller – for example to allow the user to download multiple files with a single request – you can easily do that using the ZipArchive class, introduced in Framework 4.5.

Here’s a quick code sample using a MemoryStream and a couple of byte arrays representing two files:

Read More

Get a File Content-Type / MIME-type from file extension in ASP.NET C#

How can I get the MIME type from a file extension in C#? This is a rather common question among developers, an evergreen requirement that I happen to heard at least once a year from friends & colleagues working with ASP.NET MVC,ASP.NET Web API and (lately) .NET Core. The reason is pretty much obvious: whenever you end up working with file object storage in any web-based or client-based application, you will sooner or later have to retrieve the MIME type related to the byte array you’re dealing with.

There are a number of ways/techniques to do that, but – for the sake of simplicity – we will put them down to two: looking them up within the Windows Registry or relying to static, hard-coded MIME type lists. We won’t consider anything that involves querying an external service, as we do want an efficient way to deal with such issue.

Read More

ASP.NET – CSS Media Queries in Razor Pages – How to embed @media syntax

If you’re working with ASP.NET MVC or ASP.NET Core using Razor pages and you want to put a CSS style within the page (CSS embed), you might stumble upon one of these following errors:

CS0103: The name ‘media’ does not exist in the current context.

CS0103: The name ‘if’ does not exist in the current context.

… And so on.

When something like that occurs, it probably means that you’re using a CSS3 media query (or other CSS3 query related commands) such as this:

Read More

A potentially dangerous Request.Form value was detected from the client – how to fix

If you’re an ASP.NET developer and you make good use of webservices and/or HTML forms you most certainly know about the fact that certain characters will always be blocked by the ASP.NET built-in request validation feature: this will always happen for Controller methods, Web API Controllers, WebService methods and even  ASPX pages –  if you’re still working with them. This the error that you will get:

A potentially dangerous Request.Form value was detected from the client

Frankly speaking, blocking potentially dangerous charaters isn’t a bad thing at all, as you won’t have to worry about XSS (Cross-Site Script) attacks as you normally should (if you don’t know what XSS attacks are, read this Wikipedia entry): if these are legit characters, the best thing you can do is find a way to properly encode them. However, if you really need to accept these characters as they are, you’re left with the choice to partially (or even globally) disable the ASP.NET request validation feature. Before proceeding, be sure you’ve carefully understood what they are and how harmful they can be by reading this great XSS awareness information article by OWASP, the aforementioned Wikipedia entry and the official overview at the ASP.NET official website about the topic.

In case you still want to do this after all this, keep reading.

Read More

Add ASP.NET Web API support to an existing ASP.NET MVC Web Application

One of the most interesting updates of the new ASP.NET Core platform (also known as ASP.NET 5) is the fact that it merges the old MVC and Web API frameworks into one (MVC 6). This allows you to have the best of both worlds: the rich features of the former MVC Controllers – with each methods returning an ActionResult – together with the versatility of the ApiControllers, whenever we need to return pure HTTP response types such as IHttpActionResult, HttpResponseMessage and so on. This basically means being able to serve Views and/or WebServices whenever we want to, without having to change your overall approach.

What if we need to do that in a plain old ASP.NET 4 MVC-based application? As a matter of fact, we can do that there too: any standard MVC Controller can be tweaked to make it act & behave just like an ApiController: we just need to develop our very own ActionResult classes and everything will more-or-less work like we’re expecting to. However, such an approach can be very hard to maintain and test: on top of that, having MVC Controllers methods returning ActionResult mixed with others returning raw/serialized/IHttpActionResult data can be very confusing from a developer perspective, expecially if you’re not working alone.

Luckily enough, there’s a nicer alternative: we can import (and properly configure) the core ASP.NET Web API package into our MVC-based Web Application: this way we’ll get the best of both worlds, being able to use the Controller  and/or the ApiController  classes together, as long as we need to.  To do that, we just have to manually install the required components of the Web API framework that we normally miss in a MVC4 or MVC5 project. This post will explain how we can do that in few easy steps.

Read More