List of some possible questions for the ‘Edit Action’ lecture
1. What does POSTBACK mean?
2. What is the difference between GET and POST?
3. In the following line of code, where is the lambda expression?
Movie movie = _context.Movie.Single( m => m.ID == id );
4. Explain what each of the two ‘Edit’ methods in the Movie
controller do, generally.
5. What does this action do?
// GET: Movies/Edit/5
public IActionResult Edit(int? id)
6. What is a postback and how is it used along with the form?
7. What is CURL responsible for?
8. What piece of code in the Edit View do we use to choose the
postback action on the MovieController?
<form asp-action=”Edit”>
9. What are cross site request forgeries?
10.
How are cookies used in XSS attack?
11.
Explain ValidateAntiForgeryToken purpose and how does it
work.
12.
In which file do you put ValidateAntiForgeryToken?
13.
What does this code add to the form?
<form asp-action=”Edit”>
14.
What is an XSS/CSRF attack?
15.
How does the antiforgery token prevent it?
16.
How does the malicious website attempt to get access to
the server?
17.
What does HTTPPOST do?
18.
What does RedirectToAction mean?
19.
Why is the [HttpPost] needed for the second Edit action?
What does it do / accomplish?
20.
If the user submits invalid information to the Edit action
(for example, submitting their name for the price), what does
the web application do?
21.
If the user submits valid information to the Edit action (for
example, submitting their name for the price), what does the
web application do?
22.
Why is it necessary to redirect the browser to the Index
page (as opposed to having the Edit action render the Index page
itself)?
23.
An XSS/CSRF attack occurs when a malicious website uses
your credentials to submit a form that the malicious website
created.
Describe how/why the malicious website can use your credentials
to submit a form for you
When you log into a website, the browser stores your account
credentials in cookies.
Whenever the browser goes back to your site, the browser
automatically sends the login cookies to your site.
This happens even when the form is made by the bad guys.
24.
ASP.Net MVC uses an ‘Anti Forgery Token’ to prevent
XSS/CSRF attacks. Briefly describe how this token prevents the
attack. Steps:
a. User’s browser logs into the website
b. User requests the ‘Edit’ page
c. Server generates the ‘Edit’ page
To prevent XSS the server _____________________
d. User fills in the form, clicks ‘submit’, the form (and relevant
cookies) are sent to the server
e. Server then does __________________ to prevent XSS