static void Main(string[] args)
{
using (var context = new NorthwindClassesDataContext())
{
var employees = context.Employees
//.Where(e => e.BirthDate.Value.Year > 1950)
.OrderBy(e => e.FirstName)
.Select(e => new { e.EmployeeID, e.FirstName, e.LastName })
.ToList();
foreach (var e in employees)
{
Console.WriteLine($"Id: {e.EmployeeID} - {e.FirstName, 10} {e.LastName, 10}");
}
//var employee = context.Employees.First();
//employee.FirstName = "Stanislaus";
//context.SubmitChanges(); // in EntityFramework: context.SaveChanges()
//var newEmployee = new Employee
//{
// FirstName = "theNewOne",
// LastName = "Maier"
//};
//context.Employees.InsertOnSubmit(newEmployee); // in EntityFramework: cotnext.Employees.Add(employee)
//context.SubmitChanges();
//var employeeToDelete = context.Employees.SingleOrDefault(e => e.FirstName == "theNewOne" && e.LastName == "Maier");
//context.Employees.DeleteOnSubmit(employeeToDelete); // in EntityFramework: context.Employees.Remove(employee)
//context.SubmitChanges();
}
Console.ReadLine();
}
private void UsingLinqToSql()
{
var catID = Request.QueryString["CategoryID"];
var connString = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
var dc = new NorthwindClassesDataContext(connString);
var catIDInt = Convert.ToInt16(catID);
grdProducts.DataSource =
dc.Products.Where(p => p.CategoryID == catIDInt);
grdProducts.DataBind();
}
// PART 1 - insecure
public VulnerableApp.ORM.ServiceProduct GetProductDetails(int param)
{
// Add your operation implementation here
var productID = param;
var connString = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
var dc = new NorthwindClassesDataContext(connString);
Product product = dc.Products.Where(p => p.ProductID == productID).FirstOrDefault();
return(new ServiceProduct(product));
}
//// PART 2 - Secure
//public VulnerableApp.ORM.ServiceProduct GetProductDetails(int param)
//{
// Product product = new Product() {ProductID=0, ProductName = "You do not have succficient privileges to get details", QuantityPerUnit = "" };
// if (CanCurrentUserAccessProductDetails())
// {
// // Add your operation implementation here
// var productID = param;
// var connString = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
// var dc = new NorthwindClassesDataContext(connString);
// product = dc.Products.Where(p => p.ProductID == productID).FirstOrDefault();
// }
// return new ServiceProduct(product);
//}
// PART 3 - Secure with indirect reference map
public VulnerableApp.ORM.ServiceProduct GetProductDetails(Guid param)
{
Product product = new Product()
{
ProductID = 0, ProductName = "You do not have succficient privileges to get details", QuantityPerUnit = ""
};
if (CanCurrentUserAccessProductDetails())
{
// Add your operation implementation here
var productID = VulnerableApp.HelperClasses.IndirectReferenceMap.GetDirectReference(param);
var connString = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
var dc = new NorthwindClassesDataContext(connString);
product = dc.Products.Where(p => p.ProductID == productID).FirstOrDefault();
}
return(new ServiceProduct(product));
}
public void Initialize()
{
context = new NorthwindClassesDataContext();
context.ObjectTrackingEnabled = withTracking;
}
//public ActionResult Add_Pr()
//{
// return View();
//}
//public ActionResult DropDownMenu2()
//{
// DataClasses2DataContext context = new DataClasses2DataContext();
// return View(context.Misi_Partners);
//}
public ActionResult CreateDoc()
{
NorthwindClassesDataContext context = new NorthwindClassesDataContext();
return(View(context.Products));
}
