.net 8 security #203

Author: christiannagel

2_Libs/Security/ASPNETCoreMVCSecurity/ASPNETCoreMVCSecurity.csproj

@@ -1,14 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
-
   <ItemGroup>
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.1.3" />
-    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="6.0.1" />
+    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.7" />
   </ItemGroup>
-
-</Project>
+</Project>

2_Libs/Security/ASPNETCoreMVCSecurity/Controllers/HomeController.cs

@@ -8,17 +8,8 @@
 
 namespace ASPNETCoreMVCSecurity.Controllers;
 
-public class HomeController : Controller
+public class HomeController(ILogger<HomeController> logger, IConfiguration configuration) : Controller
 {
-    private readonly ILogger<HomeController> _logger;
-    private readonly IConfiguration _settings;
-
-    public HomeController(ILogger<HomeController> logger, IConfiguration configuration)
-    {
-        _logger = logger;
-        _settings = configuration;
-    }
-
     public IActionResult Index() => View();
 
     public IActionResult Privacy() => View();
@@ -35,7 +26,7 @@ public IActionResult EchoWithView(string x)
 
     public IActionResult SqlSample(string id)
     {
-        string connectionString = _settings.GetConnectionString("InjectionConnection") ?? throw new InvalidOperationException("can't find InjectionConnection");
+        string connectionString = configuration.GetConnectionString("InjectionConnection") ?? throw new InvalidOperationException("can't find InjectionConnection");
         SqlConnection sqlConnection = new(connectionString);
         SqlCommand command = sqlConnection.CreateCommand();
 

2_Libs/Security/ASPNETCoreMVCSecurity/Models/Book.cs

@@ -1,3 +1,3 @@
 namespace ASPNETCoreMVCSecurity.Models;
 
-public record Book(string Title, string? Publisher);
+public record class Book(string Title, string? Publisher);

2_Libs/Security/HackingSite/HackingSite.csproj

@@ -1,9 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
-
-</Project>
+</Project>

2_Libs/Security/IdentitySample/IdentitySample.csproj

@@ -2,15 +2,15 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>1dd61b86-5b54-4a6a-bed2-fefbe07d2273</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="7.0.0" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.68.0" />
   </ItemGroup>
 
 </Project>

2_Libs/Security/SecureTransfer/AliceRunner.cs

@@ -26,7 +26,7 @@
         aes.GenerateIV();
         using ICryptoTransform encryptor = aes.CreateEncryptor();
         using MemoryStream ms = new();
-        using (CryptoStream cs = new(ms, encryptor, CryptoStreamMode.Write))
+        using (CryptoStream cs = new(ms, encryptor, CryptoStreamMode.Write, leaveOpen: true))
         {
             await cs.WriteAsync(plainData.AsMemory());
         } // need to close the CryptoStream before using the MemoryStream

2_Libs/Security/SecureTransfer/SecureTransfer.csproj

@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
   </ItemGroup>
 
 </Project>

2_Libs/Security/SigningDemo/AliceRunner.cs

@@ -9,7 +9,7 @@
 
     public (byte[] Data, byte[] Sign) GetDocumentAndSignature()
     {
-        _logger.LogInformation($"Using this ECDsa class: {_signAlgorithm.GetType().Name}");
+        _logger.LogInformation("Using this ECDsa class: {Type}", _signAlgorithm.GetType().Name);
 
         byte[] aliceData = Encoding.UTF8.GetBytes("I'm Alice");
         byte[] aliceDataSignature = _signAlgorithm.SignData(aliceData, HashAlgorithmName.SHA512);

2_Libs/Security/SigningDemo/SigningDemo.csproj

@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
   </ItemGroup>
 
 </Project>

2_Libs/Security/WebAppWithADSample/Pages/Index.cshtml.cs

@@ -2,12 +2,8 @@
 
 namespace WebAppWithADSample.Pages;
 
-public class IndexModel : PageModel
+public class IndexModel(ILogger<IndexModel> logger) : PageModel
 {
-    private readonly ILogger<IndexModel> _logger;
-
-    public IndexModel(ILogger<IndexModel> logger) => _logger = logger;
-
     public void OnGet()
     {