dotnet

.NET Code Review Rules

Security (Critical)

• Use [Authorize] attribute with policies
• Validate anti-forgery tokens for forms
• Use parameterized queries (EF Core does this by default)
• Don't log sensitive data
• Use HTTPS redirection middleware
• Store secrets in Azure Key Vault or environment variables
• Use User Secrets for local development
• Never commit secrets to source control
• Validate and sanitize all user input to prevent injection attacks
• Avoid storing sensitive data or security-relevant instructions in HTML comments