When working with Entity Framework Core, understanding change tracking behavior is crucial for both performance and data consistency. While I was ware of the AsNoTracking() method, I discovered a lesser-known but powerful alternative: AsNoTrackingWithIdentityResolution() during a code review. Let's explore what makes this method special and when you should use it. Quick recap: What is AsNoTracking()? Before diving into AsNoTrackingWithIdentityResolution , let's briefly review AsNoTracking() . By default, EF Core tracks all entities returned from queries in the change tracker. This tracking enables: Automatic detection of changes to entities Update operations without explicitly attaching entities Identity resolution (ensuring only one instance per entity exists in memory) However, tracking comes with overhead. When you're performing read-only operations where you don't need to update data, AsNoTracking() improves performance by skipping the change...
Welcome to the final post in our file upload security series. We've covered content type validation, file size validation, and file signature validation—each providing a crucial layer of defense. Today, we're implementing the final and most sophisticated protection: malware scanning using Windows Antimalware Scan Interface (AMSI) . The last line of defense Even after all our previous validation steps, a determined attacker could still upload malicious content: A legitimate PDF with embedded JavaScript exploits A valid Office document containing malicious macros An actual image file with embedded steganographic payloads A genuine archive containing malware Zero-day exploits targeting file processing libraries These files pass all our previous validations because they are legitimate file formats—they're just weaponized. This is where malware scanning becomes essential. Why AMSI? Windows Antimalware Scan Interface (AMSI) is a powerful, oft...