ASP NET Core Security 1st Edition Christian Wenz

Read Anytime Anywhere Easy Ebook Downloads at ebookmeta.com
ASP NET Core Security 1st Edition Christian Wenz
https://ebookmeta.com/product/asp-net-core-security-1st-
edition-christian-wenz-2/
OR CLICK HERE
DOWLOAD EBOOK
Visit and Get More Ebook Downloads Instantly at https://ebookmeta.com

Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.
ASP.NET Core Security 1st Edition Christian Wenz
https://ebookmeta.com/product/asp-net-core-security-1st-edition-
christian-wenz/
ebookmeta.com
ASP NET Core 6 Succinctly Dirk Strauss
https://ebookmeta.com/product/asp-net-core-6-succinctly-dirk-strauss/
ebookmeta.com
ASP NET Core in Action Second Edition Andrew Lock
https://ebookmeta.com/product/asp-net-core-in-action-second-edition-
andrew-lock/
ebookmeta.com
Just a Positive Pregnancy Test London Casey
https://ebookmeta.com/product/just-a-positive-pregnancy-test-london-
casey/
ebookmeta.com

DEAR BOOKWORM BEAUTY A Curvy Girl Romance SINCERELY YOURS
Book 16 1st Edition Lana Dash
https://ebookmeta.com/product/dear-bookworm-beauty-a-curvy-girl-
romance-sincerely-yours-book-16-1st-edition-lana-dash/
ebookmeta.com
Soulbound Shifters 03.0 - Fate Unbound 1st Edition Riley
Storm
https://ebookmeta.com/product/soulbound-shifters-03-0-fate-
unbound-1st-edition-riley-storm/
ebookmeta.com
Reason and Nature An Essay on the Meaning of Scientific
Method 1st Edition Morris R. Cohen
https://ebookmeta.com/product/reason-and-nature-an-essay-on-the-
meaning-of-scientific-method-1st-edition-morris-r-cohen/
ebookmeta.com
Ellery Queen s Mystery Magazine 2012 08 Ellery Queen S
Mystery Magazine
https://ebookmeta.com/product/ellery-queen-s-mystery-
magazine-2012-08-ellery-queen-s-mystery-magazine/
ebookmeta.com
Re Monster Volume 03 1st Edition Kanekiru Kogitsune
https://ebookmeta.com/product/re-monster-volume-03-1st-edition-
kanekiru-kogitsune/
ebookmeta.com

Thomas Jefferson and the Development of American Public
Education James B. Conant
https://ebookmeta.com/product/thomas-jefferson-and-the-development-of-
american-public-education-james-b-conant/
ebookmeta.com

ASP.NET Core Security
CHRISTIAN WENZ
To comment go to liveBook
Manning
Shelter Island
For more information on this and other Manning titles go to
www.manning.com

Copyright
For online information and ordering of these and other
Manning books, please visit www.manning.com. The
publisher offers discounts on these books when ordered in
quantity.
For more information, please contact
Special Sales Department
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Email: orders@manning.com
©2022 by Manning Publications Co. All rights
reserved.
No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by means
electronic, mechanical, photocopying, or otherwise, without
prior written permission of the publisher.
Many of the designations used by manufacturers and sellers
to distinguish their products are claimed as trademarks.
Where those designations appear in the book, and Manning
Publications was aware of a trademark claim, the
designations have been printed in initial caps or all caps.
♾ Recognizing the importance of preserving what has been
written, it is Manning’s policy to have the books we publish
printed on acid-free paper, and we exert our best efforts to

that end. Recognizing also our responsibility to conserve the
resources of our planet, Manning books are printed on
paper that is at least 15 percent recycled and processed
without the use of elemental chlorine.
Manning Publications Co.
20 Baldwin Road Technical
PO Box 761
Shelter Island, NY 11964
Development editor: Doug Rudder
Technical development editor: Ben McNamara

Review editor: Adriana Sabo
Production editor: Andy Marinkovich
Copy editor: Carrie Andrews
Proofreader: Melody Dolab
Technical proofreader: Srihari Sridharan
Typesetter and cover designer: Marija Tudor

contents
front matter
preface
acknowledgments
about this book
about the author
about the cover illustration
Part 1 First steps
1 On web application security
1.1 ASP.NET Core: History and options
ASP.NET Core version history
MVC
Razor Pages
Web API
Blazor
1.2 Identifying and mitigating threats
Web application components
Defense in depth
1.3 Security-related APIs
1.4 Security is important
Part 2 Mitigating common attacks
2 Cross-site scripting (XSS)

2.1 Anatomy of a cross-site scripting attack
2.2 Preventing cross-site scripting
Understanding the same-origin policy
Escaping HTML
Escaping in a different context
2.3 Content Security Policy
Sample application
How Content Security Policy works
Refactoring applications for Content Security Policy
Content Security Policy best practices
Content Security Policy Level 3 features
2.4 More browser safeguards
3 Attacking session management
3.1 Anatomy of a session management attack
Stealing session cookies
Cookies and session management
3.2 ASP.NET Core cookie and session settings
3.3 Enforcing HTTPS
3.4 Detecting session hijacking
4 Cross-site request forgery
4.1 Anatomy of a cross-site request forgery attack
4.2 Cross-site request forgery countermeasures
Making the HTTP request unpredictable
Securing the session cookie
4.3 Clickjacking
4.4 Cross-origin resource sharing
5 Unvalidated data

5.1 Looking at HTTP
5.2 ASP.NET Core validation
5.3 Mass assignment
5.4 Secure deserialization
6 SQL injection (and other injections)
6.1 Anatomy of an SQL injection attack
6.2 Prepared statements
6.3 Entity Framework Core
6.4 XML external entities
6.5 Other injections
Part 3 Secure data storage
7 Storing secrets
7.1 On encryption
7.2 Secret Manager
7.3 The appsettings.json file
7.4 Storing secrets in the cloud
Storing secrets in Azure
Storing secrets in AWS
Storing secrets in Google Cloud
7.5 Using the data protection API
7.6 Storing secrets locally with Blazor
8 Handling passwords

8.1 From data leak to password theft
8.2 Implementing password hashing
MD5 (and why not to use it)
PBKDF2
Argon2
scrypt
bcrypt
8.3 Analyzing ASP.NET Core templates
Part 4 Configuration
9 HTTP headers
9.1 Hiding server information
9.2 Browser security headers
Referrer Policy
Feature and permissions policy
Preventing content sniffing
Cross-origin policies
Further headers
10 Error handling
10.1 Error pages for web applications
Custom error pages
Status code error pages
10.2 Handling errors in APIs
11 Logging and health checks

11.1 Health checks
Health check setup
Advanced heath checks
Formatting the output
Health checks UI
11.2 Logging
Creating log entries
Log levels
Log scopes
Part 5 Authentication and authorization
12 Securing web applications with ASP.NET Core
Identity
12.1 ASP.NET Core Identity setup
12.2 ASP.NET Core Identity fundamentals
12.3 Advanced ASP.NET Core Identity features
Password options
Cookie options
Locking out users
Working with claims
Two-factor authentication
Authenticating with external providers
13 Securing APIs and single page applications

13.1 Securing APIs with tokens
13.2 OAuth and OpenID Connect
OAuth vs. OpenID Connect
OAuth flows
13.3 Securing applications
Third-party tools
Client credentials
Authorization code + PKCE
SPAs and BFF
Part 6 Security as a process
14 Secure dependencies
14.1 Using npm audit
14.2 Keeping NuGet dependencies up-to-date
15 Audit tools
15.1 Finding vulnerabilities
15.2 OWASP ZAP
15.3 Security Code Scan
15.4 GitHub Advanced Security
16 OWASP Top 10

16.1 OWASP Top 10
Top 10 creation process
#1: Broken access control
#2: Cryptographic failures
#3: Injection
#4: Insecure design
#5: Security misconfiguration
#6: Vulnerable and outdated components
#7: Identification and authentication failures
#8: Software and data integrity failures
#9: Security logging and monitoring failures
#10: Server-side request forgery
16.2 OWASP API Top 10
16.3 Other lists
index

front matter
preface
I still remember the first time I was exposed to the topic of
web application security, although I did not realize the
impact at that time. Back around 1997, I was creating web
applications (or, rather, websites, back then), but hosting
services were really expensive. For one of my projects, the
only option I could afford was one where I was allowed to
create just one page (!), and I had to use the hosting
provider’s tooling for that—no custom HTML or CSS was
possible. I had plenty of free space available on a free
hosting service but could not use my own domain there;
rather, I used something like
http://home.someprovider.com/mysite.
One of the very few features available to me was to set the
keywords of the page (back in the day, search engines
actually parsed that information). If I was using “web
application security, hacking,” for instance, this would be
turned into the following HTML markup:
<meta name="keywords" content="web application security, hacking">
After some experimenting, I found that I could try the
following “keyword”:

"><meta http-equiv="refresh" content="0;
url=http://home.someprovider.com/mysite"><"
It turned out that the provider was putting this data
verbatim into the <meta> tag, leading to this result
(formatted for legibility, with my input in bold):
<meta name="keywords" content="">
<meta http-equiv="refresh" content="0;
url=http://home.someprovider.com/mysite">
<"">
So I injected another <meta> tag that redirected the
browser to my actual site, hosted for free somewhere else.
It took a while until I understood the implications of what I
had found—it was possible to inject arbitrary content on
that page. My “attack” was harmless, but it would also have
been possible to add other, more malicious markup. This
sparked my interest in web application security, and I
haven’t looked back since. I have audited countless web
applications, worked with customers before or after an
audit, taught developers to write secure web applications,
spoken at conferences on three continents about web
application security, and tried my best to make the
applications I was responsible for as safe as possible. In
2004, I was awarded a Microsoft MVP (Most Valuable
Professional) award for ASP.NET for the first time, and I’ve
followed security APIs, gotchas, and concerns in that
framework very closely over the years.

I had considered writing a book on the experience and
knowledge I have gained over the last 25 years, but the
timing was never right. In mid-2021, it suddenly was, and I
started a monthslong journey to condense everything I
know and consider important into the book you are about to
read.
In my experience, just knowing countermeasures against
certain threats is not good enough. Developers need to
understand how attacks work—it’s easier to defend against
things you have already seen. That’s why many of the
chapters will first show the attack and then explain how to
prevent it. Apart from making the content more accessible
that way, it’s also fun—we see how things can be broken
and call this work!
As the title suggests, ASP.NET Core Security is based on
ASP.NET Core, which includes both Razor Pages and
ASP.NET Core MVC. The book also covers Microsoft’s third
web application framework, Blazor, where it’s feasible. All
the examples in the book use C# and are based on .NET 6
(and are expected to still be valid for many versions to
come).

acknowledgments
Many people who were involved in getting this book ready
for you to enjoy are mentioned on the copyright page
(rightfully so!), and there are many others who helped and
contributed along the way.
I am indebted to the roster of reviewers who provided
useful comments at various stages of the book’s
development, as did the readers of the Manning Early
Access Program (MEAP) edition. To all the reviewers, Al
Pezewski, Billy Miguel Vanegas, Daniel Vásquez, Darren
Gillis, David Paccoud, Dennis Hayes Djordje, Dorogoy
Dmitry Sergevich, Doyle Turner, Emmanouil Chardalas, Guy
Langston, Harry Polder, Jedidja Bourgeois, Joe Cuevas, Jose
Luis Perez, Marcin Sęk, Marek Petak, Markus Wolff, Matthew
Harvell, Michael Holmes, Milos Todorovic, Nick McGinness,
Nik Rimington, Onofrei George, Paul Brown, Richard
Vaughan, Ron Lease, Samuel Bosch, Stanley Anozie, Sumit
K. Singh, Tom Gueth, Viorel-Marian Moisei, and Wayne
Mather, thank you for your input and for helping to improve
this book.
Several trusted colleagues and friends also gave invaluable
feedback and made the book so much better. Thank you all
for your insights and support!
Special thanks to Doug Rudder, my developmental editor,
who not only kept the project on track, but also caught me

every time I cut corners, further improving the book.

about this book
The title of the book says it all: it covers security for
ASP.NET Core applications, so it details various threats and
risks for web applications based on Microsoft’s .NET
technology. I believe in the “show, don’t tell” principle, so
you will see not only APIs and countermeasures, but also
how an attack takes place. Real-world incidents will serve as
the basis for many of the chapters.
Who should read this book?
You should understand the basics of .NET and be proficient
with at least one of the web application options of ASP.NET
Core (Razor Pages or MVC/Web API). If you are comfortable
with HTML and CSS, as in “I understand it when I see it,”
even better. At least some shallow experience with
JavaScript is helpful in some of the chapters. The book will
use C# as the language of choice, so this is another
prerequisite for you to get the most out of ASP.NET Core
Security.
How this book is organized: a roadmap
The book is split into 5 parts with a total of 16 chapters.
Part 1 of the book sets the stage for the content to come:

Chapter 1 discusses why web application security is
important and which ASP.NET Core options exist, as well
as how they may be affected. You will also receive a
quick refresher on the project options ASP.NET Core
provides.
Part 2 shows the most common attacks against web
applications and how to defend against them:
Chapter 2 covers cross-site scripting (XSS), a very
widespread attack that is usually based on injecting
malicious JavaScript code. The example from the
preface, where HTML was injected, also falls into this
category.
Chapter 3 discusses several ways to attack session
management and how to make sessions more secure.
This includes features introduced in modern web
browsers.
Chapter 4 covers cross-site request forgery (CSRF), a
very dangerous attack that can be mitigated both with
built-in ASP.NET Core features and with security
mechanisms in recent browsers.
Chapter 5 describes the potential effects of unvalidated
data and what ASP.NET Core brings to the table. This
includes model validation, which is both convenient and
powerful.
Chapter 6 covers SQL injection, a really old attack that
is rare in the ASP.NET Core world due to easy-to-use
countermeasures and the rise of OR mappers such as
Entity Framework Core.

Part 3 deals with secure data storage:
Chapter 7 covers storing secrets such as tokens. One
option is to use encryption; another is to use select
cloud offerings.
Chapter 8 discusses handling passwords and how to
securely store them. Actually, passwords should not be
stored at all, but their hashes should.
Part 4 covers various security-related configuration options:
Chapter 9 details several HTTP headers supported in
modern web browsers that add an extra layer of
security to an application. The chapter also discusses
how to prevent revealing HTTP headers from being sent
to the client.
Chapter 10 provides an introduction to error handling
for an ASP.NET Core application, including best
practices.
Chapter 11 covers two topics that are different but
somewhat related: logging can make sure that
diagnostic information about a site is stored for later
retrieval, and health checks provide a mechanism for
surveillance of the availability of a site and its services.
Part 5 covers authentication and authorization for ASP.NET
Core applications:
Chapter 12 provides an introduction to ASP.NET Core
Identity, making it easy to add user management and
authentication to a site.

Chapter 13 describes securing APIs and single-page
applications (SPAs) using a token-based solution. The
chapter also covers OAuth and OpenID Connect from an
ASP.NET Core perspective.
Part 6 covers several aspects that are part of a security
process:
Chapter 14 discusses how to make sure dependencies
are secure, including various auditing tools.
Chapter 15 focuses on audit tools that can help find
vulnerabilities in web applications.
Chapter 16 covers the OWASP Top 10, a regularly
updated list of the top ten security risks for web
applications, and how they are covered in this book.
Most of the chapters are independent of each other, but
there are several cross-references where applicable.
About the code
This book contains many examples of source code, both in
numbered listings and inline with normal text. In both
cases, source code is formatted in a fixed-width font
like this to separate it from ordinary text. In some cases,
the original source code has been reformatted. I’ve added
line breaks and reworked indentation to accommodate the
available page space in the book. In rare cases, even this
wasn’t enough, and listings include line-continuation
markers (➥). Additionally, comments in the source code

have often been removed from the listings when the code is
described in the text. Code annotations accompany many of
the listings, highlighting important concepts.
Source code is available for chapters 1 through 13 of this
book. A .NET solution called AspNetCoreSecurity will
contain several ASP.NET Core projects (in chapter 13,
there’s a second solution). Depending on the chapter, the
code shown will be in one or several of those projects. All
source code was tested with ASP.NET Core and .NET 6. The
IDE of choice was Visual Studio 2022, but the code, of
course, also works with other options such as Visual Studio
Code and Rider. Please always make sure you read the full
chapter before trying or using the code. In several
instances, code is intentionally vulnerable to demonstrate
an attack. You can download the source code from the
publisher’s website at www.manning.com/books/asp-net-
core-security.
liveBook discussion forum
Purchase of ASP.NET Core Security includes free access to
liveBook, Manning’s online reading platform. Using
liveBook’s exclusive discussion features, you can attach
comments to the book globally or to specific sections or
paragraphs. It’s a snap to make notes for yourself, ask and
answer technical questions, and receive help from the
author and other users. To access the forum, go to
https://livebook.manning.com/book/asp-net-core-
security/discussion. You can also learn more about

Manning's forums and the rules of conduct at
https://livebook.manning.com/discussion.
Manning’s commitment to our readers is to provide a venue
where a meaningful dialogue between individual readers
and between readers and the author can take place. It is
not a commitment to any specific amount of participation on
the part of the author, whose contribution to the forum
remains voluntary (and unpaid). We suggest you try asking
the author some challenging questions lest his interest
stray! The forum and the archives of previous discussions
will be accessible from the publisher’s website for as long as
the book is in print.

about the author
Christian Wenz is a web pioneer, technology specialist, and
entrepreneur. Since 1999, he has written close to 150 books
on web technologies and related topics, which have been
translated into ten languages. At his day job, he consults for
enterprises on digitization and Industry 4.0. A fixture at
international developer conferences, he has presented on
three continents. Christian has been an MVP for ASP.NET
since 2004, is the lead author of the official PHP
certification, and sporadically contributes to OSS projects.
He holds university degrees in computer science and

business informatics and is a two-time recipient of a Knuth
reward check.

about the cover illustration
The figure on the cover of ASP.NET Core Security is
“Venitienne,” or “Venetian (woman),” taken from a collection
by Jacques Grasset de Saint-Sauveur, published in 1797.
Each illustration is finely drawn and colored by hand.
In those days, it was easy to identify where people lived
and what their trade or station in life was just by their
dress. Manning celebrates the inventiveness and initiative of
the computer business with book covers based on the rich
diversity of regional culture centuries ago, brought back to
life by pictures from collections such as this one.

Part 1 First steps
No week passes without some high-profile internet security
incident—data leaking to the public, popular code libraries
receiving updates with malware, a new ransomware being
passed around, and websites being exposed to security
vulnerabilities. Many of the happenings you read about in IT
news were made possible by bugs in code. Since this book
is based on ASP.NET Core, chapter 1 will unveil web
application options that technology provides and will
analyze where attacks may happen. We will build the
“mental model” for the remainder of the book.

1 On web application security
This chapter covers
Learning why web application security is important
Using ASP.NET Core to create web applications and APIs
Identifying why certain parts of an application are at risk
Exploring what to expect from this book
Nine out of ten web applications have security
vulnerabilities. This is the rather frightening conclusion of a
study released in 2020 by Positive Technologies
(http://mng.bz/mOj2), a provider of various security
solutions. Obviously, such studies can often be biased
toward the business model of those who conduct them, but
several other studies from previous years yielded similar
outcomes. Here’s a report about one study from as far back
as 2009: http://mng.bz/5Qo1.
The authors of the study also found that about four out of
five web application vulnerabilities are part of the code,
instead of, say, the server configuration. From this, we can
deduce two trends:
The major security risk for web applications lies in their
code.
The problem is industry-wide, and the situation does not
seem to be getting better.

Often, a lack of security does not immediately show—until
it’s too late and a web application has been successfully
hacked. It is therefore mandatory to make web application
security a top priority and to use security best practices from
the very beginning of a project.
Most security risks for web applications lie in the way web
browsers, HTTP, database servers, and other “web aspects”
work; therefore, these risks are technology-agnostic. Here’s
one example of this: in theory, injecting JavaScript into a
website works independently of the server language or
framework being used. In practice, there are the following
differences:
1. Some languages and frameworks have built-in
countermeasures that help prevent common attacks
without any extra effort during development.
2. The functions, methods, and APIs used to defend against
certain attacks and risks are naturally named differently
in technologies and frameworks.
Therefore, a book on web application security will need to
present and describe common attacks, in a more or less
general fashion, and will then need to introduce
countermeasures that are tied to a certain technology. The
stack we will be using in this book is Microsoft’s .NET; since
we are talking about web applications, its web framework,
ASP.NET Core, will be the focus. The book was written with
.NET 6 and ASP.NET Core 6 but is expected to be upward-
compatible with newer versions.

1.1 ASP.NET Core: History and
options
ASP.NET has a long history that is tied to that of .NET, which
was first released as a beta in 2001 and as a final version
1.0 in early 2002. Back then, the software package was
called “.NET Framework” and contained a server web
application framework called ASP.NET (the first three letters
were carried over from the previous Microsoft web
technology ASP, which was short for “Active Server Pages”).
Along with .NET Framework came a new programming
language, C#, which will be used throughout this book,
although other options exist (Visual Basic for .NET, or F#, a
functional language).
1.1.1 ASP.NET Core version history
ASP.NET and .NET evolved over the years but are not
specifically covered in this book. That may come as a
surprise, especially given the book title, but in the 2010s,
Microsoft worked on a new evolution of .NET that culminated
in the release of .NET Core 1.0 in mid-2016. This new
version of .NET was open source, was more or less platform-
agnostic, and was not tied to Windows any longer. The word
Core was used to avoid confusion with .NET, especially with
version numbers. Whether that worked is a different
discussion, but to add to the confusion, Microsoft dropped
Core when .NET reached version 5.0. The reason: the latest,

and probably final, version of the .NET Framework and of
ASP.NET is 4.8, so there won’t be .NET Framework 5; thus,
“.NET 5” clearly means the new evolution of .NET.
It is a bit more complicated with ASP.NET, though. The MVC
(model-view-controller) framework, ASP.NET MVC, has its
own version numbers. The latest release of the ASP.NET MVC
NuGet package for the .NET Framework is 5.2.8
(http://mng.bz/2nE0), so “ASP.NET 5” could actually mean
three things:
ASP.NET MVC 5 (based on the .NET Framework)
ASP.NET Core 5 (based on .NET 5, formerly known as
.NET Core)
ASP.NET as part of .NET 5, which was the previous
project name of what later became .NET Core 1.0
I think we can agree that it did make sense to leave the
Core suffix to make the product name explicit, so ASP.NET
Core it is—for now. You don’t have to be a prophet to predict
that Core will likely be dropped at some point in the future.
But for now, if there’s Core in the name, we are talking
about a current version of Microsoft’s web framework, not a
legacy one. This book is based on .NET 6, where Core is still
present.
1.1.2 MVC
The architectural pattern “model-view-controller” (MVC) was
invented in the 1970s and originated in GUI applications, yet
became very popular for web applications. Creating HTML

and CSS for a web page’s looks is an entirely different skill
than implementing a server backend. Therefore, splitting up
the UI from the logic makes sense, and MVC is one of the
options available. Tailored to a web application, MVC
basically works like this (figure 1.1):
A controller accepts user input (in the case of a web
application, data in an HTTP request).
The controller receives and manipulates a model (often,
data from a database) and then assigns this model to a
view (usually an HTML page).
The client receives the view and may use it to create a
new request.
Figure 1.1 How model-view-controller works

In ASP.NET MVC, these components are commonly
represented as follows (since ASP.NET MVC is highly
configurable, many details may be changed, but we describe
the default out-of-the-box behavior):
The controller is a C# class. Requests are mapped to
“action methods,” essentially public C# methods.
The model is typically a C# object or class, often filled
with database content (but not necessarily a 1:1
mapping). Microsoft samples routinely rely on Entity
Framework Core, Microsoft’s object-relational mapper
(OR mapper, or ORM), but this is certainly not
mandatory. The controller accesses this model, may
manipulate it, and then provides it to the view, if
applicable.
The view is essentially an HTML page with some extra
markup to bind values from the model, or to execute
code. Since we are using C#, those HTML pages have
the .cshtml extension. The Razor view engine allows
inclusion of C# code in these files, using the @ special
character. The files are compiled so that the C# code
may be run; the browser, of course, receives the
resulting HTML.
When creating a new project in Visual Studio, the framework
option you pick will set the technological standard for the
app. Figure 1.2 shows some of the available project
templates. Note that the fourth option, ASP.NET Core Web
App (Model-View-Controller), also offers to include Web API,
since they are so similar from a code point of view.

Figure 1.2 Creating a new web application in Visual Studio
Let’s look at the main elements of a simple sample
application. The following listing shows the controller.
Listing 1.1 The controller of a simple MVC application
using Microsoft.AspNetCore.Mvc;
namespace AspNetCoreSecurity.MvcSamples.Controllers
{
public class HomeController : Controller

{
public IActionResult Index() ❶
{
var outcome = new Random().Next(1, 7);
var roll = new DiceRoll(outcome);
return View(roll); ❷
}
}
public record DiceRoll(int outcome);
}
❶ Shows the action method within the controller
❷ Sends the dice roll result to the view, which is returned to the client
The HomeController class implements the Index() action
method, which returns a view with the result of a dice roll.
The DiceRoll type is defined in the same file, purely for
simplicity. This view is shown in the next listing.
Listing 1.2 The view of a simple MVC application
@model AspNetCoreSecurity.MvcSamples.Controllers.DiceRoll ❶
@{
Layout = null;
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0"
/>
<title>Dice Roll - MVC</title>
</head>
<body>
<h1>Dice Roll: @Model?.outcome</h1> ❷

</body>
</html>
❶ Defines the type of the page’s model
❷ Outputs the dice roll outcome from the model
In the view, the outcome of the dice roll, a property named
outcome, is shown in an <h1> element.
1.1.3 Razor Pages
Remember the Razor view engine from the previous section?
The simple yet effective syntax was elevated to have its own
approach to web development under the ASP.NET Core
umbrella.
Razor Pages are essentially HTML pages with the .cshtml file
extension that support the Razor syntax. In contrast to the
MVC framework, there is no need for a controller. All the
code responsible for retrieving the view and handling user
input is now part of the page. For simpler scenarios, this
works really well and removes some complexity that is
inherent to MVC. The following listing shows the page model
of a simple sample application.
Listing 1.3 The page model of a simple application
using Microsoft.AspNetCore.Mvc.RazorPages;
namespace AspNetCoreSecurity.RazorSamples
{
public class IndexModel : PageModel
{
public void OnGet() ❶
{

Another Random Document on
Scribd Without Any Related Topics

113
114
When Paderewski returned to the United States in
January of 1915 he had two missions to accomplish.
The first was to raise money to feed the starving people
of Poland. No one thought there was anything odd
about the world-famous pianist devoting himself to the
cause of his suffering countrymen. It was the sort of
thing one expected of artists.
The second part of his task was much more complex.
The war was only six months old. No one knew how
long it would last, but some day it would be over. That
much, at least, was certain. And when that day came,
statesmen from all over the world would sit down in
conference to draw the new boundary lines of Europe.
If the dream of a free Poland were ever to become a
reality, it would be then. But who among these
statesmen knew or cared anything about the fate of a
country that geographically had ceased to exist one
hundred years ago? At the moment they had other
things on their minds—such as winning a war. And in
neutral America, the chief concern of responsible
statesmen was the question of staying out of the war.
In Washington, D.C., Robert Lansing, the United States
Secretary of State, and therefore the most important
man in the field of foreign policy, was surprised one day
when his secretary told him that the pianist Paderewski
had asked for an appointment. He was even more
surprised when the famous man arrived in his office and
began to talk, eloquently he admitted, about the ideal of
a united and independent Poland.
Secretary Lansing was a true diplomat. Although the
question of reuniting the former country of Poland was
about the last thing in the world he had time to discuss,
he listened courteously. His thoughts were all negative.

115
“This man is way out of his depth. He’s a sentimental
idealist. What does he know about the cold, cut-throat
facts of international politics? He’s trying to do
something that’s impossible.”
As gently as he could, Lansing asked a few pointed
questions. Whom did Paderewski represent? The Polish
government? There was no Polish government. The
Polish people? But which ones? The German-Poles? The
Austrian-Poles? The Russian-Poles? There was no such
thing as a unified Polish people whose ideas the
statesmen of the world would respect because of sheer
force of numbers. As for the Poles in America, Lansing
pointed out, they were more hopelessly divided than the
Poles who actually lived in the divided country!
Paderewski was only too well aware of this fact. He had
often smiled over the old joke that says, “Put two Poles
on a sofa and you have a new political party!”
In the United States several Polish relief committees
were already in existence. Naturally each group was
trying its best to snare the famous pianist for its own
ranks. The minute his ship had landed, he had been
besieged by their representatives. He had walked by the
hour with them in Central Park, listening to each man’s
arguments in favor of his own point of view. He had
committed himself to none of them.
The man who could actually bring off the task of
unifying the American Poles would have to be a political
genius, not a musical genius, Lansing thought. As he
studied the flying hair and romantically flowing tie of his
visitor, he decided that this was decidedly not the man
to do it.

116
117
During the next few weeks Paderewski became
accustomed to the faint smile with which government
officials greeted him. He knew so well what they were
thinking. “What does a pianist know about international
affairs?”
As Paderewski prepared to cross the country and begin
his tour, he felt discouraged but not despondent. The
men he had seen in Washington were important men,
but they were not the ones who would really count in
the end. There was a man—exactly the right man—
whose support he needed, the “providential man” for
whom he prayed and waited. But he knew that God
would send him when it was time.
The city of San Francisco was holding a great
exposition. The committee had asked Paderewski to
play a concert for the occasion, since he had always
been San Francisco’s favorite artist. When he replied
that he was in the country to speak for Polish relief, not
to play concerts, they willingly changed their offer. He
could talk, he could play, he could do anything he liked.
They in turn would guarantee him an audience of
thousands who would be glad to hear whatever he had
to say. It was a fine way to begin his career as a
speaker, Paderewski thought. But as the day and finally
the hour itself approached, he grew more and more
nervous.
“What makes me think I can persuade an audience?” he
asked his wife. “By playing—perhaps. But by speaking!
And in English! How do I know they will even listen to
me?”

118
Madame Paderewska’s eyes did not stray an inch from
the sock she was knitting. She smiled patiently and said
for the tenth time that day, “They will listen.”
As Paderewski walked toward the stage of the
enormous auditorium that night, he longed for the
blissful assurance he had once had of knowing exactly
how every note was going to sound. He stepped out
from the wings—and then stopped in his tracks at the
breath-taking sight that greeted him.
The stage was bare except for the piano. Hanging
behind the piano was an enormous flag that had been
made only a day before. It covered the huge back wall
of the building from one side to the other, and from
ceiling to floor. A triumphant white eagle on a blood-red
field! The flag of Poland!
Paderewski’s nervousness vanished. He felt a great
surge of confidence both for the present moment and
for the future. The audience was cheering wildly, but as
he walked to the front of the stage and bowed, a deep
silence settled over the hall.
He said, “I have to speak to you about a country which
is not yours, in a language which is not mine.”

119
120
It was the first of over three hundred speeches. It was
the opening of a journey that would carry him to every
state in the country. He would travel thousands of miles
to speak thousands of words. And with the unerring
instinct of an artist, he had begun with a phrase that
sent an electric shock through that first audience and
every future audience that heard it.
“A country which is not yours—” Yet as Paderewski
traveled from city to city, from platform to platform,
more and more Americans began to sense a kinship
with the country that did not even appear on the map.
For the first time the bitter irony of the Polish situation
became clear to them. Here was a country that had lost
its freedom four years before America’s had been
declared. Yet Poland had been one of the first nations in
the world to advance the beliefs on which America had
been founded. “Already in the fifteenth century a self-
governing country, Poland became, in 1573, a regular
republic, with kings elected. In 1430, consequently 259
years before the habeas corpus of England ... Poland
established her famous law ‘No man shall be detained
unless legally convicted.’ Our broad, liberal Constitution
of 1791 preceded by 57 years the Constitution of
Germany and Austria, and by 114 years the so-called
Constitution of Russia. And all these momentous
reforms ... were accomplished without revolution,
without any bloodshed, without the loss of one single
human life. Does it prove our dissensions? Does it prove
our anarchy? Does it prove our inability to govern
ourselves?”
“In a language which is not mine—” Yet somehow he
had made it his. Audiences that had loved Paderewski
the pianist now realized that he was equally great as an

121
122
orator, although he spoke simply and without dramatic
gestures.
When he finished speaking, he would turn to the piano
and continue his plea for Poland in still another
language. He would play the music of Chopin, and when
the listeners finally left the hall, they knew that they
had lived through a unique emotional experience.
It was no wonder that money for Polish relief began to
pour in. Few people who heard Paderewski say “Give
me seed for this trampled, wasted land, bread for these
starving!” could resist the appeal. Generous America
took the forgotten Polish people to its heart. By
presidential decree a special “Polish Day” was
established, because in the eyes of America “Poland”
had become synonymous with “Paderewski,” the
beloved artist who had so enriched the golden era of
peace.
Although the first half of his mission had flourished
beyond his greatest hopes, Paderewski felt that so far
he had done very little about the second half. He had
talked to plenty of government officials and diplomats,
but they had little to offer beyond polite interest. Not
until he had been in the United States for a year was he
able to take the first sizable step. As he had known it
must, it came through the intervention of one man, a
man who was neither government official nor diplomat.
He was the man to whom Paderewski would write, “It
has been the dream of my life to find a providential man
for my country. I am now sure that I have not been
dreaming vain dreams.”

CHAPTER 7
THE PROVIDENTIAL MAN
Colonel Edward Mandell House, who had never
accepted a political office, was more powerful than any
man in Washington. He was the confidential adviser of
President Woodrow Wilson. “His thoughts and mine are
one,” Wilson said of House, whom he regarded as the
most unselfish, patriotic man he knew. No one in the
country had a greater understanding of European affairs
than House. “A super-civilized person,” the French
statesman, Clemenceau, said of him, “escaped from the

123
124
wilds of Texas, who sees everything, who understands
everything ... a sifting, pondering mind.”
From the day he had left England, Paderewski had
known that he could not succeed unless he somehow
got to House and convinced him of the justice in Polish
claims. But Paderewski was not the only foreigner in the
country who wanted something from the Colonel. House
was under constant siege by representatives of small
countries who were hoping to gain something by the
peace settlement. Since America was still neutral, House
had to be careful in dealing with these men or even in
seeing them. This is why Paderewski proceeded
cautiously in his opening moves toward the Colonel. The
fact that House’s apartment was a three minute walk
from Paderewski’s hotel was an added source of
frustration. So short a distance separated him from the
man who could do so much for him!
Then one day early in 1916, his prayers were suddenly
answered. Paderewski’s discreet diplomacy had born
fruit in a typical way. A Paderewski friend had wangled a
letter of introduction from an Assistant Secretary of
Agriculture to Mr. Robert Wooley, director of the U.S.
Mint. Mr. Wooley was known to be a close friend of
Colonel House. One day he sent word from Washington
that he would be in New York in two days and would try
to arrange a meeting between Paderewski and the
Colonel. Paderewski was learning his new role in a
practical way. As many a diplomat had done before and
after him, he had gained his objective through a friend
of a friend of a friend of the man he wanted to meet.
Mr. Wooley had sternly cautioned Paderewski against
over-optimism. So his heart sank when he was greeted
at the door by a radiant Madame Paderewska. “You are

125
going to save Poland!” she cried, her beautiful eyes
filled with tears. “I know it!” And as the two men walked
the few blocks to House’s East Fifty-third Street
brownstone home, the practical man of business
wondered even more at the Polish pianist’s calm and
complete faith in the events of the next few minutes.
Well, perhaps he was right, but Wooley was inclined to
doubt it.
Colonel House had marked half an hour off his tight
schedule for his interview with Paderewski, so the two
men did not waste time on small talk. Paderewski had
been waiting a long time for this moment. He was ready
for it. Pacing up and down the Colonel’s library, he
began to tell his story. Point by point he built his
arguments for Poland, with a mixture of logic and
eloquence that an experienced lawyer might have
envied.
The half hour flew by. Nervously Mr. Wooley looked at
his watch and then glanced at the Colonel. “Let him go
on,” House muttered. “Don’t interrupt him.”
An hour passed and then another hour. Whatever
Colonel House’s later appointments were, they were
cancelled. Never in his career of listening to people who
wanted something had he heard a man plead his cause
so irresistibly.
When he had made his last point, Paderewski stopped
and waited for the Colonel to speak. House’s part in the
two hour conversation was limited to three sentences,
but they were the most beautiful words Paderewski had
ever heard. “You have convinced me,” he said, rising
and holding out his hand. “I promise you to help Poland
if I can. And I believe I can.”

126
127
It was the beginning of a profound friendship between
the two men, one so eloquent, and one so silent. And
with the Colonel completely won over to his side, the
door to the White House stood open to Paderewski at
last. By the summer of 1916 House felt that the time
had come to introduce the pianist to President Wilson.
He arranged to have the Paderewskis invited to a
diplomatic dinner at the White House.
Woodrow Wilson was a scholar and a statesman. He
had been a college president before he went into
politics. Such a man, Paderewski believed, would
understand the justice of his cause.
There was great excitement after dinner that night
when guests saw the piano in the East Room being
opened. Was Paderewski really going to play? He was,
they were told, since the President had asked him to do
so.
Although President Wilson did not know a great deal
about music, it did not take any special knowledge to
get the message that the Polish artist was trying to
convey by means of Chopin’s music. Paderewski and
Chopin had become partners in this enterprise, and
never had the two worked together so eloquently. As
Wilson and Paderewski talked briefly together after the
performance, the pianist felt that he had won his
country another powerful ally.

128
Woodrow Wilson had won an ally.
It worked both ways. Wilson, too, had won an ally. 1916
was an election year. Paderewski campaigned actively
for Wilson’s reelection all during the fall. Many Polish
voters, following the lead of the Polish clergy, were
Republicans. Paderewski convinced them that their
country’s first real hope in a hundred years depended
on a victory for Wilson. In the end he delivered the
large Polish vote almost one hundred percent.
On the day before elections, when the campaigner had
expected to relax a little, came shattering news from
Europe. Germany had issued a proclamation declaring
that Poland was a free and independent nation. The
freedom and independence, of course, were the
affectionate gift of the German government. The story
behind the “gift” was actually a simple one. Germany
had previously shown no sign of any such good will to

129
130
the Polish people. Far from it. As soon as the Russians
had been driven out, the German and Austrian leaders
had gathered over a map of Poland and had once more
divided it up, this time in a two-way split—one half for
Germany, one half for Austria. Now suddenly they were
declaring the country reunited and free! Why?
Paderewski knew why. It was not Polish freedom the
German leaders wanted. It was Polish manpower. They
were convinced that if they presented Poland with
independence, a million Polish volunteers would
gratefully flock to enlist in the German army and could
be used to fight the Russians in the East. The other
reason for the move was a more subtle danger. If the
Poles appeared to accept the offer and consented to be
taken under the loving wing of Germany, then America
and the Allies would lose interest in the cause of Polish
freedom. Poland herself would be regarded as a friend
of the enemy.
Paderewski saw through the trick easily. “This means
only more suffering for my people,” he told House. “It
means that another army will be raised and that there
will be more killing and more devastation!” He realized
that everything he had won during the past few years
was in danger of being destroyed in one day. Unless he
acted quickly. But what could he do? Never before had
he felt so cruelly his lack of real authority. If only he
were the official spokesman for some truly
representative Polish groups, so that when he spoke a
firm majority of Poles spoke with him.
There was only one thing to be said for the fact that he
had everything to lose: he could afford to take a
desperate gamble. Cable lines buzzed between New
York and Paris, Paris and Chicago, Chicago and New

131
York. Within a few hours a statement was issued and
flashed to every Allied country. The German offer was
rejected, flatly and permanently. The message was
signed by Paderewski and was approved by the Paris
Committee and by several groups in the United States.
But what about the rest of his countrymen, Paderewski
wondered. What about the millions of poor Poles who
were not trained thinkers, who might not see the worm
in the shining German apple? Would they support him,
or would they demand the right to seize their freedom
no matter who offered it to them?
He soon had his answer. Every Polish society in the
country immediately voted to make Paderewski its
official representative. They gave him full power of
attorney to make decisions and to act for them in all
political matters. From then on, when he spoke he was
speaking with the voice of three million Polish-
Americans.
Of everything that Paderewski had done, this was the
coup that really made its mark on official Washington.
“The first direct evidence of his capacity as a leader
which impressed me,” wrote an observer, “was his
successful efforts to unite the jealous and bickering
Polish factions in the United States.... I am convinced
that Mr. Paderewski was the only Pole who could have
overcome this menace.... His entire freedom from
personal ambition made him the one man about whom
the Poles, regardless of factions, appeared to be willing
to rally. It was a great achievement, a triumph of
personality.”
The man who wrote this was Robert Lansing, the
Secretary of State who had once smiled when an

eccentric piano player had tried to talk to him about
Poland.
The exhausting events of November 5 and 6 should
have provided quite enough excitement and tension for
any two days in a man’s life. But they were only one
part of the affairs that occupied him during those forty-
eight hours. November 6, remember, was election day!

132
133
Woodrow Wilson had gone to Shadow Lawn, his
summer house on the New Jersey shore, to wait for the
election returns in comparative peace. It was a trying
day for him, following a hard, bitter campaign. It was a
day on which he chose his visitors with care. One of
them was Paderewski.
In the quiet study at Shadow Lawn the two men talked
for nearly an hour. Wilson spoke of his idealist’s dreams
of world peace and mutual trust between nations. He
listened attentively while Paderewski, in turn, described
his hopes for his own country. The President asked
searching, practical questions. How could Poland survive
without an outlet to the sea? Paderewski and House had
often discussed this point over a map of Europe. He
explained their ideas to the President. When the
interview was over, Wilson said solemnly, “My dear
Paderewski, I can tell you that Poland will be
resurrected and will exist again!”
Paderewski went home exhausted but intensely happy.
It had been quite a pair of days! He longed to go to
bed, but the election returns were coming in faster and
faster now and he could not settle down for the night
until he knew for certain that everything was going as
expected. He heard the then familiar—and now extinct
—cry for which all America had once waited. “Extra!
Extra! Read all about it!” But the rest of the newsboy’s
cry was a catastrophe. “Wilson defeated! Hughes
elected!”
Wilson defeated? Wilson who had just promised him his
country’s freedom? For two years he had worked inch
by inch in the direction of the words he had heard only
a few hours before. And now it meant nothing.

134
It was a cruel night, unnecessarily cruel as it turned out.
By five the next morning the newspapers were out with
a somewhat different story. Wilson had not been
defeated. The Extra-hungry papers had simply
neglected to wait for the California votes to be counted!
“I can tell you that Poland will be resurrected and will
exist again,” Wilson had said. And the promise was still
good.

CHAPTER 8
THE THIRTEENTH POINT
Paderewski was playing a war relief benefit the next
afternoon. He had played so little except his Chopin
since his return to the United States that he was
preparing for the much-heralded Carnegie Hall recital
with even greater care than usual. It was Monday,
January 8, 1917.

135
136
While he was practicing, a message came from down
the street that Colonel House would like to see him.
Very little else would have taken him away from the
piano at that moment, but he was soon in the Colonel’s
study.
Colonel House came quickly to the point, as usual. “Next
Thursday I am going to leave for Washington, and I
wish to have with me your memorandum on Poland.”
What the Colonel meant was this: he had decided that
the time had come to present President Wilson with a
full-scale study of the Polish situation. What he needed
from Paderewski was a memorandum telling exactly
what he wanted for his country and how he thought it
should be accomplished. It was the sort of document
that half a dozen trained diplomats might work over for
three weeks!
Paderewski felt as though a large mallet had just
thumped him on the head. “Thursday! But I have my
recital tomorrow! And besides, it is impossible to
prepare such a document without the necessary data,
and besides—”
“I must have that memorandum by Thursday morning!”
Paderewski had by this time learned one thing about the
Colonel. He might be a man of few words, but he meant
every one of them.
He walked back to his hotel slowly. At all costs, he told
himself, he must keep his wits about him and not panic.
During World War II there was a Seabee slogan that
would have appealed to Paderewski, had he heard it.
“The difficult we do immediately. The impossible takes a
little longer.” He himself operated along these lines. This

137
job was impossible. It would take a while. He went up
to his rooms and began practicing for four hours.
The program of that Tuesday afternoon recital included
the Beethoven C minor piano sonata, Op. 111. This is
one of the most taxing of all the sonatas in the kind of
intellectual demands it makes on the performer. In
addition to the Beethoven he played the Schumann
“Butterflies,” one of his favorite recital pieces, and his
own piano sonata Op. 21. Shorter works by Chopin,
Liszt, Mendelssohn and his composer-friend Stojowski
completed the program. And as usual in a Paderewski
recital, the encores he played so generously were
almost as extensive as the printed program.
Next morning the critics were enthusiastic about the
pianist’s “bravura performance.” They spoke of the wild
delight of the audience which agreed to go home only
after the lights in the hall had been turned off. It was, in
other words, “a typical Paderewski recital audience,”
wrote the man from the Tribune. In it were “men and
women of society, musicians, and many young persons,
even boys and girls who will grow up to tell their juniors
about the time ‘when I heard Paderewski.’”
Yet neither the critic nor the boys and girls knew what a
fantastic scene they had just witnessed: Paderewski
locked in absolute concentration on Beethoven and
Schumann and the others, while the fate of his country
waited silently for him on his desk.
When the recital was finally over—and he did not
deprive the audience of so much as one bow—he went
home and ate dinner. Then he went to work on the
memorandum. Thirty-six hours later—at eight A.M. on
Thursday morning—it was delivered to Colonel House.

138
139
Paderewski went to bed for the first time since Monday
night.
His fatigue seemed well worth it a week later when the
Colonel came back from Washington. “The President
was very much pleased with your memorandum,” he
said. “Now get ready. The first shot will be fired very
soon!”
On January 22 President Wilson addressed Congress on
“Essential Terms of Peace in Europe.” Paderewski, who
was touring in the South at the time, picked up a
newspaper the next day and read these words: “No
peace can last or ought to last which does not recognize
and accept the principle that governments derive all
their just powers from the consent of the governed, and
that no right anywhere exists to hand people about
from sovereignty to sovereignty as if they were
property. I take it for granted ... that statesmen
everywhere are agreed that there should be a united,
independent, and autonomous Poland, and that
henceforth inviolable security of life and worship ...
should be guaranteed to all people who have lived
hitherto under the power of governments devoted to a
faith and purpose hostile to their own.”
The words swam before his eyes. For the first time, the
fate of Poland had been publicly mentioned as an official
concern of the United States government.
On April 2, 1917, President Wilson came to an
anguished but inevitable decision. He called upon the
Congress to declare war against Germany. Full
mobilization of the country’s manpower was
immediately begun. Two days later, Paderewski,
addressing the “Union of Polish Falcons,” the most

140
important Polish-American group, called for the
formation of a separate Polish army, to fight side by side
with the Allies. An independent Polish army, he felt,
would prove to the world as nothing else could that
there was truly a Polish nation waiting for its moment of
rebirth. After almost insurmountable difficulties, he
finally won his point, and the governments of France
and the United States allowed him to go ahead with his
plans for the formation of the army. Two training camps
for Polish volunteers were founded, and soon twenty-
two thousand Polish-Americans had enlisted in “the
Army of Kosciuszko.” For help in transporting so large a
number of men to Europe, Paderewski turned to the
Secretary of the Navy, Josephus Daniels. He, in turn,
knew just the man to assign to the Paderewski case—a
young Assistant Secretary named Franklin Delano
Roosevelt whose admiration for the pianist dated from
childhood. With Roosevelt’s enthusiastic, red-tape-
cutting aid, Paderewski’s volunteers were quickly sent to
Europe. There they joined with the European Poles to
form an army numbering nearly one hundred thousand
men, fighting under the banner of the white eagle.
Statesmen who had once believed that Poles could
never be united were now confronted by the fact of a
hundred thousand men joined by a common oath. “I
swear before Almighty God, One in Three, to be faithful
to my country Poland, one and indivisible, and to be
ready to give my life for the holy cause of its unification
and liberation. I swear to defend my flag to the last
drop of my blood, to observe military discipline, to obey
my leaders, and by my conduct to maintain the honor of
a Polish soldier.”
The Polish army paid tribute to Paderewski in a superb
and moving way. His name was inscribed on the

141
142
membership list of each company. Every day at roll call,
when the name “Ignace Jan Paderewski” was read, one
hundred thousand voices shouted back, “Present!” This
honor had been paid to a soldier only once before in
history—to Napoleon. It had never before been paid to
a civilian.
And then at last came the day on which the unselfish
labors of the last three years bore glorious fruit. On
January 8, 1918, as the war entered its last phase,
President Wilson spoke to Congress on the peace that
lay ahead. He offered a fourteen point program for what
he hoped could be a just and permanent settlement of
the world’s disputes. The thirteenth of these points was
this: “An independent Polish state should be erected
which should include the territories inhabited by
indisputably Polish populations, which should be assured
a free and secure access to the sea, and whose political
and economic independence and territorial integrity
should be guaranteed by international covenant.”
As Paderewski read the electric words, he realized that
they were taken almost verbatim from the
memorandum he had written for Colonel House after his
Carnegie Hall recital exactly one year before.
Paderewski’s work in America had been crowned with a
success that not even he, full of faith as he was, could
have imagined.
In Poland, news of the thirteenth point brought life-
saving hope to the hearts of the beleaguered Polish
people. On an entirely different level an earlier incident
had already kindled a new flame of courage in the
hearts of the people of Warsaw. It had happened during
the final rout of Russian troops by an advancing German
army. To gain time for their retreat, the Russians blew

143
up the Poniatowski Bridge that spanned the river Vistula
in the very heart of the city. The devastating roar of
dynamite smashed windows and shook buildings for
miles around. Even the solid Zamek shuddered to its
foundation stones. The blast almost uprooted the
statues in Palace Square. As the powerful vibrations
ripped past him, King Sigismund tottered but stood firm.
Yet even in their fright the people who ran through the
square seeking shelter could not fail to understand his
message. Soon the magical words were flying through
the city. “Sigismund has shaken his sword!”

144
The warship sped toward Danzig.

At last the signing of the Armistice on November 11,
1918, brought the long horror to an end: Paderewski’s
work in the United States was over, the greatest tour in
his career a complete success. The next step in his
mission would have to be carried out in Paris, where the
statesmen of the world would soon gather to write
treaties and to rearrange the border-lines of Europe.
In Arthur Balfour, the British Foreign Secretary,
Paderewski had a powerful friend. The experienced
statesman now gave him some strong advice. It was
essential, as Paderewski knew better than anyone else,
that Poland be represented at the Conference table. But
the Allies would never recognize a Polish government
unless they felt that it truly represented all factions in
Poland. At the moment most Allied leaders leaned
toward Dmowski’s Polish Committee in Paris. But others
were asking, “What about Pilsudski?”
What, indeed, about Pilsudski! A hundred times a day
the name drifted across Paderewski’s mind like an
ominous shadow.
Józef Pilsudski, the soldier-hero of Poland, had fought
his country’s enemies for years on home ground. He
had escaped from both Russian and German prison
camps to organize a Polish army and a Polish
underground. At the end of the war he had marched
triumphantly into Warsaw and been acclaimed Chief of
State. The government he had organized was strongly
socialist, almost communist in character. It represented
the left-wing factions in Poland, just as Dmowski’s Polish
National Committee represented the right-wing factions.
Naturally the peace negotiators would not do business
with both groups.

145
146
“Someone,” Balfour said, “must unite these factions.
Someone must go into Poland and persuade Pilsudski to
cooperate with Dmowski to form a government that is
truly representative of all Poles.” Obviously there was
only one man in the world who had any hope at all of
accomplishing such an assignment.
On Christmas Day the British warship that had carried
the Paderewskis safely through the treacherous mine-
infested waters of the North Sea dropped anchor in
Danzig, Poland’s ancient seaport.
Danzig was in German territory and the Germans were
not in the least enthusiastic about welcoming the man
who was trying as hard as he could to relieve them of
their share of Polish land. In the city of Poznań to which
Paderewski proceeded from Danzig, a procession of
school children carrying Polish flags was fired on by
sniping Prussian soldiers. The windows of Paderewski’s
hotel room were shattered by flying bullets, while he
himself calmly tied his necktie. Street-fighting between
Poles and Prussians immediately broke out and lasted
for three days. “There is no doubt,” Paderewski wrote to
Colonel House, “that the whole affair was organized by
the Germans in order to create new difficulties for the
Peace Conference.”
But no amount of threats and terrorism could stop the
people of Poland from lining the railroad tracks between
Poznań and Warsaw to cheer and shout and weep tears
of joy while they waited in the snow to catch a glimpse
of the man whose name had shone like a beacon of
hope for four devastating years.
Paderewski reached Warsaw on New Year’s Eve. The
ovation that he received from the jubilant city was

147
heart-warming, but it was not really significant. Tens of
thousands of people in Warsaw might be parading the
streets in his honor; but the success or failure of his
mission depended on one man alone. On the first day of
the hopeful New Year, Paderewski presented himself at
the Belvedere Palace for his first meeting with Marshal
Józef Pilsudski.

CHAPTER 9
REBIRTH OF A NATION
If a modern “electronic brain” were fed data about
every statesman of the twentieth century and then
asked to pick out the two men most completely opposite
and uncongenial, it would without a moment’s hesitation
settle on Józef Pilsudski and Ignace Jan Paderewski.
Even before their meeting each man had a fairly good
idea of what the other man was like. Now for the first
time they could size each other up in person.

148
149
Pilsudski, eying Paderewski’s elegant clothes and quietly
assured manner, recalled that this man was the darling
of a capitalistic society in whose image he would try to
rebuild Poland. Paderewski, noting the Marshal’s rough,
purposely shabby uniform, drooping mustaches, and
abrupt, nervous behavior, remembered that this bold
revolutionary had spent most of his adult life in prison,
or in hiding, or in working under cover, always in the
shadows of conspiracy. He was the sort of man who
would stop at nothing, including murder, to gain his
objective because he firmly believed that if the end was
good, then the means were unimportant. Yet there was
one point of agreement between them, Paderewski
reflected, and surely it was a strong enough basis for
cooperation. Each man, in his own way, loved his
country and would gladly have given his life for her.
By the end of the exhausting interview Paderewski had
come to the conclusion that this was not enough.
Pilsudski remained absolutely unshaken in his refusal to
have anything to do with Dmowski’s Committee. Poland,
he believed, belonged to the proletariat—the working
man—alone. He would not admit that any other class of
people had any right to be represented in the new
government. As to the question of Allied recognition, he
simply brushed it aside. He could take care of Poland all
by himself, he seemed to imply.
It was a frustrating two hours.
The next day Paderewski left for Cracow, convinced that
his mission had failed. But at three o’clock on the
morning after his arrival, he was roused from sleep by a
special messenger from Pilsudski. The Marshal, he was
informed, requested his immediate return to Warsaw for
further negotiations.

150
What could have happened, Paderewski thought, to
change Pilsudski’s mind even to this small extent?
What had happened was this: on January 4,
representatives of the American Relief Administration
had arrived in Warsaw to study conditions and to
discuss terms with Pilsudski. The starving people of
Europe had good reason to be familiar with the heroic
work of the A.R.A. which had already saved millions of
lives during that cruel winter of armistice.
In charge of the mission to Warsaw was Vernon Kellogg,
gifted both as a scientist and an administrator.
Somehow he managed to get the point across to the
iron-willed Marshal that if he expected American Relief
supplies and money to feed and clothe the desperate
Polish people, he would have to find a way of
cooperating with Paderewski and the Paris Committee.
Faced with so practical a necessity, Pilsudski capitulated
and asked Paderewski to help him form a representative
government. Paderewski himself was named Prime
Minister and Minister of Foreign Affairs. Pilsudski
remained “Chief of State.” It was a rather all-inclusive
title.
The Americans were as good as their word. Better, in
fact, because once they had reported back to their chief
in Paris about the ghastly conditions in Poland, miles
and miles of red tape were instantly cut in order to rush
in the first supplies. Within a few weeks a life-giving
stream of food, clothing, fuel, and medical supplies
were pouring steadily into the country. Even Pilsudski
was impressed. The A.R.A did its best for all suffering
countries. But there seemed to be something special—
almost personal—about its feeling for Poland, even
though there was not yet an officially recognized Polish

151
152
government. The pianist was a nuisance, Pilsudski must
have thought privately, but he had his uses if his
popularity made the Americans so generous.
What Pilsudski did not know was that there was indeed
a personal attitude involved in the work of the American
Relief Administration for Poland. For at the head of the
organization was a man with a long memory—a former
Stanford University engineering student who had once
taken a flyer in the business of staging concerts.
Paderewski had completely forgotten that he had once
saved a young man named Herbert Hoover from great
financial distress. But Herbert Hoover had never
forgotten it. The $400 debt that had meant so much to
the student and so little to the artist had now been paid
a thousandfold.
As Prime Minister of Poland, Paderewski moved his
household into the Zamek. Did he remember the many
times that the young music student had passed the
royal palace and prayed for the day when a Polish
leader would once more be in residence there? Perhaps.
But Paderewski was too busy to spend much time
reminiscing. The work of forming first a National Council
of a hundred men and then a coalition cabinet of
sixteen was incredibly difficult. In the course of his
former career he had grown accustomed to long, hard
work, but it was nothing compared to this! Poles, as we
have seen, were not the easiest people in the world
with whom to do business politically. And complicating
life almost beyond endurance was Pilsudski. The Chief
enjoyed long, drawn-out, usually pointless conferences
that accomplished nothing except the complete
exhaustion of the Prime Minister. He enjoyed them most
at two or three o’clock in the morning, preferably just

ASP NET Core Security 1st Edition Christian Wenz

More Related Content

Similar to ASP NET Core Security 1st Edition Christian Wenz (20)

Recently uploaded (20)

ASP NET Core Security 1st Edition Christian Wenz