Pro ASP.NET MVC 2

FrameworkSecond Edition

Steven Sanderson

Apress®

TIB/UB Hannover 89

133 297 713

Contents at a Glance

Contents

About the Author

About the Technical Reviewers

AcknowledgmentsIntroduction xxiu

Part 1: Introducing ASP.NET MVC 2

Chapter 1: What's the Big Idea?

A Brief History of Web Development

Traditional ASP.NET Web Forms

What's Wrong with ASP.NET Web Forms?

Web Development Today

Web Standards and REST

Agile and Test-Driven Development

Ruby on Rails

Key Benefits of ASP.NET MVC

MVC Architecture

Extensibility

Tight Control over HTML and HTTP

Testability

Powerful Routing System

Built on the Best Parts of the ASP.NET Platform

m CONTENTS

Modern API 11

ASP.NET MVC Is Open Source 11

Who Should Use ASP.NET MVC? 11

Comparisons with ASP.NET Web Forms 11

Comparisons with Ruby on Rails 12

Comparisons with MonoRail 13

What's New in ASP.NET MVC 2 13

Summary 14

Chapter 2: Your First ASP.NET MVC Application 15

Preparing Your Workstation 15

Creating a New ASP.NET MVC Project 16

Adding the First Controller 18

How Does It Know to Invoke HomeController? 19

Rendering Web Pages 19

Creating and Rendering a View 19

Adding Dynamic Output 22

A Starter Application 23

The Story 23

Designing a Data Model 24

Linking Between Actions 25

Building a Form 29

Handling Form Submissions 32

Adding Validation 35

Finishing Off 39

Summary.. 41

Chapter 3: Prerequisites 43

Understanding MVC Architecture 43

The Smart Ul (Anti-Pattern) 44

Separating Out the Domain Model 45

vi

CONTENTS

Three-Tier Architecture 46

MVC Architecture 47

Variations on MVC 49

Domain Modeling .50

An Example Domain Model 51

Ubiquitous Language 52

Aggregates and Simplification 52

Keeping Data Access Code in Repositories 54

Using LINQ to SQL 55

Building Loosely Coupled Components 61

Taking a Balanced Approach 62

Using Dependency Injection 62

Using a Dl Container 64

Getting Started with Automated Testing 66

Understanding Unit Testing 67

Understanding Integration Testing 73

C# 3 Language Features 78

The Design Goal: Language-Integrated Query 78

Extension Methods 79

Lambda Methods 80

Generic Type Inference 81

Automatic Properties 81

Object and Collection Initializers 82

Type Inference 82

Anonymous Types 83

Using LINQ to Objects 85

Lambda Expressions 86

IQueryable<T> and LINQ to SQL 87

Summary 89

Chapter 4: SportsStore: A Real Application 91

vii

CONTENTS

Getting Started 93

Creating Your Solutions and Projects 93

Starting Your Domain Model 96

Creating an Abstract Repository 97

Making a Fake Repository 98

Displaying a List of Products 98

Adding the First Controller 99

Setting Up the Default Route 100

Adding the First View 101

Connecting to a Database 104

Defining the Database Schema 104

Setting Up LINQ to SQL 107

Creating a Real Repository 107

Setting Up Dl 109

Creating a Custom Controller Factory 109

Using Your Dl Container 110

Creating Unit Tests 113

Configuring a Custom URL Schema 118

Assigning a Default Parameter Value 119

Displaying Page Links 120

Improving the URLs 128

Styling It Up 129

Defining Page Layout in the Master Page 129

Adding CSS Rules 130

Creating a Partial View 132

Summary 134

Chapter 5: SportsStore: Navigation and Shopping Cart 135

Adding Navigation Controls 135

Filtering the Product List 135

viii

CONTENTS

Defining a URL Schema for Categories 139

Building a Category Navigation Menu 141

Building the Shopping Cart 149

Defining the Cart Entity 149

Adding "Add to Cart" Buttons 152

Giving Each Visitor a Separate Shopping Cart 154

Creating CartController,

155

Displaying the Cart 159

Removing Items from the Cart 162

Displaying a Cart Summary in the Title Bar 163

Submitting Orders 165

Enhancing the Domain Model 165

Adding the "Check Out Now" Button 166

Prompting the Customer for Shipping Details 167

Defining an Order Submitter Dl Component 169

Completing CartController 169

Implementing EmailOrderSuhmitter , 175

Summary 178

Chapter 6: SportsStore: Administration and Final Enhancements ....179

Adding Catalog Management 180

Creating AdminController: A Place for the CRUD Features 180

Rendering a Grid of Products in the Repository 182

Building a Product Editor 186

Creating New Products 194

Deleting Products 196

Securing the Administration Features 198

Setting Up Forms Authentication 198

Using a Filter to Enforce Authentication 199

Displaying a Login Prompt 200

Image Uploads 204

CONTENTS

Preparing the Domain Model and Database 204

Accepting File Uploads 205

Displaying Product Images 209

Summary 212

Part 2: ASP.NET MVC in Detail 213

Chapter 7: Overview of ASP.NET MVC Projects 215

Developing MVC Applications in Visual Studio 215

Naming Conventions 220

The Initial Application Skeleton 220

Debugging MVC Applications and Unit Tests 221

Using the Debugger 224

Stepping into the ,NET Framework Source Code 225

Stepping into the ASP.NET MVC Framework Source Code 226

The Request Processing Pipeline 227

Stage 1: IIS 229

Stage 2: Core Routing 230

Stage 3: Controllers and Actions 231

Stage 4: Action Results and Views 232

Summary 233

Chapter 8: URLs and Routing 235

Putting the Programmer Back in Control 235

About Routing and Its .NET Assemblies 236

Setting Up Routes 236

Understanding the Routing Mechanism 239

Adding a Route Entry 241

Using Parameters 243

Using Defaults 244

Using Constraints 245

Prioritizing Controllers by Namespace 248

Accepting a Variable-Length List of Parameters 249

x

CONTENTS

Matching Files on the Server's Hard Disk 250

Using IgnoreRoute to Bypass the Routing System 251

Generating Outgoing URLs 252

Generating Hyperlinks with Html.ActionLink() 252

Generating Links and URLs from Pure Routing Data 255

Performing Redirections to Generated URLs 256

Understanding the Outbound URL-Matching Algorithm 256

Generating Hyperlinks with Html.ActionLink<T> and Lambda Expressions 259

Working with Named Routes 260

Working with Areas 261

Setting Up Areas 261

Routing and URL Generation with Areas 264

Areas and the Ambiguous Controller Problem 267

Areas Summary 267

Unit Testing Your Routes 267

Testing Inbound URL Routing 268

Testing Outbound URL Generation 272

Further Customization 274

Implementing a Custom RouteBase Entry 275

Implementing a Custom Route Handler 276

URL Schema Best Practices 277

Make Your URLs Clean and Human-Friendly 277

Follow HTTP Conventions 278

SEO 281

Summary 281

Chapter 9: Controllers and Actions ..283

An Overview 283

Comparisons with ASP.NET Web Forms 284

All Controllers Implement IController 284

The Controller Base Class 285

xi

CONTENTS

Receiving Input 286

Getting Data from Context Objects 287

Using Action Method Parameters 288

Invoking Model Binding Manually in an Action Method 291

Producing Output 292

Understanding the ActionResult Concept 292

Returning HTML by Rendering a View 295

Performing Redirections 300

Returning Textual Data 304

Returning JSON Data 306

Returning JavaScript Commands 307

Returning Files and Binary Data 308

Creating a Custom Action Result Type 311

Unit Testing Controllers and Actions 313

How to Arrange, Act, and Assert 314

Testing a Choice of View and ViewData 314

Testing Redirections 316

More Comments About Unit Testing 317

Mocking Context Objects 317

Reducing the Pain of Mocking 319

Summary 324

Chapter 10: Controller Extensibility 325

Using Filters to Attach Reusable Behaviors 325

Introducing the Four Basic Types of Filter 326

Applying Filters to Controllers and Action Methods 327

Creating Action Filters and Result Filters 328

Creating and Using Authorization Filters 333

Creating and Using Exception Filters 336

Bubbling Exceptions Through Action and Result Filters 340

The [OutputCache] Action Filter 341

xii

CONTENTS

The [RequireHttps] Filter 344

Other Built-in Filter Types 344

Controllers As Part of the Request Processing Pipeline 344

Working with DefaultControllerFactory 345

Creating a Custom Controller Factory 348

Customizing How Action Methods Are Selected and Invoked 349

Overriding HTTP Methods to Support REST Web Services 355

Boosting Server Capacity with Asynchronous Controllers 357

Introducing Asynchronous Requests 358

Using Asynchronous Controllers 358

Adding Asynchronous Methods to Domain Classes 367

Choosing When to Use Asynchronous Controllers 368

Summary 371

Chapter 11: Views 373

How Views Fit into ASP.NET MVC 373

The Web Forms View Engine 374

View Engines Are Replaceable 374

Web Forms View Engine Basics 374

Adding Content to a View 374

Five Ways to Add Dynamic Content to a View 375

Using Inline Code 376

Why Inline Code Is a Good Thing in MVC Views 378

Understanding How MVC Views Actually Work 378

Understanding How ASPX Pages Are Compiled 378

How Automatic HTML Encoding Works 381

Understanding ViewData 384

Extracting ViewData Items Using ViewData.Eval 385

Using HTML Helper Methods 386

The Framework's Built-in Helper Methods 387

Creating Your Own HTML Helper Methods 399

xiii

MCONTENTS

Using Partial Views 401

Creating and Rendering a Partial View 401

Rendering a Partial View Using Server Tags 406

Summary 408

Chapter 12: Models and Data Entry 409

How It All Fits Together 409

Templated View Helpers 410

Displaying and Editing Models Using Templated View Helpers 411

Using Partial Views to Define Custom Templates 422

Model Metadata 427

Working with Data Annotations 428

Creating a Custom Metadata Provider 429

Consuming Model Metadata in Custom HTML Helpers 433

Using [MetadataType] to Define Metadata on a Buddy Class 434

Model Binding 434

Model-Binding to Action Method Parameters 435

Model-Binding to Custom Types 436

Invoking Model Binding Directly 439

Model-Binding to Arrays, Collections, and Dictionaries 441

Creating a Custom Value Provider 444

Creating a Custom Model Binder 445

Using Model Binding to Receive File Uploads 449

Validation 450

Registering and Displaying Validation Errors 450

Performing Validation As Part of Model Binding 456

Specifying Validation Rules 458

Invoking Validation Manually 464

Using Client-Side Validation 465

Putting Your Model Layer in Charge of Validation 472

Summary 476

xiv

mCONTENTS

Chapter 13: User Interface Techniques .477

Wizards and Multistep Forms 477

Defining the Model 478

Navigation Through Multiple Steps 479

Collecting and Preserving Data 481

Completing the Wizard 483

Validation , 485

Implementing a CAPTCHA 489

Creating an Html.Captcha() Helper 490

Verifying the Form Submission 495

Using Child Actions to Create Reusable Widgets with Application Logic 496

How the Html.RenderAction Helper Invokes Child Actions 497

When It's Appropriate to Use Child Actions 497

Creating a Widget Based on a Child Action 498

Capturing a Child Action's Output As a String 501

Detecting Whether You're Inside a Child Request 501

Restricting an Action to Handle Child Requests Only 502

Sharing Page Layouts Using Master Pages 502

Using Widgets in MVC View Master Pages 503

Implementing a Custom View Engine 505

A View Engine That Renders XML Using XSLT 505

Using Alternative View Engines 510

Using the NVelocity View Engine 511

Using the Brail View Engine 512

Using the NHaml View Engine 513

Using the Spark View Engine 514

Summary 515

Chapter 14: Ajax and Client Scripting 517

Why You Should Use a JavaScript Toolkit 517

XV

CONTENTS

ASP.NET MVC's Ajax Helpers 518

Fetching Page Content Asynchronously Using Ajax.ActionLink 519

Submitting Forms Asynchronously Using Ajax.BeginForm 525

Invoking JavaScript Commands from an Action Method 526

Reviewing ASP.NET MVC's Ajax Helpers 528

Using jQuery with ASP.NET MVC 529

Referencing jQuery 530

Basic jQuery Theory 532

Adding Client-Side Interactivity to an MVC View 537

Ajax-Enabling Links and Forms 542

Client/Server Data Transfer with JSON 548

Performing Cross-Domain JSON Requests Using JSONP 552

Fetching XML Data Using jQuery 554

Animations and Other Graphical Effects 555

jQuery Ul's Prebuilt Ul Widgets 556

Summarizing jQuery 558

Summary 559

Part 3: Delivering Successful ASP.NET MVC 2 Projects 561

Chapter 15: Security and Vulnerability 563

All Input Can Be Forged 563

Forging HTTP Requests 565

Cross-Site Scripting and HTML Injection 567

Example XSS Vulnerability 568

ASP.NET's Request Validation Feature 569

Filtering HTML Using the HTML Agility Pack 572

JavaScript String Encoding and XSS 574

Session Hijacking 575

Defense via Client IP Address Checks 576

Defense by Setting the HttpOnly Flag on Cookies 576

Cross-Site Request Forgery 577

xvi

CONTENTS

Attack 577

Defense. 578

Preventing CSRF Using the Anti-Forgery Helpers 578

SQL Injection 580

Attack 581

Defense by Encoding Inputs 581

Defense Using Parameterized Queries 581

Defense Using Object-Relational Mapping -582

Using the MVC Framework Securely 582

Don't Expose Action Methods Accidentally 582

Don't Allow Model Binding to Change Sensitive Properties 583

Summary 583

Chapter 16: Deployment 585

Server Requirements 585

Requirements for Shared Hosting 586

Building Your Application for Production Use 586

Controlling Dynamic Page Compilation 586

Detecting Compiler Errors in Views Before Deployment 587

IIS Basics .588

Understanding Web Sites and Virtual Directories 589

Binding Web Sites to Hostnames, IP Addresses, and Ports 590

Deploying Your Application 590

Manually Copying Application Files to the Server 590

Bin-Deploying ASP.NET MVC 2 591

Deploying to IIS 6 on Windows Server 2003 593

Deploying to IIS 7.x on Windows Server 2008/2008 R2 602

Deploying to IIS 7.5 on Windows Server 2008 R2 Core 609

Automating Deployments with WebDeploy and Visual Studio 2010 610

Transforming Configuration Files 612

Automating Online Deployments with One-Click Publishing 615

xvii

CONTENTS

Automating Offline Deployments with Packaging 616

Summary 618

Chapter 17: ASP.NET Platform Features 619

Windows Authentication 620

Preventing or Limiting Anonymous Access 622

Forms Authentication 623

Setting Up Forms Authentication 624

Using Cookieless Forms Authentication 627

Membership, Roles, and Profiles 628

Setting Up a Membership Provider 630

Using a Membership Provider with Forms Authentication 635

Creating a Custom Membership Provider 636

Setting Up and Using Roles 637

Setting Up and Using Profiles 640

URL-Based Authorization 644

Configuration 644

Configuring Connection Strings 645

Configuring Arbitrary Key/Value Pairs 646

Defining Configuration Sections to Configure Arbitrary Data Structures 646

Data Caching 648

Reading and Writing Cache Data 648

Using Advanced Cache Features 651

Site Maps 652

Setting Up and Using Site Maps 653

Creating a Custom Navigation Control with the Site Maps API 654

Generating Site Map URLs from Routing Data 655

Internationalization 658

Setting Up Localization 659

Tips for Working with Resource Files 662

Using Placeholders in Resource Strings 662

xviii

CONTENTS

Internationalizing Validation 663

Localizing Data Annotations Validation Messages 665

Performance 667

HTTP Compression 667

Tracing and Monitoring 669

Monitoring Page Generation Times 670

Monitoring LINQ to SQL Database Queries 671

Summary 674

Chapter 18: Upgrading and Combining ASP.NET Technologies ,675

Using ASP.NET MVC in a Web Forms Application 675

Upgrading an ASP.NET Web Forms Application to Support MVC 676

Interactions Between Web Forms Pages and MVC Controllers 683

Using Web Forms Technologies in an MVC Application 686

Using Web Forms Controls in MVC Views 686

Using Web Forms Pages in an MVC Web Application 688

Adding Routing Support for Web Forms Pages ,689

Upgrading from ASP.NET MVC 1 694

Using Visual Studio 2010's Built-in Upgrade Wizard 695

Other Ways to Upgrade 697

A Post-Upgrade Checklist 697

Summary 700

Index 701

xix