How ASP.NET MVC Fits in with ASP.NET The MVC Pattern MVC as Applied to Web Frameworks The Road to MVC 3 ASP.NET MVC 1 Overview ASP.NET MVC 2 Overview ASP.NET MVC 3 Overview Razor View Engine Validation Improvements .NET 4 Data Annotation Support Streamlined Validation with Improved Model Validation Rich JavaScript Support Unobtrusive JavaScript jQuery Validation JSON Binding Advanced Features Dependency Resolution Global Action Filters MVC 3 Feature Summary: Easier at All Levels
Creating an MVC 3 Application Software Requirements for ASP.NET MVC 3 Installing ASP.NET MVC 3 Installing the MVC 3 Development Components Installing MVC 3 on a Server Creating an ASP.NET MVC 3 Application The New ASP.NET MVC 3 Dialog Application Templates View Engines Testing
Understanding the MVC Application Structure ASP.NET MVC and Conventions
1
1 2 2 3 3 4 4 5 5 8 8 8 9 9 9 9 10 10 10 10
11 11 11 11 12 12 14 15 15 15
18 21
CONTENTS
Convention over Configuration Conventions Simplify Communication
Summary CHAPTER 2: CONTROLLERS
The Controller’s Role A Brief History of Controllers A Sample Application: The MVC Music Store Controller Basics A Simple Example: The Home Controller Writing Your First (Outrageously Simple) Controller Creating the New Controller Writing Your Action Methods A Few Quick Observations Parameters in Controller Actions
Summary CHAPTER 3: VIEWS
What a View Does Specifying a View Strongly Typed Views View Models Adding a View Understanding the Add View Dialog Options Customizing the T4 View Templates
Razor View Engine What is Razor? Code Expressions Html Encoding Code Blocks Razor Syntax Samples Implicit Code Expression Explicit Code Expression Unencoded Code Expression Code Block Combining Text and Markup Mixing Code and Plain Text Escaping the Code Delimiter Server Side Comment Calling a Generic Method Layouts xii
21 22
22 23
23 24 25 29 29 32 32 33 35 35
37 39
40 42 43 45 46 46 49
50 50 52 53 54 55 55 56 56 56 56 57 57 58 58 58
CONTENTS
ViewStart
Specifying a Partial View The View Engine Configuring a View Engine Finding a View The View Itself Alternative View Engines
New View Engine or New ActionResult? Summary CHAPTER 4: MODELS
Modeling the Music Store Scaffolding a Store Manager What Is Scaffolding? Empty Controller Controller with Empty Read/Write Actions Controller with Read/Write Actions and Views, Using Entity Framework Scaffolding and the Entity Framework Code First Conventions The DbContext Executing the Scaffolding Template The Data Context The StoreManagerController The Views Executing the Scaffolded Code Creating Databases with the Entity Framework Using Database Initializers Seeding a Database
Editing an Album Building a Resource to Edit an Album Models and View Models Redux The Edit View Responding to the Edit POST Request The Edit Happy Path ☺ The Edit Sad Path
Model Binding The DefaultModelBinder A Word on Model Binding Security Explicit Model Binding
Using Forms The Action and the Method To GET or To POST Searching for Music with a Search Form Searching for Music by Calculating the Action Attribute Value
HTML Helpers Automatic Encoding Make Helpers Do Your Bidding Inside HTML Helpers Setting Up the Album Edit Form Html.BeginForm Html.ValidationSummary Adding Inputs Html.TextBox (and Html.TextArea) Html.Label Html.DropDownList (and Html.ListBox) Html.ValidationMessage Helpers, Models, and View Data Strongly-Typed Helpers Helpers and Model Metadata Templated Helpers Helpers and ModelState
Html.ActionLink and Html.RouteLink URL Helpers Html.Partial and Html.RenderPartial Html.Action and Html.RenderAction Passing Values to RenderAction Cooperating with the ActionName Attribute
Summary CHAPTER 6: DATA ANNOTATIONS AND VALIDATION
Annotating Orders for Validation Using Validation Annotations xiv
93
112 113 114 115 116 116
116 117
118 119
CONTENTS
Required StringLength RegularExpression Range Validation Attributes from System.Web.Mvc Custom Error Messages and Localization Looking Behind the Annotation Curtain Validation and Model Binding Validation and Model State Controller Actions and Validation Errors
Using the Authorize Attribute to Require Login Securing Controller Actions How the AuthorizeAttribute Works with Forms Authentication and the AccountController Windows Authentication in the Intranet Application Template Securing Entire Controllers
Using the Authorize Attribute to Require Role Membership Extending Roles and Membership Understanding the Security Vectors in a Web Application Threat: Cross-Site Scripting (XSS) Threat Summary Passive Injection Active Injection Preventing XSS Threat: Cross-Site Request Forgery Threat Summary
131 131 132 132 133 133 133 133
134 135
137 138 143 144 145
145 146 147 147 147 147 150 151 157 157 xv
CONTENTS
Preventing CSRF Attacks Threat: Cookie Stealing Threat Summary Preventing Cookie Theft with HttpOnly Threat: Over-Posting Threat Summary Preventing Over-Posting with the Bind Attribute Threat: Open Redirection Threat Summary Protecting Your ASP.NET MVC 1 and MVC 2 Applications Taking Additional Actions When an Open Redirect Attempt Is Detected Open Redirection Summary
Proper Error Reporting and the Stack Trace Using Configuration Transforms Using Retail Deployment Configuration in Production Using a Dedicated Error Logging System
Security Recap and Helpful Resources Summary: It’s Up to You CHAPTER 8: AJAX
jQuery jQuery Features The jQuery Function jQuery Selectors jQuery Events jQuery and AJAX Unobtrusive JavaScript Using jQuery Custom Scripts Placing Scripts in Sections And Now for the Rest of the Scripts
AJAX Helpers AJAX ActionLinks HTML 5 Attributes AJAX Forms
Beyond Helpers jQuery UI Autocomplete with jQuery UI Adding the Behavior Building the Data Source JSON and jQuery Templates Adding Templates Modifying the Search Form Get JSON! jQuery.ajax for Maximum Flexibility
Improving AJAX Performance Using Content Delivery Networks Script Optimizations
Summary CHAPTER 9: ROUTING
Understanding URLs Introduction to Routing Comparing Routing to URL Rewriting Defining Routes Route URLs Route Values Route Defaults Route Constraints Named Routes MVC Areas Area Route Registration Area Route Conflicts Catch-All Parameter Multiple URL Parameters in a Segment StopRoutingHandler and IgnoreRoute Debugging Routes Under the Hood: How Routes Generate URLs High-Level View of URL Generation Detailed Look at URL Generation Ambient Route Values Overflow Parameters More Examples of URL Generation with the Route Class
Under the Hood: How Routes Tie Your URL to an Action The High-Level Request Routing Pipeline
Custom Route Constraints Using Routing with Web Forms Summary CHAPTER 10: NUGET
Introduction to NuGet Installing NuGet Adding a Library as a Package Finding Packages Installing a Package Updating a Package Recent Packages Using the Package Manager Console
Creating Packages Folder Structure NuSpec File Metadata Dependencies Specifying Files to Include Tools Framework and Profile Targeting
Publishing Packages Publishing to NuGet.org Publishing Using NuGet.exe Using the Package Explorer Hosting A Private NuGet Feed
Summary CHAPTER 11: DEPENDENCY INJECTION
xviii
235
236 237 238 239
239 240 242 242 244 247 248 248
250 251 251 252 253 254 255 258
260 260 263 264 266
270 271
Understanding Software Design Patterns
271
Design Pattern: Inversion of Control Design Pattern: Service Locator Strongly-Typed Service Locator Weakly-Typed Service Locator The Pros and Cons of Service Locators Design Pattern: Dependency Injection Constructor Injection Property Injection
272 274 274 275 278 278 278 279
CONTENTS
Dependency Injection Containers
Using the Dependency Resolver Singly-Registered Services Multiply-Registered Services Creating Arbitrary Objects Creating Controllers Creating Views
Summary CHAPTER 12: UNIT TESTING
The Meaning of Unit Testing and Test-Driven Development Defining Unit Testing Testing Small Pieces of Code Testing in Isolation Testing Only Public Endpoints Automated Results Unit Testing as a Quality Activity Defining Test-Driven-Development The Red/Green Cycle Refactoring Structuring Tests with Arrange, Act, Assert The Single Assertion Rule
Creating a Unit Test Project Examining the Default Unit Tests Only Test the Code You Write
Tips and Tricks for Unit Testing Your ASP.NET MVC Application Testing Controllers Keep Business Logic out of Your Controllers Pass Service Dependencies via Constructor Favor Action Results over HttpContext Manipulation Favor Action Parameters over UpdateModel Utilize Action Filters for Orthogonal Activities Testing Routes Testing Calls to IgnoreRoute Testing Calls to MapRoute Testing Unmatched Routes Testing Validators
Summary
280
281 283 284 287 288 289
290 291
292 292 292 292 293 293 293 294 294 295 295 296
296 297 300
301 301 302 302 303 305 306 306 307 308 309 309
313
xix
CONTENTS
CHAPTER 13: EXTENDING MVC
Extending Models Turning Request Data into Models Exposing Request Data with Value Providers Creating Models with Model Binders Describing Models with Metadata Validating Models
Advanced Scaffolding Customizing T4 Code Templates The MvcScaffolding NuGet Package Updated Add Controller Dialog Options Using the Repository Template Adding Scaffolders Additional Resources
316 316 316 317 322 324
328 328 330 331
332 332 332 332 333 334 334 335 335
337 339
339 339 341
342 343 343 344 344 347 347
Advanced Routing
347
RouteMagic Editable Routes
347 348
Templates The Default Templates MVC Futures and Template Definitions
xx
315
353 353 354
CONTENTS
Template Selection Custom Templates
356 357
Advanced Controllers
359
Defining the Controller: The IController Interface The ControllerBase Abstract Base Class The Controller Class and Actions Action Methods The ActionResult Action Result Helper Methods Action Result Types Implicit Action Results Action Invoker How an Action Is Mapped to a Method Invoking Actions Using Asynchronous Controller Actions Choosing Synchronous versus Asynchronous Pipelines Writing Asynchronous Action Methods The MVC Pattern for Asynchronous Actions Performing Multiple Parallel Operations Using Filters with Asynchronous Controller Actions Timeouts Additional Considerations for Asynchronous Methods
