Pro ASP.NET MVC 3

FrameworkThird Edition

ADAM FREEMAN

STEVEN SANDERSON

ApressB

Contents

J

About the Authors xxiii

About the Technical Reviewer xxiv

Acknowledgments xxv

Part 1: Introducing ASP.NET MVC 3 1

Chapter 1: What's the Big Idea? 3

A Brief History of Web Development 3

Traditional ASP.NET Web Forms 5

What's Wrong with ASP.NET Web Forms? 6

Web Development Today 7

Web Standards and REST 7

Agile and Test-Driven Development 7

Ruby on Rails 8

Sinatra 8

Node.js 9

Key Benefits of ASP.NET MVC 9

MVC Architecture 10

Extensibility 10

Tight Control over HTML and HTTP 11

Testability 11

Powerful Routing System 11

Built on the Best Parts of the ASP.NET Platform 12

Modern API 12

ASP.NET MVC Is Open Source 13

Who Should Use ASP.NET MVC? 13

Comparisons with ASP.NET Web Forms 13

Migrating from Web Forms to MVC 14

Comparisons with Ruby on Rails 14

Comparisons with MonoRail 14

What's New in ASP.NET MVC 3 15

Summary 15

Chapter 2: Getting Ready 17

Preparing the Workstation,

17

Installing Visual Studio 2010 17

Installing the Essential Software 19

Installing Optional Components 21

Preparing the Server 22

Enabling the Web Server Role 23

Installing Additional Components 25

Setting up Web Deployment ,26

Getting Further Information 30

Summary 30

Chapter 3: Your First MVC Application 31

Creating a New ASP.NET MVC Project .31

Adding the First Controller 33

Understanding Routes 36

Rendering Web Pages 37

Creating and Rendering a View 37

Adding Dynamic Output 41

Creating a Simple Data-Entry Application 42

Setting the Scene 42

Designing a Data Model 43

Linking Action Methods 44

Building the Form 47

Handling Forms 51

Adding Validation 54

Completing the Example 59

Summary 61

Chapter 4: The MVC Pattern 63

The History of MVC 63

Understanding the MVC Pattern 64

Understanding the Domain Model 64

The ASP.NET Implementation of MVC 65

Comparing MVC to Other Patterns 66

Understanding the Smart Ul Pattern 66

Applying Domain-Driven Development 69

Modeling an Example Domain 70

Ubiquitous Language 70

Aggregates and Simplification 71

Defining Repositories 73

Building Loosely Coupled Components 73

Using Dependency Injection 74

An MVC-Specific Dependency Injection Example 76

Using a Dependency Injection Container 77

Getting Started with Automated Testing 78

Understanding Unit Testing 78

Understanding Integration Testing 87

Summary, 88

Chapter 5: Essential Language Features 89

Essential C# Features 89

Using Automatically Implemented Properties 89

Using Object and Collection Initializers 92

Using Extension Methods 94

Using Lambda Expressions 99

Using Automatic Type Inference 101

Using Anonymous Types 102

Performing Language Integrated Queries 103

Understanding Razor Syntax 110

Creating the Project 110

Examining a Basic Razor View 114

Summary 124

Chapter 6: Essential Tools for MVC .125

Using Ninject 125

Creating the Project 128

Getting Started with Ninject 129

Creating Chains of Dependency 130

Specifying Property and Parameter Values 132

Using Self-Binding 133

Binding to a Derived Type 134

Using Conditional Binding 135

Applying Ninject to ASP.NET MVC 137

Unit Testing with Visual Studio 138

Creating the Project 139

Creating Unit Tests 141

Running the Unit Tests (and Failing) 146

Implementing the Feature 147

Using Moq 148

Adding Moq to the Visual Studio Project 148

Creating a Mock with Moq 148

Unit Testing with Moq 151

Verifying with Moq 153

Summary 153

Chapter 7: SportsStore: A Real Application 155

Getting Started 156

Creating the Visual Studio Solution and Projects 156

Adding References 158

Setting Up the Dl Container 159

Starting the Application 160

Starting the Domain Model 162

Creating an Abstract Repository 163

Making a Mock Repository 163

Displaying a List of Products 164

Adding a Controller 164

Adding the View 165

Setting the Default Route 167

Running the Application 168

Preparing a Database 168

Creating the Database 169

Defining the Database Schema 170

Adding Data to the Database 172

Creating the Entity Framework Context 173

Creating the Product Repository 175

Adding Pagination 176

Displaying Page Links 179

Improving the URLs 187

Styling the Content 188

Defining Common Content in the Layout 189

Adding CSS Rules 190

Creating a Partial View 191

Summary 194

Chapter 8: SportsStore: Navigation and Cart , 195

Adding Navigation Controls 195

Filtering the Product List 195

Refining the URL Scheme 198

Building a Category Navigation Menu 201

Correcting the Page Count 210

Building the Shopping Cart 213

Defining the Cart Entity 213

Adding the Add to Cart Buttons 217

Implementing the Cart Controller 218

Displaying the Contents of the Cart 220

Using Model Binding 223

Creating a Custom Model Binder 224

Completing the Cart 228

Removing Items from the Cart 228

Adding the Cart Summary 230

Submitting Orders 233

Extending the Domain Model 233

Adding the Checkout Process 234

Implementing the Order Processor 238

Registering the Implementation 241

Completing the Cart Controller 241

Displaying Validation Errors 245

Displaying a Summary Page 246

Summary 248

Chapter 9: SportsStore: Administration 249

Adding Catalog Management 249

Creating a CRUD Controller 250

Rendering a Grid of Products in the Repository 252

Creating a New Layout 253

Implementing the List View 255

Editing Products 260

Creating New Products 275

Deleting Products 276

Securing the Administration Features 279

Setting Up Forms Authentication 280

Applying Authorization with Filters 281

Creating the Authentication Provider 282

Creating the Account Controller 284

Creating the View 285

Image Uploads 290

Extending the Database 290

Enhancing the Domain Model 290

Updating the Entity Framework Conceptual Model 291

Creating the Upload User Interface Elements 292

Saving Images to the Database 293

Implementing the Getlmage Action Method 294

Displaying Product Images 298

Summary 299

Part 2: ASP.NET MVC 3 in Detail 301

Chapter 10: Overview of MVC Projects ,303

Working with Visual Studio MVC Projects 303

Using the Internet and Intranet Application Controllers 308

Understanding MVC Conventions 309

Debugging MVC Applications 310

Creating the Project 310

Launching the Visual Studio Debugger 311

Causing the Visual Studio Debugger to Break 312

Using Edit and Continue 317

Project-Wide Dependency Injection 321

Summary 323

Chapter 11: URLs, Routing, and Areas 325

Introducing the Routing System 325

Creating the Routing Project 326

Introducing URL Patterns 327

Creating and Registering a Simple Route 329

Defining Default Values 334

Using Static URL Segments 336

Defining Custom Segment Variables 340

Defining Optional URL Segments 342

Defining Variable-Length Routes 344

Prioritizing Controllers by Namespaces 346

Constraining Routes 349

Routing Requests for Disk Files 354

Bypassing the Routing System 357

Generating Outgoing URLs 358

Preparing the Project 358

Generating Outgoing URLs in Views 359

Generating Outgoing URLs in Action Methods 366

Generating a URL from a Specific Route 367

Customizing the Routing System 368

Creating a Custom RouteBase Implementation 368

Creating a Custom Route Handler 373

Working with Areas 374

Creating an Area 375

Populating an Area 377

Resolving the Ambiguous Controller Issue 379

Generating Links to Actions in Areas 380

URL Schema Best Practices 381

Make Your URLs Clean and Human-Friendly 381

GET and POST: Pick the Right One 382

Summary 383

Chapter 12: Controllers and Actions 385

Introducing the Controller 385

Preparing the Project 385

Creating a Controller with IController 385

Creating a Controller by Deriving from the Controller Class 387

Receiving Input 389

Getting Data from Context Objects 389

Using Action Method Parameters 391

Producing Output 393

Understanding Action Results 395

Returning HTML by Rendering a View 399

Passing Data from an Action Method to a View 403

Performing Redirections 409

Returning Text Data 414

Returning XML Data 416

Returning JSON Data 417

Returning Files and Binary Data 418

Returning Errors and HTTP Codes .-421

Creating a Custom Action Result 423

Summary 426

Chapter 13: Filters 427

Using Filters 427

Introducing the Four Basic Types of Filters 429

Applying Filters to Controllers and Action Methods 430

Using Authorization Filters 431

Using Exception Filters 437

Using Action and Result Filters 442

Using Other Filter Features 448

Using the Built-in Filters 454

Summary 459

Chapter 14: Controller Extensibility 461

Request Processing Pipeline Components 461

Creating a Controller Factory 461

Defining a Custom Controller Factory 462

Registering a Custom Controller Factory 464

Working with the Built-in Controller Factory 464

Prioritizing Namespaces 465

Customizing DefaultControllerFactory Controller Creation 466

Creating a Custom Action Invoker 468

Using the Built-in Action Invoker 470

Using a Custom Action Name 470

Using Action Method Selection 472

Using Action Method Selectors to Support REST Services 475

Improving Performance with Specialized Controllers 478

Using Sessionless Controllers 478

Using Asynchronous Controllers 480

Summary 491

Chapter 15: Views 493

Creating a Custom View Engine 493

Creating a Custom IView 495

Creating an IViewEngine Implementation 496

Registering a Custom View Engine 497

Working with the Razor Engine 500

Understanding Razor View Rendering 500

Adding Dependency Injection to Razor Views 502

Configuring the View Search Locations 503

Adding Dynamic Content to a Razor View 505

Using Inline Code 506

Using HTML Helpers 512

Creating an Inline HTML Helper 513

Creating an External Helper Method 514

Using the Built-in HTML Helpers 516

Using Sections 532

Testing For Sections 535

Rendering Optional Sections 535

Using Partial Views 536

Creating a Partial View 536

Using Strongly Typed Partial Views 537

Using Child Actions 539

Creating a Child Action 540

Rendering a Child Action 540

Summary 541

Chapter 16: Model Templates 543

Using Templated View Helpers 543

Styling Generated HTML 548

Using Model Metadata 550

Working with Complex Type Parameters 559

Customizing the Templated View Helper System ...561

Creating a Custom Editor Template 561

Creating a Custom Display Template 565

Creating a Generic Template 565

Replacing the Built-in Templates 566

Using the ViewData.Templatelnfo Property 568

Passing Additional Metadata to a Template 569

Understanding the Metadata Provider System 570

Creating a Custom Model Metadata Provider 571

Customizing the Data Annotations Model Metadata Provider 574

Summary 576

Chapter 17: Model Binding , .....577

Understanding Model Binding 577

Using the Default Model Binder 578

Binding to Simple Types 580

Binding to Complex Types 581

Binding to Arrays and Collections 585

Manually Invoking Model Binding ....588

Restricting Binding to a Specific Data Source 589

Dealing with Binding Errors 590

Using Model Binding to Receive File Uploads 591

Customizing the Model Binding System 592

Creating a Custom Value Provider 592

Creating a Dependency-Aware Model Binder 594

Creating a Custom Model Binder 595

Creating Model Binder Providers 598

Using the ModelBinder Attribute 599

Summary 599

Chapter 18: Model Validation 601

Creating the Project 601

Explicitly Validating a Model 604

Displaying Validation Messages 606

Displaying Property-Level Validation Messages 610

Using Alternative Validation Techniques 612

Performing Validation in the Model Binder 612

Specifying Validation Rules Using Metadata 616

Defining Self-validating Models 621

Creating a Custom Validation Provider 622

Performing Client-Side Validation 626

Enabling and Disabling Client-Side Validation 627

Using Client-Side Validation 629

Understanding How Client-Side Validation Works 634

Customizing Client-Side Validation 635

Performing Remote Validation 642

Summary 645

Chapter 19: Unobtrusive Ajax 647

Using MVC Unobtrusive Ajax 647

Creating the Project 647

Enabling and Disabling Unobtrusive Ajax 650

Using Unobtrusive Ajax Forms 651

Understanding How Unobtrusive Ajax Works 653

Setting Ajax Options ,654

Ensuring Graceful Degradation 654

Providing the User with Feedback While Making an Ajax Request 656

Prompting the User Before Making a Request 657

Creating Ajax Links 658

Ensuring Graceful Degradation for Links 661

Working with Ajax Callbacks 662

Working with JSON 665

Adding JSON Support to the Controller 666

Processing JSON in the Browser 668

Detecting Ajax Requests in the Action Method 669

Receiving JSON Data 670

Summary 672

Chapter 20: jQuery ...673

Creating the Project 673

Referencing jQuery 675

Writing jQuery Code 678

Creating a jQuery Sandbox 679

Basic jQuery Theory 682

Understanding jQuery Selectors 683

Using jQuery Filters 686

Understanding jQuery Methods 688

Waiting for the DOM 689

Using jQuery CSS Methods 690

Working with the DOM 694

Using jQuery Events b9a

Using jQuery Visual Effects 699

Using jQuery Ul 701

Referencing jQuery Ul 702

Making Better Buttons 703

Using a Slider 704

Summary 708

Part 3: Delivering Successful ASP.NET MVC 3 Projects 709

Chapter 21: Security and Vulnerability 711

AH Input Can Be Forged 711

Forging HTTP Requests 713

Cross-Site Scripting and HTML Injection 715

Understanding an XSS Vulnerability 715

Razor HTML Encoding 716

Request Validation 717

JavaScript String Encoding and XSS 720

Session Hijacking 722

Defense via Client IP Address Checks 723

Defense by Setting the HttpOnly Flag on Cookies 723

Cross-Site Request Forgery 724

Attack 724

Defense 725

Preventing CSRF Using the Antiforgery Helpers 725

SQL Injection 727

Attack 727

Defense Using Parameterized Queries 728

Defense Using Object-Relational Mapping 728

Using the MVC Framework Securely 728

Don't Expose Action Methods Accidentally 728

Don't Allow Model Binding to Change Sensitive Properties 729

Summary 730

Chapter 22: Authentication and Authorization 731

Using Windows Authentication 731

Using Forms Authentication 734

Setting Up Forms Authentication 735

Using Cookieless Forms Authentication -738

Using Membership, Roles, and Profiles 738

Setting Up and Using Membership 740

Setting Up and Using Roles 749

Setting Up and Using Profiles 753

Why You Shouldn't Use URL-Based Authorization 758

Restricting Access Using IP Addresses and Domains 758

Summary 760

Chapter 23: Deployment 761

Preparing an Application for Deployment 761

Detecting View Errors Before Deployment 761

Configuring Dynamic Page Compilation 762

Preparing for a Bin Deployment ,763

Preparing the Web.config File for Transformation 764

Preparing the Project for Database Deployment 776

Understanding the IIS Fundamentals 779

Understanding Web Sites 779

Understanding Virtual Directories 779

Understanding Application Pools 780

Binding Web Sites to Hostnames, IP Addresses, and Ports 780

Preparing the Server for Deployment 781

Deploying an Application 783

Deploying an Application by Copying Files 784

Using a Deployment Package 785

Using One-Click Publishing 790

Summary 792

Index 793