Pro ASP.NET MVC 3 framework : [build the most maintainable ...

Pro ASP.NET MVC 3

Framework Third Edition

ADAM FREEMAN STEVEN SANDERSON

ApressB

Contents

J About the Authors

xxiii

About the Technical Reviewer

xxiv

Acknowledgments Part 1:

xxv

Introducing ASP.NET MVC 3

Chapter 1: What's the Big Idea? A Brief

History of Web Development

Traditional ASP.NET Web

Forms

What's Wrong with ASP.NET Web Forms?

Web

Development Today

Web Standards and REST

Agile

and Test-Driven

Ruby

on

Development

Rails

1 3

3 5

6

7 7 7 8

Sinatra

8

Node.js

9

Key Benefits of ASP.NET MVC

9

MVC Architecture

10

Extensibility

10

Tight Control

over HTML

and HTTP

11

Testability

11

Powerful

11

Routing System

Built on the Best Parts of the ASP.NET Platform

12

Modern API

12

ASP.NET MVC Is Open Source

13

Who Should Use ASP.NET MVC?

13

Comparisons with ASP.NET Web Forms

13

Migrating from

14

Web Forms to MVC

Comparisons with Ruby

14

on Rails

Comparisons with MonoRail

14

What's New in ASP.NET MVC 3

15

Summary

15

Chapter 2: Getting Ready

17

the Workstation

Preparing

17

,

Installing

Visual Studio 2010

17

Installing

the Essential Software

19 21

Installing Optional Components

22

Preparing the Server Enabling the Web

23

Server Role

25

Installing Additional Components Setting up Web Deployment

Getting

,

26

30

Further Information

Summary

30

Chapter 3: Your First MVC Application

31

New ASP.NET MVC

.31

Creating

a

Project

Adding the First Controller

33

Understanding Routes

36

37

Rendering Web Pages Creating

and

Rendering

a

View

Adding Dynamic Output

Creating

a

Simple Data-Entry Application

Setting the Designing

Scene

a

Data Model

37

41

42 42

43

Linking Action Methods

44

Building the Form

47

Handling Forms

51

Adding Validation

54

Completing

59

the

Example

61

Summary Chapter The

4:

63

The MVC Pattern

63

History of MVC

Understanding

64

the MVC Pattern

Understanding the Domain Model

64

The ASP.NET

65

Implementation of MVC

Comparing MVC Understanding

to

Other Patterns

the Smart

66

Ul Pattern

66

Applying Domain-Driven Development Modeling

an

69

Example Domain

70

Ubiquitous Language

70

Aggregates and Simplification

71

Defining Repositories

73

Building Loosely Coupled Components

73

Using Dependency Injection An

74

MVC-Specific Dependency Injection Example

Using

a

76

Dependency Injection Container

77

Getting Started with Automated Testing

78

Understanding Unit Testing

78

Understanding Integration Testing

87

Summary

,

88

Chapter 5: Essential Language Features Essential C# Features

89 89

Using Automatically Implemented Properties

89

Using Object and Collection Initializers

92

Using Extension Methods

94

Using Lambda Expressions

99

Using Automatic Type Inference

101

Using Anonymous Types

102

Performing Language Integrated Queries

103

Understanding Razor Syntax Creating the Project Examining

a

Basic Razor View

110 110 114

124

Summary Chapter 6: Essential Tools for MVC

.125

125

Using Ninject Creating the Project

128

Getting Started with Ninject

129

Creating Chains of Dependency

130

Specifying Property and Parameter Values

132

Using Self-Binding

133

Binding to

Derived Type

134

Using Conditional Binding

135

a

Applying Ninject to ASP.NET MVC

137

Unit Testing with Visual Studio

138

Creating the Project

139

Creating Unit Tests

141

Running the Unit Tests (and Failing)

146

Implementing the Feature

147

Using Moq

148

Adding Moq to the Visual Studio Project

148

Creating

148

Unit

Moq

Mock with

a

Testing

with

Moq

Verifying with Moq

153

Summary Chapter

151

153

SportsStore: A Real Application

7:

Getting Started

155 156

Creating the Visual Studio Solution and Projects

156

Adding References

158

Setting Up the Dl Container

159

Starting the Application

160

Starting the Domain Model Creating Making

a

Displaying

an

Abstract

Mock a

Repository

162 163

Repository

163

List of Products

164

Controller

Adding

a

Adding

the View

164 165

Setting the Default Route

167

Running the Application

168

Database

168

Creating the Database

169

Defining the Database Schema

170

Adding Data to the Database

172

Creating the Entity Framework Context

173

Creating the Product Repository

175

Preparing

a

Adding Pagination Displaying Page Links

176 179

Improving the URLs

187

Styling the Content

188

Defining Common Content in the Layout Adding

189

CSS Rules

Creating

a

190

Partial View

191

Summary Chapter

194

8:

SportsStore: Navigation

Adding Navigation Controls

and Cart

,

195 195

Filtering the Product List

195

Refining the URL Scheme

198

Building

a

Category Navigation Menu

201

Correcting the Page Count

210

Building the Shopping Cart

213

Defining the Cart Entity

213

Adding the Add to Cart Buttons

217

Implementing the Cart Controller

218

Displaying the Contents

of the Cart

Using Model Binding Creating

a

223

Custom Model Binder

Completing the Cart the Cart

224 228

Removing Items from the Cart Adding

220

Summary

Submitting Orders

228 230

233

Extending the Domain Model

233

Adding the Checkout

234

Process

Implementing the Order

Processor

238

Registering the Implementation

241

Completing the Cart Controller

241

Displaying Validation Errors

245

Displaying

246

a

Summary Page

248

Summary Chapter

SportsStore: Administration

9:

249

Adding Catalog Management Creating

a CRUD a

Creating

New

a

Controller

Grid of Products in the

Rendering

249

250

Repository

Layout

252 253

Implementing the List View

255

Editing Products

260

Creating New Products

275

Deleting Products

276

Securing the Administration Features Setting Up Forms Authentication Applying Authorization Creating

with Filters

the Authentication Provider

Creating the Account Controller Creating

the View

Image Uploads Extending

the Database

279 280

281 282 284 285 290 290

Enhancing the Domain Model

290

Updating the Entity Framework Conceptual Model

291

Creating

the

Upload User Interface Elements

292

Saving Images to the Database

293

Implementing the Getlmage Action Method

294

Displaying Product Images

298

Summary

299

Part 2: ASP.NET MVC 3 in Detail

Chapter 10:

Overview of MVC

301

Projects

Working with Visual Studio MVC Projects

,

303

303

Using the Internet and Intranet Application Controllers

308

Understanding MVC Conventions

309

310

Debugging MVC Applications Creating the Project

310

Launching the Visual Studio Debugger

311

Causing the Visual

Studio

Debugger to

Break

312 317

Using Edit and Continue

Project-Wide Dependency Injection

321

Summary

323

Chapter 11: URLs, Routing, and Areas

325

Introducing

the

325

Routing System

326

Creating the Routing Project Introducing

Creating

327

URL Patterns

and

Registering

a

Simple

Route

329

Defining Default Values

334

Using Static URL Segments

336

Defining Custom Segment Variables

340

Segments

342

Defining Variable-Length Routes

344

Prioritizing Controllers by Namespaces

346

Constraining Routes

349

Defining Optional

Routing Requests Bypassing

the

URL

for Disk Files

Routing System

Generating Outgoing Preparing the Project

URLs

354 357

358 358

Generating Outgoing URLs in Views

359

Generating Outgoing URLs in Action Methods

366

Generating

a URL

from

a

Specific

Route

367

Customizing the Routing System

368

Creating

a

Custom RouteBase Implementation

368

Creating

a

Custom Route Handler

373

Working with Areas Creating

Area

an

Populating

Resolving

374 375

an Area

the

377

Ambiguous Controller Issue

Generating Links

to Actions in

379

Areas

380

URL Schema Best Practices Make Your URLs Clean and

GET and POST: Pick the

381

Human-Friendly

Right

One

382

383

Summary Chapter

381

12: Controllers and

Actions

385

Introducing the Controller

385

Preparing the Project

385

Controller with IController

Creating

a

Creating

a Controller

385

by Deriving from the

Controller Class

Receiving Input

387

389

Getting Data from Context Objects

389

Using Action Method Parameters

391

393

Producing Output Understanding Action Results Returning HTML by Rendering Passing Data from

an

395 a

View

Action Method to

Performing Redirections

399 a

View

403 409

Text Data

414

Returning XML Data

416

Returning JSON Data

417

Returning Files and Binary Data

418

Returning

Returning Errors and HTTP Codes Creating

a

421

.-

423

Custom Action Result

Summary

426

Chapter 13: Filters

427

Using Filters

427

Introducing

the Four Basic

Types

of Filters

Filters to Controllers and Action Methods

Applying

Using Authorization

429 430 431

Filters

Using Exception Filters

437

Using Action and Result Filters

442

Using Other Filter Features

448

Using

454

the Built-in Filters

Summary

459

Chapter 14: Controller Extensibility

461

Request Processing Pipeline Components

461

Creating

a

Defining

Controller

a Custom

Registering

a

461

Factory

Controller Factory

Custom Controller

Factory

Working with the Built-in Controller Factory

462 464

464

Prioritizing Namespaces

465

Customizing DefaultControllerFactory Controller Creation

466

Creating a Custom Action Invoker

468

Using the Built-in

470

Using

a

Action Invoker

Custom Action Name

470

Using Action Method Selection

472

Using Action Method Selectors to Support

REST Services

Improving Performance with Specialized Controllers

475

478

Using Sessionless Controllers

478

Using Asynchronous Controllers

480

Summary

491

Chapter 15: Views

493

Creating

Custom View

a

Creating

a Custom IView

Creating

an

Engine

495

IViewEngine Implementation

Registering

a

493

Custom View

Engine

Working with the Razor Engine

496 497

500

Understanding Razor View Rendering

500

Adding Dependency Injection to Razor Views

502

Configuring the View Search Locations

503

Adding Dynamic Content to a

Razor View

505

Using Inline Code

506

Using HTML Helpers

512

Creating

Inline HTML Helper

an

Creating an External Helper Method

Using

the Built-in HTML

Helpers

Using Sections

513

514 516

532

For Sections

535

Rendering Optional Sections

535

Testing

Using Partial Views Creating

a

Partial View

Using Strongly Typed Partial Views

Using Child Actions

536 536 537

539

Creating

a

Rendering

Child Action a

540

Child Action

540

Summary

541

Chapter 16: Model Templates

543

Using Templated View Helpers

543

Styling Using

Generated HTML

548

Model Metadata

550

Working with Complex Type Parameters

Customizing the Templated View Helper System Creating

a Custom

Editor

Creating

a Custom

Display Template

Creating

a

Template

the

Generic Template

566

to a

Template

Understanding the Metadata Provider System Creating

a

Custom Model Metadata Provider

Customizing the

565 565

ViewData.Templatelnfo Property

Passing Additional Metadata

...561 561

Replacing the Built-in Templates Using

559

Data Annotations Model Metadata Provider

568 569

570 571 574

576

Summary Chapter 17: Model Binding

,

.....577

Understanding Model Binding

577

Using the Default Model Binder

578

Binding to Simple Types

580

Binding to Complex Types

581

Binding to Arrays and Collections

585

Manually Invoking

Model

Restricting Binding to

a

Binding

Specific Data Source

Dealing with Binding Errors

....588 589 590

Using

Model

Binding to Receive File Uploads

Customizing the Model Binding System

591 592

Creating

a

Custom Value Provider

592

Creating

a

Dependency-Aware Model Binder

594

Creating

a Custom

Model Binder

595

Creating Model Binder Providers

598

the ModelBinder Attribute

599

Using

599

Summary

Chapter

601

18: Model Validation

Creating the Project

Explicitly Validating

601 a

Model

604 606

Displaying Validation Messages Displaying Property-Level Validation Messages

Using Alternative Validation Techniques

Defining Self-validating Creating

612

Metadata

616

Models

621

a Custom Validation Provider

622

Client-Side Validation

626

Performing Enabling

612

Binder

Performing Validation in the Model Specifying Validation Rules Using

610

and

Disabling Client-Side Validation

627

Using Client-Side Validation

629

Understanding How Client-Side Validation Works

634

Customizing Client-Side Validation

635

Performing Remote Validation

642

Summary

645

Chapter 19: Unobtrusive Ajax

647

Using

MVC Unobtrusive

Creating the Project

Ajax

647 647

Enabling and Disabling Unobtrusive Ajax

650

Using Unobtrusive Ajax Forms

651

Understanding How Unobtrusive Ajax Works

653

Setting Ajax Options

,

Ensuring Graceful Degradation

654

Providing the User with Feedback While Making

Prompting

the User Before

Making

a

Request

Creating Ajax Links Ensuring

Graceful

654

an

Ajax Request

656 657

658

Degradation

for Links

661

Working with Ajax Callbacks

662

Working with JSON

665

Adding JSON Support to the Controller

666

Processing

668

JSON in the Browser

Detecting Ajax Requests in the Action Method

669

Receiving JSON Data

670

672

Summary Chapter 20: jQuery

...673

Creating the Project

673

Referencing jQuery

675

Writing jQuery Code

678

Creating Basic

a

jQuery

Sandbox

682

jQuery Theory

Understanding jQuery Using jQuery

679

Selectors

Filters

683 686

Understanding jQuery Methods

688

Waiting for the DOM

689

Using jQuery CSS Methods

690

Working with the DOM

694

Using jQuery

b9a

Events

Using jQuery Visual Effects

699

Using jQuery Ul

701

Referencing jQuery Ul

702

Making Better Buttons

703

Slider

704

Using

a

708

Summary Part 3: Delivering Successful ASP.NET MVC 3 Projects

709

Chapter 21: Security and Vulnerability

711

AH

711

Input Can Be Forged Forging HTTP Requests

713

Cross-Site Scripting and HTML Injection

715

XSS

715

Understanding Razor HTML

an

Vulnerability

Encoding

716

Request Validation

717

JavaScript String Encoding and XSS

720

Session

Hijacking

722

Defense via Client IP Address Checks Defense

by Setting the HttpOnly Flag

723 on Cookies

Cross-Site Request Forgery

723

724

Attack

724

Defense

725

Preventing

CSRF

Using the Antiforgery Helpers

SQL Injection Attack

725

727 727

Defense

Using Parameterized Queries

728

Defense

Using Object-Relational Mapping

728

Using the MVC Framework Securely

728

Don't Expose Action Methods

Accidentally

728

Don't Allow Model Binding to

Change Sensitive Properties

729

Summary

730

Chapter 22: Authentication and Authorization

731

Using Windows Authentication

731

Using Forms Authentication

734 735

Setting Up Forms Authentication Using Cookieless Forms Authentication

-

738

Using Membership, Roles, and Profiles

740

Setting Up and Using Membership Setting Up

and

738

749

Using Roles

753

Setting Up and Using Profiles

Why You Shouldn't Use URL-Based Authorization

758

Restricting Access Using IP Addresses and Domains

758

Summary

760 761

Chapter 23: Deployment

Preparing

an

Application for Deployment

761

Detecting View Errors Before Deployment

761

Configuring Dynamic Page Compilation

762

Preparing for

a

Bin Deployment

763

,

Preparing the Web.config File for Transformation

764

Preparing the Project for Database Deployment

776

Understanding the IIS Fundamentals

779

Understanding Web Sites

779

Understanding Virtual Directories

779

Understanding Application Pools

780

Binding Web Sites

to

Hostnames,

IP

Addresses,

Preparing the Server for Deployment

and Ports

780

781

Deploying

an

Deploying Using

a

an

Application Application by Copying Files

Deployment Package

Using One-Click Publishing

783 784

785 790

Summary

792

Index

793