E-Book, Englisch, 776 Seiten
Sanderson Pro ASP.NET MVC 2 Framework
2. ed
ISBN: 978-1-4302-2887-5
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 776 Seiten
ISBN: 978-1-4302-2887-5
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
Author Steven Sanderson has seen the ASP.NET MVC Framework mature from the start, so his experience, combined with comprehensive coverage of all the new features, including those in the official MVC development toolkit, offers the clearest understanding of how this exciting new framework can improve your coding efficiency. With this book, you'll gain invaluable up-to-date knowledge of security, deployment, and interoperability challenges. The ASP.NET MVC 2 Framework introduces a radical high-productivity programming model that promotes cleaner code architecture, test-driven development, and powerful extensibility, combined with all the benefits of ASP.NET 3.5. In this book, the core model-view-controller (MVC) architectural concepts are not simply explained or discussed in isolation, but are demonstrated in action. You'll work through an extended tutorial to create a working e-commerce web application that combines ASP.NET MVC with C# language features and unit-testing best practices. By gaining this invaluable, practical experience, you'll discover MVC's strengths and weaknesses for yourself-and put your best-learned theory into practice.
After a childhood spent at the computer, Steven Sanderson started web development in 1996, first using Perl and later adopting PHP. His last five years of professional experience have focused on ASP.NET, learning what works and what works better, and experiencing a developer's life everywhere from an investment bank to a five-person Internet startup. Steven has led Red Gate's web development team, and spends his free time blogging and keeping up to speed with the latest technology developments. He's followed the ASP.NET MVC framework since its inception and frequently participates in online discussions with its core developers at Microsoft.
Autoren/Hrsg.
Weitere Infos & Material
1;Title page ;1
2;Copyright page ;2
3;Contents at a Glance;4
4;Table of contents ;5
5;About the Author;20
6;About the Technical Reviewers;21
7;Acknowledgments;22
8;Introduction;23
9;You Don’t Need to Know ASP.NET MVC 1 Already;23
10;Which Technologies Are Used in This Book;23
11;Code Samples;23
12;Errata;24
13;Contacting the Author;24
14;PART 1 Introducing ASP.NETMVC 2;25
15;CHAPTER 1 What’s the Big Idea?;26
15.1;A Brief History of Web Development;26
15.1.1;Traditional ASP.NET Web Forms;27
15.1.2;What’s Wrong with ASP.NET Web Forms?;28
15.2;Web Development Today;29
15.2.1;Web Standards and REST;29
15.2.2;Agile and Test-Driven Development;30
15.2.3;Ruby on Rails;30
15.3;Key Benefits of ASP.NET MVC;31
15.3.1;MVC Architecture;31
15.3.2;Extensibility;31
15.3.3;Tight Control over HTML and HTTP;32
15.3.4;Testability;32
15.3.5;Powerful Routing System;33
15.3.6;Built on the Best Parts of the ASP.NET Platform;33
15.3.7;Modern API;34
15.3.8;ASP.NET MVC Is Open Source;34
15.4;Who Should Use ASP.NET MVC?;34
15.4.1;Comparisons with ASP.NET Web Forms;34
15.4.1.1;Migrating from Web Forms to MVC;35
15.4.2;Comparisons with Ruby on Rails;35
15.4.3;Comparisons with MonoRail;36
15.5;What’s New in ASP.NET MVC 2;36
15.6;Summary;37
16;CHAPTER 2 Your First ASP.NET MVCApplication;38
16.1;Preparing Your Workstation;38
16.2;Creating a New ASP.NET MVC Project;39
16.2.1;Adding the First Controller;41
16.3;Rendering Web Pages;42
16.3.1;Creating and Rendering a View;42
16.3.2;Adding Dynamic Output;45
16.4;A Starter Application;46
16.4.1;The Story;46
16.4.2;Designing a Data Model;47
16.4.2.1;Adding a Model Class;47
16.4.3;Linking Between Actions;48
16.4.3.1;Introducing Strongly Typed Views;51
16.4.4;Building a Form;52
16.4.4.1;Dude, Where’s My Data?;55
16.4.5;Handling Form Submissions;55
16.4.5.1;Introducing Model Binding;56
16.4.5.2;Rendering Arbitrary Views and Passing a Model Object to Them;56
16.4.6;Adding Validation;58
16.4.6.1;Model Binding Tells Input Controls to Redisplay User-Entered Values;60
16.4.6.2;Highlighting Invalid Fields;61
16.4.7;Finishing Off;62
16.5;Summary;64
17;CHAPTER 3 Prerequisites;65
17.1;Understanding MVC Architecture;65
17.1.1;The Smart UI (Anti-Pattern);66
17.1.2;Separating Out the Domain Model;67
17.1.2.1;Model-View Architecture;67
17.1.3;Three-Tier Architecture;68
17.1.4;MVC Architecture;69
17.1.4.1;Implementation in ASP.NET MVC;70
17.1.4.2;History and Benefits;70
17.1.5;Variations on MVC;71
17.1.5.1;Where’s the Data Access Code?;71
17.1.5.2;Putting Domain Logic Directly into Controllers;71
17.1.5.3;Model-View-Presenter;71
17.1.5.4;Model-View-View Model;72
17.2;Domain Modeling;72
17.2.1;An Example Domain Model;73
17.2.2;Ubiquitous Language;74
17.2.3;Aggregates and Simplification;74
17.2.3.1;Is It Worth Defining Aggregates?;76
17.2.4;Keeping Data Access Code in Repositories;76
17.2.5;Using LINQ to SQL;77
17.2.5.1;Implementing the Auctions Domain Model;79
17.2.5.2;Implementing the Auction Repositories;81
17.3;Building Loosely Coupled Components;83
17.3.1;Taking a Balanced Approach;84
17.3.2;Using Dependency Injection;84
17.3.2.1;An MVC-Specific Example;85
17.3.3;Using a DI Container;86
17.3.3.1;Meet Ninject;87
17.4;Getting Started with Automated Testing;88
17.4.1;Understanding Unit Testing;89
17.4.1.1;How DI Supports Unit Testing;91
17.4.1.2;TDD and the Red-Green-Refactor Workflow;91
17.4.1.3;To Unit Test or Not to Unit Test;94
17.4.2;Understanding Integration Testing;95
17.4.2.1;BDD and the Given-When-Then Model;97
17.4.2.2;Why This Book Demonstrates Unit Testing Rather Than Integration Testing;99
17.5;C# 3 Language Features;100
17.5.1;The Design Goal: Language-Integrated Query;100
17.5.2;Extension Methods;101
17.5.3;Lambda Methods;102
17.5.4;Generic Type Inference;103
17.5.5;Automatic Properties;103
17.5.6;Object and Collection Initializers;104
17.5.7;Type Inference;104
17.5.8;Anonymous Types;105
17.5.8.1;Putting It All Together;105
17.5.8.2;Deferred Execution;107
17.5.9;Using LINQ to Objects;107
17.5.10;Lambda Expressions;108
17.5.11;IQueryable and LINQ to SQL;109
17.5.12;LINQ to Everything;111
17.6;Summary;111
18;CHAPTER 4 SportsStore: A Real Application;112
18.1;Getting Started;114
18.1.1;Creating Your Solutions and Projects;114
18.2;Starting Your Domain Model;117
18.2.1;Creating an Abstract Repository;118
18.2.2;Making a Fake Repository;119
18.3;Displaying a List of Products;119
18.3.1;Adding the First Controller;120
18.3.2;Setting Up the Default Route;121
18.3.3;Adding the First View;122
18.4;Connecting to a Database;125
18.4.1;Defining the Database Schema;125
18.4.2;Setting Up LINQ to SQL;128
18.4.3;Creating a Real Repository;128
18.5;Setting Up DI;130
18.5.1;Creating a Custom Controller Factory;130
18.5.2;Using Your DI Container;131
18.6;Creating Unit Tests;134
18.7;Configuring a Custom URL Schema;139
18.7.1;Assigning a Default Parameter Value;140
18.7.2;Displaying Page Links;141
18.7.2.1;Making the HTML Helper Method Visible to All View Pages;144
18.7.2.2;Supplying a Page Number to the View;145
18.7.3;Improving the URLs;149
18.8;Styling It Up;150
18.8.1;Defining Page Layout in the Master Page;150
18.8.2;Adding CSS Rules;151
18.8.3;Creating a Partial View;153
18.9;Summary;155
19;CHAPTER 5 SportsStore: Navigation andShopping Cart;156
19.1;Adding Navigation Controls;156
19.1.1;Filtering the Product List;156
19.1.1.1;Implementing the Category Filter;158
19.1.2;Defining a URL Schema for Categories;160
19.1.3;Building a Category Navigation Menu;162
19.1.3.1;Creating the Navigation Controller;162
19.1.3.2;Selecting and Rendering a List of Category Links;165
19.1.3.3;Highlighting the Current Category;167
19.2;Building the Shopping Cart;170
19.2.1;Defining the Cart Entity;170
19.2.2;Adding “Add to Cart” Buttons;173
19.2.2.1;Multiple Tags;174
19.2.3;Giving Each Visitor a Separate Shopping Cart;175
19.2.3.1;ASP.NET MVC Offers a Tidier Way of Working with Session Storage;175
19.2.3.2;Creating a Custom Model Binder;176
19.2.4;Creating CartController;176
19.2.4.1;Implementing AddToCart and RemoveFromCart;178
19.2.5;Displaying the Cart;180
19.2.6;Removing Items from the Cart;183
19.2.7;Displaying a Cart Summary in the Title Bar;184
19.3;Submitting Orders;186
19.3.1;Enhancing the Domain Model;186
19.3.2;Adding the “Check Out Now” Button;187
19.3.3;Prompting the Customer for Shipping Details;188
19.3.4;Defining an Order Submitter DI Component;190
19.3.5;Completing CartController;190
19.3.5.1;Adding a Fake Order Submitter;193
19.3.5.2;Displaying Validation Errors;194
19.3.5.3;Displaying a “Thanks for Your Order” Screen;195
19.3.6;Implementing EmailOrderSubmitter;196
19.4;Summary;199
20;CHAPTER 6 SportsStore: Administration andFinal Enhancements;200
20.1;Adding Catalog Management;201
20.1.1;Creating AdminController: A Place for the CRUD Features;201
20.1.2;Rendering a Grid of Products in the Repository;203
20.1.2.1;Implementing the List View;204
20.1.3;Building a Product Editor;207
20.1.3.1;Creating a Product Editor UI;207
20.1.3.2;Handling Edit Submissions;210
20.1.3.3;Adding Validation;213
20.1.3.4;Enabling Client-Side Validation;215
20.1.4;Creating New Products;215
20.1.5;Deleting Products;217
20.2;Securing the Administration Features;219
20.2.1;Setting Up Forms Authentication;219
20.2.2;Using a Filter to Enforce Authentication;220
20.2.3;Displaying a Login Prompt;221
20.3;Image Uploads;225
20.3.1;Preparing the Domain Model and Database;225
20.3.2;Accepting File Uploads;226
20.3.2.1;A Little-Known Fact About HTML Forms;227
20.3.2.2;Saving the Uploaded Image to the Database;227
20.3.2.3;Handling Form Posts That Don’t Include an Image;228
20.3.3;Displaying Product Images;230
20.4;Summary;233
21;PART 2 ASP.NET MVC in Detail;234
22;CHAPTER 7 Overview of ASP.NET MVC Projects;235
22.1;Developing MVC Applications in Visual Studio;235
22.1.1;Naming Conventions;240
22.1.2;The Initial Application Skeleton;240
22.1.3;Debugging MVC Applications and Unit Tests;241
22.1.3.1;Launching the Visual Studio Debugger;241
22.1.3.2;Attaching the Debugger to IIS;243
22.1.3.3;Attaching the Debugger to a Test Runner (e.g., NUnit GUI);243
22.1.3.4;Remote Debugging;244
22.1.4;Using the Debugger;244
22.1.5;Stepping into the .NET Framework Source Code;245
22.1.6;Stepping into the ASP.NET MVC Framework Source Code;246
22.2;The Request Processing Pipeline;247
22.2.1;Stage 1: IIS;249
22.2.2;Stage 2: Core Routing;250
22.2.2.1;Routing Configurations;251
22.2.3;Stage 3: Controllers and Actions;251
22.2.3.1;Finding and Invoking Controllers;251
22.2.3.2;What Controllers Must Do;251
22.2.3.3;What Controllers Normally Do;252
22.2.4;Stage 4: Action Results and Views;252
22.2.4.1;Rendering a View;252
22.3;Summary;253
23;CHAPTER 8 URLs and Routing;254
23.1;Putting the Programmer Back in Control;254
23.1.1;About Routing and Its .NET Assemblies;255
23.2;Setting Up Routes;255
23.2.1;Understanding the Routing Mechanism;258
23.2.1.1;The Main Characters: RouteBase, Route, and RouteCollection;258
23.2.1.2;How Routing Fits into the Request Processing Pipeline;258
23.2.1.3;The Order of Your Route Entries Is Important;259
23.2.2;Adding a Route Entry;260
23.2.2.1;URL Patterns Match the Path Portion of a URL;260
23.2.2.2;Meet RouteValueDictionary;261
23.2.2.3;Take a Shortcut with MapRoute();261
23.2.3;Using Parameters;262
23.2.3.1;Receiving Parameter Values in Action Methods;262
23.2.4;Using Defaults;263
23.2.4.1;Creating Optional Parameters with No Default Value;264
23.2.5;Using Constraints;264
23.2.5.1;Matching Against Regular Expressions;265
23.2.5.2;Matching HTTP Methods;266
23.2.5.3;Matching Custom Constraints;267
23.2.6;Prioritizing Controllers by Namespace;267
23.2.7;Accepting a Variable-Length List of Parameters;268
23.2.8;Matching Files on the Server’s Hard Disk;269
23.2.8.1;Using the RouteExistingFiles Flag;269
23.2.9;Using IgnoreRoute to Bypass the Routing System;270
23.3;Generating Outgoing URLs;271
23.3.1;Generating Hyperlinks with Html.ActionLink();271
23.3.1.1;Passing Extra Parameters;272
23.3.1.2;How Parameter Defaults Are Handled;273
23.3.1.3;Generating Fully Qualified Absolute URLs;273
23.3.2;Generating Links and URLs from Pure Routing Data;274
23.3.3;Performing Redirections to Generated URLs;275
23.3.4;Understanding the Outbound URL-Matching Algorithm;275
23.3.5;Generating Hyperlinks with Html.ActionLink and Lambda Expressions;278
23.3.6;Working with Named Routes;279
23.3.6.1;Why You Might Not Want to Use Named Routes;279
23.4;Working with Areas;280
23.4.1;Setting Up Areas;280
23.4.2;Routing and URL Generation with Areas;283
23.4.2.1;Linking to an Action in the Same Area;284
23.4.2.2;Linking to an Action in a Different Area;285
23.4.2.3;Linking to an Action in the Root Area;285
23.4.2.4;Areas and Explicitly Named Routes;285
23.4.3;Areas and the Ambiguous Controller Problem;286
23.4.4;Areas Summary;286
23.5;Unit Testing Your Routes;286
23.5.1;Testing Inbound URL Routing;287
23.5.1.1;Using Test Doubles;288
23.5.1.2;Using a Mocking Framework (Moq);289
23.5.2;Testing Outbound URL Generation;291
23.5.2.1;Unit Testing Area Routes;293
23.6;Further Customization;293
23.6.1;Implementing a Custom RouteBase Entry;294
23.6.2;Implementing a Custom Route Handler;295
23.7;URL Schema Best Practices;296
23.7.1;Make Your URLs Clean and Human-Friendly;296
23.7.2;Follow HTTP Conventions;297
23.7.2.1;GET and POST: Pick the Right One;298
23.7.2.2;On Query Strings;298
23.7.2.3;Use the Correct Type of HTTP Redirection;298
23.7.3;SEO;300
23.8;Summary;300
24;CHAPTER 9 Controllers and Actions;301
24.1;An Overview;301
24.1.1;Comparisons with ASP.NET Web Forms;302
24.1.2;All Controllers Implement IController;302
24.1.3;The Controller Base Class;303
24.2;Receiving Input;304
24.2.1;Getting Data from Context Objects;305
24.2.2;Using Action Method Parameters;306
24.2.2.1;Parameters Objects Are Instantiated Using Value Providers and Model Binders;307
24.2.2.2;Optional and Compulsory Parameters;307
24.2.2.3;Specifying Default Parameter Values;308
24.2.2.4;Parameters You Can’t Bind To;309
24.2.3;Invoking Model Binding Manually in an Action Method;309
24.3;Producing Output;310
24.3.1;Understanding the ActionResult Concept;310
24.3.2;Returning HTML by Rendering a View;313
24.3.2.1;Rendering a View by Path;314
24.3.2.2;Passing a ViewData Dictionary and a Model Object;314
24.3.2.2.1;Treating ViewData As a Loosely Typed Dictionary;315
24.3.2.2.2;Sending a Strongly Typed Object in ViewData.Model;316
24.3.2.2.3;Combining Both Approaches;317
24.3.2.2.4;Passing a Dynamic Object As ViewData.Model;317
24.3.3;Performing Redirections;318
24.3.3.1;Redirecting to a Different Action Method;319
24.3.3.2;Redirecting to a Different URL;320
24.3.3.3;Using TempData to Preserve Data Across a Redirection;320
24.3.3.3.1;Where TempData Stores Its Data;321
24.3.3.3.2;Controlling the Lifetime of TempData Items;321
24.3.4;Returning Textual Data;322
24.3.4.1;Generating an RSS Feed;323
24.3.5;Returning JSON Data;324
24.3.6;Returning JavaScript Commands;325
24.3.7;Returning Files and Binary Data;326
24.3.7.1;Sending a File Directly from Disk;326
24.3.7.2;Sending the Contents of a Byte Array;328
24.3.7.3;Sending the Contents of a Stream;328
24.3.8;Creating a Custom Action Result Type;329
24.3.8.1;Example: Watermarking an Image (and the Concept of Unit Testability Seams);329
24.4;Unit Testing Controllers and Actions;331
24.4.1;How to Arrange, Act, and Assert;332
24.4.2;Testing a Choice of View and ViewData;332
24.4.2.1;Testing ViewData Values;333
24.4.3;Testing Redirections;334
24.4.4;More Comments About Unit Testing;335
24.4.5;Mocking Context Objects;335
24.4.6;Reducing the Pain of Mocking;337
24.4.6.1;Method 1: Make a Reusable Helper That Sets Up a Standard Mock Context;337
24.4.6.2;Method 2: Access Dependencies Through Virtual Properties;339
24.4.6.3;Method 3: Receive Dependencies Using Model Binding;341
24.4.6.4;Method 4: Turn Your Dependencies into DI Components;341
24.4.6.5;Method 5: Factor Out Complexity and Don’t Unit Test Controllers;341
24.5;Summary;342
25;CHAPTER 10 Controller Extensibility;343
25.1;Using Filters to Attach Reusable Behaviors;343
25.1.1;Introducing the Four Basic Types of Filter;344
25.1.2;Applying Filters to Controllers and Action Methods;345
25.1.3;Creating Action Filters and Result Filters;346
25.1.3.1;Controlling the Order of Execution;348
25.1.3.2;Filters on Actions Can Override Filters on Controllers;350
25.1.3.3;Using the Controller Itself As a Filter;351
25.1.4;Creating and Using Authorization Filters;351
25.1.4.1;How Authorization Filters Interact with Output Caching;352
25.1.4.2;Creating a Custom Authorization Filter;353
25.1.5;Creating and Using Exception Filters;354
25.1.5.1;Using HandleErrorAttribute;355
25.1.5.2;Creating a Custom Exception Filter;357
25.1.6;Bubbling Exceptions Through Action and Result Filters;358
25.1.7;The [OutputCache] Action Filter;359
25.1.8;The [RequireHttps] Filter;362
25.1.9;Other Built-In Filter Types;362
25.2;Controllers As Part of the Request Processing Pipeline;362
25.2.1;Working with Default Controller Factory;363
25.2.1.1;Prioritizing Namespaces Globally Using DefaultNamespaces;364
25.2.1.2;Prioritizing Namespaces on Individual Route Entries;364
25.2.1.3;Limiting a Route Entry to Match Controllers in a Specific Set of Namespaces;365
25.2.2;Creating a Custom Controller Factory;366
25.2.2.1;Registering a Custom Controller Factory;367
25.2.3;Customizing How Action Methods Are Selected and Invoked;367
25.2.3.1;The Real Definition of an Action;367
25.2.3.2;Using [ActionName] to Specify a Custom Action Name;368
25.2.3.3;Method Selection: Controlling Whether a C# Method Should Agree to Handle a Request;368
25.2.3.3.1;Creating a Custom Action Method Selector Attribute;369
25.2.3.3.2;Using the [NonAction] Attribute;370
25.2.3.4;How the Whole Method Selection Process Fits Together;370
25.2.3.5;Handling Unknown Actions;372
25.2.4;Overriding HTTP Methods to Support REST Web Services;373
25.2.4.1;Submitting a Plain HTML Form with an Overridden HTTP Method;374
25.2.4.2;How HTTP Method Overriding Works;374
25.3;Boosting Server Capacity with Asynchronous Controllers;375
25.3.1;Introducing Asynchronous Requests;376
25.3.2;Using Asynchronous Controllers;376
25.3.2.1;Turning a Synchronous Action into an Asynchronous Action;377
25.3.2.2;Passing Parameters to the Completion Method;382
25.3.2.3;Controlling and Handling Timeouts;383
25.3.2.4;Using Finish() to Abort All Remaining Asynchronous Operations;383
25.3.2.5;Using Sync() to Transition Back to the Original HTTP Context;384
25.3.3;Adding Asynchronous Methods to Domain Classes;385
25.3.4;Choosing When to Use Asynchronous Controllers;386
25.3.4.1;Measuring the Effects of Asynchronous Controllers;386
25.3.4.2;Ensuring Your Server Is Configured to Benefit from Asynchronous Requests;388
25.4;Summary;389
26;CHAPTER 11 Views;390
26.1;How Views Fit into ASP.NET MVC;390
26.1.1;The Web Forms View Engine;391
26.1.2;View Engines Are Replaceable;391
26.2;Web Forms View Engine Basics;391
26.2.1;Adding Content to a View;391
26.2.2;Five Ways to Add Dynamic Content to a View;392
26.3;Using Inline Code;393
26.3.1;Why Inline Code Is a Good Thing in MVC Views;395
26.4;Understanding How MVC Views Actually Work;395
26.4.1;Understanding How ASPX Pages Are Compiled;395
26.4.1.1;The Code-Behind Model;398
26.4.2;How Automatic HTML Encoding Works;398
26.4.2.1;How ASP.NET 4 Automatically Skips Encoding When Rendering HTML Helpers;399
26.4.2.2;Introducing the <%: ... %> Syntax;399
26.4.2.3;Working with MvcHtmlString;400
26.4.2.4;Using Custom Encoding Logic (Applies to .NET 4 Only);400
26.4.3;Understanding ViewData;401
26.4.4;Extracting ViewData Items Using ViewData.Eval;402
26.5;Using HTML Helper Methods;403
26.5.1;The Framework’s Built-In Helper Methods;404
26.5.1.1;Rendering Input Controls;404
26.5.1.1.1;Using Strongly Typed Input Controls;405
26.5.1.1.2;How Input Controls Get Their Values;406
26.5.1.1.3;Adding Arbitrary Tag Attributes;406
26.5.1.1.4;A Note About HTML Encoding;407
26.5.1.2;Rendering Links and URLs;407
26.5.1.3;Performing HTML and HTML Attribute Encoding;408
26.5.1.4;Rendering Drop-Down and Multiselect Lists;409
26.5.1.5;Bonus Helper Methods in Microsoft.Web.Mvc.dll;411
26.5.1.6;Other HTML Helpers;413
26.5.1.7;Rendering Form Tags;414
26.5.1.7.1;Forms That Post Back to the Same URL;415
26.5.1.7.2;Using Html.BeginForm;416
26.5.2;Creating Your Own HTML Helper Methods;416
26.6;Using Partial Views;418
26.6.1;Creating and Rendering a Partial View;418
26.6.1.1;Rendering a Partial Directly to the Response Stream;419
26.6.1.2;Passing ViewData to a Partial View;419
26.6.1.3;Passing an Explicit Model Object to a Partial View;420
26.6.2;Rendering a Partial View Using Server Tags;423
26.6.2.1;Passing ViewData to the Control;424
26.6.2.2;Passing an Explicit Model Object to the Control;424
26.7;Summary;425
27;CHAPTER 12 Models and Data Entry;426
27.1;How It All Fits Together;426
27.2;Templated View Helpers;427
27.2.1;Displaying and Editing Models Using Templated View Helpers;428
27.2.1.1;Using Model Metadata to Influence Templated View Helpers;431
27.2.1.2;Rendering Editors for Individual Properties;433
27.2.1.3;Rendering Labels for Individual Properties;435
27.2.1.4;The Built-in Editor Templates;435
27.2.1.5;Displaying Models Using Templated View Helpers;437
27.2.2;Using Partial Views to Define Custom Templates;439
27.2.2.1;Creating a Custom Editor Template;441
27.2.2.2;Respecting Formatting Metadata and Inheriting from ViewTemplateUserControl;442
27.2.2.3;Passing Additional View Data to Custom Templates;442
27.2.2.4;Working with HTML Field Prefixes and the TemplateInfo Context;442
27.3;Model Metadata;444
27.3.1;Working with Data Annotations;445
27.3.2;Creating a Custom Metadata Provider;446
27.3.2.1;The Full Set of Metadata Options;447
27.3.3;Consuming Model Metadata in Custom HTML Helpers;450
27.3.4;Using [MetadataType] to Define Metadata on a Buddy Class;451
27.4;Model Binding;451
27.4.1;Model-Binding to Action Method Parameters;452
27.4.2;Model-Binding to Custom Types;453
27.4.2.1;Specifying a Custom Prefix;455
27.4.2.2;Omitting a Prefix;455
27.4.2.3;Choosing a Subset of Properties to Bind;455
27.4.3;Invoking Model Binding Directly;456
27.4.3.1;Dealing with Model Binding Errors;457
27.4.4;Model-Binding to Arrays, Collections, and Dictionaries;458
27.4.4.1;Model-Binding Collections of Custom Types;459
27.4.4.2;Using Nonsequential Indexes;460
27.4.4.3;Model-Binding to a Dictionary;461
27.4.5;Creating a Custom Value Provider;461
27.4.6;Creating a Custom Model Binder;462
27.4.6.1;Configuring Which Model Binders Are Used;464
27.4.7;Using Model Binding to Receive File Uploads;466
27.5;Validation;467
27.5.1;Registering and Displaying Validation Errors;467
27.5.1.1;Using the Built-In Validation HTML Helpers;469
27.5.1.1.1;Controlling Where Validation Messages Appear;471
27.5.1.2;Distinguishing Property-Level Errors from Model-Level Errors;472
27.5.1.3;How the Framework Retains State After a Validation Failure;473
27.5.2;Performing Validation As Part of Model Binding;473
27.5.3;Specifying Validation Rules;475
27.5.3.1;Using Data Annotations Validation Attributes;475
27.5.3.2;Using the IDataErrorInfo Interface;478
27.5.3.3;Creating a Custom Validation Provider;479
27.5.4;Invoking Validation Manually;481
27.5.5;Using Client-Side Validation;482
27.5.5.1;Using Client-Side Validation with a Validation Summary;483
27.5.5.2;Dynamically Highlighting Valid and Invalid Fields;484
27.5.5.3;Allowing Specific Buttons to Bypass Validation;484
27.5.5.4;How Client-Side Validation Works;485
27.5.5.5;Implementing Custom Client-Side Validation Logic;486
27.5.5.5.1;Reusing the Built-In Client-Side Validation Logic;488
27.5.6;Putting Your Model Layer in Charge of Validation;489
27.6;Summary;493
28;CHAPTER 13 User Interface Techniques;494
28.1;Wizards and Multistep Forms;494
28.1.1;Defining the Model;495
28.1.2;Navigation Through Multiple Steps;496
28.1.3;Collecting and Preserving Data;498
28.1.4;Completing the Wizard;500
28.1.5;Validation;502
28.2;Implementing a CAPTCHA;506
28.2.1;Creating an Html.Captcha() Helper;507
28.2.1.1;Rendering a Dynamic Image;509
28.2.1.2;Distorting the Text;511
28.2.2;Verifying the Form Submission;512
28.3;Using Child Actions to Create Reusable Widgets with Application Logic;513
28.3.1;How the Html.RenderAction Helper Invokes Child Actions;514
28.3.2;When It’s Appropriate to Use Child Actions;514
28.3.3;Creating a Widget Based on a Child Action;515
28.3.4;Capturing a Child Action’s Output As a String;518
28.3.5;Detecting Whether You’re Inside a Child Request;518
28.3.6;Restricting an Action to Handle Child Requests Only;519
28.4;Sharing Page Layouts Using Master Pages;519
28.4.1;Using Widgets in MVC View Master Pages;520
28.4.1.1;Method 1: Have Your Controller Put a Control-Specific Data Item into ViewData;520
28.4.1.2;Method 2: Use an Action Filter to Put a Control-Specific Data Item into ViewData;521
28.4.1.3;Method 3: Use Child Actions;521
28.5;Implementing a Custom View Engine;522
28.5.1;A View Engine That Renders XML Using XSLT;522
28.5.1.1;Step 1: Implement IViewEngine, or Derive a Class from VirtualPathProviderViewEngine;522
28.5.1.2;Step 2: Implement IView;523
28.5.1.3;Step 3: Use It;524
28.5.1.4;Step 4: Register Your View Engine with the Framework;526
28.6;Using Alternative View Engines;527
28.6.1;Using the NVelocity View Engine;528
28.6.2;Using the Brail View Engine;529
28.6.3;Using the NHaml View Engine;530
28.6.4;Using the Spark View Engine;531
28.7;Summary;532
29;CHAPTER 14 Ajax and Client Scripting;533
29.1;Why You Should Use a JavaScript Toolkit;533
29.2;ASP.NET MVC’s Ajax Helpers;534
29.2.1;Fetching Page Content Asynchronously Using Ajax.ActionLink;535
29.2.1.1;Passing Options to Ajax.ActionLink;538
29.2.1.2;Running JavaScript Functions Before or After Asynchronous Requests;539
29.2.1.3;Detecting Ajax Requests;540
29.2.2;Submitting Forms Asynchronously Using Ajax.BeginForm;541
29.2.3;Invoking JavaScript Commands from an Action Method;542
29.2.4;Reviewing ASP.NET MVC’s Ajax Helpers;544
29.3;Using jQuery with ASP.NET MVC;545
29.3.1;Referencing jQuery;546
29.3.1.1;Referencing jQuery on a Content Delivery Network;546
29.3.2;Basic jQuery Theory;548
29.3.2.1;Waiting for the DOM;550
29.3.2.2;Event Handling;550
29.3.2.3;Global Helpers;551
29.3.2.4;Unobtrusive JavaScript;552
29.3.3;Adding Client-Side Interactivity to an MVC View;553
29.3.3.1;Improvement 1: Zebra-Striping;554
29.3.3.2;Improvement 2: Confirm Before Deletion;556
29.3.3.3;Improvement 3: Hiding and Showing Sections of the Page;557
29.3.4;Ajax-Enabling Links and Forms;558
29.3.4.1;Unobtrusive JavaScript and Hijaxing;558
29.3.4.2;Hijaxing Links;558
29.3.4.2.1;Performing Partial Page Updates;560
29.3.4.2.2;Using live to Retain Behaviors After Partial Page Updates;561
29.3.4.3;Hijaxing Forms;563
29.3.5;Client/Server Data Transfer with JSON;564
29.3.5.1;A Note About JsonResult and GET Requests;567
29.3.5.2;Performing Cross-Domain JSON Requests Using JSONP;568
29.3.5.3;Fetching XML Data Using jQuery;570
29.3.5.4;Animations and Other Graphical Effects;571
29.3.5.5;jQuery UI’s Prebuilt UI Widgets;572
29.3.5.5.1;Example: A Sortable List;573
29.3.5.6;Summarizing jQuery;574
29.4;Summary;575
30;PART 3 Delivering SuccessfulASP.NET MVC 2 Projects;576
31;CHAPTER 15 Security and Vulnerability;577
31.1;All Input Can Be Forged;577
31.1.1;Forging HTTP Requests;579
31.2;Cross-Site Scripting and HTML Injection;581
31.2.1;Example XSS Vulnerability;582
31.2.1.1;Attack;582
31.2.1.2;Defense;583
31.2.2;ASP.NET’s Request Validation Feature;583
31.2.2.1;Request Validation: Good or Bad?;584
31.2.2.2;Disabling Request Validation;585
31.2.2.3;Customizing Request Validation Logic;585
31.2.3;Filtering HTML Using the HTML Agility Pack;586
31.2.4;JavaScript String Encoding and XSS;588
31.3;Session Hijacking;589
31.3.1;Defense via Client IP Address Checks;590
31.3.2;Defense by Setting the HttpOnly Flag on Cookies;590
31.4;Cross-Site Request Forgery;591
31.4.1;Attack;591
31.4.2;Defense;592
31.4.3;Preventing CSRF Using the Anti-Forgery Helpers;592
31.5;SQL Injection;594
31.5.1;Attack;595
31.5.2;Defense by Encoding Inputs;595
31.5.3;Defense Using Parameterized Queries;595
31.5.4;Defense Using Object-Relational Mapping;596
31.6;Using the MVC Framework Securely;596
31.6.1;Don’t Expose Action Methods Accidentally;596
31.6.2;Don’t Allow Model Binding to Change Sensitive Properties;597
31.7;Summary;597
32;CHAPTER 16 Deployment;598
32.1;Server Requirements;598
32.2;Building Your Application for Production Use;599
32.2.1;Controlling Dynamic Page Compilation;599
32.2.2;Detecting Compiler Errors in Views Before Deployment;600
32.2.2.1;Detecting Compiler Errors in Views Only When Building in Release Mode;601
32.3;IIS Basics;601
32.3.1;Understanding Web Sites and Virtual Directories;602
32.3.2;Binding Web Sites to Hostnames, IP Addresses, and Ports;603
32.4;Deploying Your Application;603
32.4.1;Manually Copying Application Files to the Server;603
32.4.1.1;Where Should I Put My Application?;604
32.4.2;Bin-Deploying ASP.NET MVC 2;604
32.4.3;Deploying to IIS 6 on Windows Server 2003;606
32.4.3.1;Adding and Configuring a New MVC Web Site in IIS Manager;606
32.4.3.2;How IIS 6 Processes Requests;608
32.4.3.3;Making Extensionless URLs Work on IIS 6;608
32.4.3.3.1;Using a Wildcard Map;611
32.4.3.3.2;Disadvantages of Using Wildcard Maps;611
32.4.3.3.3;Excluding Certain Subdirectories from a Wildcard Map;612
32.4.3.3.4;Using a Traditional ASP.NET File Name Extension;612
32.4.3.3.5;Using a Custom File Name Extension;613
32.4.3.3.5.1;Extensionless URLs on IIS 6 with .NET 4;613
32.4.3.3.5.2;Troubleshooting IIS 6 Errors;614
32.4.4;Deploying to IIS 7.x on Windows Server 2008/2008 R2;615
32.4.4.1;Installing IIS 7.x on Windows Server 2008/2008 R2;615
32.4.4.2;Adding and Configuring a New MVC Web Site in IIS 7.x;616
32.4.4.3;How IIS 7.x Processes Requests in Classic Pipeline Mode;617
32.4.4.4;How IIS 7.x Processes Requests in Integrated Pipeline Mode;618
32.4.4.4.1;How Integrated Mode Makes Extensionless URLs Easy;619
32.4.4.4.2;Why Extensionless URLs Work on IIS 7.x Integrated Pipeline Mode with .NET 3.5;619
32.4.4.4.3;Why Extensionless URLs Work in IIS 7.x Integrated Pipeline Mode with .NET 4;619
32.4.4.5;Further IIS 7.x Deployment Considerations;620
32.4.4.6;Troubleshooting IIS 7.x Errors;621
32.4.5;Deploying to IIS 7.5 on Windows Server 2008 R2 Core;622
32.5;Automating Deployments with WebDeploy and Visual Studio 2010;623
32.5.1;Transforming Configuration Files;625
32.5.2;Automating Online Deployments with One-Click Publishing;628
32.5.3;Automating Offline Deployments with Packaging;629
32.6;Summary;631
33;CHAPTER 17 ASP.NET Platform Features;632
33.1;Windows Authentication;633
33.1.1;Preventing or Limiting Anonymous Access;635
33.2;Forms Authentication;636
33.2.1;Setting Up Forms Authentication;637
33.2.1.1;Handling Login Attempts;639
33.2.2;Using Cookieless Forms Authentication;640
33.3;Membership, Roles, and Profiles;641
33.3.1;Setting Up a Membership Provider;643
33.3.1.1;Setting Up SqlMembershipProvider;643
33.3.1.1.1;Using a SQL Server Express User Instance Database;644
33.3.1.1.2;Preparing Your Own Database for Membership, Roles, and Profiles;644
33.3.1.2;Managing Members Using the Web Administration Tool;646
33.3.1.3;Managing Members Using IIS 7.x’s .NET Users Configuration Tool;647
33.3.2;Using a Membership Provider with Forms Authentication;648
33.3.3;Creating a Custom Membership Provider;649
33.3.4;Setting Up and Using Roles;650
33.3.4.1;Using the Built-In SqlRoleProvider;651
33.3.4.2;Securing Controllers and Actions by Role;652
33.3.4.3;Creating a Custom Roles Provider;652
33.3.5;Setting Up and Using Profiles;653
33.3.5.1;Using the Built-In SqlProfileProvider;653
33.3.5.2;Configuring, Reading, and Writing Profile Data;654
33.3.5.3;Creating a Custom Profile Provider;655
33.4;URL-Based Authorization;657
33.5;Configuration;657
33.5.1;Configuring Connection Strings;658
33.5.2;Configuring Arbitrary Key/Value Pairs;659
33.5.3;Defining Configuration Sections to Configure Arbitrary Data Structures;659
33.6;Data Caching;661
33.6.1;Reading and Writing Cache Data;661
33.6.2;Using Advanced Cache Features;664
33.7;Site Maps;665
33.7.1;Setting Up and Using Site Maps;666
33.7.2;Creating a Custom Navigation Control with the Site Maps API;667
33.7.3;Generating Site Map URLs from Routing Data;668
33.7.3.1;Using Security Trimming;670
33.8;Internationalization;671
33.8.1;Setting Up Localization;672
33.8.2;Tips for Working with Resource Files;675
33.8.3;Using Placeholders in Resource Strings;675
33.8.4;Internationalizing Validation;676
33.8.4.1;Globalizing Validation Rules;676
33.8.5;Localizing Data Annotations Validation Messages;678
33.8.5.1;Localizing the Client-Side Number Validation Message;679
33.9;Performance;680
33.9.1;HTTP Compression;680
33.9.2;Tracing and Monitoring;682
33.9.3;Monitoring Page Generation Times;683
33.9.4;Monitoring LINQ to SQL Database Queries;684
33.10;Summary;687
34;CHAPTER 18 Upgrading and CombiningASP.NET Technologies;688
34.1;Using ASP.NET MVC in a Web Forms Application;688
34.1.1;Upgrading an ASP.NET Web Forms Application to Support MVC;689
34.1.1.1;Changing the Project Type;690
34.1.1.2;Adding Assembly References;691
34.1.1.3;Enabling and Configuring Routing;692
34.1.1.4;Adding Controllers and Views;694
34.1.2;Interactions Between Web Forms Pages and MVC Controllers;696
34.1.2.1;Linking and Redirecting from Web Forms Pages to MVC Actions;696
34.1.2.2;Transferring Data Between MVC and Web Forms;698
34.2;Using Web Forms Technologies in an MVC Application;699
34.2.1;Using Web Forms Controls in MVC Views;699
34.2.2;Using Web Forms Pages in an MVC Web Application;701
34.2.3;Adding Routing Support for Web Forms Pages;702
34.2.3.1;Web Forms Routing on .NET 4;703
34.2.3.2;Web Forms Routing on .NET 3.5;704
34.2.3.3;A Note About URL-Based Authorization;706
34.3;Upgrading from ASP.NET MVC 1;707
34.3.1;Using Visual Studio 2010’s Built-In Upgrade Wizard;708
34.3.2;Upgrading to .NET 4;709
34.3.3;Other Ways to Upgrade;710
34.3.4;A Post-Upgrade Checklist;710
34.3.4.1;Avoiding Anti-Forgery Token Problems Next Time You Deploy;712
34.4;Summary;713
35;Index;714
