Pro ASP.NET MVC 2 Framework (eBook)
XXIV, 776 Seiten
Apress (Verlag)
978-1-4302-2887-5 (ISBN)
Author Steven Sanderson has seen the ASP.NET MVC Framework mature from the start, so his experience, combined with comprehensive coverage of all the new features, including those in the official MVC development toolkit, offers the clearest understanding of how this exciting new framework can improve your coding efficiency. With this book, you'll gain invaluable up-to-date knowledge of security, deployment, and interoperability challenges.
The ASP.NET MVC 2 Framework introduces a radical high-productivity programming model that promotes cleaner code architecture, test-driven development, and powerful extensibility, combined with all the benefits of ASP.NET 3.5.
In this book, the core model-view-controller (MVC) architectural concepts are not simply explained or discussed in isolation, but are demonstrated in action. You'll work through an extended tutorial to create a working e-commerce web application that combines ASP.NET MVC with C# language features and unit-testing best practices. By gaining this invaluable, practical experience, you'll discover MVC's strengths and weaknesses for yourself-and put your best-learned theory into practice.
After a childhood spent at the computer, Steven Sanderson started web development in 1996, first using Perl and later adopting PHP. His last five years of professional experience have focused on ASP.NET, learning what works and what works better, and experiencing a developer's life everywhere from an investment bank to a five-person Internet startup. Steven has led Red Gate's web development team, and spends his free time blogging and keeping up to speed with the latest technology developments. He's followed the ASP.NET MVC framework since its inception and frequently participates in online discussions with its core developers at Microsoft.
Author Steven Sanderson has seen the ASP.NET MVC Framework mature from the start, so his experience, combined with comprehensive coverage of all the new features, including those in the official MVC development toolkit, offers the clearest understanding of how this exciting new framework can improve your coding efficiency. With this book, youll gain invaluable up-to-date knowledge of security, deployment, and interoperability challenges.The ASP.NET MVC 2 Framework introduces a radical high-productivity programming model that promotes cleaner code architecture, test-driven development, and powerful extensibility, combined with all the benefits of ASP.NET 3.5. In this book, the core model-view-controller (MVC) architectural concepts are not simply explained or discussed in isolation, but are demonstrated in action. Youll work through an extended tutorial to create a working e-commerce web application that combines ASP.NET MVC with C# language features and unit-testing best practices. By gaining this invaluable, practical experience, youll discover MVCs strengths and weaknesses for yourselfand put your best-learned theory into practice.
After a childhood spent at the computer, Steven Sanderson started web development in 1996, first using Perl and later adopting PHP. His last five years of professional experience have focused on ASP.NET, learning what works and what works better, and experiencing a developer's life everywhere from an investment bank to a five-person Internet startup. Steven has led Red Gate's web development team, and spends his free time blogging and keeping up to speed with the latest technology developments. He's followed the ASP.NET MVC framework since its inception and frequently participates in online discussions with its core developers at Microsoft.
Title page 1
Copyright page 2
Contents at a Glance 4
Table of contents 5
About the Author 20
About the Technical Reviewers 21
Acknowledgments 22
Introduction 23
You Don’t Need to Know ASP.NET MVC 1 Already 23
Which Technologies Are Used in This Book 23
Code Samples 23
Errata 24
Contacting the Author 24
PART 1 Introducing ASP.NETMVC 2 25
CHAPTER 1 What’s the Big Idea? 26
A Brief History of Web Development 26
Traditional ASP.NET Web Forms 27
What’s Wrong with ASP.NET Web Forms? 28
Web Development Today 29
Web Standards and REST 29
Agile and Test-Driven Development 30
Ruby on Rails 30
Key Benefits of ASP.NET MVC 31
MVC Architecture 31
Extensibility 31
Tight Control over HTML and HTTP 32
Testability 32
Powerful Routing System 33
Built on the Best Parts of the ASP.NET Platform 33
Modern API 34
ASP.NET MVC Is Open Source 34
Who Should Use ASP.NET MVC? 34
Comparisons with ASP.NET Web Forms 34
Migrating from Web Forms to MVC 35
Comparisons with Ruby on Rails 35
Comparisons with MonoRail 36
What’s New in ASP.NET MVC 2 36
Summary 37
CHAPTER 2 Your First ASP.NET MVCApplication 38
Preparing Your Workstation 38
Creating a New ASP.NET MVC Project 39
Adding the First Controller 41
Rendering Web Pages 42
Creating and Rendering a View 42
Adding Dynamic Output 45
A Starter Application 46
The Story 46
Designing a Data Model 47
Adding a Model Class 47
Linking Between Actions 48
Introducing Strongly Typed Views 51
Building a Form 52
Dude, Where’s My Data? 55
Handling Form Submissions 55
Introducing Model Binding 56
Rendering Arbitrary Views and Passing a Model Object to Them 56
Adding Validation 58
Model Binding Tells Input Controls to Redisplay User-Entered Values 60
Highlighting Invalid Fields 61
Finishing Off 62
Summary 64
CHAPTER 3 Prerequisites 65
Understanding MVC Architecture 65
The Smart UI (Anti-Pattern) 66
Separating Out the Domain Model 67
Model-View Architecture 67
Three-Tier Architecture 68
MVC Architecture 69
Implementation in ASP.NET MVC 70
History and Benefits 70
Variations on MVC 71
Where’s the Data Access Code? 71
Putting Domain Logic Directly into Controllers 71
Model-View-Presenter 71
Model-View-View Model 72
Domain Modeling 72
An Example Domain Model 73
Ubiquitous Language 74
Aggregates and Simplification 74
Is It Worth Defining Aggregates? 76
Keeping Data Access Code in Repositories 76
Using LINQ to SQL 77
Implementing the Auctions Domain Model 79
Implementing the Auction Repositories 81
Building Loosely Coupled Components 83
Taking a Balanced Approach 84
Using Dependency Injection 84
An MVC-Specific Example 85
Using a DI Container 86
Meet Ninject 87
Getting Started with Automated Testing 88
Understanding Unit Testing 89
How DI Supports Unit Testing 91
TDD and the Red-Green-Refactor Workflow 91
To Unit Test or Not to Unit Test 94
Understanding Integration Testing 95
BDD and the Given-When-Then Model 97
Why This Book Demonstrates Unit Testing Rather Than Integration Testing 99
C# 3 Language Features 100
The Design Goal: Language-Integrated Query 100
Extension Methods 101
Lambda Methods 102
Generic Type Inference 103
Automatic Properties 103
Object and Collection Initializers 104
Type Inference 104
Anonymous Types 105
Putting It All Together 105
Deferred Execution 107
Using LINQ to Objects 107
Lambda Expressions 108
IQueryable< T>
LINQ to Everything 111
Summary 111
CHAPTER 4 SportsStore: A Real Application 112
Getting Started 114
Creating Your Solutions and Projects 114
Starting Your Domain Model 117
Creating an Abstract Repository 118
Making a Fake Repository 119
Displaying a List of Products 119
Adding the First Controller 120
Setting Up the Default Route 121
Adding the First View 122
Connecting to a Database 125
Defining the Database Schema 125
Setting Up LINQ to SQL 128
Creating a Real Repository 128
Setting Up DI 130
Creating a Custom Controller Factory 130
Using Your DI Container 131
Creating Unit Tests 134
Configuring a Custom URL Schema 139
Assigning a Default Parameter Value 140
Displaying Page Links 141
Making the HTML Helper Method Visible to All View Pages 144
Supplying a Page Number to the View 145
Improving the URLs 149
Styling It Up 150
Defining Page Layout in the Master Page 150
Adding CSS Rules 151
Creating a Partial View 153
Summary 155
CHAPTER 5 SportsStore: Navigation andShopping Cart 156
Adding Navigation Controls 156
Filtering the Product List 156
Implementing the Category Filter 158
Defining a URL Schema for Categories 160
Building a Category Navigation Menu 162
Creating the Navigation Controller 162
Selecting and Rendering a List of Category Links 165
Highlighting the Current Category 167
Building the Shopping Cart 170
Defining the Cart Entity 170
Adding “Add to Cart” Buttons 173
Multiple < form>
Giving Each Visitor a Separate Shopping Cart 175
ASP.NET MVC Offers a Tidier Way of Working with Session Storage 175
Creating a Custom Model Binder 176
Creating CartController 176
Implementing AddToCart and RemoveFromCart 178
Displaying the Cart 180
Removing Items from the Cart 183
Displaying a Cart Summary in the Title Bar 184
Submitting Orders 186
Enhancing the Domain Model 186
Adding the “Check Out Now” Button 187
Prompting the Customer for Shipping Details 188
Defining an Order Submitter DI Component 190
Completing CartController 190
Adding a Fake Order Submitter 193
Displaying Validation Errors 194
Displaying a “Thanks for Your Order” Screen 195
Implementing EmailOrderSubmitter 196
Summary 199
CHAPTER 6 SportsStore: Administration andFinal Enhancements 200
Adding Catalog Management 201
Creating AdminController: A Place for the CRUD Features 201
Rendering a Grid of Products in the Repository 203
Implementing the List View 204
Building a Product Editor 207
Creating a Product Editor UI 207
Handling Edit Submissions 210
Adding Validation 213
Enabling Client-Side Validation 215
Creating New Products 215
Deleting Products 217
Securing the Administration Features 219
Setting Up Forms Authentication 219
Using a Filter to Enforce Authentication 220
Displaying a Login Prompt 221
Image Uploads 225
Preparing the Domain Model and Database 225
Accepting File Uploads 226
A Little-Known Fact About HTML Forms 227
Saving the Uploaded Image to the Database 227
Handling Form Posts That Don’t Include an Image 228
Displaying Product Images 230
Summary 233
PART 2 ASP.NET MVC in Detail 234
CHAPTER 7 Overview of ASP.NET MVC Projects 235
Developing MVC Applications in Visual Studio 235
Naming Conventions 240
The Initial Application Skeleton 240
Debugging MVC Applications and Unit Tests 241
Launching the Visual Studio Debugger 241
Attaching the Debugger to IIS 243
Attaching the Debugger to a Test Runner (e.g., NUnit GUI) 243
Remote Debugging 244
Using the Debugger 244
Stepping into the .NET Framework Source Code 245
Stepping into the ASP.NET MVC Framework Source Code 246
The Request Processing Pipeline 247
Stage 1: IIS 249
Stage 2: Core Routing 250
Routing Configurations 251
Stage 3: Controllers and Actions 251
Finding and Invoking Controllers 251
What Controllers Must Do 251
What Controllers Normally Do 252
Stage 4: Action Results and Views 252
Rendering a View 252
Summary 253
CHAPTER 8 URLs and Routing 254
Putting the Programmer Back in Control 254
About Routing and Its .NET Assemblies 255
Setting Up Routes 255
Understanding the Routing Mechanism 258
The Main Characters: RouteBase, Route, and RouteCollection 258
How Routing Fits into the Request Processing Pipeline 258
The Order of Your Route Entries Is Important 259
Adding a Route Entry 260
URL Patterns Match the Path Portion of a URL 260
Meet RouteValueDictionary 261
Take a Shortcut with MapRoute() 261
Using Parameters 262
Receiving Parameter Values in Action Methods 262
Using Defaults 263
Creating Optional Parameters with No Default Value 264
Using Constraints 264
Matching Against Regular Expressions 265
Matching HTTP Methods 266
Matching Custom Constraints 267
Prioritizing Controllers by Namespace 267
Accepting a Variable-Length List of Parameters 268
Matching Files on the Server’s Hard Disk 269
Using the RouteExistingFiles Flag 269
Using IgnoreRoute to Bypass the Routing System 270
Generating Outgoing URLs 271
Generating Hyperlinks with Html.ActionLink() 271
Passing Extra Parameters 272
How Parameter Defaults Are Handled 273
Generating Fully Qualified Absolute URLs 273
Generating Links and URLs from Pure Routing Data 274
Performing Redirections to Generated URLs 275
Understanding the Outbound URL-Matching Algorithm 275
Generating Hyperlinks with Html.ActionLink< T>
Working with Named Routes 279
Why You Might Not Want to Use Named Routes 279
Working with Areas 280
Setting Up Areas 280
Routing and URL Generation with Areas 283
Linking to an Action in the Same Area 284
Linking to an Action in a Different Area 285
Linking to an Action in the Root Area 285
Areas and Explicitly Named Routes 285
Areas and the Ambiguous Controller Problem 286
Areas Summary 286
Unit Testing Your Routes 286
Testing Inbound URL Routing 287
Using Test Doubles 288
Using a Mocking Framework (Moq) 289
Testing Outbound URL Generation 291
Unit Testing Area Routes 293
Further Customization 293
Implementing a Custom RouteBase Entry 294
Implementing a Custom Route Handler 295
URL Schema Best Practices 296
Make Your URLs Clean and Human-Friendly 296
Follow HTTP Conventions 297
GET and POST: Pick the Right One 298
On Query Strings 298
Use the Correct Type of HTTP Redirection 298
SEO 300
Summary 300
CHAPTER 9 Controllers and Actions 301
An Overview 301
Comparisons with ASP.NET Web Forms 302
All Controllers Implement IController 302
The Controller Base Class 303
Receiving Input 304
Getting Data from Context Objects 305
Using Action Method Parameters 306
Parameters Objects Are Instantiated Using Value Providers and Model Binders 307
Optional and Compulsory Parameters 307
Specifying Default Parameter Values 308
Parameters You Can’t Bind To 309
Invoking Model Binding Manually in an Action Method 309
Producing Output 310
Understanding the ActionResult Concept 310
Returning HTML by Rendering a View 313
Rendering a View by Path 314
Passing a ViewData Dictionary and a Model Object 314
Treating ViewData As a Loosely Typed Dictionary 315
Sending a Strongly Typed Object in ViewData.Model 316
Combining Both Approaches 317
Passing a Dynamic Object As ViewData.Model 317
Performing Redirections 318
Redirecting to a Different Action Method 319
Redirecting to a Different URL 320
Using TempData to Preserve Data Across a Redirection 320
Where TempData Stores Its Data 321
Controlling the Lifetime of TempData Items 321
Returning Textual Data 322
Generating an RSS Feed 323
Returning JSON Data 324
Returning JavaScript Commands 325
Returning Files and Binary Data 326
Sending a File Directly from Disk 326
Sending the Contents of a Byte Array 328
Sending the Contents of a Stream 328
Creating a Custom Action Result Type 329
Example: Watermarking an Image (and the Concept of Unit Testability Seams) 329
Unit Testing Controllers and Actions 331
How to Arrange, Act, and Assert 332
Testing a Choice of View and ViewData 332
Testing ViewData Values 333
Testing Redirections 334
More Comments About Unit Testing 335
Mocking Context Objects 335
Reducing the Pain of Mocking 337
Method 1: Make a Reusable Helper That Sets Up a Standard Mock Context 337
Method 2: Access Dependencies Through Virtual Properties 339
Method 3: Receive Dependencies Using Model Binding 341
Method 4: Turn Your Dependencies into DI Components 341
Method 5: Factor Out Complexity and Don’t Unit Test Controllers 341
Summary 342
CHAPTER 10 Controller Extensibility 343
Using Filters to Attach Reusable Behaviors 343
Introducing the Four Basic Types of Filter 344
Applying Filters to Controllers and Action Methods 345
Creating Action Filters and Result Filters 346
Controlling the Order of Execution 348
Filters on Actions Can Override Filters on Controllers 350
Using the Controller Itself As a Filter 351
Creating and Using Authorization Filters 351
How Authorization Filters Interact with Output Caching 352
Creating a Custom Authorization Filter 353
Creating and Using Exception Filters 354
Using HandleErrorAttribute 355
Creating a Custom Exception Filter 357
Bubbling Exceptions Through Action and Result Filters 358
The [OutputCache] Action Filter 359
The [RequireHttps] Filter 362
Other Built-In Filter Types 362
Controllers As Part of the Request Processing Pipeline 362
Working with Default Controller Factory 363
Prioritizing Namespaces Globally Using DefaultNamespaces 364
Prioritizing Namespaces on Individual Route Entries 364
Limiting a Route Entry to Match Controllers in a Specific Set of Namespaces 365
Creating a Custom Controller Factory 366
Registering a Custom Controller Factory 367
Customizing How Action Methods Are Selected and Invoked 367
The Real Definition of an Action 367
Using [ActionName] to Specify a Custom Action Name 368
Method Selection: Controlling Whether a C# Method Should Agree to Handle a Request 368
Creating a Custom Action Method Selector Attribute 369
Using the [NonAction] Attribute 370
How the Whole Method Selection Process Fits Together 370
Handling Unknown Actions 372
Overriding HTTP Methods to Support REST Web Services 373
Submitting a Plain HTML Form with an Overridden HTTP Method 374
How HTTP Method Overriding Works 374
Boosting Server Capacity with Asynchronous Controllers 375
Introducing Asynchronous Requests 376
Using Asynchronous Controllers 376
Turning a Synchronous Action into an Asynchronous Action 377
Passing Parameters to the Completion Method 382
Controlling and Handling Timeouts 383
Using Finish() to Abort All Remaining Asynchronous Operations 383
Using Sync() to Transition Back to the Original HTTP Context 384
Adding Asynchronous Methods to Domain Classes 385
Choosing When to Use Asynchronous Controllers 386
Measuring the Effects of Asynchronous Controllers 386
Ensuring Your Server Is Configured to Benefit from Asynchronous Requests 388
Summary 389
CHAPTER 11 Views 390
How Views Fit into ASP.NET MVC 390
The Web Forms View Engine 391
View Engines Are Replaceable 391
Web Forms View Engine Basics 391
Adding Content to a View 391
Five Ways to Add Dynamic Content to a View 392
Using Inline Code 393
Why Inline Code Is a Good Thing in MVC Views 395
Understanding How MVC Views Actually Work 395
Understanding How ASPX Pages Are Compiled 395
The Code-Behind Model 398
How Automatic HTML Encoding Works 398
How ASP.NET 4 Automatically Skips Encoding When Rendering HTML Helpers 399
Introducing the < %: ... %>
Working with MvcHtmlString 400
Using Custom Encoding Logic (Applies to .NET 4 Only) 400
Understanding ViewData 401
Extracting ViewData Items Using ViewData.Eval 402
Using HTML Helper Methods 403
The Framework’s Built-In Helper Methods 404
Rendering Input Controls 404
Using Strongly Typed Input Controls 405
How Input Controls Get Their Values 406
Adding Arbitrary Tag Attributes 406
A Note About HTML Encoding 407
Rendering Links and URLs 407
Performing HTML and HTML Attribute Encoding 408
Rendering Drop-Down and Multiselect Lists 409
Bonus Helper Methods in Microsoft.Web.Mvc.dll 411
Other HTML Helpers 413
Rendering Form Tags 414
Forms That Post Back to the Same URL 415
Using Html.BeginForm< T>
Creating Your Own HTML Helper Methods 416
Using Partial Views 418
Creating and Rendering a Partial View 418
Rendering a Partial Directly to the Response Stream 419
Passing ViewData to a Partial View 419
Passing an Explicit Model Object to a Partial View 420
Rendering a Partial View Using Server Tags 423
Passing ViewData to the Control 424
Passing an Explicit Model Object to the Control 424
Summary 425
CHAPTER 12 Models and Data Entry 426
How It All Fits Together 426
Templated View Helpers 427
Displaying and Editing Models Using Templated View Helpers 428
Using Model Metadata to Influence Templated View Helpers 431
Rendering Editors for Individual Properties 433
Rendering Labels for Individual Properties 435
The Built-in Editor Templates 435
Displaying Models Using Templated View Helpers 437
Using Partial Views to Define Custom Templates 439
Creating a Custom Editor Template 441
Respecting Formatting Metadata and Inheriting from ViewTemplateUserControl< T>
Passing Additional View Data to Custom Templates 442
Working with HTML Field Prefixes and the TemplateInfo Context 442
Model Metadata 444
Working with Data Annotations 445
Creating a Custom Metadata Provider 446
The Full Set of Metadata Options 447
Consuming Model Metadata in Custom HTML Helpers 450
Using [MetadataType] to Define Metadata on a Buddy Class 451
Model Binding 451
Model-Binding to Action Method Parameters 452
Model-Binding to Custom Types 453
Specifying a Custom Prefix 455
Omitting a Prefix 455
Choosing a Subset of Properties to Bind 455
Invoking Model Binding Directly 456
Dealing with Model Binding Errors 457
Model-Binding to Arrays, Collections, and Dictionaries 458
Model-Binding Collections of Custom Types 459
Using Nonsequential Indexes 460
Model-Binding to a Dictionary 461
Creating a Custom Value Provider 461
Creating a Custom Model Binder 462
Configuring Which Model Binders Are Used 464
Using Model Binding to Receive File Uploads 466
Validation 467
Registering and Displaying Validation Errors 467
Using the Built-In Validation HTML Helpers 469
Controlling Where Validation Messages Appear 471
Distinguishing Property-Level Errors from Model-Level Errors 472
How the Framework Retains State After a Validation Failure 473
Performing Validation As Part of Model Binding 473
Specifying Validation Rules 475
Using Data Annotations Validation Attributes 475
Using the IDataErrorInfo Interface 478
Creating a Custom Validation Provider 479
Invoking Validation Manually 481
Using Client-Side Validation 482
Using Client-Side Validation with a Validation Summary 483
Dynamically Highlighting Valid and Invalid Fields 484
Allowing Specific Buttons to Bypass Validation 484
How Client-Side Validation Works 485
Implementing Custom Client-Side Validation Logic 486
Reusing the Built-In Client-Side Validation Logic 488
Putting Your Model Layer in Charge of Validation 489
Summary 493
CHAPTER 13 User Interface Techniques 494
Wizards and Multistep Forms 494
Defining the Model 495
Navigation Through Multiple Steps 496
Collecting and Preserving Data 498
Completing the Wizard 500
Validation 502
Implementing a CAPTCHA 506
Creating an Html.Captcha() Helper 507
Rendering a Dynamic Image 509
Distorting the Text 511
Verifying the Form Submission 512
Using Child Actions to Create Reusable Widgets with Application Logic 513
How the Html.RenderAction Helper Invokes Child Actions 514
When It’s Appropriate to Use Child Actions 514
Creating a Widget Based on a Child Action 515
Capturing a Child Action’s Output As a String 518
Detecting Whether You’re Inside a Child Request 518
Restricting an Action to Handle Child Requests Only 519
Sharing Page Layouts Using Master Pages 519
Using Widgets in MVC View Master Pages 520
Method 1: Have Your Controller Put a Control-Specific Data Item into ViewData 520
Method 2: Use an Action Filter to Put a Control-Specific Data Item into ViewData 521
Method 3: Use Child Actions 521
Implementing a Custom View Engine 522
A View Engine That Renders XML Using XSLT 522
Step 1: Implement IViewEngine, or Derive a Class from VirtualPathProviderViewEngine 522
Step 2: Implement IView 523
Step 3: Use It 524
Step 4: Register Your View Engine with the Framework 526
Using Alternative View Engines 527
Using the NVelocity View Engine 528
Using the Brail View Engine 529
Using the NHaml View Engine 530
Using the Spark View Engine 531
Summary 532
CHAPTER 14 Ajax and Client Scripting 533
Why You Should Use a JavaScript Toolkit 533
ASP.NET MVC’s Ajax Helpers 534
Fetching Page Content Asynchronously Using Ajax.ActionLink 535
Passing Options to Ajax.ActionLink 538
Running JavaScript Functions Before or After Asynchronous Requests 539
Detecting Ajax Requests 540
Submitting Forms Asynchronously Using Ajax.BeginForm 541
Invoking JavaScript Commands from an Action Method 542
Reviewing ASP.NET MVC’s Ajax Helpers 544
Using jQuery with ASP.NET MVC 545
Referencing jQuery 546
Referencing jQuery on a Content Delivery Network 546
Basic jQuery Theory 548
Waiting for the DOM 550
Event Handling 550
Global Helpers 551
Unobtrusive JavaScript 552
Adding Client-Side Interactivity to an MVC View 553
Improvement 1: Zebra-Striping 554
Improvement 2: Confirm Before Deletion 556
Improvement 3: Hiding and Showing Sections of the Page 557
Ajax-Enabling Links and Forms 558
Unobtrusive JavaScript and Hijaxing 558
Hijaxing Links 558
Performing Partial Page Updates 560
Using live to Retain Behaviors After Partial Page Updates 561
Hijaxing Forms 563
Client/Server Data Transfer with JSON 564
A Note About JsonResult and GET Requests 567
Performing Cross-Domain JSON Requests Using JSONP 568
Fetching XML Data Using jQuery 570
Animations and Other Graphical Effects 571
jQuery UI’s Prebuilt UI Widgets 572
Example: A Sortable List 573
Summarizing jQuery 574
Summary 575
PART 3 Delivering SuccessfulASP.NET MVC 2 Projects 576
CHAPTER 15 Security and Vulnerability 577
All Input Can Be Forged 577
Forging HTTP Requests 579
Cross-Site Scripting and HTML Injection 581
Example XSS Vulnerability 582
Attack 582
Defense 583
ASP.NET’s Request Validation Feature 583
Request Validation: Good or Bad? 584
Disabling Request Validation 585
Customizing Request Validation Logic 585
Filtering HTML Using the HTML Agility Pack 586
JavaScript String Encoding and XSS 588
Session Hijacking 589
Defense via Client IP Address Checks 590
Defense by Setting the HttpOnly Flag on Cookies 590
Cross-Site Request Forgery 591
Attack 591
Defense 592
Preventing CSRF Using the Anti-Forgery Helpers 592
SQL Injection 594
Attack 595
Defense by Encoding Inputs 595
Defense Using Parameterized Queries 595
Defense Using Object-Relational Mapping 596
Using the MVC Framework Securely 596
Don’t Expose Action Methods Accidentally 596
Don’t Allow Model Binding to Change Sensitive Properties 597
Summary 597
CHAPTER 16 Deployment 598
Server Requirements 598
Building Your Application for Production Use 599
Controlling Dynamic Page Compilation 599
Detecting Compiler Errors in Views Before Deployment 600
Detecting Compiler Errors in Views Only When Building in Release Mode 601
IIS Basics 601
Understanding Web Sites and Virtual Directories 602
Binding Web Sites to Hostnames, IP Addresses, and Ports 603
Deploying Your Application 603
Manually Copying Application Files to the Server 603
Where Should I Put My Application? 604
Bin-Deploying ASP.NET MVC 2 604
Deploying to IIS 6 on Windows Server 2003 606
Adding and Configuring a New MVC Web Site in IIS Manager 606
How IIS 6 Processes Requests 608
Making Extensionless URLs Work on IIS 6 608
Using a Wildcard Map 611
Disadvantages of Using Wildcard Maps 611
Excluding Certain Subdirectories from a Wildcard Map 612
Using a Traditional ASP.NET File Name Extension 612
Using a Custom File Name Extension 613
Extensionless URLs on IIS 6 with .NET 4 613
Troubleshooting IIS 6 Errors 614
Deploying to IIS 7.x on Windows Server 2008/2008 R2 615
Installing IIS 7.x on Windows Server 2008/2008 R2 615
Adding and Configuring a New MVC Web Site in IIS 7.x 616
How IIS 7.x Processes Requests in Classic Pipeline Mode 617
How IIS 7.x Processes Requests in Integrated Pipeline Mode 618
How Integrated Mode Makes Extensionless URLs Easy 619
Why Extensionless URLs Work on IIS 7.x Integrated Pipeline Mode with .NET 3.5 619
Why Extensionless URLs Work in IIS 7.x Integrated Pipeline Mode with .NET 4 619
Further IIS 7.x Deployment Considerations 620
Troubleshooting IIS 7.x Errors 621
Deploying to IIS 7.5 on Windows Server 2008 R2 Core 622
Automating Deployments with WebDeploy and Visual Studio 2010 623
Transforming Configuration Files 625
Automating Online Deployments with One-Click Publishing 628
Automating Offline Deployments with Packaging 629
Summary 631
CHAPTER 17 ASP.NET Platform Features 632
Windows Authentication 633
Preventing or Limiting Anonymous Access 635
Forms Authentication 636
Setting Up Forms Authentication 637
Handling Login Attempts 639
Using Cookieless Forms Authentication 640
Membership, Roles, and Profiles 641
Setting Up a Membership Provider 643
Setting Up SqlMembershipProvider 643
Using a SQL Server Express User Instance Database 644
Preparing Your Own Database for Membership, Roles, and Profiles 644
Managing Members Using the Web Administration Tool 646
Managing Members Using IIS 7.x’s .NET Users Configuration Tool 647
Using a Membership Provider with Forms Authentication 648
Creating a Custom Membership Provider 649
Setting Up and Using Roles 650
Using the Built-In SqlRoleProvider 651
Securing Controllers and Actions by Role 652
Creating a Custom Roles Provider 652
Setting Up and Using Profiles 653
Using the Built-In SqlProfileProvider 653
Configuring, Reading, and Writing Profile Data 654
Creating a Custom Profile Provider 655
URL-Based Authorization 657
Configuration 657
Configuring Connection Strings 658
Configuring Arbitrary Key/Value Pairs 659
Defining Configuration Sections to Configure Arbitrary Data Structures 659
Data Caching 661
Reading and Writing Cache Data 661
Using Advanced Cache Features 664
Site Maps 665
Setting Up and Using Site Maps 666
Creating a Custom Navigation Control with the Site Maps API 667
Generating Site Map URLs from Routing Data 668
Using Security Trimming 670
Internationalization 671
Setting Up Localization 672
Tips for Working with Resource Files 675
Using Placeholders in Resource Strings 675
Internationalizing Validation 676
Globalizing Validation Rules 676
Localizing Data Annotations Validation Messages 678
Localizing the Client-Side Number Validation Message 679
Performance 680
HTTP Compression 680
Tracing and Monitoring 682
Monitoring Page Generation Times 683
Monitoring LINQ to SQL Database Queries 684
Summary 687
CHAPTER 18 Upgrading and CombiningASP.NET Technologies 688
Using ASP.NET MVC in a Web Forms Application 688
Upgrading an ASP.NET Web Forms Application to Support MVC 689
Changing the Project Type 690
Adding Assembly References 691
Enabling and Configuring Routing 692
Adding Controllers and Views 694
Interactions Between Web Forms Pages and MVC Controllers 696
Linking and Redirecting from Web Forms Pages to MVC Actions 696
Transferring Data Between MVC and Web Forms 698
Using Web Forms Technologies in an MVC Application 699
Using Web Forms Controls in MVC Views 699
Using Web Forms Pages in an MVC Web Application 701
Adding Routing Support for Web Forms Pages 702
Web Forms Routing on .NET 4 703
Web Forms Routing on .NET 3.5 704
A Note About URL-Based Authorization 706
Upgrading from ASP.NET MVC 1 707
Using Visual Studio 2010’s Built-In Upgrade Wizard 708
Upgrading to .NET 4 709
Other Ways to Upgrade 710
A Post-Upgrade Checklist 710
Avoiding Anti-Forgery Token Problems Next Time You Deploy 712
Summary 713
Index 714
Erscheint lt. Verlag | 10.1.2011 |
---|---|
Zusatzinfo | XXIV, 776 p. |
Verlagsort | Berkeley |
Sprache | englisch |
Themenwelt | Mathematik / Informatik ► Informatik ► Software Entwicklung |
Mathematik / Informatik ► Informatik ► Theorie / Studium | |
Mathematik / Informatik ► Informatik ► Web / Internet | |
Schlagworte | AJAX • ASP • ASP.NET • C# • Control • Deployment • E-Commerce • Framework • Navigation • .NET • programming • techniques • Technology • Time |
ISBN-10 | 1-4302-2887-3 / 1430228873 |
ISBN-13 | 978-1-4302-2887-5 / 9781430228875 |
Haben Sie eine Frage zum Produkt? |
Größe: 53,3 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich