Professional ASP.NET MVC 2

FOREWORD xxx

INTRODUCTION xxvii

CHAPTER 1: NERDDINNER 1

File ➪ New Project 6

Creating the Database 14

Building the Model 21

Controllers and Views 37

Create, Update, Delete Form Scenarios 57

ViewData and ViewModel 85

Partials and Master Pages 91

Paging Support 100

Authentication and Authorization 109

AJAX Enabling RSVPs Accepts 118

Integrating an AJAX Map 127

Unit Testing 146

NerdDinner Wrap-Up 165

CHAPTER 2: MODEL-VIEW-CONTROLLER AND ASP.NET 167

What Is Model-View-Controller? 167

MVC on the Web Today 169

ASP.NET MVC: The New Kid on the Block 173

Summary 177

CHAPTER 3: ASP.NET > ASP.NET MVC 179

Abstraction: What Web Forms Does Well 179

The Leak: Where Web Forms Doesn’t Exactly Fit 185

Back to Basics: ASP.NET MVC Believes… 188

Caring about Testability 190

Common Reactions to ASP.NET MVC 192

Why “(ASP.NET > ASP.NET MVC) == True” 193

Summary 201

CHAPTER 4: ROUTES AND URLS 203

Introduction to Routing 204

Under the Hood: How Routes Tie Your URL to an Action 226

Advanced Routing with Custom Constraints 227

Route Extensibility 228

Using Routing with Web Forms 235

Summary 241

CHAPTER 5: CONTROLLERS 243

History of the Controller 243

Defining the Controller: The IController Interface 245

The ControllerBase Abstract Base Class 247

The Controller Class and Actions 248

The ActionResult 252

Action Invoker 260

Summary 278

CHAPTER 6: VIEWS 279

What a View Does 279

What a View Shouldn’t Do 281

Specifying a View 281

Strongly Typed Views 283

ViewModels 284

HTML Helper Methods 285

The View Engine 299

New View Engine or New ActionResult? 309

Summary 309

CHAPTER 7: AJAX 311

When Ajax Is Cool 312

When It’s Not 313

Ajax Examples 314

Summary 339

CHAPTER 8: FILTERS 341

Filters Included with ASP.NET MVC 341

Writing a Custom Action Filter 354

Writing a Custom Authorization Filter 355

Writing a Custom Exception Filter 357

Filter Ordering 358

Filter Naming 359

Summary 361

CHAPTER 9: SECURING YOUR APPLICATION 363

This Is a War 365

Weapons 369

Threat: Cross-Site Scripting (XSS) 372

Threat: Cross-Site Request Forgery 381

Threat: Cookie Stealing 386

Threat: Over-Posting 387

Keeping Your Pants Up: Proper Error Reporting and the Stack Trace 389

Securing Your Controllers, Not Your Routes 390

Summary: It’s Up to You 392

CHAPTER 10: TEST DRIVEN DEVELOPMENT WITH ASP.NET MVC 395

A Brief Introduction to TDD 396

Applying TDD to ASP.NET MVC 404

Summary 412

CHAPTER 11: TESTABLE DESIGN PATTERNS 413

Why You Should Care About Testability 413

You Want to Write Testable Code 416

Using Tests to Prove You’re Done 417

Designing Your Application for Testability 417

Testable Data Access 422

Implementing Business Logic with the Service Layer 429

Summary 438

CHAPTER 12: BEST OF BOTH WORLDS: WEB FORMS AND MVC TOGETHER 441

How Is It Possible? 442

Including MVC in Existing Web Forms Applications 442

Adding Web Forms to an Existing ASP.NET MVC Application 448

Sharing Data between Web Forms and MVC 451

Migrating from Web Forms to MVC 456

Summary 469

CHAPTER 13: WHAT’S NEW IN ASP.NET MVC 2 471

Security 471

Productivity 473

Performance: Asynchronous Controller Actions 486

Miscellaneous 486

Summary 487

INDEX 489