Index
INDEX
Numbers & Symbols adaptive rendering, 462–470
CSS media queries, 466–468
@ sign, 64–66 responsive web design, 468–470
@@ sign, 66 Viewport meta tag, 466
{} (curly braces), 68
~ (tilde), 55, 132 Add Controller dialog, 85–87, 363–364
3A (Arrange, Act, Assert), 411–412 add method, jQuery.validator.
A unobtrusive.adapters, 239
Add Scaffold dialog, 85, 363
About method, HomeController, 53 Add View dialog, 60–63
About.cshtml ile, 53 addBool method, jQuery.validator.
Abstractions.dll assembly, 418
AcceptVerbsAttribute attribute, 513–514 unobtrusive.adapters, 239
AccountController class, 39, 165, 193 addMinMax method, jQuery.validator.
AuthorizeAttribute, 167–169 unobtrusive.adapters, 239
global authorization, 171–172 addSingleVal method, jQuery.validator.
open redirection attacks, 202–207
AccountViewModels.cs ile, 77, 138 unobtrusive.adapters, 239–240
action attribute, HTML form tag, 110, 111 Ajax
action ilters, 349, 454–455
method selectors, 446–447 action links, 226–229
for orthogonal activities, 420 client validation, 233–241
Action HTML helper, 133–135 forms, 230–233
action invoker, 511–515 helpers, 225–233
ActionLink Ajax helper, 226–230, 562
ActionLink HTML helper, 131–132 ActionLink, 226–230, 562
ActionName attribute, 135, 446 JavaScriptStringEncode, 67, 190,
ActionNameAttribute attribute, 512–513
ActionResult class, 502–511 191–192
ActionSelectorAttribute attribute, 513 jquery.unobtrusive-ajax.js script,
active XSS injection, 186–187
adapters object, 239–240 225–226, 230
HTML 5 attributes, 230
jQuery, 214–225
and NuGet, 220
autocomplete, 243–246
bootstrap plugins, 251–252
events, 217–218
injecting scripts, 222–223
jQuery function, 214–216
JSON templates, 246–251
567
ajax method – ASP.NET Web API
selectors, 215–217 role management, 175
using in MVC applications, 219–225 storing user proile data, 174
validation, 233–236 user management, 175
writing custom scripts, 221–222 ASP.NET MVC
partial view updates, 73–74 abstraction layers, 2
performance optimization, 253–255 life cycle, 476
unobtrusive, 225–226 open source release, 10–11
web.config settings, 234–235 ASP.NET MVC 1, 4
ajax method, 250–251 ASP.NET MVC 2, 4–5
AlbumList package, 57 ASP.NET MVC 3, 5–6
AllowAnonymous attribute, 170–172, 349 ASP.NET MVC 4, 6–10
alpha inline constraint, 267 bundling and miniication, 10
ambient route values, 291–293 display modes, 9–10
AnglicanGeek.MarkdownMailer, 543 Web API, 7–9
AngularJS, 355–384 ASP.NET MVC 5
building applications
controllers, 365–368
modules, 364–365 conventions, 27–29
the Web API, 363–364 creating, 17–18
database setup, 361–362 New ASP.NET Project dialog, 18–24
delete operations, 377–379 top-level directories, 24–27
details view, 373–374 upgrading to MVC 5.1, 547–549
edit view, 379–384 default layout changes, 72
installing, 359–361 installing, 16
routing, 371–373 software requirements, 16
services, 368–371, 375–377 ASP.NET MVC 5.1
AntiXSS library, 191–193, 210 Ajax support, 562
ApiController class, 335–342 attribute routing, 553–558
AppActivator.cs ile, 526 Bootstrap and JavaScript enhancements,
/App_Data directory, 25 558–563
/App_Start directory, 25 Enums support, 549–553
arbitrary objects features, 546
in MVC, 399–402 upgrading MVC 5 applications, 547–549
in Web API, 405 ASP.NET Routing. See routing
area routes, 282–284 ASP.NET Scaffolding, 14–15, 482–486.
AreaRegistration class, 282 See also scaffolding
AreasDemoWeb.Controllers namespace, 283 ASP.NET vNext, 8–9
Arrange, Act, Assert (3A), 411–412 ASP.NET Web API, 333–354
ArtistSearch method, adding routes, 346–347
HomeController, 231, 248–249 binding parameters, 347–348
ArtistSearch.cshtml ile, 232 coniguring, 342–346
ASP.NET Dynamic Data, 527–530 deining, 334
ASP.NET Identity enabling dependency injection, 350
features, 12–13 exploring APIs programmatically,
persistance control, 174–175 350 –351
iltering requests, 349–350
568
asynchronous controller actions – Code Analysis Tool .NET
ProductsController example, 352–354 Automatic Package Restore, 309
tracing applications, 352 Azure Mobile Service template, 21
writing an API controller, 335–342
asynchronous controller actions, B
515–520 BadRequest method, ApiController, 341
at (@) sign, 64–66 BasePageType package, 476
atTheMovies.js ile, 365, 375–376 BeginForm HTML helper, 114–118
attribute routes, 14, 260–271. Bind attribute, 105, 107, 201–202
binding expressions, 246, 249
See also routing BindModel, 432–436
catch-all parameter, 284–285 blacklists, 191, 193, 201, 202
combining with traditional routes, blocked threads, 516
bool inline constraint, 267
278–280 bootstrap
controller routes, 263–265
route constraints, 265–267 adaptive rendering, 462–470
route defaults, 267–271 ASP.NET MVC 5.1 enhancements, 558–563
route URLs, 261 bootstrap.js ile, 224
route values, 262–263 jQuery plugins, 251–252
vs. traditional routes, 280 templates, 13–14
and unit testing, 271–272 Brail view engine, 481
AttributeRouting project, 14 BundleConfig.cs ile, 10
authentication bundling and miniication, 10
ASP.NET Identity, 12–13, 174–175 Ajax, 254–255
vs. authorization, 162 business logic, keeping from controllers, 416
claims-based, 12, 162, 173 Buy method, StoreController, 162
coniguring, 22
cookie-based authentication, 168 C
external logins, 175–182
ilters, 349, 448–453 Cassini, 40
OAuth, 175–178, 180–182 CAT.NET, 210
OpenID, 175–180, 181–182 catch-all parameter, 284–285
Windows, 169–170 CDNs (content delivery networks), 253
authorization CheckBox HTML helper, 130
vs. authentication, 162 claims-based authentication, 12, 162, 173
AuthorizeAttribute, 162–172 client validation, 233. See also validation
ilters, 15, 349, 454
global, 170–172 custom validation, 236–241
URL authorization, 166 jQuery Validation plugin, 233–236
Authorize package, 163 MVC 5.1, 561–562
client-side unit testing, 424
AuthorizeAttribute ClientDataTypeModelValidatorProvider,
to require login, 162–172
to require role membership, 172–174 399, 439
ClientValidationEnabled property,
authors metadata element, NuGet, 316
auto-mocking containers, 417 ViewContext, 479
Autofac dependency injection library, 332 Code Analysis Tool .NET, 210
automated test results, 409
569
code blocks – .cshtml files
code blocks, 68–70 IController interface, 273, 498–501
code delimeter, escaping, 70 role of, 31–33
code expressions, 64–66, 68–69 sample application overview, 34–38
Code First, 83, 174, 535–539 scaffolding, 85–92
code-focused templating for testing, 416–420
/Controllers directory, 24, 25
HTML generation, 6 convention over coniguration, 27, 28–29
command-query responsibility segregation cookies
cookie-based authentication, 168
(CQRS), 84 cookie-stealing attacks, 197–199
commenting out code, 70 copyright metadata element, NuGet, 317
Compare attribute, DataAnnotations, 145 coupling, 386–388
complacency, 210 CQRS (command-query responsibility
Conery, Rob, 402
Configuration.cs ile, 362 segregation), 84
coniguration transforms, 208–209 Create scaffold template, 62
Conflict method, ApiController, 341 CreateActionResult method, 511
confused deputy attack, 193–196 Created method, ApiController, 341
constraints CreatedAtRoute method, ApiController, 341
CreateMetadata method, 437–438
attribute routes, 275–267 cross-site request forgery (CSRF) attacks,
custom route constraints, 295–296
traditional routes, 277–278 193–197
containers, dependency injection, 350, cross-site scripting (XSS) attacks, 183–192
394–396, 400, 417 active injection, 186–187
content delivery networks (CDNs), 253 passive injection, 183–185
/Content directory, 25, 26 preventing, 187–193
Content method threat summary, 183
.cs iles
ApiController class, 341 AccountViewModels.cs, 77, 138
Controller class, 505 AppActivator.cs, 526
content negotiation, 8, 340 BundleConfig.cs, 10
ContentResult ActionResult type, 505, 506 Configuration.cs, 362
controller actions, 43–47 DataContext.cs, 352
asynchronous, 515–520 FilterConfig.cs, 171
parameters in, 45–47 global.asax.cs, 94–95, 114, 421
securing, 162–172 HomeController.cs, 39, 52–53, 413–414
and validation errors, 148–150 IdentityModels.cs, 77, 138, 174
Controller class, 500–502 MusicStoreDB.cs, 87–89
Controller property, ViewContext Order.cs, 138–142
Product.cs, 352
object, 479 RouteConfig.cs, 261, 271, 489, 554
ControllerActionInvoker class, 511–515 Routes.cs, 488–491
ControllerBase class, 499–501 Startup.Auth.cs, 169, 176–180, 181
controllers, 31–47. See also controller actions .cshtml iles
About.cshtml, 53
Add Controller dialog, 85–87, 363–364 ArtistSearch.cshtml, 232
creating, 41–47, 42–45
extending, 446–458
history of, 32–33
Home controller example, 39–41
570
CSRF – description metadata element
_DailyDeal.cshtml, 228–229 StringLength attribute, 142–144
Edit.cshtml, 118–121, 139 UIHint attribute, 158
Index.cshtml, 51–52, 71–72, 91–92, DataAnnotationsModelValidator, 148, 399,
222–223, 226 404, 439
_Layout.cshtml, 62, 126, 219–220, DataContext.cs ile, 352
DataErrorInfoModelValidatorProvider,
222, 226, 471
Login.cshtml, 233–236 399, 439
Message.cshtml, 73 datatime inline constraint, 267
Mobile.cshtml, 9, 470–472 DataTokens dictionary, 295
NotIndex.cshtml, 55 DataType attribute, DataAnnotations,
SiteLayout.cshtml, 70–72
_ViewStart.cshtml, 63, 73 157–158
WinPhone.cshtml, 473 DbContext class, 83–84, 87–89, 92, 361
CSRF (cross-site request forgery) attacks, DDD (domain-driven design), 84
debugging routes, 286–288
193–197 decimal inline constraint, 267
preventing, 196–197 default
threat summary, 193–196
CSS media queries, 466–468 authorization ilter, 162
CSS2, 466–467 controller classes, 39
custom scaffold templates, 483–485 directories, 24–27
customErrors mode, 207–209 layout changes in MVC 5, 72
CustomValidators.js ile, 239–241 model binder, 104–105
CustomWebViewPage class, 475–476 route defaults, 267–271, 274–277
templates, 492–496
D unit tests, 413–414
DefaultModelBinder, 104–105, 431
_DailyDeal.cshtml ile, 228–229 defense in depth strategy, 211
DailyDeal method, HomeController, 227–229 DeJardin, Louis, 481
data annotations, 136–158. See also validation Delete scaffold template, 62
dependencies metadata element, NuGet, 317
display and edit, 155–158 dependency injection
shopping cart example, 138–141 in ASP.NET MVC
validation annotations, 141–146
data dash attributes, 230, 236, 238, 244 arbitrary objects, 399–402
DataAnnotations namespace, 141–146, 151, IDependencyResolver interface,
424, 436 395–396
Compare attribute, 145 multiply registered services, 397–399
DataType attribute, 157–158 singly registered services, 397
Display attribute, 155–156 software design patterns, 385–395
HiddenInput attribute, 158 vs. Web API, 405
Range attribute, 145 in Web API, 350, 402–405
ReadOnly attribute, 157 arbitrary objects, 405
RegularExpression attribute, 145 multply registered services, 403–404
Remote attribute, 145–146 vs. MVC, 405
Required attribute, 141–142 singly registered services, 402–403
ScaffoldColumn attribute, 156 dependency injection design pattern, 392–395
description metadata element, NuGet, 316
571
design patterns – filters
design patterns, 385–395 EmptyResult ActionResult type, 505, 506
dependency injection, 392–395 EnableClientValidation HTML helper,
inversion of control, 386–388
service locator, 388–392 117, 235
Entity Framework (EF)
Details scaffold template, 62
DetailsController.js ile, 374 Code First, 83, 174, 535–539
directory structure, ASP.NET MVC scaffolding and, 82–84
Enum support in MVC 5.1 views, 549–553
applications, 24–27 Error Logging Module and Handler (ELMAH),
Display attribute, DataAnnotations, 155–156
display modes, 9–10, 470–473 207, 209, 300, 303–307, 530–532
DisplayFor HTML helper, 91–92, 128 error reporting, 207–209
DisplayFormat attribute, DataAnnotations, event-driven programming, 32–33
exception
156–157
DisplayForModel HTML helper, 128, 156 ilters, 349, 455
DisplayName property, ValidationContext, logging, 530–532
Execute method, ControllerBase class, 500
425, 426 explicit model binding, 105–107
domain-driven design (DDD), 84 extending
Don’t repeat yourself (DRY) principle, 3 controllers, 446–458
Dornis, Ben, 481 models, 430–442
DotNetOpenAuth NuGet package, 181 views, 442–445
double inline constraint, 267 ExtendingMvc package, 430
DropDownList HTML helper, 99–100, external logins, 175–182
OAuth provider coniguration, 180–181
122–123 OpenID provider coniguration, 178–180
DRY (Don’t repeat yourself) principle, 3 registering providers, 176–178
dynamic controller actions, 45–47 security implications, 181–183
Dynamic Data, 527–530
E F
eager loading strategies, 89 Facebook template, 20–21
Edit method, HomeController, 60 Facts project, 523–525
Edit scaffold template, 62 facts, XUnit.NET, 523
Edit.cshtml ile, 118–121, 139 File method, Controller class, 505
editable routes, 487–491 FileContentResult ActionResult type, 505
EditorFor HTML helper, 128, 156 FileResult ActionResult type, 505,
EF. See Entity Framework
Egozi, Ken, 554 506–507
Electric Plum Simulator, 462 FileStreamResult ActionResult type, 505
ELMAH (Error Logging Module and Handler), FilterConfig.cs, 171
ilters
207, 209, 300, 303–307, 530–532
Elmah.dll assembly, 305–307 action ilters, 349, 454–455
Empty (without model) scaffold template, 62 method selectors, 446–447
Empty scaffold template, 62 for orthogonal activities, 420
empty template, 20
ASP.NET Web API, 349–350
authentication ilters, 15, 349, 448–453
572
float inline constraint – HTML helpers
authorization ilters, 349, 454 jquery.unobtrusive-ajax.js script,
exception ilters, 349, 455 225–226, 230
override ilters, 15–16, 448, 455–457
result ilters, 454–455 HTML helpers. See HTML helpers
float inline constraint, 267 templated helpers, 127–128, 492–496
Fluent Automation, 540–541 URL helpers, 132
/fonts directory, 25 Hidden HTML helper, 129
foreign key properties, 79, 83, 91, 93 HiddenFor HTML helper, 121, 129
FormContext property, ViewContext, 479 HiddenInput attribute, DataAnnotations, 158
FormIdGenerator property, ViewContext, 479 HomeController class, 39–41
forms. See also HTML helpers; Web Forms About method, 53
Ajax, 230–233 ArtistSearch method, 231, 248–249
HTML, 110–114 DailyDeal method, 227–229
frameworkAssemblies metadata element, Edit method, 60
Index method, 39, 52, 265, 413
NuGet, 316 QuickSearch method, 244
FubuMVC, 345 Search method, 112
HomeController.cs ile, 39, 52–53, 413–414
G HTML
encoding, 66–67
“Gang of Four” book, 386 forms, 110–114
generic method calls, 70 HTML 5 attributes, 230
GET requests HTML helpers, 114–129
Action, 133–135
AcceptVerbsAttribute, 513–514 ActionLink, 131–132
HTML forms, 110–114 automatic encoding, 115
JSON responses, 245 BeginForm, 114–118
model binding and, 104–105 CheckBox, 130
GetRouteData method, 294 DisplayFor, 91, 128
Glimpse, 532–535 DisplayForModel, 128, 156
global.asax.cs, 94–95, 114, 421 DropDownList, 99–100, 122–123
global authorization, 170–172 EditorFor, 128, 156
GlobalConfiguration class, 343 EnableClientValidation, 117, 235
guid inline constraint, 267 Hidden, 129
HiddenFor, 121, 129
H inputs, adding, 118–121
Label, 121–122, 127
Haack, Phil, 286, 487, 491 LabelFor, 120
Hanselman, Scott, 476 ListBox, 122–123
happy path, 102 and model metadata, 127
help pages, 20, 335 and ModelState, 128–129
helpers Partial, 133
Password, 129
Ajax helpers, 225–233 RadioButton, 129–130
ActionLink, 226–230, 562 RenderAction, 133–135
JavaScriptStringEncode, 67, 190,
191–192
573
Html5EditorTemplates package – install.ps1 script
rendering helpers, 130–135 IAssembliesResolver interface, 403
RenderPartial, 133 IAuthenticationFilter interface, 349, 449
RouteLink, 131–132 IAuthorizationFilter interface, 167,
strongly typed helpers, 126–127
templated helpers, 127–128 349, 454
TextArea, 121 IAuthorizeFilter interface, 169
TextBox, 121 IBodyModelValidator interface, 403
TextBoxFor, 127–128, 235–236 IClientValidatable interface, 237–238, 423
URL helpers, 132–135 IContentNegotiator interface, 403
ValidationMessage, 123–124 IController interface, 273, 498–501
ValidationMessageFor, 120 iconUrl metadata element, NuGet, 316
ValidationSummary, 118 id dependency element, NuGet, 317
Html5EditorTemplates package, 498 id metadata element, NuGet, 316
HTTP 302 (Found) status code, 167–168, 341, idempotent GETs, 197
identity mechanism
453, 504–509
HTTP 401 (Unauthorized) status code, features, 12–13
persistance control, 174–175
167–168, 447–453 role management, 175
HTTP GET requests storing user proile data, 174
user management, 175
AcceptVerbsAttribute, 513–514 IdentityModels.cs ile, 77, 138, 174
CSRF attacks, 194–196 IDependencyResolver interface, 395–396
HTML forms, 110–114 IDocumentationProvider interface, 351, 403
JSON responses, 245 IExceptionFilter interface, 349, 455
model binding and, 104–105 IFilterProvider interface, 398, 404
HTTP POST requests IgnoreRoute, 285–286, 421–422
accepting, 101–103 IHostBufferPolicySelector interface, 403
AcceptVerbsAttribute, 513–514 IHttpActionInvoker interface, 403
HTML forms, 110–114 IHttpActionSelector interface, 403
model binding and, 103–105 IHttpControllerActivator interface, 403
overrides, 514–515 IHttpControllerSelector interface, 403
HttpContext property, ViewContext, 479 IHttpControllerTypeResolver interface, 403
HttpNotFound ActionResult type, 505 IIS Express, 40, 170
HttpOnly lag, 199 IModelBinderProvider interface, 398
HttpReferrer validation, 197 Index method
HTTPS, enforcing, 182 HomeController, 39, 52, 265, 413
HttpStatusCodeResult ActionResult type, ShoppingCartController, 131
StoreController, 43–44, 162
505, 507 StoreManagerController, 89
HttpUnauthorizedResult ActionResult type, Index.cshtml ile
Home Index view, 51–52, 226
506 Razor layout, 71–72
HttpUtility.HtmlEncode utility, 46 StoreManager, 91–92
view-speciic scripts, 222–223
I init.ps1 script, 320–321
install.ps1 script, 320
IActionFilter interface, 349, 454
IActionValueBinder interface, 403
IApiExplorer interface, 403
574
installing – JSVE
installing autocomplete, 243–246
AngularJS, 359–361 bootstrap plugins, 251–252
ASP.NET MVC 5, 16 events, 217–218
NuGet packages, 303–307 injecting scripts, 222–223
jQuery function, 214–216
$installPath, NuGet PowerShell script JSON templates, 246–251
parameter, 320 and NuGet, 220
selectors, 215–217
int inline constraint, 267 using in MVC applications, 219–225
interception, 182, 295, 395 validation, 233–236
InternalServerError method, writing custom scripts, 221–222
jQuery function, 214–216
ApiController, 341 jQuery UI plugin, 242–246
inversion of control (IoC) design pattern, jQuery Validation plugin, 233–236
jquery-version.js ile, 219
386–388 jquery-ui.css ile, 243
IoC (inversion of control) design pattern, jquery.unobtrusive-ajax.js script,
386–388 225–226, 230
IRouteConstraint interface, 295–296, jquery.validate.js ile, 234, 254
jquery.validate.unobtrusive.js ile,
553–555
IRouteHandler interface, 294 234, 254
IRouteRegistrar interface, 489 .js iles
IsChildAction property, ViewContext object,
atTheMovies.js, 365, 375–376
480 CustomValidators.js, 239–241
IsValid property, 102, 148, 149–150, DetailsController.js, 374
jquery-version.js, 219
151–152, 154, 424–425 jquery.unobtrusive-ajax.js, 225–226, 230
IsValidForRequest method, 447, 513–514 jquery.validate.js, 234, 254
IsValidName method, 446 jquery.validate.unobtrusive.js,
Items property, ValidationContext, 425, 426
ITraceManager interface, 403 234, 254
ITraceWriter interface, 352, 403 ListController.js, 366–367
IValidatableObject interface, 154–155 modernizr.js, 225
IView interface, 479–480 movieService.js, 375–377
IViewEngine interface, 399, 478 MusicScripts.js, 221, 226, 231, 238–239,
J 242, 244, 248
mustache.js, 246–247
JavaScript _references.js, 224, 239
custom code, 221–222 respond.js, 225
minimization, 224 JSON hijacking, 245, 246
unit testing, 424 Json method
unobtrusive, 218–219 ApiController class, 341
Controller class, 504-505
JavaScript method, Controller class, 505 JSON templates, 246–251
JavaScript View Engines (JSVE), 481 JsonResult ActionResult type, 506, 508–509
JavaScriptResult ActionResult type, 506, JSVE (JavaScript View Engines), 481
507–508
JavaScriptStringEncode helper, 67, 190,
191–192
jQuery, 214–225
575
Katana project – model binding
K M
Katana project, 344, 345 Manage NuGet Packages dialog, 225–226, 247,
301, 312, 324
L
MapRoute method, 272–275, 286, 421–423
Label HTML helper, 121–122, 127 Mark of the Web (MOTW), 300
LabelFor HTML helper, 120 max inline constraint, 267
language metadata element, NuGet, 317 maxlength inline constraint, 267
_Layout.cshtml ile, 62, 126, 219–220, 222, media queries, CSS, 466–468
MemberName property, ValidationContext,
226, 471
layouts 425, 426–427
membership. See also ASP.NET Identity
default changes in MVC 5, 72
in Razor, 70–72 downsides, 175
lazy loading, 89–90 permissions management, 173
length inline constraint, 267 role membership, requiring, 172–174
licenseUrl metadata element, NuGet, 316 Message.cshtml ile, 73
List scaffold template, 62 metadata
ListBox HTML helper, 122–123 describing models with, 436–438
ListController.js ile, 366–367 HTML helpers and, 127–128
LoadingElementDuration parameter, 563 NuSpec iles, 316–317
logging method attribute, HTML form tag,
dedicated error logging systems, 209
exception logging, 530–532 110, 111
Login.cshtml ile, 233–236 Microsoft CDN, 253
logins Microsoft Code Analysis Tool .NET, 210
external, 175–182 Microsoft Information Security Team, 211
Microsoft Security Developer Center, 210
OAuth providers, 180–181 _MigrationHistory table, 93–94
OpenID providers, 178–180 min inline constraint, 267
registering providers, 176–178 .min.js iles, 224
security implications, 181–183 minlength inline constraint, 267
redirection process, 168 .min.map.js ile, 224
requiring, 162–172 mobile device support, 461–473
AuthorizeAttribute, 167–169
securing applications, 170–172 adaptive rendering, 462–470
securing controller actions, display modes, 470–473
mobile emulators, 462
162–166 Mobile.cshtml ile, 9, 470–472
securing controllers, 170 model binding, 103–107. See also models
Windows authentication, 169–170 BindModel, 432–436
LogOn action, AccountController, 204–206 creating models, 431–436
long inline constraint, 267 DefaultModelBinder, 104–105, 431
Lucene.NET, 542–543 explicit, 105–107
LuceneIndexingJob class, 543 exposing request data, 430–431
LuceneIndexingService class, 542–543 ModelState and, 128–129
over-posting attacks, 200–202
576
Model-View-Presenter – NuGet.org
parameter binding system, 347–348 background of ASP.NET MVC releases, 3–11
security, 105 MVC 6, 8–9
validation and, 147–148 MVC template, 20
value providers, 104, 347–348, 430–431 MVP (Model-View-Presenter) pattern, 32
Model-View-Presenter (MVP) pattern, 32
ModelMetadataProvider service, Web N
API, 403 N+1 problem, 90
models. See also model binding named routes, 280–282
Nancy, 345
creating NerdDinner.com, 203–205
with model binders, 431–436 New ASP.NET Project dialog, 18–24
MVC Music Store example, 76–80
application template, selecting, 19–21
describing with metadata, 436–438 authentication, coniguring, 22
extending, 430–442 unit test projects, creating, 21
scaffolding, 14–15, 80–97 Windows Azure resources, coniguring, 22–24
New Data Context dialog, 86–87
and the Entity Framework, 82–84 New Project dialog, 18
ASP.NET Scaffolding, 14–15, 482–486 NHaml view engine, 481
controller example, 85–92 Nielsen, Jakob, 258, 487
custom scaffolders, 485–486 Ninject, 543–544
edit scenario, 97–103 NotFound method, ApiController, 341
executing scaffolded code, 92–97 NotIndex.cshtml ile, 55
templates, 60–62, 81–82, 483–485 Nowin, 345
validating. See validation NuGet packages, 299–332
/Models directory, 24 AnglicanGeek.MarkdownMailer, 543
creating, 312–324
ModelState ELMAH, 207, 209, 300, 303–307, 530–532
controller actions and, 148–150 inding, 301–303
HTML helpers and, 128–129 Html5EditorTemplates, 498
validation and, 148 installing, 303–307
jQuery and, 220
ModelValidatorProvider class, 399, Lucene.NET, 542–543
404, 439 Ninject, 543–544
Package Manager Console, 309–312
modernizr.js ile, 225 package restore, 308–309
Moq mocking framework, 418–419, 422 publishing, 325–332
MOTW (Mark of the Web), 300 updating, 308
movieService.js ile, 375–377 WebActivator, 526
MS Test framework, 412 WebBackgrounder, 541–542
multiply registered services NuGet.exe
downloading, 312–313
in MVC, 397–399 publishing packages, 327–330
in Web API, 403–404 NuGet.org
MusicScripts.js ile, 221, 226, 231, 238–239,
242, 244, 248
MusicStoreDB.cs ile, 87–89
mustache.js ile, 246–247
MVC (Model-View-Controller)
as applied to web frameworks, 3
as UI pattern, 2
577
Null Object pattern – POST requests
as real-world example AnglicanGeek.MarkdownMailer, 543
automated browser testing, 540–541 creating, 312–324
data access, 535–536 ELMAH, 207, 209, 300, 303–307, 530–532
deployments, 539–540 inding, 301–303
Entity Framework code-based Html5EditorTemplates, 498
migrations, 536–539 installing, 303–307
exception logging, 530–532 jQuery and, 220
proiling, 532–536 Lucene.NET, 542–543
source code, 522–525 Ninject, 543–544
Package Manager Console, 309–312
publishing to, 325–327 package restore, 308–309
Null Object pattern, 506, 510 publishing, 325–332
Nustache view engine, 481 updating, 308
WebActivator, 526
O WebBackgrounder, 541–542
Page class, 499
OAuth authentication, 175–178, 180–182 parameters
ObjectInstance property, binding, 347–348
in controller actions, 45–47
ValidationContext, 425, 426 incoming action parameters, 340
ObjectType property, ValidationContext, ParentActionViewContext property,
425, 426 ViewContext, 480
Octopus Deploy, 539–540 Parrot view engine, 481
Ok method, ApiController, 341 Partial HTML helper, 133
One ASP.NET, 11–12 partial views
open redirection attacks, 202–207
Open Web Application Security Project rendering helpers, 130–132
specifying, 73–74
(OWASP), 211 PartialView method, 73, 505
OpenID authentication, 175–180, 181–182 PartialViewResult ActionResult type, 73,
Opera Mobile Emulator, 462
Order.cs ile, 138–142 506, 509
overlow parameters, 293 passive XSS injection, 183–185
over-posting attacks, 105, 107, 200–202 Password HTML helper, 129
overposting, 156 per-coniguration scopes, 350
override ilters, 448, 455–457 performance, Ajax, 253–255
OWASP (Open Web Application Security permissions, 173
persistance control, 12, 174–175
Project), 211 persistent cookies, 198
Owin.dll assembly, 343 Peters, Andrew, 481
owners metadata element, NuGet, 316 plain text, mixing code and, 69
polyill, 225
P POST requests
Package Manager Console, 309–312 accepting, 101–103
$package, NuGet PowerShell script parameter, AcceptVerbsAttribute, 513–514
HTML forms, 110–114, 111–114
320
packages, NuGet, 299–332
578
Product.cs file – route defaults
model binding and, 103–105 RedirectToActionPermanent method,
overrides, 514–515 Controller class, 504
Product.cs ile, 352
ProductsController, 352–354 RedirectToRoute method
proiling, 532–535 ApiController class, 341
progressive enhancement, 218–219 Controller class, 504
$project, NuGet PowerShell script parameter,
RedirectToRoutePermanent method,
320 Controller class, 504
Project_Readme.html ile, 24
projectUrl metadata element, NuGet, 316 RedirectToRouteResult ActionResult type,
publishing NuGet packages, 325–332 506, 509
pull requests, 10
refactoring, 411
Q _references.js ile, 224, 239
references metadata element, NuGet, 317
QuickSearch method, HomeController, 244 regex inline constraint, 267
RegisterRoutes method, 261, 271–272, 278,
R
281, 489
RadioButton HTML helper, 129 RegularExpression attribute,
Range attribute, DataAnnotations, 145
range inline constraint, 267 DataAnnotations, 145
Razor, 63–73 releaseNotes metadata element, NuGet, 316
Remote attribute, MVC namespace, 145–146
code blocks, 68 RenderAction HTML helper, 133–135
code expressions, 64–66 rendering HTML helpers, 130–135
code-focused templating for HTML RenderPartial HTML helper, 133
request-local scopes, 350, 402
generation, 6 Required attribute, DataAnnotations,
compiling views, 474–476
HTML encoding, 66–67 141–142
layouts, 70–72 requireLicenseAcceptance metadata element,
syntax samples, 68–70
templated Razor delegates, 473–474 NuGet, 316
ViewStart, 72–73 respond.js ile, 225
ReadOnly attribute, DataAnnotations, 157 responsive web design, 468–470
red/green cycle, 410–411 result ilters, 454–455
Redirect method role membership
ApiController class, 341
Controller class, 504 permissions management, 173
RedirectPermanent method, Controller requiring, 172–174
RoleManager, 175
class, 504 RoleStore abstraction, 175
RedirectResult ActionResult type, Route class, 289–294
route constraints
506, 509 attribute routes, 265–267
RedirectToAction method, Controller class, traditional routes, 277–278
Route Debugger, 286–288
504 Route Debugger Controller, 288
route defaults
attribute routes, 267–271
traditional routes, 274–277
579
route values – security
route values URL generation, 288–294
attribute routes, 262–263 with Web Forms, 296–297
traditional routes, 273–274 runners, 409
RouteBase class, 288–289, 421 S
RouteCollection class, 288–289, 346, 421,
sad path, 102
490 – 491 ScaffoldColumn attribute, DataAnnotations,
RouteConfig.cs ile, 261, 271, 489, 554
RouteData property 156
scaffolding, 14–15, 80–97
RequestContext, 295
ViewContext, 479 ASP.NET Scaffolding, 14–15, 482–486
RouteLink HTML helper, 131–132 controller example, 85–92
RouteMagic, 486–487 custom scaffolders, 485–486
RouteUrlExpressionBuilder, 297 edit scenario, 97–103
RouteValueExpressionBuilder, 297 and the Entity Framework, 82–84
routing executing scaffolded code, 92–97
in AngularJS, 371–373 templates, 60–62, 81–82, 483–485
approaches, 260 scopes, 350
area routes, 282–284 scripted pages, 32
attribute routes, 260–271 /Scripts directory, 24, 26
Scripts folder
combining with traditional routes, AngularJS, 359
278–280 jQuery, 219, 223
Search method, HomeController, 112
controller routes, 263–265 search this site mechanism, 186
route constraints, 265–267 SearchedLocations property,
route defaults, 267–271
route URLs, 261 ViewEngineResult, 478
route values, 262–263 security
vs. traditional routes, 280
and unit testing, 271–272 authentication. See also ASP.NET Identity
catch-all parameter, 284 vs. authorization, 162
compared to URL rewriting, 259–260 claims-based, 12, 162, 173
custom route constraints, 295–296 coniguring, 22
debugging routes, 286–288 cookie-based, 168
editable routes, 487–491 external logins, 175–182
ignoring routes, 285–286 OAuth, 175–178, 180–182
multple parameters per segment, 285 OpenID, 175–180, 181–182
named routes, 280–282 Windows, 169–170
RouteMagic project, 486–487
testing routes, 420–423 authorization
traditional routes, 271–280 vs. authentication, 162
vs. attribute routes, 280 ilters, 15
combining with attribute routes, global, 170–172
URL authorization, 166
278–280
route constraints, 277–278 cookie-stealing attacks, 197–199
route defaults, 274–277 CSRF (cross-site request forgery) attacks,
route values, 273–274
193–197
580
self-validating model – System.Web.Mvc.Routing.Constraints namespace
defense in depth strategy, 211 singly registered services
error reporting, 207–209 in MVC, 397
logins in Web API, 402–403
external, 175–182 SiteLayout.cshtml ile, 70–72
redirection process, 168 software design patterns, 385–395
requiring, 162–172
model binding, 105 dependency injection, 392–395
open redirection attacks, 168, 202–207 inversion of control, 386–388
over-posting attacks, 105, 107, 200–202 service locator, 388–392
permissions management, 173 SPA. See single page application
resources, 210–211 Spark view engine, 477, 481
role membership, requiring, 172–174 SpecifyingViews package, 74
XSS (cross-site scripting) attacks, 183–192 spy, 417–418
active injection, 186–187 SRP (Single Responsibility Pattern), 409
passive injection, 183–185 SSL, requiring, 182
preventing, 187–193 stack trace, 207–209
threat summary, 183 StackOverlow.com attack, 198–199
self-validating model, 154 Startup.Auth.cs, 169, 176–180, 181
SelfHost.dll assembly, 343 state, 33
server-side comments, 70 StopRoutingHandler, 285–286
service dependencies, passing, 416–418 StoreController, 42–45
service locator design pattern, 388–392 adding, 42–43
ServiceContainer property, controller actions, 43–45
ValidationContext, 425, 426 StringLength attribute, DataAnnotations,
services, AngularJS, 368–371
custom services, 375–377 142–144
session cookies, 194–199 StringTemplate view engine, 481
side-by-side installations, 16 strongly typed
SideWafle, 483–484
single assertion rule, 412 HTML helpers, 126–127
single page application (SPA) service locators, 38, 388–389
AngularJS, 355–384 views, 55–58
building controllers, 365–368 SubSonic project, 402
building modules, 364–365 summary metadata element, NuGet, 317
building the Web API, 363–364 System.ComponentModel namespace, 436
database setup, 361–362 System.ComponentModel.DataAnnotations
delete operations, 377–379
details view, 373–374 namespace, 141–146, 151, 155–158,
edit view, 379–384 424, 436
installing, 359–361 System.Web namespace, 2, 9
routing, 371–373 System.Web.Mvc namespace
services, 368–371, 375–377 HiddenInput attribute, 158
creating sample project, 357–359 Remote attribute, 145–146
Single Page Application template, 20 System.Web.Mvc.Filters namespace, 456
Single Responsibility Pattern (SRP), 409 System.Web.Mvc.Html namespace, 116–117
System.Web.Mvc.Html.
DefaultEditorTemplates namespace, 495
System.Web.Mvc.Routing.Constraints
namespace, 296
581
System.Web.Optimization namespace – validation
System.Web.Optimization namespace, 254 U
System.Web.Routing namespace, 296
System.Web.UI namespace, 2, 429 UIHint attribute, DataAnnotations, 158
Uniform Resource Locators. See URLs
T uninstall.ps1 script, 320
unit testing, 408–410
T4 (Text Template Transformation Toolkit)
templates, 63, 483–485 attribute routing and, 271–272
attributes of successful tests, 408–410
tags metadata element, NuGet, 316 automated results, 409
TAP (Task-based Asynchronous Pattern), building a test project, 412–415
client-side (JavaScript), 424
515, 517–518 controllers, 416–420
Task Parallel Library, 515 default unit tests, 413–414
Task-based Asynchronous Pattern (TAP), in isolation, 408–409
New ASP.NET Project dialog, 21
515, 517–518 public endpoints only, 409
TDD (test-driven development), 410–412 as quality assurance activity, 409–410
TempData property, ViewContext, 479 routes, 420–423
templated helpers, 127–128, 492–496 small pieces of code, 408
templates TDD (test-driven development), 410–412
validators, 423–427
ASP.NET Scaffolding, 483–485 unobtrusive
bootstrap templates, 13–14 Ajax, 225–226
custom templates, 496–498 JavaScript, 218–219
JSON templates, 246–251 UnobtrusiveJavaScriptEnabled property,
scaffolding, 60–62, 81–82
templated helpers, 492–498 ViewContext, 480
test-driven development (TDD), 410–412 UpdateModel method, 105–107, 147, 149–150,
Text Template Transformation Toolkit (T4)
202, 419–420
templates, 63, 483–485 updating NuGet packages, 308
TextArea HTML helper, 121 URIs (Uniform Resource Identiiers), 258
TextBox HTML helper, 121 URLs (Uniform Resource Locators), 258–259
TextBoxFor HTML helper, 127–128, 235–236
third-party view engines, 480–481 authorization, 166
thread starvation, 516 generation, 288–294
title metadata element, NuGet, 316 resource-centric view, 260
token veriication, 196–197 routing. See routing
$toolsPath, NuGet PowerShell script URL helpers, 132–135
user login, requiring, 162–172
parameter, 320 UserManager, 175
traditional routes, 271–280. See also routing UserStore, 175
vs. attribute routes, 280 V
catch-all parameter, 284
combining with attribute routes, 278–80 validation
route constraints, 277–278 controller actions and validation errors, 148–150
route defaults, 274–277 custom error messages, 146–147
route values, 273–274
TryUpdateModel method, 105–107, 147–150,
202, 419–420
582
ValidationContext object – vNext
custom validation, 150–155, 236–241 ViewData, 57–58
happy path, 102 HTML helpers and, 124–126
jQuery validation, 233–236 ModelMetadata property, 493–494
and model binding, 147–148 TemplateInfo property, 493–494
and model state, 148 vs. ViewBag, 58
MVC 5.1, 561–562
sad path, 102–103 ViewData property, ViewContext, 479
testing validators, 423–427 ViewDataDictionary class, 57–58
ValidationContext object, 425–427 ViewEngine property, ViewEngineResult, 478
ValidationMessage HTML helper, 123–124 ViewEngineResult, 478
ValidationMessageFor HTML helper, 120 Viewport meta tag, 466
ValidationSummary HTML helper, 118 ViewResult ActionResult type, 506, 509
validator object, 240–241 views
value providers, 104, 347–348, 430–431
.vbhtml extension, 64 compiling, 474–476
vendor scripts, 221 conventions, 54–55
version dependency element, NuGet, 317 creating, 60–63
version metadata element, NuGet, 316 display modes, 9–10, 462–470
view engines extending, 442–445
vs. ActionResult, 482 inding, 478
alternative engines, 480–481 partial views
customizing, 442–444, 476–480
Razor, 63–73 rendering helpers, 130–132
specifying, 73–74
code blocks, 68 purpose of, 50
code expressions, 64–66 scaffolding. See scaffolding
code-focused templating for strongly typed, 55–58
view models, 58–60
HTML generation, 6 ViewBag, 52–53, 55–59
compiling views, 474–476 Wrox.ProMvc5.Views.AlbumList
HTML encoding, 66–67 package, 57
layouts, 70–72 Wrox.ProMvc5.Views.BasePageType
syntax samples, 68–70 package, 476
templated Razor delegates, 473–474 Wrox.ProMvc5.Views.SpecifyingViews
ViewStart, 72–73 package, 74
Web Forms Wrox.ProMvc5.Views.ViewModel package, 59
ASP.NET MVC 3, 5–6 /Views directory, 24, 26
global authorization, 171 _ViewStart.cshtml, 63, 73
importance of security, 160 virtually stateful platform, 33
Routing with, 296–297 Visual Studio
URL authorization, 166 auto-implemented properties, 78
View method project directories, 24–27
Controller, 504–505 SideWafle extension, 483–484
ViewContext, 479 Visual Studio 2013
ViewEngineResult, 478 IIS Express, 40, 170
ViewBag, 52–53, 55–59 MVC 5 changes, 86
ViewContext, 479–480 Visual Studio Development Server, 40
vNext, 8–9
583
Wake – yellow screen of death
W WebHost.dll assembly, 343
Website project, 523–525
Wake, William C., 411 whitelists, 193, 194, 199, 201
Walther, Stephen, 288 Windows authentication, 169–170
weakly typed service locators, 389–392 Windows Azure, coniguring resources,
Web API, 333–354
22–24
adding routes, 346–347 Windows Phone Emulator, 462
ASP.NET MVC 4, 7–9 WinPhone.cshtml ile, 473
binding parameters, 347–348 Writer property, ViewContext, 480
coniguring, 342–346 Wrox.ProMvc5.ExtendingMvc package, 430
deining, 334 Wrox.ProMvc5.Security.Authorize package,
enabling dependency injection, 350
exploring APIs programmatically, 350–351 163
iltering requests, 349–350 Wrox.ProMvc5.Views.AlbumList package, 57
ProductsController example, 352–354 Wrox.ProMvc5.Views.BasePageType package,
tracing applications, 352
writing and API controller, 335–342 476
Web API template, 20 Wrox.ProMvc5.Views.SpecifyingViews
Web Forms
ASP.NET MVC 3, 5–6 package, 74
global authorization, 171 Wrox.ProMvc5.Views.ViewModel package, 59
importance of security, 160 WWW-Authenticate headers, 451–453
Routing with, 296–297
URL authorization, 166 X
Web Forms template, 20
web.config ile XDT (XML Document Transform), 314
Ajax settings, 234–235 XML Document Transform (XDT), 314
coniguring connections, 92 XSRF. See CSRF (cross-site request forgery)
cookie theft, preventing, 199
customErrors mode, 207–208 attacks
directory security, 166 XSS (cross-site scripting) attacks, 183–192
global authorization and, 171
transforms, 208–209, 314–315 active injection, 186–187
WebActivator, 526 passive injection, 183–185
WebBackgrounder, 541–542 preventing, 187–193
threat summary, 183
Y
yellow screen of death, 350, 530
584
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
ASP.NET MVC 5 Professional
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
ASP.NET MVC 5 Professional
- 1 - 50
- 51 - 100
- 101 - 150
- 151 - 200
- 201 - 250
- 251 - 300
- 301 - 350
- 351 - 400
- 401 - 450
- 451 - 500
- 501 - 550
- 551 - 600
- 601 - 620
Pages: