This document discusses best practices for ASP.NET MVC. It begins with an introduction to ASP.NET MVC and its components: Model, View, Controller. It then outlines 9 best practices, including isolating layers, using the Post-Redirect-Get pattern, securing from forgery, making the application testable and extensible, writing clean code, using strongly typed views, optimizing JSON endpoints and performance. It also briefly discusses new features in ASP.NET MVC 4 and tips for productivity and globalization.
2. WHO’S THIS GUY
• Malisa Ncube
• Software Engineer at Infectious Diseases Institute
(Uganda)
• Blogger – http://geekswithblogs.net/malisancube
• Follow me on Twitter handle - @malisancube
• My email is dev@malisancube.com
• Leader of Uganda .NET Usergroup
#MSOpenDoor
• Urban Artist
• High sense of humor
3. AGENDA
• ASP.NET MVC Best Practices
• A bit of ASP.NET MVC 4 Preview
• We’ll see
• Conclusion
• Q&A
5. What is ASP.NET MVC?
• Model: The model contains the core information for an
application. This includes the data and validation rules
as well as data access and aggregation logic.
• View: The view encapsulates the presentation of the
application, and in ASP.NET this is typically the HTML
markup.
• Controller: The controller contains the control-flow logic.
It interacts with the Model and Views to control the flow
of information and execution of the application
6. What is ASP.NET MVC? (Continued)
• Opensource – Released under MSL for Pre release
components. http://aspnet.codeplex.com
• Proven: There are many sites that are using ASP.NET
MVC framework and many resources.
• Testable: Enables good software development
practices.
8. 1) Isolate your layers properly.
• Use the ViewModel for transmitting data to the view.
They should be simple POCO de-normalised objects.
• Use the Domain Model Entities for persistence,
validation, Behaviours and complex relationships .
Mapping with ViewModel can be done with tools like
Automapper.
9. 1) Isolate your layers properly (Continued).
• Use Controllers for selecting the view to be shown and
not for business logic.
• Use the view for displaying Html which will be rendered
by the browser. Not for business logic.
• Use Services/Repositories for manipulating business
objects.
Let’s see come code
10. 2) Use the PRG (PostRedirectGet) pattern
• Prevent reposts to the form
• Issues an HTTP302 with temporary redirect
• Watch out for Json redirects. Check the type of requests.
• Use proper verbs [HttpPost], [HttpGet] on you controllers
11. 3) Secure site from forgery
• Confused deputy problem (A confused deputy is a
computer program that is innocently fooled by some
other party into misusing its authority)
• Prevent (cross site request Forgery)CSRF/XSRF
• Prevent (cross site request Forgery)CSRF/XSRF With
Ajax
• Use Anti-forgery helpers for form posts
@Html.AntiForgeryToken and
ValidateAntiForgeryTokenAttribute which peeks into
Request.Form collection for antiforgery token
12. 4) Make you application testable, maintainable and extensible
• Use IoC to make your application testable
• Have actual tests for different segments of your
application.
• You can scaffold the application using NuGet packages
like MvcScaffold and include the repository and unit
tests.
Let’s see come code
13. 5) Write clean code
• Use Action Filters for crosscutting concerns.
• - They help clean up your code by giving you a
declarative approach to programming, similar to Aspect
Oriented programming. More specifically Postsharp.
• - Handling errors, Authorisation, Tracing.
Let’s see come code
14. 6) Use strongly typed views
• You may decide to inherit behaviour of all views from a
certain base class.
• Avoid the ViewBag
Let’s see come code
15. 7) JSON endpoints
• All JSON endpoints require [HttpPost] to prevent JSON
hijacking
• http://haacked.com/archive/2009/06/25/json-
hijacking.aspx
• - With [HttpPost], returning arrays is allowed.
16. 8) Performance Tips
• Test the application performance. (Fiddler, YSlow)
• Optimise /compress your images
• Minify your scripts and CSS
Let’s see come code
17. 9) Productivity Tips
• Use "Nuget" packages that help with productivity.
• ELMAH
• MvcScafolding
• Create you own nuget packages
Let’s see come code
19. 1) ASP.NET is still has the power of ASP.NET
• You can extend using HttpModules, HttpHandlers
• You can use HttpCaching
Let’s see come code
20. 2) Think about globalization from the beginning
• Make you application support globalisation if its going to
be on the internet.
• Don’t forget to make accessibility
– http://plugins.jquery.com/project/KeyTips