WHO’S THIS GUY• Malisa Ncube• Software Engineer at Infectious Diseases Institute (Uganda)• Blogger – http://geekswithblogs.net/malisancube• Follow me on Twitter handle - @malisancube• My email is firstname.lastname@example.org• Leader of Uganda .NET Usergroup #MSOpenDoor• Urban Artist• High sense of humor
AGENDA• ASP.NET MVC Best Practices• A bit of ASP.NET MVC 4 Preview• We’ll see• Conclusion• Q&A
What is ASP.NET MVC? • Model: The model contains the core information for an application. This includes the data and validation rules as well as data access and aggregation logic. • View: The view encapsulates the presentation of the application, and in ASP.NET this is typically the HTML markup. • Controller: The controller contains the control-flow logic. It interacts with the Model and Views to control the flow of information and execution of the application
What is ASP.NET MVC? (Continued) • Opensource – Released under MSL for Pre release components. http://aspnet.codeplex.com • Proven: There are many sites that are using ASP.NET MVC framework and many resources. • Testable: Enables good software development practices.
1) Isolate your layers properly. • Use the ViewModel for transmitting data to the view. They should be simple POCO de-normalised objects. • Use the Domain Model Entities for persistence, validation, Behaviours and complex relationships . Mapping with ViewModel can be done with tools like Automapper.
1) Isolate your layers properly (Continued). • Use Controllers for selecting the view to be shown and not for business logic. • Use the view for displaying Html which will be rendered by the browser. Not for business logic. • Use Services/Repositories for manipulating business objects. Let’s see come code
2) Use the PRG (PostRedirectGet) pattern • Prevent reposts to the form • Issues an HTTP302 with temporary redirect • Watch out for Json redirects. Check the type of requests. • Use proper verbs [HttpPost], [HttpGet] on you controllers
3) Secure site from forgery • Confused deputy problem (A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority) • Prevent (cross site request Forgery)CSRF/XSRF • Prevent (cross site request Forgery)CSRF/XSRF With Ajax • Use Anti-forgery helpers for form posts @Html.AntiForgeryToken and ValidateAntiForgeryTokenAttribute which peeks into Request.Form collection for antiforgery token
4) Make you application testable, maintainable and extensible • Use IoC to make your application testable • Have actual tests for different segments of your application. • You can scaffold the application using NuGet packages like MvcScaffold and include the repository and unit tests. Let’s see come code
5) Write clean code • Use Action Filters for crosscutting concerns. • - They help clean up your code by giving you a declarative approach to programming, similar to Aspect Oriented programming. More specifically Postsharp. • - Handling errors, Authorisation, Tracing. Let’s see come code
6) Use strongly typed views • You may decide to inherit behaviour of all views from a certain base class. • Avoid the ViewBag Let’s see come code
7) JSON endpoints • All JSON endpoints require [HttpPost] to prevent JSON hijacking • http://haacked.com/archive/2009/06/25/json- hijacking.aspx • - With [HttpPost], returning arrays is allowed.
8) Performance Tips • Test the application performance. (Fiddler, YSlow) • Optimise /compress your images • Minify your scripts and CSS Let’s see come code
9) Productivity Tips • Use "Nuget" packages that help with productivity. • ELMAH • MvcScafolding • Create you own nuget packages Let’s see come code
1) ASP.NET is still has the power of ASP.NET • You can extend using HttpModules, HttpHandlers • You can use HttpCaching Let’s see come code
2) Think about globalization from the beginning • Make you application support globalisation if its going to be on the internet. • Don’t forget to make accessibility – http://plugins.jquery.com/project/KeyTips