Controllers

Taking Control of Controllers Adding Actions Model Binding Filters Vanity URLs Controller Best Practices

Taking Control of Controllers Adding Actions Model Binding Filters Vanity URLs Controller Best Practices

Adding Actions Controllers are classes Actions are methods Creating an action involves adding a method to a class

Action Signature Return Types Parameters ActionResult FileResult JsonResult ViewResult Parameters Normal parameters MCV model binding Parameters in MVC are just normal parameters. Typically, return types are ActionResult or something that inherits from ActionResult.

Controller Method Attributes HttpGet & HttpPost Known as methods or verbs Send a signal from the client to the server Header information that lets user send large amounts of data

Get and Post Create/Update/Delete are typically two step operations Present the form Accept the input Create two actions Form presentation via HttpGet (default) Accept data via HttpPost

Controllers All the controller classes inherit from the base class Controller Has built in helper methods such as View() Parameter to the View method is the data that the view needs Controller method gets the model and combines the model with the view to return public ActionResult Index() { return View(db.Movies.ToList()); }

Default Model Binder Uses the name attribute of input elements Automatically matches parameter names for simple data types Complex objects are mapped by property name Complex properties use dot notation @Html.EditorFor(model => model.Lyrics, …

Controlling Model Binding Imagine the following model Need Create a form to edit everything but the lyrics Challenge Default model binder automatically binds all inbound properties

Solutions Simplest Use the bind attribute to indicate which properties to bind Other solutions Create a view model Create a custom model binder Create a view model with only the SongID, Title, and Length attributes. Creating a custom model binder is possible, but not recommended.

Filters Filters are attributes Goal is to alter execution Decorate controllers and actions Goal is to alter execution MVC contains several built-in filters If you want the filter to be global, put it in the FilterConfig.cs file Sometimes you want to perform logic either before an action method is called or after an action method runs. To support this, ASP.NET MVC provides filters. Filters are custom classes that provide both a declarative and programmatic means to add pre-action and post-action behavior to controller action methods. ASP.NET has several built in filters. For example: Can set up security with filters by decorating an action with a filter

Security Filters Authorize ValidateAntiForgeryToken RequireHttps Control who can access a controller/action Properties Users Roles ValidateAntiForgeryToken Defends against cross-site request forgery Requires anti-forgery token to be added to view RequireHttps Uses SSL Might use Authorize on Create, Edit, and Delete, to automatically redirect you to a login page ValidateAntiForgeryToken - Make sure a form has not been set from a different page

SSL Encrypts traffic and prevents tampering Authenticates server When to use SSL Asking for sensitive information After authentication When in doubt enable SSL http://blog.codinghorror.com/should-all-web-traffic-be-encrypted/

Vanity URL Standard URL Vanity URL Users have no idea what that URL refers to Search engines have no idea what that URL refers to Vanity URL User knows information provided by the page Search engines know information provided by page

MVC Routing Vanity URLs are handled by routing Routing in MVC controls what controller/action is called based on the URL provided Methods for updating routing RouteConfig.cs AttributeRouting

Attribute Routing Attributes control routing/URL RouteAttribute www.mymusicstore.com/Album/Edit/42 Calls the Edit action Passes in the ID parameter ID must be an integer Could use to make the method names more user friendly in the Vanity URL. For example could have the route attribute for the Index method renamed to all: [Route(“Album/All”)]

RoutePrefix Added to controller Adds prefix to all routes Controller is now named Album instead of Albums in the URL route

Controller Design Guidelines High Cohesion Make sure all actions are closely related Low Coupling Controllers should know as little about the rest of the system as possible Simplifies testing and changes Repository pattern Wrap data context calls into another object Controller methods are typically short, 5 to 10 lines of code. There are two ways that the repository can query business entities. It can submit a query object to the client's business logic or it can use methods that specify the business criteria. In the latter case, the repository forms the query on the client's behalf. The repository returns a matching set of entities that satisfy the query. The diagram shows the interactions of the repository with the client and the data source.