A few days ago, Craig Stuntz reported an interesting observation: when the first page is returned, the class performs a Skip(0). Suprisingly, this is not free. With that in mind, I set out to correct that issue as well as incorporate a few changes I’ve made over the past year. The result is nearly identical to the last posted version, just a bit more readable. Additionally…

• The source is now available on CodePlex: http://pagedlist.codeplex.com. This should make finding and downloading the code easier than finding the correct blog entry on some dude’s blog.
• I have posted a release-compiled, XML commented, signed assembly on CodePlex. I got tired of having to copy the source into multiple projects and finding a place to put it in that project’s taxonomy.
• Further incremental changes can be found in the Change Log on the CodePlex project site.

Download from CodePlex

IPagedList<T>.cs

using System.Collections.Generic;

namespace PagedList
{
	public interface IPagedList<T> : IList<T>
	{
		int PageCount { get; }
		int TotalItemCount { get; }
		int PageIndex { get; }
		int PageNumber { get; }
		int PageSize { get; }
		bool HasPreviousPage { get; }
		bool HasNextPage { get; }
		bool IsFirstPage { get; }
		bool IsLastPage { get; }
	}
}

PagedList<T>.cs

using System;
using System.Collections.Generic;
using System.Linq;

namespace PagedList
{
	public class PagedList<T> : List<T>, IPagedList<T>
	{
		public PagedList(IEnumerable<T> superset, int index, int pageSize)
		{
			// set source to blank list if superset is null to prevent exceptions
			var source = superset == null
			                      	? new List<T>().AsQueryable()
									: superset.AsQueryable();

			TotalItemCount = source.Count();
			PageSize = pageSize;
			PageIndex = index;
			if (TotalItemCount > 0)
				PageCount = (int) Math.Ceiling(TotalItemCount/(double) PageSize);
			else
				PageCount = 0;

			if (index < 0)
				throw new ArgumentOutOfRangeException("index", index, "PageIndex cannot be below 0.");
			if (pageSize < 1)
				throw new ArgumentOutOfRangeException("pageSize", pageSize, "PageSize cannot be less than 1.");

			// add items to internal list
			if (TotalItemCount > 0)
				if (index == 0)
					AddRange(source.Take(pageSize).ToList());
				else
					AddRange(source.Skip((index) * pageSize).Take(pageSize).ToList());
		}

		public int PageCount { get; private set; }
		public int TotalItemCount { get; private set; }
		public int PageIndex { get; private set; }
		public int PageSize { get; private set; }

		public int PageNumber
		{
			get { return PageIndex + 1; }
		}

		public bool HasPreviousPage
		{
			get { return PageIndex > 0; }
		}

		public bool HasNextPage
		{
			get { return PageIndex < (PageCount - 1); }
		}

		public bool IsFirstPage
		{
			get { return PageIndex <= 0; }
		}

		public bool IsLastPage
		{
			get { return PageIndex >= (PageCount - 1); }
		}
	}
}

PagedListExtensions.cs

using System.Collections.Generic;
using System.Linq;

namespace PagedList
{
	public static class PagedListExtensions
	{
		public static IPagedList<T> ToPagedList<T>(this IEnumerable<T> superset, int index, int pageSize)
		{
			return new PagedList<T>(superset, index, pageSize);
		}
	}
}

PagedListFacts.cs

using System;
using System.Collections.Generic;
using Xunit;
using Xunit.Extensions;

namespace PagedList.Tests
{
	public class PagedListFacts
	{
		[Fact]
		public void Null_Data_Set_Doesnt_Throw_Exception()
		{
			//act
			Assert.ThrowsDelegate act = () => new PagedList<object>(null, 0, 10);

			//assert
			Assert.DoesNotThrow(act);
		}

		[Fact]
		public void PageIndex_Below_Zero_Throws_ArgumentOutOfRange()
		{
			//arrange
			var data = new[] {1, 2, 3};

			//act
			Assert.ThrowsDelegate act = () => data.ToPagedList(-1, 1);

			//assert
			Assert.Throws<ArgumentOutOfRangeException>(act);
		}

		[Fact]
		public void PageIndex_Above_RecordCount_Returns_Empty_List()
		{
			//arrange
			var data = new[] {1, 2, 3};

			//act
			var pagedList = data.ToPagedList(2, 3);

			//assert
			Assert.Equal(0, pagedList.Count);
		}

		[Fact]
		public void PageSize_Below_One_Throws_ArgumentOutOfRange()
		{
			//arrange
			var data = new[] {1, 2, 3};

			//act
			Assert.ThrowsDelegate act = () => data.ToPagedList(0, 0);

			//assert
			Assert.Throws<ArgumentOutOfRangeException>(act);
		}

		[Fact]
		public void Null_Data_Set_Doesnt_Return_Null()
		{
			//act
			var pagedList = new PagedList<object>(null, 0, 10);

			//assert
			Assert.NotNull(pagedList);
		}

		[Fact]
		public void Null_Data_Set_Returns_Zero_Pages()
		{
			//act
			var pagedList = new PagedList<object>(null, 0, 10);

			//assert
			Assert.Equal(0, pagedList.PageCount);
		}

		[Fact]
		public void Zero_Item_Data_Set_Returns_Zero_Pages()
		{
			//arrange
			var data = new List<object>();

			//act
			var pagedList = data.ToPagedList(0, 10);

			//assert
			Assert.Equal(0, pagedList.PageCount);
		}

		[Fact]
		public void DataSet_Of_One_Through_Five_PageSize_Of_Two_PageIndex_Of_One_First_Item_Is_Three()
		{
			//arrange
			var data = new[] {1, 2, 3, 4, 5};

			//act
			var pagedList = data.ToPagedList(1, 2);

			//assert
			Assert.Equal(3, pagedList[0]);
		}

		[Fact]
		public void TotalCount_Is_Preserved()
		{
			//arrange
			var data = new[] {1, 2, 3, 4, 5};

			//act
			var pagedList = data.ToPagedList(1, 2);

			//assert
			Assert.Equal(5, pagedList.TotalItemCount);
		}

		[Fact]
		public void PageIndex_Is_Preserved()
		{
			//arrange
			var data = new[] {1, 2, 3, 4, 5};

			//act
			var pagedList = data.ToPagedList(1, 2);

			//assert
			Assert.Equal(1, pagedList.PageIndex);
		}

		[Fact]
		public void PageSize_Is_Preserved()
		{
			//arrange
			var data = new[] {1, 2, 3, 4, 5};

			//act
			var pagedList = data.ToPagedList(1, 2);

			//assert
			Assert.Equal(2, pagedList.PageSize);
		}

		[Fact]
		public void Data_Is_Filtered_By_PageSize()
		{
			//arrange
			var data = new[] {1, 2, 3, 4, 5};

			//act
			var pagedList = data.ToPagedList(1, 2);

			//assert
			Assert.Equal(2, pagedList.Count);

			//### related test below

			//act
			pagedList = data.ToPagedList(2, 2);

			//assert
			Assert.Equal(1, pagedList.Count);
		}

		[Fact]
		public void DataSet_OneThroughSix_PageSize_Three_PageIndex_Zero_FirstValue_Is_One()
		{
			//arrange
			var data = new[] { 1, 2, 3, 4, 5, 6 };

			//act
			var pagedList = data.ToPagedList(0, 3);

			//assert
			Assert.Equal(1, pagedList[0]);
		}

		[Fact]
		public void DataSet_OneThroughThree_PageSize_One_PageIndex_Two_HasNextPage_False()
		{
			//arrange
			var data = new[] {1, 2, 3};

			//act
			var pagedList = data.ToPagedList(2, 1);

			//assert
			Assert.Equal(false, pagedList.HasNextPage);
		}

		[Fact]
		public void DataSet_OneThroughThree_PageSize_One_PageIndex_Two_IsLastPage_True()
		{
			//arrange
			var data = new[] {1, 2, 3};

			//act
			var pagedList = data.ToPagedList(2, 1);

			//assert
			Assert.Equal(true, pagedList.IsLastPage);
		}

		[Fact]
		public void DataSet_OneAndTwo_PageSize_One_PageIndex_One_FirstValue_Is_Two()
		{
			//arrange
			var data = new[] { 1, 2 };

			//act
			var pagedList = data.ToPagedList(1, 1);

			//assert
			Assert.Equal(2, pagedList[0]);
		}

		[Theory]
		[InlineData(new[] {1, 2, 3}, 0, 1)]
		[InlineData(new[] {1, 2, 3}, 1, 2)]
		[InlineData(new[] {1, 2, 3}, 2, 3)]
		public void Theory_PageNumber_Is_PageIndex_Plus_One(int[] integers, int pageIndex, int expectedPageNumber)
		{
			//arrange
			var data = integers;

			//act
			var pagedList = data.ToPagedList(pageIndex, 1);

			//assert
			Assert.Equal(expectedPageNumber, pagedList.PageNumber);
		}

		[Theory]
		[InlineData(new[] {1, 2, 3}, 0, 1, false, true)]
		[InlineData(new[] {1, 2, 3}, 1, 1, true, true)]
		[InlineData(new[] {1, 2, 3}, 2, 1, true, false)]
		public void Theory_HasPreviousPage_And_HasNextPage_Are_Correct(int[] integers, int pageIndex, int pageSize,
		                                                               bool expectedHasPrevious, bool expectedHasNext)
		{
			//arrange
			var data = integers;

			//act
			var pagedList = data.ToPagedList(pageIndex, pageSize);

			//assert
			Assert.Equal(expectedHasPrevious, pagedList.HasPreviousPage);
			Assert.Equal(expectedHasNext, pagedList.HasNextPage);
		}

		[Theory]
		[InlineData(new[] {1, 2, 3}, 0, 1, true, false)]
		[InlineData(new[] {1, 2, 3}, 1, 1, false, false)]
		[InlineData(new[] {1, 2, 3}, 2, 1, false, true)]
		public void Theory_IsFirstPage_And_IsLastPage_Are_Correct(int[] integers, int pageIndex, int pageSize,
		                                                          bool expectedIsFirstPage, bool expectedIsLastPage)
		{
			//arrange
			var data = integers;

			//act
			var pagedList = data.ToPagedList(pageIndex, pageSize);

			//assert
			Assert.Equal(expectedIsFirstPage, pagedList.IsFirstPage);
			Assert.Equal(expectedIsLastPage, pagedList.IsLastPage);
		}

		[Theory]
		[InlineData(new[] {1, 2, 3}, 1, 3)]
		[InlineData(new[] {1, 2, 3}, 3, 1)]
		[InlineData(new[] {1}, 1, 1)]
		[InlineData(new[] {1, 2, 3}, 2, 2)]
		[InlineData(new[] {1, 2, 3, 4}, 2, 2)]
		[InlineData(new[] {1, 2, 3, 4, 5}, 2, 3)]
		public void Theory_PageCount_Is_Correct(int[] integers, int pageSize, int expectedNumberOfPages)
		{
			//arrange
			var data = integers;

			//act
			var pagedList = data.ToPagedList(0, pageSize);

			//assert
			Assert.Equal(expectedNumberOfPages, pagedList.PageCount);
		}
	}
}

The first (and by far the longest) step in getting everything up and running is to download and install the Visual Studio 2010 beta. There are multiple flavors available, but I settled for the plain old Professional edition. You can also choose between the full install 2 ISO download (1.1 GB) or a lightweight (5 MB) “web install” package. I chose to try out the smaller package and it worked fine for me, though MSDN subscribers with slower connections may prefer to use the Microsoft download tool and download the bigger install so that they can pause and restart the download as needed. Either way, once you’ve downloaded everything grab a drink and kick off the install. On my relatively fast machine running Windows 7 it took close to half an hour to install and two (!) required restarts.

Once Visual Studio has finished installing, download and install the Asp.Net MVC 1.1 Installer for Visual Studio 2010 from CodePlex. While you’re there, go ahead and download and unzip ASP.NET MVC Snippets for VS2010 Beta 1. While Asp.Net MVC 1.1 is being installed, go ahead and install the snippets as well:

Unzip “ASP.NET MVC Snippets.zip” into “C:\Users\<username>\Documents\Visual Studio 10\Code Snippets\Visual Web Developer\My HTML Snippets”, where “C:\” is your OS drive.

If you encounter any difficulties with the installer, check out this blog post by Jacques Eloff. He developed the installer and hopefully his post can help you out. Luckily for me everything proceeded with no problems. Booting up Visual Studio 2010 Beta 1 for the first time, I was presented with the new start screen:

The new startup screen of VS2010.

The new New Project dialog.

From here, you can launch the new New Project dialog either via the File menu or by clicking “Projects” on the left side of the startup screen and then clicking the “New Project” icon. If the Asp.Net MVC 1.1 installer has been correctly installed, you will find a “ASP.NET MVC Web Application” entry under the “Web” category in the New Project dialog. Fiddle with the Name, Location, and Solution Name as always and then click OK to create your application.

Just click no and setup your own test project using not-MSTest.

After clicking OK, we would expect to be presented with the dialog that asks us if we want to create a test project for our new MVC application and indeed it does appear. MSTest is listed by default as always and was the only option available to me even though I do have MBUnit and xUnit.net showing up in this dialog in VS2008. If anyone knows an easy way to get the other test frameworks working with this dialog, please leave a comment or drop me an email. To me this isn’t a big deal, as I prefer to setup my test projects manually and don’t see a lot of value in the dialog, but I’m sure some people prefer to use it. For the sake of expediency I went and ahead and let Visual Studio create an MSTest project (better than nothing, right? maybe?) and proceeded into the project and opened up a view only to hit my next stumbling block…

Not entirely legible.

The culprit here is that in Visual Studio 2008 I use a dark theme based off the Vibrant Ink-ish theme Rob Conery posted a long time ago. Evidently the upgrade process was able to transfer over most of my foreground preferences but none of my background preferences. This left me with light text on a white background. A quick hop skip & a jump through “Tools” > “Import and Export Settings…” allowed me to import the defaults, thus making my color scheme readable, if a bit too vanilla.

Now that my application is loaded up and legible, I decided I would make a couple small changes to the application and take some of the old (and new) features for a test drive to see how they did. First I tried out controller scaffolding: right-click on the MVC application’s Controllers folder and select “Add > Controller…”. That worked fine and was able to generate the CRUD scaffolding I requested. Next I tried automatic view generation: right-click anywhere inside of an action and select “Add View…”. I was pleased to find that neither of these features had been lost and were working as expected.

Note to self: delete VB snippets.

So now I’ve created a ProductController with various actions as well as a basic view for the controller’s Index action, but I don’t have any way to navigate to that action except typing the URL in by hand. Thinking this might be a good time to try out the new snippets, I opened up the Site.Master view and added a new <li></li> to the navigation element. Having not really used snippets much before, I was temporarily lost as I expected to find them in the Toolbox (were they not in there at one point?). Luckily they were even easier to find than that, all I had to do was right-click. (On a side note, this makes it much more likely that I’ll use them – the quickest way to get me to not use a Visual Studio feature is to make me deal with the horribly slow loading toolbar). The context-menu inside of views has an “Insert Snippet…” entry that, once selected, will give you three options:  ASP.NET, HTML, and My HTML Snippets. The snippets we installed earlier were placed in our user folder, which means Visual Studio will automatically detect them and load them in to the “My HTML Snippets” folder. Selecting that folder presents you with a list of many basic HTML helper snippets.

In this case I wanted to use the first one, actionlink, to create a new call to Html.ActionLink(…). Selecting it then inserted the Html helper text as I would expect, and highlighted the arguments for the link’s text and action also as I would expect. I did notice that the snippet doesn’t automatically insert a placeholder for specifying which controller the actionlink refers to and adding a comma after the last argument did not bring up the list of overloads for Html.ActionLink that I expected to see.

With that done I hit F5 and was able to browse to my Product controller’s Index action, confirming that Asp.Net MVC is indeed working fine with Visual Studio 2010. It looks like there are still some kinks to work out, but it is already close enough that I feel confident that Beta 2’s integration should be quite good.

DevPocalypse

ASP.Net MVC + jQuery = Simple Multiplayer Action

The basic idea of the game is that multiple players can exist on a grid (a “screen”) and move around to unoccupied spaces (“blocks”) adjacent to their current location. I had grand hopes of being able to click another player to attack them and include some basic chat, but alas, it was not meant to be. At least not for this presentation. My hope is to continue working on this as a single sample app I can use to illustrate various MVC techniques for future speaking engagements.

Let’s take a gander at what the app looks like when it is running:

Yup, like I said: basic. So those two little guys are players. You can’t see it in a screenshot, but when you click a square next to where your player is standing, jQuery will smoothly animate the transition of your character from the current block to the new block. What is even neater is that when a player on a different computer moves their player, you also see the same jQuery animation execute. How are we doing this? Well first we use a simple polling script (from Game.js):

   1: $(document).ready(function() {

   2:     updateScreen();

   3:     setInterval(updateScreen, updateFrequency * 1000);

   4: });

Ultimately, this code calls an action named GetCurrentScreen on the GameController. Currently this executes twice a second so as to be nice and responsive, but of course I have no idea how that would handle under load. Here is the entire GameController class:

   1: using System;

   2: using System.Linq;

   3: using System.Web.Mvc;

   4: using DevPocalypse.Domain;

   5: using DevPocalypse.Domain.Repositories;

   6: using DevPocalypse.Website.App.ModelBinders;

   7:

   8: namespace DevPocalypse.Website.Controllers

   9: {

  10:     [Authorize]

  11:     public class GameController : Controller

  12:     {

  13:         public ICharacterRepository CharacterRepository { get; set; }

  14:         public IScreenRepository ScreenRepository { get; set; }

  15:

  16:         public ViewResult Index()

  17:         {

  18:             ViewData["Title"] = "Play!";

  19:             return View();

  20:         }

  21:

  22:         public JsonResult GetCurrentScreen(

  23:             [ModelBinder( typeof( CurrentCharacterBinder ) )]

  24:             Character currentCharacter

  25:             )

  26:         {

  27:             // IE will cache aggressively if we don't set our expiration date

  28:             Response.ExpiresAbsolute = DateTime.Now.AddYears( -1 );

  29:

  30:             // get screen character is on, and a list of all characters on that screen

  31:             var screen = ScreenRepository.Retrieve().Where( s => s.ID == currentCharacter.ScreenID ).Single();

  32:             var characters = CharacterRepository.Retrieve().Where( c => c.ScreenID == screen.ID ).ToList();

  33:             return Json( new { Screen = screen, MyCharacter = currentCharacter, Characters = characters } );

  34:         }

  35:

  36:         public void MoveTo(

  37:             [ModelBinder( typeof( CurrentCharacterBinder ) )]

  38:             Character currentCharacter,

  39:             int x,

  40:             int y

  41:             )

  42:         {

  43:             currentCharacter.X = x;

  44:             currentCharacter.Y = y;

  45:             CharacterRepository.Update( currentCharacter );

  46:         }

  47:     }

  48: }

Pretty simple, huh? Note how nice and easy it was to return an anonymous type as a JSON (JavaScript Object Notation) object via the Json(obj) method. Finally, here is the bit of Game.js that performs the actual animation (this is done in a loop updating all characters – hence the id and c variables):

   1: $("#" + id).animate({

   2:     left: currentCharacters[c].X * 33,

   3:     top: currentCharacters[c].Y * 33

   4: }, updateFrequency * 1000 / 4);

Gotta love jQuery. There is plenty more to look at in the source, so feel free to download it, check it out, play around with it – use it for whatever you want.

Thanks, and I hope to see you at the next CodeCamp!

Download: DevPocalypse.zip (762.63 kb)

I don’t yet have word on the final presentation schedule, but here is the abstract for the presentation I will be giving:

Creating an AJAX MMORPG With jQuery & Asp.Net MVC

C’mon, it’s Saturday, let’s take a break from those enterprise class systems and make something that we can enjoy ourselves! Over the past several years users have become increasingly conditioned to expect a fast, responsive UI that communicates changes in a clear manner – even in the apps we build at our day jobs. We’ll see how jQuery allows us to build such a UI using AJAX and animations in a quick, cross-platform manner. We’ll also see how ASP.Net MVC makes it easier than ever to integrate with AJAX frameworks like jQuery. By the end of our session, we’ll even have a fun little game to play!

In the following two weeks I’ll be posting the code I’m currently creating as the basis of this presentation to my blog so that everyone can download it and check it out. I hope to see some of you at the CodeCamp!

Pre-Conference / Sunday, Oct. 26

• 10:00 AM – 5:45 PM
  Creating Rich Internet Applications with Silverlight

Day One / Monday, Oct. 27

• 8:30 AM – 11:00 AM
  Keynote Address
• 11:00 AM – 12:45 PM
  A Lap Around Cloud Services (Part 1)
• 12:45 PM – 1:45 PM
  Microsoft Expression Blend: Tips & Tricks
• 1:45 PM – 3:30 PM
  ASP.Net 4.0 Roadmap
• 3:30 PM – 5:15 PM
  A Lap Around Cloud Services (Part 2) or…
  ASP.NET MVC: A New Framework for Building Web Applications
• 5:15 PM – 6:30 PM
  Developing and Deploying Your First Cloud Service or…
  Microsoft .NET Framework: Overview and Applications for Babies or…
  Windows Workflow Foundation 4.0: A First Look

Day Two / Tuesday, Oct. 28

• 8:30 AM – 12:45 PM
  Keynote Address
• 12:45 PM – 1:45 PM
  Windows 7: Welcome to the Windows 7 Desktop
• 1:45 PM – 3:30 PM
  Essential Cloud Storage Services
• 3:30 PM – 5:15 PM
  Microsoft Visual Studio: Easing ASP.NET Web Deployment
• 5:15 PM – 6:30 PM
  Entity Framework Futures or…
  ASP.NET and JQuery or…
  Architecting Services for the Cloud

Day Three / Wednesday, Oct. 29

• 8:30 AM – 10:30 AM
  Keynote Address
• 10:30 AM – 12:00 PM
  WCF 4.0: Building WCF Services with WF in Microsoft .NET 4.0
• 12:00 PM – 1:15 PM
  Microsoft XNA Game Studio: An Overview
• 1:15 PM – 3:00 PM
  “Oslo”: Customizing and Extending the Visual Design Experience
• 3:00 PM – 4:45 PM
  A Day in the Life of a Cloud Service Developer or…
  Oomph: A Microformat Toolkit or…
  “Oslo”: Repository and Models
• 4:45 PM – 6:00 PM
  A Lap around “Oslo”

Day Four / Thursday, Oct. 30

• 8:30 AM – 10:15 AM
  WCF: Developing RESTful Services
• 10:15 AM – 12:00 PM
  Services Symposium: Enterprise Grade Cloud Applications
• 12:00 PM – 1:45 PM
  Cloud Computing: Programming in the Cloud
• 1:45 PM – 3:00 PM
  ASP.NET AJAX Futures or…
  Workflow Services: Orchestrating Services and Business Processes Using Cloud-Based Workflow

Download ASP.Net MVC Beta

For those who, like me, have been following along with each preview push at the CodePlex project, I found a list of changes made between Preview 5 and Beta buried at the bottom of the Release Notes document. Here they are in their entirety:

Changes Made Between CodePlex Preview 5 and Beta

Even though the last official release of ASP.NET MVC was ASP.NET MVC Preview 3, many developers downloaded and used the interim CodePlex releases. This section describes changes and bug fixes that have been made between CodePlex Preview 5 and Beta.

Changes

• Changed the default validation messages to be more end-user friendly.
• Renamed CompositeViewEngine to AutoViewEngine.
• Added a Url property to Controller of type UrlHelper. This makes it convenient to generate routing-based URLs from within a controller.
• Added the ActionNameSelectorAttribute abstract base class, which serves as the base type for ActionNameAttribute. By inheriting from this base attribute class, you can create custom attributes that participate in action selection by name.
• Added a new ReleaseView method to IViewEngine that allows custom view engines to be notified when a view is done rendering. This is useful for cleanup or for view-pooling scenarios.
• Renamed the ControllerBuilder method DisposeController to ReleaseController to fit with the pattern that is established for view engines.
• Removed most of the methods on the HtmlHelper class, converting them to extension methods of the HtmlHelper class instead. These methods exist in a new namespace (System.Web.Mvc.Html). If you are migrating from Preview 5, you must add the following element to the namespaces section of the Web.config file:<add namespace=”System.Web.Mvc.Html”/>

  This makes it possible for you to completely replace our helper methods with your own.

• Changed the default model binder (DefaultModelBinder) to handle complex types. The IModelBinder interface has also been changed to accept a single parameter of type ModelBindingContext.
• Added a new HttpVerbs enumeration that contains the most commonly used HTTP verbs (GET, POST, PUT, DELETE, HEAD). Also added a constructor overload to AcceptVerbsAttribute that accepts the enumeration. The enumerated values can be combined. For example, the following snippet shows an action method that can respond to both POST and PUT requests.[AcceptVerbs(HttpVerbs.Post | HttpVerbs.Put)]
  public ActionResult Update() {
  }

  Because it is possible to respond to HTTP verbs that are not included in the enumeration, the AcceptVerbsAttribute retains the constructor that accepts an array of strings as a parameter.

• Modified the RadioButton helper method to ensure that every overload accepts a value. Because radio buttons are used to specify a choice from a set of possible values, specifying a value for a radio button is necessary.
• Made modifications and fixes to the default project template. This includes moving script files to a new Scripts folder. The default template uses the ModelState class to report validation errors.
• Changed action-method selection. If two action methods match a request, but only one of those has an attribute that derives from ActionMethodSelectorAttribute that matches the request, that action is invoked. In earlier releases, this scenario resulted in an exception.For example, the following two action methods are in the same controller:

  public ActionResult Edit() {
  //…
  } [AcceptVerbs(HttpVerbs.Post)]

  public ActionResult Edit(FormCollection form) {
  //…
  }

  In Preview 5, a POST request for the Edit action would cause an exception, because two methods match the request. In the Beta, precedence is given to the method that matches the current request via the AcceptVerb attribute. In this example, the first method will handle any non-POST requests for the Edit action.

• Added an overload for the ViewDataDictionary.Eval method that accepts a format string.
• Removed the ViewName property from the ViewContext class.
• Added an IValueProvider interface for value providers, along with a default implementation, DefaultValueProvider. Value providers supply values that are used by the model binders when binding to a model object. The UpdateModel method of the Controller class has been updated to allow you to specify a custom value provider.

Bug Fixes

• Fixed a bug in which the ignore-routes setting (created by using the IgnoreRoute extension method) affected URL generation.
• Fixed a view engine caching bug when the application is not in debug mode (that is, when debug=”false” is set in the Web.config file). This bug occurred if different action methods in different controllers had the same name. In that case, an action method could render the view for the wrong controller.
• Fixed a bug in OutputCacheAttribute in which cached authenticated content did not require authentication. Even though the content is cached, if it requires authentication, the user should be required to authenticate first before seeing the cached content.
• Fixed a bug in which RenderPartial does not work when tracing is turned on.
• Fixed a bug in the Html.TextArea helper method in which an overload was not looking in ViewData for its value when the provided value is null.
• Fixed the OutputCacheAttribute.CacheProfile property so that it works in Medium Trust.

Upgrading from CodePlex Preview 5 to Beta

There are not many changes between ASP.NET MVC Preview 5 and Beta. However, you will need to make a few changes to your applications after you install the Beta release. Most of these changes are apparent when you try to compile your application by using the latest binaries, so we do not list every possible change. The compiler will guide you there. The following list describes some of the changes that you must make.

• Update the references to the following assemblies to point to the new Beta versions of the assemblies:System.Web.Abstractions.dll
  System.Web.Routing.dll
  System.Web.Mvc.dll

  By default, these assemblies are located in the following folder:

  %ProgramFiles%Microsoft ASP.NETASP.NET MVC Beta

• In the Web.config namespaces section, add the following namespace entry if it is not there already:<add namespace=”System.Web.Mvc.Html”/>
• The Form HTML helper was renamed to BeginForm.
• After you have made these changes, compile your application and resolve any compilation errors. Most of the errors will be the result of one of the breaking changes listed earlier.

I promised that I would post the project that we created tonight (a basic blog engine), which you can now find linked below. There are three projects in the solution:

1. MvcTutorials.Blog.Domain
   This project has the Comment & Post entities, as well as the repositories used to populate them.
2. MvcTutorials.Blog.Domain.Bootstrap
   This project adds random data to the blog database for testing.
3. MvcTutorials.Blog.ReferenceWebsite
   This is the MVC website I created prior to the meeting to decide what I was going to present and how long it would take to do it. This is where you’ll find the code we wrote tonight.

If you want to run the project, make sure you have SQL Server Express installed and create a database named “MvcTutorial-Blog”. Afterward you can run the “MvcTutorials.Blog.Domain.Bootstrap” project to insert test data and run the website project.

Be sure to let me know if there are any questions or comments about tonight’s presentation or this post’s code!

Presentation Materials:
MvcTutorial-Blog.zip (307.06 kb)

When:

September 24, 2008 – 7PM to 9PM

Where:

Cynergy Systems Inc.
1600 K St NW
Suite 300
Washington, DC 20006
GoogleMaps

More Info:

Matthew Podwysocki's Blog Post

Why does the MVC Membership Starter Kit still exist?

The biggest change affecting the MVC Membership Starter Kit is that the default ASP.Net MVC Web Application project includes login/logout, register, and change password functionality as of Preview 4. This is great and I’m glad to see them do it. It is my hope they will eventually include membership administration functionality as well. For now, however, they haven’t included it. This leaves three main features that are now driving the existence of this project:

1. Membership Administration
   What good is registration, login, and logout if a site’s owner cannot change a user’s roles or manage their user base? While Visual Studio’s Web Site Administration Tool covers most of your bases during development, it isn’t a real option for use by web site administrators in a production application.
2. OpenID Integration
   Preview 4’s built-in login functionality only covers the use of standard username/password authentication. It seems likely that this will continue, as I am not aware of any plans for official OpenID support within the .Net framework. We are using Andrew Arnott & co’s DotNetOpenId project to help you let your users log in using OpenID.
3. WindowsLive LiveID Integration
   Maarten’s LiveID integration has unfortunately not made this release. I anticipate that it will be available again for the next release, which will target the first beta release of ASP.Net MVC.

What has changed?

1. No more login/logout/password retrieval.
   Because the AccountController and its views are now included by default in new projects, the need for this functionality has gone away.
2. Less assemblies to reference.
   Rather than the MembershipAdministrationController and other code being compiled into a separate assembly that you must include, you now drop the controllers directly into your web app. This allows you to easily change the code as your project evolves. The starter kit’s implementation is really just a starting point that you can build off of.
3. Controllers are split.
   In previous releases the OpenID and WindowsLive login functionality was included in the MembershipAuthenticationController. The OpenID functionality has since been moved into a separate controller with separate views. This was done because (a) the MembershipAuthenticationController no longer exists and (b) moving forward more of the pieces of this kit will be separated from each other so that you can include them a la carte.

Download

You can download the Preview 5 release of the MVC Membership Starter Kit from CodePlex:

http://www.codeplex.com/MvcMembership…?ReleaseId=16809

I’ll let Francois’ comment explain the problem (emphasis mine):

Tuesday, July 08, 2008 4:16 PM by Francois Ward

Hmm, I didn’t look into it much, but is that -safe-? I mean, if the variables in the index function are filled up automatically… it would be ok if it was only one type (all cookies, or all server variables), but since you can mix and match, whats to present me from forging a request with a cookie with the same name as the server variables?

I mean, it is already possible to forge anything client-related, for obvious reason… but forging info that potentially come from the server? That seems…awkward…

(again, keep in mind this is just my first reaction, maybe if I think it through I’ll realise what I just said is totally stupid )

Like Francois said, cookies are easily forged client-side anyway, but most developers tend to rely on the truthiness of our server variables, specifically those that don’t come over in the HTTP request. Let me demonstrate how the issue plays out.

For our example I have created a method on the HomeController named Test that takes four parameters that match server variable names. Below are the descriptions of each from MSDN’s IIS Server Variables article:

• REMOTE_ADDR
  MSDN Says, “The IP address of the remote host that is making the request.”
• LOGON_USER
  MSDN Says, “The Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.”
• REQUEST_METHOD
  MSDN Says, “The method used to make the request. For HTTP, this can be GET, HEAD, POST, and so on.”
• SERVER_NAME
  The server’s host name, DNS alias, or IP address as it would appear in self-referencing URLs.

My biggest concern is LOGON_USER. As described by MSDN this variable normally stores whatever the value of REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER is, except when you have a third party authentication filter installed. The purpose of these authentication filters is to map the value of one of the above three request variables to a different local name. For example, you may be using a filter to map “DOMAINTroyGoode” to “DOMAIN-DMZStandardUser” and to map “DOMAINScottGuthrie” to “DOMAIN-DMZAdministrator”. If you are using such a filter and then add LOGON_USER as a parameter to one of your actions, you are suddenly opening up the ability for anyone to circumvent that authentication filter.

Here is the action I have created:

   1: public void Test(   string REMOTE_ADDR,

   2:                     string LOGON_USER,

   3:                     string REQUEST_METHOD,

   4:                     string SERVER_NAME )

   5: {

   6:     Response.Write(

   7:         string.Format(  "<div>Remote IP: {0}</div>" +

   8:                         "<div>User: {1}</div>" +

   9:                         "<div>Request Method: {2}</div>" +

  10:                         "<div>Server Name: {3}</div>",

  11:             REMOTE_ADDR,

  12:             LOGON_USER,

  13:             REQUEST_METHOD,

  14:             SERVER_NAME

  15:         )

  16:     );

  17: }

And here is what this action will output without any fiddling:

Now I’ll tweak the Url a bit:

First Url:

http://localhost:63260/Home/Test

Second Url:

http://localhost:63260/Home/Test?REMOTE_ADDR=Any.IP.I.Want&LOGON_USER=YourDomainAdministrator&REQUEST_METHOD=POST&SERVER_NAME=microsoft.com

And voilà, mischief achieved:

Now I’m no Kevin Mitnick, but I can assure you that if I can come up with something like this in an hour or so, a dedicated hacker that is probably far smarter than I will likely give you a lot of heartache if you make use of this feature. Have any “developer mode checks” that check for 127.0.0.1 or localhost? Have any filters to try and prevent GETs on certain actions? Relying on server variables passed in to your actions would make those scenarios (and many others) unwise.  Just say no.

In my opinion this feature (the server variable portion) should just be removed from the MVC framework entirely or something should be put in place to prevent overwriting parameters named the same as a server variable.