and Lambda Expressions
</div>
Working with Named Routes
Unit Testing Your Routes
Testing Inbound URL Routing
Testing Outbound URL Generation
Further Customization
Implementing a Custom RouteBase Entry
Implementing a Custom Route Handler
URL Schema Best Practices
Make Your URLs Clean and Human-Friendly
Follow HTTP Conventions
Search Engine Optimization
CHAPTER 9 : Controllers and Actions
An Overview
Comparisons with ASP.NET WebForms
All Controllers Implement IController
The Controller Base Class
Receiving Input
Getting Data from Context Objects
Using Action Method Parameters
Invoking Model Binding Manually in an Action Method
ProducingOutput
Understanding the ActionResult Concept
Returning HTML by Rendering a View
Performing Redirections
Returning Textual Data
Returning JSON Data
Returning JavaScript Commands
Returning Files and Binary Data
Creating a Custom Action Result Type
Using Filters to Attach Reusable Behaviors
Introducing the Four Basic Types of Filters
Applying Filters to Controllers and Action Methods
Creating Action Filters and Result Filters
Creating and Using Authorization Filters
Creating and Using Exception Filters
Bubbling Exceptions Through Action and Result Filters
The [OutputCache] Action Filter
Other Built-In Filter Types
Controllers As Part of the Request Processing Pipeline
Working with DefaultControllerFactory
Creating a Custom Controller Factory
Customizing How Action Methods Are Selected and Invoked
Testing Controllers and Actions
How to Arrange, Act, and Assert
Testing a Choice of View and ViewData
Testing Redirections
More Comments About Testing
Mocking Context Objects
CHAPTER 10 : Views
How Views Fit into ASP.NET MVC
The WebForms View Engine
View Engines Are Replaceable
WebForms View Engine Basics
Adding Content to a View Template
Five Ways to Add Dynamic Content to a View Template
Using Inline Code
Why Inline Code Is a Good Thing in MVC View Templates
Understanding How MVC Views Actually Work
Understanding How ASPX Templates Are Compiled
Understanding ViewData
Rendering ViewData Items Using ViewData.Eval
Using HTML Helper Methods
The Framework’s Built-In Helper Methods
Creating Your Own HTML Helper Methods
Using Partial Views
Creating a Partial View
Rendering a Partial View Using Server Tags
Using Html.RenderAction to Create Reusable Widgets with
Application Logic
What Html.RenderAction Does
When It’s Appropriate to Use Html.RenderAction
Creating a Widget Based on Html.RenderAction
Sharing Page Layouts Using Master Pages
Using Widgets in MVC View Master Pages
Implementing a Custom View Engine
A View Engine That Renders XML Using XSLT
Using Alternative View Engines
Using the NVelocity View Engine
Using the Brail View Engine
Using the Spark View Engine
Using the NHaml View Engine
CHAPTER 11 : Data Entry
Model Binding
Model-Binding to Action Method Parameters
Model-Binding to Custom Types
Invoking Model Binding Directly
Model-Binding to Arrays, Collections, and Dictionaries
Creating a Custom Model Binder
Using Model Binding to Receive File Uploads
Validation
Registering Errors in ModelState
View Helpers for Displaying Error Information
How the Framework Maintains State in Input Controls
Performing Validation During Model Binding
Moving Validation Logic into Your Model Layer
About Client-Side (JavaScript) Validation
Wizards and Multistep Forms
Verification
Implementing a CAPTCHA
Confirmation Links and Tamper-Proofing with HMAC Codes
CHAPTER 12 : Ajax and Client Scripting
Why You Should Use a JavaScript Toolkit
ASP.NET MVC’s Ajax Helpers
Fetching Page Content Asynchronously Using Ajax.ActionLink
Submitting Forms Asynchronously Using Ajax.BeginForm
Invoking JavaScript Commands from an Action Method
Reviewing ASP.NET MVC’s Ajax Helpers
Using jQuery with ASP.NET MVC
Referencing jQuery
Basic jQuery Theory
Adding Client-Side Interactivity to an MVC View
Ajax-Enabling Links and Forms</div</p>
Client/Server Data Transfer with JSON
Fetching XML Data Using jQuery
Animations and Other Graphical Effects
jQuery UI’s Prebuilt User Interface Widgets
Implementing Client-Side Validation with jQuery
Summarizing jQuery
CHAPTER 13 : Security and Vulnerability
All Input Can Be Forged
Forging HTTP Requests
Cross-Site Scripting and HTML Injection
Example XSS Vulnerability
ASP.NET’s Request Validation Feature
Filtering HTML Using the HTML Agility Pack
Session Hijacking
Defense via Client IP Address Checks
Defense by Setting the HttpOnly Flag on Cookies
Cross-Site Request Forgery
Attack
Defense
Preventing CSRF Using the Anti-Forgery Helpers
SQL Injection
Attack
Defense by Encoding Inputs
Defense Using Parameterized Queries
Defense Using Object-Relational Mapping
Using the MVC Framework Securely
Don’t Expose Action Methods Accidentally
Don’t Allow Model Binding to Change Sensitive Properties
CHAPTER 14 : Deployment
Server Requirements
Requirements for Shared Hosting
IIS Basics
Understanding Web Sites and Virtual Directories
Binding Web Sites to Hostnames, IP Addresses, and Ports
How IIS Handles Requests and Invokes ASP.NET
Deploying Your Application
Copying Your Application Files to the Server
Using Visual Studio ’s Publish Feature
Making It Work on Windows Server /IIS 6
Making It Work on IIS 7
Making Your Application Behave Well in Production
Supporting Changeable Routing Configurations
Supporting Virtual Directories
Using ASP.NET’s Configuration Facilities
Controlling Compilation on the Server
Detecting Compiler Errors in Views Before Deployment
CHAPTER 15 : ASP.NET Platform Features
Windows Authentication
Preventing or Limiting Anonymous Access
Forms Authentication
Setting Up Forms Authentication
Using Cookieless Forms Authentication
Membership, Roles, and Profiles
Setting Up a Membership Provider
Using a Membership Provider with Forms Authentication
Creating a Custom Membership Provider
Setting Up and Using Roles
Setting Up and Using Profiles
URL-Based Authorization
Data Caching
Reading and Writing Cache Data
Using Advanced Cache Features
Site Maps
Setting Up and Using Site Maps
Creating a Custom Navigation Control with the Site Maps API
Generating Site Map URLs from Routing Data
Internationalization
Setting Up Internationalization
Tips for Working with Resource Files
Using Placeholders in Resource Strings
Performance
HTTP Compression
Tracing and Monitoring
Monitoring Page Generation Times
Monitoring LINQ to SQL Database Queries
CHAPTER 16 : Combining MVC and WebForms
Using WebForms Technologies in an MVC Application
Using WebForms Controls in MVC Views
Using WebForms Pages in an MVC Web Application
Adding Routing Support for WebForms Pages
Using ASP.NET MVC in a WebForms Application
Upgrading an ASP.NET WebForms Application to Support MVC
Getting Visual Studio to Offer MVC Items
Interactions Between WebForms Pages and MVC Controllers