Improvements to Model Binding in ASP.NET Core

Model Binding has been a popular feature of ASP.NET MVC, but has, before now, had some minor restrictions. ASP.NET Core now has enhanced model binding: If a value passed via routes, posted data, or query strings couldn't be bound appropriately, it forced a global exception. Now, there are a number of ways of providing a more graceful reaction to incorrect data. You can now force the binding to a given source or create new sources for binding to. Dino Esposito explains.… Read more

Model Binding in ASP.NET Core

Model binders work under the covers in ASP.Net MVC to provide the data for the action methods on a controller class. This data is held by the incoming HTTP request embedded into POST-ed form values, and maybe even the URL itself. Much magic is performed to get this right and, with some care, you can ensure that you can bind to object data, arrays and collections, as well as providing default values.… Read more

The Common Problems of Data Grids

Data grids are easy to do in HTML, and if we want anything complicated in terms of scrolling, locking and data entry, we usually shrug and buy a component to do it. However, there is a lot to be said for the approach of creating tables using a basic JavaScript platform such as jQuery, perhaps using a plugin which you can then customise. Dino talks you through this approach, showing how to take the DataTables plugin and implement locked columns, on-demand paging and filtering.… Read more

When a Single ASP.NET Client makes Concurrent Requests for Writeable Session Variables

The design of ASP.NET includes the valuable session variables that enable the application to keep track of individual sessions. Unfortunately the ASP.NET pipeline will not process requests belonging to the same session concurrently but queues them, and executes them serially. MVC locks session variables to ensure thread safety and concurrency control, but takes a conservative approach to polling for these locks. Do you always need this level of thread safety? If not, what can you do to improve performance when you need to use writeable session variables?… Read more

Printing from ASP.NET MVC

Even though we're less inclined to print web-pages nowadays, it often makes sense to save useful content from a website as a PDF file to read offline. Modern browsers give us everything we need to do that, and there is much that the website designer can do to improve the results. However, there are times that something more demanding is required, such as a properly-formatted invoice or chart, and then the web application needs a way of creating PDFs directly. … Read more

Code Smells: Raw Strings and the Subtle Syntax Catastrophe

All sorts of complex data can be represented as a string but that doesn't mean you can treat them merely as strings. There are so many things that can go wrong if you assume that generic string operations such as concatenation can serve to create complex markup, expressions, codes and serialised objects. It pays instead to create dedicated builders for any such complex data that you may need to create. Michael Sorens explains some defensive coding to make for a more robust application.… Read more

Securing Web Applications

If you are developing a web application, almost every design decision you make can introduce a security flaw if you get it wrong. Although attacks are becoming more common, and more widely reported, the same common errors continue to provide the most opportunities for hackers. OWASP provides a 'top ten' security problems. Vishwas here describes them and explains how to avoid them… Read more

Pragmatic Web Error Handling in ASP.NET MVC

There is a pragmatic approach to error handling in ASP.NET MVC. This is the idea of recovering gracefully from those unhandled exception errors where remedial action cannot be taken under the current context, by passing control to a specified URL that is designed to deal with a particular category of application-specific error. Dino Esposito elaborates on a pattern that prevents unhandled exceptions from bubbling up well beyond the intended sco… Read more

Multi-Step Input Forms in ASP.NET MVC

It is a common problem with a web page that a form is too complex to fit easily on the page. You can, of course, rely on the scrollbar, but it soon becomes a daunting and erratic process for the poor user. Wizards, that allow you to guide the user through a process, are great but take time to set up. Is there a simple solution for those occasions where there is too much data-entry for a form but a full wizard seems like overkill?… Read more

Is JavaScript Single-Threaded?

Developing JavaScript for web pages can be perplexing. You will get errors that seem to make no sense, You will be given nuggets of advice about how and when you can use JavaScript to manipulate the DOM or make Ajax requests. It is far better to understand the reason for these rules; the single-threaded nature of JavaScript, and how it loads the page and manages the event loop. How can you achieve parallel processing and what is the best way? Igor makes it all clear and obvious.… Read more

Taking Pictures from HTML

Sometimes a request from a user who doesn't appreciate the limitations of the technology can jolt you into discovering that an application feature that was, until recently, difficult to achieve is suddenly relatively easy. Dino was asked to allow the user to take photographs and associate them with an item of work. After he'd recovered from the shock, he decided that it was achievable, and now describes how he went on and did it.… Read more

Accepting Dates in Web Pages

Surely, not much could be simpler than using the HTML INPUT element? Actually, it was always a trouble for dates, what with having to check dates for validity and coping with all the languages and conventions. Now with HTML5, the 'date' type, and so many date-pickers that are either built-in or part of frameworks, it can become a complex decision about how you best deal with date input. Dino explains the issues of inputting dates into web applications.… Read more

Crossing the Site Domain with JavaScript

Browsers try to prevent a range of malicious attacks by preventing content being accessed by a web page from a different domain to the one that the page was fetched from. If you have a legitimate need to do this, it is a bad idea to disable this method of defence: Instead, there are more legitimate and safer ways of performing cross-domain JavaScript calls such as JSONP or Cross-Origin Resource Sharing, as Dino explains.… Read more

A Real-World React.js Setup for ASP.NET Core and MVC5

React is a front-end user interface library developed by Facebook, originally to help them improve their own site. Since then it has grown into somewhat of a phenomenon, with many active users. In this article, Jon Smith provides multiple examples of how to use React with recently released ASP.NET Core MVC, and the existing ASP.NET MVC5 framework.… Read more

The Plain Simple Password Page Not So Simple Anymore

The requirements for the management of passwords have become far more complex over the past few years in response to the increasing sophistication of security breaches. Nowadays, you need to provide a range of features such as hashing, routine change of passwords, preventiion of repeat passwords, email confirmation, auto-generation of random passwords and password quality checks. Dino Esposito explains.… Read more

ASP.NET Core: A More Realistic Starter Kit

ASP.NET Core is a fascinating platform with many good ideas, but in its present form (RC1)there is a culture shock for experienced ASP.NET developers to experience the effort involved in porting a realistic application. There is an obvious advantage in being able to host an application on any web server, but is this enough to compensate for losing the convenience of an integrated pipeline?… Read more

Posting Form Content via JavaScript

Web-based applications run smoother if instead of using the traditional form method, they use JavaScript to post data to the server and to update the user interface after posting data: It also makes it easier to keep POST and GET actions separated. SignalR makes it even slicker; it can even update multiple pages at the same time. Is it time to use JavaScript to post data rather than posting via the browser the traditional way?… Read more

Introduction to Bower, Grunt, and Gulp in Visual Studio

Developers are now spending much more time writing and debugging JavaScript, CSS, HTML templates etc. Microsoft have responded by adding better tools for front-end development into their development environment, Visual Studio. In this article Jon Smith uses a sample application to demonstrate how he converted an existing ASP.NET MVC5 application to use these new tools… Read more