Category: ASP.Net

Forms Authentication and Membership : Still going strong and .Net framework have come a long way. 1.0 went through a major change with the introduction of ASP.Net 2.0 having several boiler plate features which did not exist in the 1.0 version. Providers were a major component of these features with Membership and Roles added on top of Forms Authentication which was introduced with the 1.x version itself. Since then the combination of Forms authentication with Membership and Role Providers are a strong and proven mechanism that can be used to take care of Authentication as well as Authorization needs of a .Net web application. Together they can be used to Validate a User with Membership and then Create / Manage a Authentication ticket with Forms Authentication.

I just recently started an ASP.Net MVC3 project with .Net framework 4. The MVC3 project template gives you a choice to add all the basic code to implement your security via Forms Authentication / Membership . I have had 4 successful projects with Forms / Membership – 2 were even integrated with SSO. I had all the reason to go for it because I felt very comfortable with it. I must say it took me only at most an hour to configure everything the way I wanted it to work. I did not have to struggle with anything or learn any new technology tricks. I loved that feeling , because every step of the way otherwise you end up learning something new with every version that’s introduced. I don’t consider that a bad thing , however as much as changing technologies are good to have,  stable features give you the comfort and speed required to get the project going. ASP.Net MVC has kept all the goodness except that now the security functions are called via Controller / Action methods.

Forms Authentication and Membership Timeline

Together they can be used to Validate a User with Membership and Create / Manage a Authentication ticket with Forms Authentication.

ASP.Net MVC has kept all the goodness except that now the security functions are called via Controller / Action methods.

If you are using Single Sign On with some kind of federated database , it’s really easy to integrate the two together as well. Just make sure that the credentials which exist in the federated database also exist in the ASP.Net membership database. Once the credentials are authenticated in the SSO database , you take the same credentials and validate them against the Membership database and assign Roles accordingly if you have them. The only catch is if the SSO system creates an authentication ticket that has it’s own expiry , you need to make sure you are signed out of the SSO system when the user signs out of forms authentication system. Forms authentication system creates it’s own ticket – which has it’s own expiry.

Not that the Forms authentication / Membership system is suitable for all systems – several larger corporations have their own home grown authentication and authorization systems. Their custom needs may be complicated enough not be able to use Forms Authentication / Membership . However for all small and mid sized applications, where a reliable boiler plate security mechanism is required , the Forms Authentication / Membership works without any major issues. It is also comforting to see that it is stable enough for Microsoft to have kept it the same way without having the need to make many changes through version 4. Just thought I should discuss this via blog because good to see something stable and strong in an ever changing world of technology.

UX Designers and Developers: Bridging the gap

The other day I was watching a presentation on SlideShare about how the UX designers can work with Developers without getting into conflicts. All my career like many Software Engineers I have had to interact closely with UX designers …the problem mostly stems from the fact that the tools used by both the groups are different as well as the frameworks and languages to achieve the end result . There is some overlap between the two with Javascript / JQuery – however, depending on whether the Client Script impacts the UX interaction or some server related activity , the designer or the developer takes over the definition of the code. A synergy needs to be created between both of them because at the end of the day the UI that we see is the combined effort of these two groups.

The tools and frameworks themselves don’t offer much in terms of creating that collaboration and synergy – however as part of the process , the groups need to mingle and work side by side. Designers do need to understand how the developers incorporate their code into the designs- and developers need to understand to a certain extent the working of Styles and HTML .

Just recently I went through two ASP.Net MVC projects and we used the help of a UX team to put together our styles and layouts. As usual, the mock ups were created which the developers used to incorporate their code into, to achieve the end user requirement of the UI.   There were issues with how the developers had used the mock ups with their code , as expected. Most times the designer would call me and say hey I need to be able to run the web page in development like the developers do, so when I make a change I see it and go through iterations. I made a decision that she needs to get familiar with running the solution in Visual Studio 2010. This helped a lot – saved us precious time by the designer not having to ask the developers to make a fix and publish it on the dev server. The designer at the same time was happy having the independence to make the change in the final UI and seeing the page in debug mode.

One of the other bad practices I noticed with a recent client is that the UX designers would put their wire frames either in Dropbox or zip them up and email the development team. The development team had to always download them and copy one by one in their project. There was no version history , no way to tell what changed other than looking at the rendered page . This can become a development nightmare in a very UI centric project.

All mock ups and styles should be version controlled , preferably in a similar version control system as being used by Developers. This makes it easy for Developers to compare the changes as well as Share the styles if it makes sense into their project from the styles folder of the Designer team in Source control .

I am not sure in the future how much will be offered by Development tool makers in terms of both Developers and Designers being able to use the same tool to do their jobs. However I think if Designers and Developers both understand to a certain extent each other’s code , work side by side and follow good version control practices,  the UI development would be much less of a hassle. The Designers need to understand the interweaving of Server side code with Client side code and the Developers need to understand Javascript , CSS and HTML standards to a reasonable extent.

So there need not be any love lost between Designers and Developers – collaboration and communication can surely bridge the gap.

ASP.Net MVC : Diving a little more deep

As we further continue our journey of understanding the MVC better , a great way to learn any framework is to examine the source code. Fortunately the source code is available for MVC framework to download or browse over the web at CodePlex ( I have provided the link to Source code below) . Currently they have the latest Version 3 RTM code available to look at. In my case this part came much later because I had an aggressive timeline and there was not much time to learn. However giving the framework source code a thorough look will make you very comfortable with the use of the framework itself because you are able to analyse what happens behind the scenes very well. Not only that, having gone under the hood gives a lot more command over how to effectively achieve the required results without breaking into too much sweat and frustration. A huge productivity gain if you put in some upfront time diving deeper in understanding of design.

A question I have seen a lot in discussion forums being asked is how come ASP.Net MVC does not implement the Observer pattern with Models and Views? In my last post I have mentioned that MVC is a strong use case of Observer pattern in certain scenarios. MVC was conceived for Desktop applications and it is much simpler to have several instances of Views of the same Model and update all the Views when a Model state changes by either one of the Views or some other means. However in the web paradigm generally a View instance is not even available in real time after the View object finishes rendering the HTML. The Model is more passive in nature unlike in an Observer pattern where the Model notifies the Subscriber Views of changes. The Model simply supplies the data that View queries and presents. This does not in any way violate the MVC principle because the MVC pattern’s essential goal is to separate or loosely couple the Model from the Presentation or the View.

Hence to achieve MVC in web applications a variation of basic MVC was developed called Model 2. In Model 2 the request from the Client Browser is passed to a Controller. In case of ASP.Net MVC this is a central Controller called Front Controller which simply takes a Http request, parses it to create the right Controller instance to execute the right Action. To see this implementation you can look at the MvcHandler.cs in source which acts as the Front Controller –

1) ProcessRequest function of the handler parses the request to create the right controller instance.

2) The ControllerBase.cs has the definition for the Execute() function that in turn executes the request. The Controller.cs derives from ControllerBase implementing the IController interface which has the contract for Execute() method. All controllers derive from the Controller.cs.  This method gets called from the ProcessRequest of MvcHandler.

3 ) The actual invocation of action  is done by the InvokeAction method of the ControllerActionInvoker.cs class. The InvokeAction returns an ActionResult type which is an abstract representation of the type of the View that gets returned.

The intention of outlining above is to give you a way to trace the sequence of flow in the Source Code of how the Model 2 was achieved. This completes the understanding of how the request went through the pipeline and completed. I would not like include the actual code listings here: it is a good exercise to have a look at the code yourself and trace out the pipeline.

There are several references to get a better understanding of the Model 2 itself. I suggest to go though Model 2 on Page. 549 of the Head First Design Patterns book. There is a great article by Dino Esposito in MSDN Magazine, which illustrates Model 2 very well here.

ASP.NET MVC 3 RTM Source code on CodePlex .


ASP.Net MVC : coming up to speed

In my last blog post I talked about how I chanced upon ASP.Net  MVC at my last project and my thoughts on whether a development group should consider it as a design choice for their future projects. In fact few months have passed since I wrote the last blog post, and ASP.Net MVC has taken another leap with MVC 3. From Microsoft’s side there is big push of course and I do see a lot of adoption from development groups in different organizations. There is a learning curve that I see most groups are going through and it can be hard or easy depending on the background that you come from your previous development tasks.

The best way to get started with ASP.Net MVC is if you already are not familiar with MVC as a pattern, familiarize yourself with it.  There are several websites that discuss it as a pattern : in the pattern world, it’s more of a ‘framework pattern’ as opposed to a ‘basic pattern’ from the Gang of Four patterns. So based on your level of understanding of patterns, start with Basic patterns aka Gof4 and then understand it as an aggregate pattern of different basic patterns. MVC itself is acheived by different pattern proponents and architects as an aggregate of different types of patterns: like in Head First Design Patterns book, the authors acheive MVC by combining the Observer , Strategy and the Composite pattern.  You will observe after your readings that several implementations of MVC are a strong use case of Observer pattern where Views subscribe to changes in the Model – also of Composite patten for the View itself.  In the web model though , the use case of Observer pattern may not exist due to the stateless nature of the View. So ASP.Net MVC is one variation of the basic MVC pattern adapted to web paradigm.

It’s the most important step to get as clear an understanding of MVC under the hood from a patterns perspective: this gives a you a much clearer perception of Model, Controller and View , their interaction. You could jump start into it by creating a “Hello World” application in Visual Studio 2008 , 2010 – however it will become very difficult as you go further in accomplishing all your programming functions because the underlying concepts are not clear, especially for those who are used to ASP.Net web forms programming.

Another important start is to pick up a good book , by now there is MVC 3 , however while I am writing this , few good books are out on MVC 2. The ones I read are books by Steve Sanderson and Jeffery Palermo , famous authors. Both are great books in their own regard: Sandeson’s book covers all basics extensively – so read that as your first basic book and Jeffery Palermo’s book covers several advanced topics , like dependency injection , different unit testing methods in a lot more detail. Both will go a long way in getting your foot in the ground , and being well prepared with your project work. I have listed at the end of the blog all the books I read to get up to speed and they helped me a lot. It is good to get few copies of books like this for the whole team and everybody reads it. Of course , there is ton of websites and without a doubt you should follow Scott Gu, Scott Hanselman, Phil Haack and Stack Overflow. The books combined with the websites will give you an understanding of the ASP.Net MVC framework which is written on top of MVC design pattern.

Another new concept that may get thrown at you with ASP.Net MVC is Routing , the ‘RESTful’ way of doing things – it’s undoubtedly a strong concept and you must be very familiar with it from day one. ‘REST’ is meant to be the way Web programming is done – as you progress you will see how important it is for you to be very clear on some concepts like the HTTP methods of GET and POST . WIKIPEDIA itself has some great information on REST , HTTP Methods etc.  As far as Routing itself is concerned the the two books I mentioned above do cover it extensively as to how to achieve it with ASP.Net MVC framework.

Here is a list of all the links for References:

Gang Of Four Patterns Book

Head First Design Patterns

Steve Sanderson’s MVC Pro Book

Jeffery Palermo’s MVC Book

Scott Guthrie

Scott Hanselman

Phil Haack


Good Luck With MVC !

ASP.Net : To MVC or not to MVC ?

I was recently faced with a situation at work to execute a ASP.Net MVC project to release. The design choice was not mine , however due to certain constraints I was asked to finish it to deployment. We have released a 1.0 version of the project now and in retrospect , if I had started the design from scratch , would I have picked the ASP.Net MVC as opposed to WebForms  which is well established and mature ?. I probably would not have considering the proven rapid time to productivity of WebForms especially when we had several deadlines looming over our heads . However, having already a project with MVC in production I realize the merits of it enough to say, the decision to do it in MVC was not a bad one at all, although we had several pitfalls on the way. Will I use MVC for my next ASP.Net project ? Most probably , yes.

I am sure several shops are faced with this dilemma lately as far as starting a new ASP.Net project….MVC or not? As usual  ‘it depends’ on the context of your organization and it’s development practices so far , however if I were to make a Utopian decision on this problem I would say Yes, MVC is the right choice to get started with the project. This clearly states that MVC is a superior design pattern and ASP.Net MVC has more to offer that can go a long way with your company’s ASP.Net / web development strategy.

Typically I noticed that MVC is a natural choice for developers coming from Java world having to do ASP.Net …so is with Ruby On Rails developers. Microsoft surely succeeded in wooing the Java and ROR folks with their ASP.Net MVC strategy. For those of you who have been hardcore ‘WebFormers’ it’s undoubtedly worth your time because we all know that a complex project developed in WebForms can become a debug nightmare with PostBack and WebForm event life cycle. And there are several other shortcomings…ViewState , Testability , not being able to separate the concerns. A high level of competency in architecture is required in design of moderate to complex WebForms projects  demanding solid upfront design effort that can cost time and money.

Asp.Net MVC manages to alleviate a lot of these due to it’s inherent clear Separation Of Concerns thanks to MVC itself , a known pattern in the Software Architecture world. The framework itself does a lot of groundwork for you as long as you adhere to some good  programming practices as you go along your development cycle. Basically , you  jump start into a good design without having to put in a lot of work upfront. Right there I think , you gained cost and time.

So, to sum it up – for medium to large sized projects it’s undoubtedly a better choice. For smaller projects or prototypes where time-to-market or quick overview could be  the primary concern , Webforms is a better choice since it offers greater productivity. For larger projects , time-to-market is normally one of the concerns , however other predominant concerns are  maintainability , extensibility , testability and performance. All of this , MVC will address and  improve for your projects across the board.

The current ASP.Net MVC 2.0 system has it’s demerits as well, biggest one at this point being , it’s lack of maturity. Version 2 is out there, however it lacks the Rapid development components of WebForms like the Server controls. This can make developers frustrated several times since it slows you down to a great degree. However the brighter side is once you get a hang of how to use HtmlHelpers and enhance them you will appreciate the degree of control and customization it offers as opposed to server controls which could end up becoming sometimes black boxes in difficult situations. The web world is making progress out there with MVCContrib which offers some controls for MVC and Microsoft soon will be coming out with Version 3 which has a lot of enhancements along with a new View Engine called Razor.

There sure is a learning curve for most WebFormers  trying this framework for the first time , more so if you are not familiar with MVC design pattern. So, how do you get your team ready for this new seemingly ‘Rewarding’ technology in a seamless and streamlined fashion? It’s a huge paradigm shift and you want to make sure the team does it step by step without feeling bogged down by it.

In the next blog , I will give you my two cents of how I think the development team can go about learning this framework and making a transition to this technology.