mvc, personal, open source 0 comments suggest edit

The June issue (also in pdf) of the online PragPub magazine, published by the Pragmatic Bookshelf has two articles on ASP.NET MVC.

The first is called Agile Microsoft and is an introduction to ASP.NET MVC geared towards those who’ve never seen it. It’s nice seeing ASP.NET MVC featured in this magazine which in its own words tends to cater to a non-Microsoft crowd.

To some developers, Microsoft’s technologies are a given, the river they swim in. To others, not using Microsoft’s tools is the default. PragPub being an open source- and Agile-friendly kind of magazine, we tend to connect with the latter group.

So when we get an article titled “Agile Microsoft,” we are naturally intrigued. And we think you’ll also be intrigued by Jonathan McCracken’s introduction toASP.NET MVC, a framework that some have called “Rails for .NET.”

The second article is an interview with me entitled “Why ASP.NET MVC?” where I ramble on about how if wandering the halls of Microsoft doesn’t get you tossed out by security, it might land you a great job, as well as ASP.NET MVC, TDD, and Open Source Software.

Something I found interesting was that the person who interviewed me was Michael Swaine who co-wrote the book, Fire in the Valley, that the movie Pirates of Silicon Valley (no Jonny Depp in this one) was based on. The movie (and book) covers the rise of the computer industry and Steve Jobs, Bill Gates, among others.

code 0 comments suggest edit

A while ago I was talking with my manager at the time about traits that we value in a Program Manager. He related an anecdote about an interview he gave where it became clear that the candidate did not deal well with ambiguity.

This is an important trait for nearly every job, but especially for PMs as projects can often change on a dime and it’s important understand how to make progress amidst ambiguity and eventually drive towards resolving ambiguity.

Lately, I’ve been asking myself the question, doesn’t this apply just as much to software?

One of the most frustrating aspects of software today is that it doesn’t deal well with ambiguity. You could take the most well crafted robust pieces of software, and a cosmic ray could flip one bit in memory and potentially take the whole thing down.

The most common case of this fragility that we experience is in the form of breaking changes. Pretty much all applications have dependencies on other libraries or frameworks. One little breaking change in such a library or framework and upgrading that dependency will quickly take down your application.

Someday, I’d love to see software that really did deal well with ambiguity.

For example, lets take imagine a situation where a call to a method which has changed its signature wouldn’t result in a failure but would be resolved automatically.

In the .NET world, we have something close with the concept of assembly binding redirection, which allow you to redirect calls compiled against one version of an assembly to another. This is great if none of the signatures of existing methods have changed. I can imagine taking this further and allowing application developers to apply redirection to method calls account for such changes. In many cases, the method itself that changed could indicate how to perform this redirection. In the simplest case, you simply keep the old method and have it call the new method.

More challenging is the case where the semantics of the call itself have changed. Perhaps the signature hasn’t changed, but the behavior has changed in subtle ways that could break existing applications.

In the near future, I think it would be interesting to look at ways that software that introduce such breaks could also provide hints at how to resolve the breaks. Perhaps code contracts or other pre conditions could look at how the method is called and in cases where it would be broken, attempt to resolve it.

Perhaps in the further future, a promising approach would move away from programming with objects and functions and look at building software using autonomous software agents that communicate with each other via messages as the primary building block of programs.

In theory, autonomous agents are aware of their environment and flexible enough to deal with fuzzy situations and make decisions without human interaction. In other words, they know how to deal with some level of ambiguity.

I imagine that even in those cases, situations would arise that the software couldn’t handle without human involvement, but hey, that happens today even with humans. I occasionally run into situations I’m not sure how to resolve and I enlist the help of my manager and co-workers to get to a resolution. Over time, agents should be able to employ similar techniques of enlisting other agents in making such decisions.

Thus when an agent is upgraded, ideally the entire system continues to function without coming to a screeching halt. Perhaps there’s a brief period where the system’s performance is slightly degraded as all the agents learn about the newly upgraded agent and verify their assumptions, etc. But overall, the system deals with the changes and moves on.

A boy can dream, eh? In the meanwhile, if reducing the tax of backwards compatibility is the goal, there are other avenues to look at. For example, by you could apply isolation using virtualization so that an application always runs in the environment it was designed for, thus removing any need for dealing with ambiguity (apart from killer cosmic rays).

In any case, I’m excited to see what new approaches will appear over the next few decades in this area that I can’t even begin to anticipate.

personal 0 comments suggest edit

The last time I wrote about one of my hiking adventures, it started off great, but really didn’t end well. But I survived, so on that scale, yes it did end well! It’s a matter of perspective.

On Saturday, I went on my first hike of the spring to Lake Serene and Bridal Veil Falls. This hike is really two hikes in one. The main destination is Lake Serene, but there’s an absolutely wonderful half mile (1 mile round trip) side trip to the Bridal Veil Falls on the way to Lake Serene.

The trail starts in the small town of Index in the county of HomeController (sorry, I couldn’t resist). The entire trail is lush with greenery as you would expect in the pacific northwest. All along the trail are many little waterfalls and river crossings like the one seen here.


The early part of the hike is dominated by moss covered trees and bushes. Higher up there’s less moss, but just as many trees.

IMG_0359Nearly two miles in, there’s a juncture with a sign pointing to the right towards Bridal Veil Falls. There’s a juncture before this one without the sign, don’t take that one, take this one.

The roar of the falls served as our guide through the series of switchbacks leading us to a grand view.


There are two viewing platforms, both with great views of the falls.

The trail is well marked and easy to follow, though it wasn’t without its occasional obstacle. Nothing a strong man like myself can’t handle though.

IMG_0372 As we got closer to the lake, we captured glimpses of snow capped mountains jutting into the sky. Near the end of the trail, we rounded a bend and were greeted with the sight of a calm lake nestled in a snow covered valley surrounded by jagged peaks. The lake lives up to its name.

IMG_0376We followed a little trail along the lake to a large rock face where we were able to get a better view of the trail. There just happened to be a large group of friends already there, breaking the sense of solitude. IMG_0386But who are we to blame them, the view was beautiful despite the clouds and rain rolling in right as we got there.

IMG_0392If you live in the Seattle or Bellevue area, I highly recommend this hike. One member of the large group told us that he did the same hike a month ago and the lake was still frozen over and they sat back and enjoyed the dramatic site of constant avalanches on the other side of the lake. We didn’t get the opportunity to witness any.

tech 0 comments suggest edit

Here’s a handy tip I just recently learned from the new intern on our team (see, you can learn something from anyone on any given day). I’ve long known you could access your local drives from a remote machine.

For example, start up a remote desktop dialog.

Remote Desktop Dialog

Then expand the dialog by clicking on Options, then check the Local**Resources tab.

Remote Desktop Local Resources Options

Make sure Clipboard is checked, and then hit the More… button.

Remote Desktop Drives

Now you can select a local disk to be shared with the remote machine. For example, in this case I selected my C: drive.

Local Drive shared on Remote DesktopAs you can see in the screenshot, the file explorer has another drive named “C on HAACKBOOK” which can be used to copy files back and forth from my local machine to the remote machine.

But here’s the part I didn’t know. Let’s take a look at the desktop of my remote machine, which has a text file named info.txt.

Remote Desktop

One way I can get that file to my local machine is to copy it to the mapped drive we saw in the previous screenshot.

Or, I can simply drag and drop the info.txt from my remote desktop machine to a folder on my local machine.


So all this time, I had no idea cut and paste operations for files work across remote desktop. This may be obvious for many of you, but it wasn’t to me. :), code 0 comments suggest edit

ASP.NET 4 introduces a few new extensibility APIs that live the hermit lifestyle away from the public eye. They’re not exactly hidden - they are well documented on MSDN - but they aren’t well publicized. It’s about time we shine a spotlight on them.


This new attribute allows you to have code run way early in the ASP.NET pipeline as an application starts up. I mean way early, even before Application_Start.

This happens to also be before code in your App_code folder (assuming you have any code in there) has been compiled.

To use this attribute, create a class library and add this attribute as an assembly level attribute. A common place to add this would be in the AssemblyInfo.cs class within the Properties folder.

Here’s an example:

[assembly: PreApplicationStartMethod(
  typeof(SomeClassLib.Initializer), "Initialize")]

Note that I specified a type and a method. That method needs to be a public static void method with no arguments. Now, any ASP.NET website that references this assembly will call the Initialize method when the application is about to start, giving this method a chance to do perform some early initialization.

public static class Initializer
  public static void Initialize() { 
    // Whatever can we do here?

The primary use of this feature is to enable tasks that can’t be done within Application_Start because it’s too late. For example, registering build providers and adding assembly references.

Which leads us to…


As you might guess, if one of the key scenarios for the previously mentioned feature is to allow registering build providers, well ASP.NET better darn well allow you to register them programmatically.

Prior to ASP.NET 4, the only way to register a custom build provider was via the <buildproviders> node within web.config. But now, you can register them programmatically via a call to the new BuildProvider.RegisterBuildProvider method.

BuildProvider.RegisterBuildProvider(".foo", typeof(MyBuildProvider));

Combining the PreApplicationStartMethodAttribute with this method call means that installing a build provider can be done in one step -simply reference the assembly with the build provider and the assembly can register it for you. Whereas before, you would have to reference the assembly and then muck around with web.config.

I think I speak for us all when I say “Yay! Less junk in my web.config trunk!”


Another new method added in ASP.NET 4 allows adding an assembly to the application’s list of referenced assemblies. This is equivalent to adding an assembly to the <assemblies> section of web.config.

As you might guess, this comes in handy when registering a custom build provider. It allows you to programmatically add references to assemblies that may be needed by your build provider.

Oh, and it’s yet another way to reduce the size of your web.config file. Who doesn’t love that? :), mvc, code 0 comments suggest edit

One of my favorite features of ASP.NET MVC 2 is the support for client validation. I’ve covered a bit about validation in the following two posts:

However, one topic I haven’t covered is how validation works with globalization. A common example of this is when validating a number, the client validation should understand that users in the US enter periods as a decimal point, while users in Spain will use a comma.

For example, let’s assume I have a type with the RangeAttribute applied. In this case, I’m applying a range from 100 to 1000.

public class Product
    [Range(100, 1000)]
    public int QuantityInStock { get; set; }

    public decimal Cost { get; set; }

And in a strongly typed view, we have the following snippet.

<% Html.EnableClientValidation(); %>
<% using (Html.BeginForm()) {%>

    <%: Html.LabelFor(model => model.QuantityInStock) %>
    <%: Html.TextBoxFor(model => model.QuantityInStock)%>
    <%: Html.ValidationMessageFor(model => model.QuantityInStock)%>

<% } %>

Don’t forget to reference the necessary ASP.NET MVC scripts. I’ve done it in the master page.

<script src="/Scripts/MicrosoftAjax.debug.js" type="text/javascript"></script>
<script src="/Scripts/MicrosoftMvcAjax.debug.js" type="text/javascript"></script>
<script src="/Scripts/MicrosoftMvcValidation.debug.js" type="text/javascript"></script>

Now, when I visit the form, type in 1,000 into the text field, and hit the TAB key, I get the following behavior.


Note that there is no validation message because in the US, 1,000 == 1000 and is within the range. Now let’s see what happens when I type 1.000.


As we can see, that’s not within the range and we get an error message.

Fantastic! That’s exactly what I would expect, unless I was a Spaniard living in Spain (¡Hola mis amigos!).

In that case, I’d expect the opposite behavior. I’d expect 1,000 to be equivalent to 1 and thus not in the range, and I’d expect 1.000 to be 1000 and thus in the range, because in Spain (as in many European countries), the comma is the decimal separator.

Setting up Globalization for ASP.NET MVC 2

Well it turns out, we can make ASP.NET MVC support this. To demonstrate this, I’ll need to change my culture to es-ES. There are many blog posts that cover how to do this automatically based on the request culture. I’ll just set it in my Global.asax.cs file for demonstration purposes.

protected void Application_BeginRequest() {
  Thread.CurrentThread.CurrentCulture     = CultureInfo.CreateSpecificCulture("es-ES");

The next step is to add a call to the Ajax.GlobalizationScript helper method in my Site.master.

<head runat="server">
  <%: Ajax.GlobalizationScript() %>
  <script src="/Scripts/MicrosoftAjax.debug.js" type="text/javascript">
  <script src="/Scripts/MicrosoftMvcAjax.debug.js" type="text/javascript">
  <script src="/Scripts/MicrosoftMvcValidation.debug.js" type="text/javascript">

What this will do is render a script tag pointing to a globalization script named according to the current locale and placed in scripts/globalization directory by convention. The idea is that you would place all the globalization scripts for each locale that you support in that directory. Here’s the output of that call.

<script type="text/javascript" src="~/Scripts/Globalization/es-ES.js">

As you can see, the script name is es-ES.js which matches the current locale that we set in Global.asax.cs. However, there’s something odd with that output. Do you see it? Notice that tilde in the src attribute? Uh oh! That there is a bona fide bug in ASP.NET MVC.

Not to worry though, there’s an easy workaround. Knowing how discriminating our ASP.NET MVC developers are, we knew that people would want to place these scripts in whatever directory they want. Thus we added a global override via the AjaxHelper.GlobalizationScriptPath property.

Even better, these scripts are now available on the CDN as of this morning (thanks to Stephen and his team for getting this done!), so you can specify the CDN as the default location. Here’s what I have in my Global.asax.cs.

protected void Application_Start()
  AjaxHelper.GlobalizationScriptPath =     "";

With that in place, everything now just works. Let’s try filling out the form again.

This time, 1,000 is not within the valid range because that’s equivalent to 1 in the es-ES locale.


Meanwhile, 1.000 is within the valid range as that’s equivalent to 1,000.


So what are these scripts?

They are simply a JavaScript serialization of all the info within a CultureInfo object. So the information you can get on the server, you can now get on the client with these scripts.

In Web Forms, these scripts are emitted automatically by serializing the culture at runtime. However this approach doesn’t work for ASP.NET MVC.

One reason is that the scripts themselves changed from ASP.NET 3.5 to ASP.NET 4. ASP.NET MVC is built against the ASP.NET 4 version of these scripts. But since MVC 2 runs on both ASP.NET 3.5 and ASP.NET 4, we couldn’t rely on the script manager to emit the scripts for us as that would break when running on ASP.NET 3.5 which would emit the older version of these scripts.

As usual, I have very simple sample you can download to see the feature in action. mvc,, code 0 comments suggest edit

The ASP.NET MVC2 templates feature is a pretty nice way to quickly scaffold objects at runtime. Be sure to read Brad Wilson’s fantastic series on this topic starting at ASP.NET MVC 2 Templates, Part 1: Introduction.

As great as this feature is, there is one template that’s conspicuously missing. ASP.NET MVC does not include a template for displaying a list of objects in a tabular format. Earlier today, ScottGu forwarded an email from Daniel Manes (what?! no blog! ;) with a question on how to accomplish this. Daniel had much of it implemented, but was trying to get over the last hurdle.

With Brad’s help, I was able to give him a boost over that hurdle. Let’s walk through the scenario.

First, we need a model.


No, not that kind of model. Something more along the lines of a C# variety.

public class Book
    public int Id { get; set; }

    public string Title { get; set; }

    public string Author { get; set; }

    [DisplayName("Date Published")]
    public DateTime PublishDate { get; set; }

Great, now lets add a controller action to the default HomeController which will create a few books and pass them to a view.

public ActionResult Index()
    var books = new List<Book>
        new Book { 
            Id = 1, 
            Title = "1984", 
            Author = "George Orwell", 
            PublishDate = DateTime.Now 
        new Book { 
            Id = 2, 
            Title = "Fellowship of the Ring", 
            Author = "J.R.R. Tolkien", 
            PublishDate = DateTime.Now 
    return View(books);

Now we’ll create a strongly typed view we’ll use to display a list of such books.

<% @Page MasterPageFile="~/Views/Shared/Site.Master"
  Inherits="ViewPage<IEnumerable<TableTemplateWeb.Models.Book>>" %>

<asp:Content ContentPlaceHolderID="TitleContent" runat="server">
    Home Page

<asp:Content ContentPlaceHolderID="MainContent" runat="server">
    <h2>All Books</h2>
        <%: Html.DisplayForModel("Table") %>

If you run the code right now, you won’t get a very useful display. Also, notice that we pass in the string “Table” to the DisplayForModel method. That’s a hint to the template method which tells it, “Hey! If you see a template named ‘Table’, tell him he owes me money! Oh, and use it to render the model. Otherwise, if he’s not around fallback to your normal behavior.”

Since we don’t have a Table template yet, this code is effectively the same as if we didn’t pass anything to DisplayForModel.

What we need to do now is create the Table template. To do so, create a DisplayTemplates folder within the Views/Shared directory. Then right click on that folder and select Add | View.

This brings up the Add View dialog. Enter Table as the view name and make sure check Create a partial view. Also, check Create a strongly-typed view and type in IList as the View Data Class.

Add View

When you click Add, you should see the new template in the DisplayTemplates folder like so.


Here’s the code for the template. Note that there’s some code in here that I could refactor into a helper class in order to clean up the template a bit, but I wanted to show the full template code here in one shot.

<% @Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<IList>" %>
<script runat="server">
  public static bool ShouldShow(ModelMetadata metadata,       ViewDataDictionary viewData) {
    return metadata.ShowForDisplay
      && metadata.ModelType != typeof(System.Data.EntityState)
      && !metadata.IsComplexType
      && !viewData.TemplateInfo.Visited(metadata);
  var properties = ModelMetadata.FromLambdaExpression(m => m[0], ViewData)
    .Where(pm => ShouldShow(pm, ViewData));
    <% foreach(var property in properties) { %>        
      <%= property.GetDisplayName() %>
    <% } %>
    <% for(int i = 0; i < Model.Count; i++) {
    var itemMD = ModelMetadata.FromLambdaExpression(m => m[i], ViewData); %>
      <% foreach(var property in properties) { %>
        <% var propertyMetadata = itemMD.Properties
              .Single(m => m.PropertyName == property.PropertyName); %>  
          <%= Html.DisplayFor(m => propertyMetadata.Model) %>
      <% } %>
    <% } %>

Explanation {.clear}

There’s a lot going on in here, but I’ll try to walk through it bit by bit. If you’d rather skip this part and just take the code and run, I won’t hold it against you.

In the first section, we define a ShouldShow method which is pulled right out of the logic for our default Object template. You’ll notice there’s mention of System.Data.EntityState (defined in the System.Data.Entity.dll) which is used to filter out certain Entity Framework properties. If you aren’t using Entity Framework you can safely delete that line.You’ll know you don’t need that line if you aren’t referencing System.Data.Entity.dll which will cause this code to blow up like aluminum foil in a microwave.

In the next code block, we grab all the property ModelMetadata for the first item in the list. Remember, the current model in this template is a list, but we need the metadata for an item in this list, not the list itself. That’s why we have this odd bit of code here. Once we grab this metadata, we can iterate over it and display the column headers.

In the final block of code, we iterate over every item in the list and use this handy dandy FromLambdaExpression method to grab the ModelMetadata for an individual item.

Then we grab the property metadata for that item and iterate over that so that we can display each property in its own column. Notice that we call DisplayFor on each property rather than simply spitting out propertyMetadata.Model.


Now that you’ve created this Table.ascx template and placed it in the Shared/DisplayTemplates folder, it is available any time you’re using a display template to render a list. Simply supply a hint to use the table template. For example:

<%: Html.DisplayForModel("Table") %>


<%: Html.DisplayFor(m => m.SomeList, "Table") %>

Download the sample

As I typically do, I’ve written up a sample project you can try out in case you run into problems getting this to work. Note this sample was built for Visual Studio 2010 targetting ASP.NET 4. If you are running ASP.NET MVC 2 on Visual Studio 2008 SP1, just copy the Table.ascx into your own project but replace the Html encoding code nuggets <%: … %> to <%= Html.Encode(…) %>.

Here’s the link to the sample. mvc,, code 0 comments suggest edit

Like the well disciplined secure developer that you are, when you built your ASP.NET MVC 1.0 application, you remembered to call Html.Encode every time you output a value that came from user input. Didn’t you?

Well, in ASP.NET MVC 2 running on ASP.NET 4, those calls can be replaced with the new HTML encoding syntax (aka code nugget). I’ve written a three part series on the topic.

But dang, going through all your source files cleaning up these calls is a pretty big pain. Don’t worry, I have your back. Just bring up the Find an Replace dialog (CTRL + SHIFT + H) and expand the Find options section and check the checkbox labeled Use and make sure Regular expressionsis selected.

Then enter the following in the Find what textbox.


And enter the following in the Replace with textbox.

<%: \1 %>

Here’s a screenshot of what the dialog should look like (though yours won’t have the red box :P).

find-and-replaceNote that this regular expression I’m giving you is not foolproof. There are some very rare edge cases where it might not work, but for the vast majority of cases, it should work fine. At least, it works on my machine!


Now that I’m finally done with updates to Professional ASP.NET MVC 2, I hope to get back to my regular blogging schedule. This will be only my third blog post this month, a new record low! And I love to blog! It’s been a busy past few months., mvc, code 0 comments suggest edit

One annoyance that some developers have run into with ASP.NET MVC is that certain reserved filenames are not allowed in URLs. Often, this is manifested as a Bad Request error or a File Not Found (404) error.

The specifics of this restriction are accounted for in an interesting blog post entitled Zombie Operating Systems and ASP.NET MVC. This actually wasn’t a restriction on ASP.NET MVC but was built into the core of ASP.NET itself.

Fortunately, ASP.NET 4 fixes this issue with a new setting. In web.config, simply add <httpRuntime relaxedUrlToFileSystemMapping="true"/> to the system.web node. Here’s a snippet from my web.config.

    <httpRuntime relaxedUrlToFileSystemMapping="true"/>

    <!-- ... your other settings ... -->

Here is a screenshot of it working on my machine.


Now you are free to use COM1-9, LPT1-9, AUX, PRT, NUL, CON in your URLs. I know you were dying to do so. :)

What about web.config?

So the question comes up from time to time, “what if I want to have web.config in my URL?” Why would you want that? Well if you are, this makes sense because of the tagging system which places a tag (such as the “web.config” tag, into the URL. I’m not sure why anyone else would want it. ;)

The answer is yes, it works.


Please note, that you still can’t request /web.config because that would try to request web.config in the root of your web application and ASP.NET won’t allow that for good reason!

In fact, any request for a *.config file that doesn’t match a route will fail.

While I think the vast majority of developers really won’t encounter this issue, it’s a really improvement included in ASP.NET 4 for those that do care.

Keep in mind that this isn’t restricted to just these special names. For example, a URL segment ending with a dot such as the following URL will not work unless you set the this web.config value. mvc,, code 0 comments suggest edit

UPDATE: The JsonValueProviderFactory is now registered by default in ASP.NET MVC 3. So if you’re using ASP.NET MVC 3, you can ignore that part of this blog post.

Javier “G Money” Lozano, one of the good folks involved with C4MVC, recently wrote a blog post on posting JSON (JavaScript Object Notation) encoded data to an MVC controller action. In his post, he describes an interesting approach of using a custom model binder to bind sent JSON data to an argument of an action method. Unfortunately, his sample left out the custom model binder and only demonstrates how to retrieveJSON data sent from a controller action, not how to send the JSON to the action method. Honest mistake. :)

His post reminds me of how remiss I’ve been in blogging recently because a while back, we added something to our ASP.NET MVC 2 Futures library that handles sending JSON to an action method but I just never found time to blog about it.

There’s one key problem with using a model binder to accept JSON. By writing a custom model binder, you miss out on validation. Using his example, if you type “abc” for the Age field, you will get a serialization failure when attempting to serialize the JSON into the PersonInputModel object because Age is an Int32 and the serialization will fail.

Value Providers to the rescue!

This is where value providers, a new feature of ASP.NET MVC 2, enters to save the day. Whereas model binders are used to bind incoming data to an object model, value providers provide an abstraction for the incoming data itself.

When the ASP.NET MVC feature team first implemented value providers, Jonathan Carter and I were working on a client templating sample which sent JSON to an action method. Rather than write a custom model binder which was the approach I took, Jonathan had the unique insight to write a custom value provider which received JSON data and serialized it to a dictionary rather than the target object. The beauty of his approach is that this dictionary data is then passed to the default model binder which binds it to the final object with validation!

I took is his prototype and added the JsonValueProviderFactory to our ASP.NET MVC 2 Futures library and then totally didn’t write about it. Yes, I suck.

Setting it up

To get started, download the ASP.NET MVC 2 Futures Library and reference the Microsoft.Web.Mvc.dll assembly. Then, in your Global.asax.cs file, add the following call to register the JsonValueProviderFactory.

protected void Application_Start() 
  ValueProviderFactories.Factories.Add(new JsonValueProviderFactory());

That’s it! You’re done!

This value provider will handle requests that are encoded as application/json. There’s no need to specify a model binder on classes that accept JSON input.

See it in action

I took the liberty of updating Javier’s sample to use this new value provider and to actually post JSON to the action method.

It turns out, sending JSON encoded data to an action method with jQuery was not as straightforward as I hoped. If you know of a more straightforward way, let me know. I ended up using a JSON plug-in for jQuery I found on the Internets. This provides a $.toJSON method I could use to serialize an object into a JSON encoded string. Here’s the updated client script code.

UPDATE: Per Dave Ward’s comment here I should be using json2.js and its JSON.stringify(...) method instead because it matches an API that some browsers implement and will use the native implementation if it exists. Nice! I’ll update this blog post later when I have a moment.

$(function () {
    $("#personCreate").click(function () {
        var person = getPerson();

        // poor man's validation
        if (person == null) {
            alert("Specify a name please!");

        var json = $.toJSON(person);

            url: '/home/save',
            type: 'POST',
            dataType: 'json',
            data: json,
            contentType: 'application/json; charset=utf-8',
            success: function (data) {
                // get the result and do some magic with it
                var message = data.Message;

function getPerson() {
    var name = $("#Name").val();
    var age = $("#Age").val();

    // poor man's validation
    return (name == "") ? null : { Name: name, Age: age };

Notice that we use the $.ajax method to specify both the JSON data and the JSON content type for the request.

A quick check in Fiddler confirms that the data in the POST request is properly JSON encoded.


Now, within my action method, I can actually check to see if the model state is valid and if not, return an error message.

public ActionResult Save(PersonInputModel inputModel) {
  if (ModelState.IsValid)
    string message = string.Format("Created user '{0}' aged '{1}' in the system."
      , inputModel.Name, inputModel.Age);
    return Json(new PersonViewModel { Message = message });
  else {
    string errorMessage = "<div class=\"validation-summary-errors\">" 
      + "The following errors occurred:<ul>";
    foreach (var key in ModelState.Keys) {
      var error = ModelState[key].Errors.FirstOrDefault();
      if (error != null) {
        errorMessage += "<li class=\"field-validation-error\">" 
         + error.ErrorMessage + "</li>";
    errorMessage += "</ul>";
    return Json(new PersonViewModel { Message = errorMessage });

And as you can see in the Fiddler screenshot, I sent an invalid Age to the server and yet, it all still works.


Whew! I can finally cross this off of my immense blog backlog. :) Hopefully soon, I’ll blog a more detailed write-up of value providers.

We have plans to add the JsonValueProviderFactory to ASP.NET MVC 3 so that it’s a built-in feature. I hope you find this useful and as always, let me know if there are ways we can improve it!

Oh, and here’s Javier’s updated sample with the value provider. mvc,, code 0 comments suggest edit

This is the third in a three part series related to HTML encoding blocks, aka the <%: ... %> syntax.

Scott Guthrie recently wrote about the new <%: %> syntax for HTML encoding output in ASP.NET 4. I also covered the topic of HTML encoding code nuggets in the past as well providing some insight into our design choices for the approach we took.

A commenter to Scott’s blog post asked,

Will it be possible to extend this so that is uses libraries like AntiXSS instead? See:

The answer is yes!

ASP.NET 4 includes a new extensibility point which allows you to replace the default encoding logic with your own anywhere ASP.NET does encoding.

All it requires is to write a class which derives from System.Web.Util.HttpEncoder and register that class in Web.config via the encoderType attribute of the httpRuntime element.


In the following section, I’ll walk you through setting this up. First, you’re going to need to download the AntiXSS library which is at version 3.1 at the time of this writing. On my machine, that dropped the AntiXSSLibrary.dll file at the following location: C:\Program Files (x86)\Microsoft Information Security\Microsoft Anti-Cross Site Scripting Library v3.1\Library

Create a new ASP.NET MVC application (note, this works for *any* ASP.NET application). Copy the assembly into the project directory somewhere where you’ll be able to find it. I typically have a “lib” folder or a “Dependencies” folder for this purpose. Right clicke on the References node of the project to add a reference to the assembly.

add-reference Add-Reference-dialogThe next step is to write a class that derives from HttpEncoder. Note that in the following listing, some methods were excluded which are included in the project.

using System;
using System.IO;
using System.Web.Util;
using Microsoft.Security.Application;

/// <summary>
/// Summary description for AntiXss
/// </summary>
public class AntiXssEncoder : HttpEncoder
  public AntiXssEncoder() { }

  protected override void HtmlEncode(string value, TextWriter output)

  protected override void HtmlAttributeEncode(string value, TextWriter output)

  protected override void HtmlDecode(string value, TextWriter output)
      base.HtmlDecode(value, output);

  // Some code omitted but included in the sample

Finally, register the type in web.config.

    <httpRuntime encoderType="AntiXssEncoder, AssemblyName"/>

Note that you’ll need to replace AssemblyName with the actual name of your assembly. Also, in the sample included with this blog post, AntiXssEncoder is not in any namespace. If you put your encoder in a namespace, you’ll need to make sure to provide the fully qualified type name.

To prove that this is working, run the project in the debugger and set a breakpoint in the encoding method.


With that, you are all set to take full control over how strings are encoded in your application.

Note that Scott Hanselman and I gave a live demonstration of setting this up at Mix 10 this year as part of our security talk if you’re interested in watching it.

As usual, I’ve provided a sample ASP.NET MVC 2 project for Visual Studio 2010 which you can look at to see this in action.

humor, code 0 comments suggest edit

The “copyleft” provisions of the GPL (GNU General Public License) require that any changes or additions to a GPL licensed work must itself be licensed under terms that adhere to the GPL.

Critics of these “copyleft” provisions have derogatively labeled the GPL as a “viral” license. Such criticism points out that any code that seeks to incorporate GPL licensed code must itself adhere to the terms of the GPL, thus potentially “infecting” other code with its restrictions.

This has caused many developers of proprietary systems to be concerned about any usage of GPL code within their products for fear of turning their closed source codebase into a GPL licensed open source codebase.

But now there’s a new viral license to be feared. This new license us the product of a legal thought experiment that was assumed to be purely theoretical in nature, but impossible to actually realize. The experiment proposed the following question:

Just as there is a license which virally turns closed source code into open source code, is it possible to craft a viral license that does the opposite, turning open source into closed source?


Jim, I’m afraid it is.

The possibility of this specter has been a grave concern for many open source experts for years, but now has been realized by the new antithesis to the GPL called the CSPL, which stands for Closed Source Proprietary License.

Under the terms of the CSPL (pronounced Sess-Puhl), any codebase operating within the same user memory space of the CSPL licensed code is itself licensed under the CSPL which removes all rights to view or change the source code.

Famed Linux developer Linus Torvald, when presented with this news, could only muster the following comment.

Are you fucking kidding me?!

Which coincidentally was the same response uttered by notable Ruby on Rails creator David Heinemeier Hansson (aka DHH), apart from the fact that DHH omitted the words “Are”, “you”, “ing”, “kidding”, and “me”.

Noted open source developer Miguel De Icaza railed against this library in his twitter feed 140 characters at a time noting:

The CSPL is a travesty and a cancer and it must be stopped. OTOH, as long as is unaffected it can’t all be bad. BRB…

Miguel could not be reached for further comment as he was ostensibly engaged in finding the proper TrollCats image to express his complete outrage.

TekPub co-owner Rob Conery glumly noted that sales of his developer focused educational videos have declined precipitously ever since he was forced to redact the source code from his screen casts.


Well regarded speaker and .NET luminary Scott Hanselman had this to say…

This reminds me of the panic that ensued when it was discovered that the last GUID had been used up. By the way, have you seen the Hamster on a Piano?

Prolific blogger and open source developer, Oren Eini (also known as Ayende) noted with dismay that he was finding it very difficult to continue working on his projects formerly known as open source while averting his eyes from the screen in order to comply with the license. His blogging and open source contributions took a noticeable hit as he only managed 256 blog posts in the past week while contributing 297,051 lines of new code to NHibernate, Rhino Mocks, and Log4Net.

Richard Stallman could not be reached for comment on this matter, but it can be safely assumed a legal challenge is brewing.

code 0 comments suggest edit

UPDATE: After an email exchange with Eric Meijer, I learned that I was a bit imprecise in this treatment. Or, as the colloquial term goes, “wrong”. :) I’ve changed the title to reflect more accurately what Reactive extensions provide.

Iterating over a collection of items seems like a pretty straightforward mundane concept. I don’t know about you, but I don’t spend the typical day thinking about the mechanics of iteration, much like I don’t spend a lot of time thinking about how a roll of toilet paper is made. At least I didn’t until watching Elmo Potty Time with my son. Now I think about it all the time, but I digress.

the-futureHistorically, I’ve always thought of iteration as an action over a static set of items. You have this collection of elements, perhaps a snapshot of data, and you then proceed to grab a reference to each one in order and do something with that reference. What you do with it is your business. I’m not going to pry.

It wasn’t till the yield operator was introduced into C# that I realized this was a very limited view of iteration. For example, using the yield operator makes it easy to enumerate over computed sets, as demonstrated by iterating over the Fibonacci sequence. In this case, the set of elements being iterated is not a static set.

Reactive Extensions

Recently, Matt “is his middle name really not F#” Podwysocki swung by my office to show me yet another way of thinking about iterations via the Reactive Extensions to JavaScript. These extensions are based on the same concept applied in the Reactive Extensions for .NET which I’ve sadly ignored until now.

There’s a channel9 video where Eric Meijer describes these extensions as push collections, as contrasted with normal collections where you pull each item from the collection.

Unfortunately, when I first heard this analogy, it didn’t click in my head. That’s not terribly unusual as it often takes a few bat swings at my head for something to stick. It wasn’t till I understood the pattern of code that reactive extensions are a replacement for, did it click. By inverting the analogy that Eric used, these extensions made a lot more sense to me.

Typically, when you write code to handle user interactions, you write events and methods (event handlers) which handle the events. In my mind, this is a very “push” way to handle it. For example, as soon as a user moves the mouse over an element you’re interested in, a mouseover event gets pushed to your mouseover event handler method.

Reactive extensions inverts this model by taking what I would call a “pull” model of events. Using these extensions, you can treat the sequence of user events (such as the sequence of mouse over events) as if it were a normal collection (well actually, as an enumeration). Thus you can write LINQ queries over the collection which do things like filtering, grouping, composing, etc.

Your code really looks like it’s dealing with a fully “populated” collection, even though elements of that collection may not have occurred yet.

Effectively, you’re enumerating querying over the future.

The mental shift for me is to realize that we’re actually working with sequences being “pushed” into our query in this case and not queries running over already populated collections.

Speaking of keyboard presses, Matt Podwysocki took my Live Preview jQuery Plugin and ported it to use the Reactive Extensions for JavaScript. You can see a demo of it in action here (view source for the code).

The snippet that’s pretty cool to me is the following:

  .SelectMany(function() {
  return Rx.Observable.Start(function() {
    return textarea.reloadPreview(); });
.Subscribe(function() {});

As Matt told me, if you squint hard enough, it looks like you’re writing a LINQ query in JavaScript. :)

Tags: reactive extensions,javascript

personal, code 0 comments suggest edit

Last week I spent a few days in Las Vegas attending the Mix 10 conference. Mix is billed as …

A 3 day conference for web designers and developers building the world’s most innovative web sites.

Which certainly reflects its origins as a conference focused on the web and web standards. But this year, it seemed that the scope for Mix was expanded to be about, well, a Mix of technologies as the Windows Phone 7 series figured prominently at the conference.

shanselman-haacked-jeresig Scott Hanselman and I are seen here attempting to tutor this young man about a language called “JavaScript”

Mix of communities

One aspect I love about Mix is it’s also a Mix of communities. Sure, it’s heavily Microsoft dominated, since it is, well, Microsoft that puts it on, but this conference has never been shy about bringing in people outside of the Microsoft community to speak.

One of the speakers I was excited to finally meet in person was John Resig, the creator of the very popular jQuery JavaScript library seen in the above photograph to the right. Yes, for those of you amongst the humor impaired, the caption is a joke (thanks to Peter Kellner who took the photo).

Also speaking was Douglas Crockford (inventor of JSON) who had the best slide of the show with the words…

IE 6 Must Die!

Preach it brother Crockford! Since I was able to chat with him in person, I confirmed it was really Douglas who left this comment on my JSON post suggesting that requiring POST was a good change to the JsonResult in ASP.NET MVC 2. I really enjoyed having the opportunity to chat with him about security and JSON.


If you’re interested in watching the keynotes, check out Day 1 (Silverlight, Windows Phone 7 series) and Day 2 (IE9, Web Development, OData).

I presented two sessions (click on the title for the video).

What’s new in ASP.NET MVC 2 

Come see and hear about the latest innovations in ASP.NET MVC 2 and the tooling support in Microsoft Visual Studio 2008 and 2010. We introduce you to a range of productivity (and extensibility) enhancements such as template helpers, model validation, and the new “Areas” feature, which enhances the team development of large websites. With template helpers you can get your website up and running for any data entity type without having to create UI. With improved server side validation and brand new client side validation support, your business data model can define the behavior of your application automatically. All this and more!

The HaaHa Show: Microsoft ASP.NET MVC Security with Haack and Hanselman

The HaaHa brothers take turns implementing features on an ASP.NET MVC website. Scott writes a feature, and Phil exploits it and hacks into the system. We analyze and discuss the exploits live on stage and then close them one by one. Learn about XSS, CSRF, JSON Hijacking and more. Is *your* site safe from the Haack?

For those interested in seeing the decks, trying out the code, and perhaps reading the checklist I use for my demos (the checklist is there to help in case I freeze from stage fright), I’ve made them all available for these two talks in a single zip file.

For the most part, I thought the talks went well, despite some technical difficulties. During my first talk, despite my preparation, I had a demo go wrong due to what I later realized was a comedic chain of errors.

I had a pre-baked attribute I just needed to add to my project containing my entities. However, I accidentally added it to my web project instead, which references the entities project. I then proceeded to import the namespace for the attribute on a class in the entities project. At least that’s what I thought I was doing, but since my entities project didn’t reference the web project (where I dragged said attribute), I accidentally ran the Generate from Usage command adding a new blank attribute class to the project.

You can probably see the surprise and then concern on my face as my big TADA moment where I show the feature working fails to materialize. ;) At least I was able to recover from this demo failure with the help of the audience. Scott and I had a demo failure where I had the wrong version of an app in our machines so we had to tap dance around that failure.

jQuery and Microsoft

If you missed it, one of the big announcements (at least big to me as an open source guy) was that Microsoft is going to focus on investing in jQuery as our primary technology for client browser scripting. Part of this includes contributing back to jQuery, though any contributions we supply will go through the same approval process as any contribution from any other contributor would. No special treatment as far as I know.

I’m very excited about this as it’s been a long time coming. Stephen Walther has more details on his blog post, Microsoft, jQuery, and Templating.

The Attendee Party

The attendee party this year was held at LAX in the Luxor. It was a nice venue except it didn’t have any sort of outdoor patio you could escape to get a breath of fresh air like there was at TAO.

Even so, we had a great time there and you can see many of the pics from the Mix10 flickr set. Afterwards, several of us went to Pure at Ceasars. When we got there, there was a huge line of beautiful people. However, we were able to go up to the rope, show the stamps from the attendee party, and the bouncers waved us right in. It was the total rockstar treatment, which was a lot of fun. I can only imagine the thoughts going through the heads of all those people waiting in line wondering who the heck are these nerds and why are they getting the VIP treatment? :)


All in all, it was a great conference. I always manage to have a good time in Las Vegas, even when losing a bit of money at Poker. I met countless people, many with interesting questions on ASP.NET MVC. If I forget your name the next time I see you, I apologize in advance. Don’t be shy in reminding me. :), mvc, open source, code 0 comments suggest edit

Hot on the heels of the release of ASP.NET MVC 2 yesterday, I’m happy to announce that we are releasing the source code to ASP.NET MVC 2 under theMs-PL license, an OSI approved Open Source license.

This continues the trend from nearly a year ago when we released ASP.NET MVC 1.0 under the Ms-PL. You can read my blog post there to learn more about the hard work that goes into such releases.

While I’m one who loves lawyer jokes, I do appreciate the work that they do (one of my best friends is a lawyer) and am grateful for the hard work our legal team put in to make this happen again.

Get the source!

To grab the source code, visit the ASP.NET MVC 2 RTM Download Details page and look for the file named

What’s next?

This time around, we’re not planning to stop with just the source code for System.Web.Mvc.dll. There’s a bit more source I would like to release under the Ms-PL which should hopefully be coming soon if I can get the ducks to line in a row (who knew releasing code required working with ducks?!)., mvc, code 0 comments suggest edit

It’s that time of year again when the sakura (cherry blossoms) bloom and allergies kick into high gear. When the drive home is no longer shrouded in darkness and when the ASP.NET team releases Software!

sakuraEarlier today we released the RTM of ASP.NET MVC 2 for Visual Studio 2008 SP1. See Scott Guthrie’s announcement about it. For download and install options, visit the ASP.NET MVC Download Page.

Here are a few helpful resources to help you learn more about this release.

My team and I are excited about this release as it adds a lot of great new functionality for those building web applications with ASP.NET MVC. As with ASP.NET MVC 1.0, the community (yes, that’s you people!) were heavily involved in the making of this product via multiple preview releases. So thank you!

What about Visual Studio 2010?

Keep in mind that this release includes project templates for Visual Studio 2008. Visual Studio 2010 RTM will be released fairly soon and that will contain project templates and runtime for ASP.NET MVC 2 RTM in the box.

If you have Visual Studio 2010 RC installed, you’ll find that the installer for ASP.NET MVC 2 RTM is blocked just as it was for ASP.NET MVC 2 RC 2.

To remedy the situation, you just need to uninstall the ASP.NET MVC 2 runtime first, and then run the ASP.NET MVC 2 RTM installer.

I’ve outlined the steps in more detail in a previous blog post describing how to install MVC 2 RC 2 on a machine with Visual Studio 2010 RC. These same steps apply, but switch “RC 2” with “RTM” of course. :)

Again, sorry for the inconvenience. Once Visual Studio 2010 RTM ships, this will all just work.

Source Code! Source Code! Source Code!

As always, the source code, along with our Futures library, is available on CodePlex. For those looking for the Ms-PL package, we will be releasing the source code for System.Web.Mvc.dll very soon.

What’s Next?

I’m glad you asked. While we’ve been very busy getting this release ready, preparing for Mix 10, closing down on ASP.NET 4 and Visual Studio 2010, we’ve still found time to start preliminary planning for ASP.NET MVC 3.

It’s very early and nothing is written in stone yet (of course not, it’d be written in C#), but you can read our rough roadmap that outlines some of the ideas we have for the next version., mvc, code, personal 0 comments suggest edit

If there’s one impression that Austin left on me, besides the one that Rudy’s “extra moist” barbecue left on my gut, is that it’s a developer friendly town.

This past week I spent three days in Austin meeting with all sorts of developers and had many great conversations about technology. I met with companies and people with a passion for technology that couldn’t be suppressed.

Photo from

Meeting with Dell

The reason I was in town was to give a couple of presentations at a mini-conference for Dell employees. On my first day in Austin, the day before the conference, I met with a team working on the next generation of The site is undergoing a large scale rearchitecture based heavily on ASP.NET MVC 2.

I fielded some questions on ASP.NET MVC and its future and was given a presentation on their new architecture. It was clear that they spent a lot of time with ASP.NET MVC as I even received an obscure question asking why Routing uses the ReaderWriterLock rather than ReaderWriterLockSlim? (The answer, in case you’re interested in that sort of trivia, is that ReaderWriterLockSlim didn’t work in medium trust in ASP.NET 3.5 SP1, but that’s been fixed in ASP.NET 4 and Routing now uses that).

I should mention that Dell is hiring in a big way. Many of these positions will involve a lot of ASP.NET MVC development.

We’re looking for senior level folks that have extensive e-commerce experience, are experts in Microsoft technologies (MVC knowledge a big plus), and have worked on some very large sites.  We’re looking for architects, dev leads, business analysts and project managers.  We have positions open in Round Rock, Tx (just north of Austin) as well as Bangalore, India.  Visit and click on Careers at the bottom of the page.

Austin .NET User group

After meeting with Dell, I was whisked over to the Austin .NET User Group meeting (ADNUG) where I gave a presentation on what’s new in ASP.NET MVC 2. The room was packed and the attendees were engaged with the talk. They had to be as my demos were failing left and right and I needed the help from the audience to catch my mistakes several times. Thank you ADNUG!

Afterwards I went with several user group attendees and was treated to Rudy’s Country Store and Bar-B-Q which is a gas station, convenience store, and Bar-B-Q shack. I would soon learn that Austin is full of these multi-function restaurants. I ordered the “Extra Moist” and some cream corn which was oh so delicious!

Back at Dell

After Rudy’s I spent the evening working on digestion and my demos. The next morning I spent the day at a small conference center presenting two talks to Dell employees, the intro talk I mentioned earlier and an ASP.NET MVC 2 Tips and Tricks talk.

This time, both talks went much more smoothly and I now feel much more prepared for the upcoming Mix 10.

After my talks at Dell, Jonathan Carter and I headed over to the WhipIn to meet up with the quiet and always subdued Scott Bellware. The WhipIn is a convenience store, bar, and Indian food restaurant with a slogan of “Namaste Y’all!”” Remember that thing I said earlier about multi-function restaurants?

Visiting Headspring

My last day in Austin was spent visiting two companies full of very talented software developers doing extensive work with ASP.NET and ASP.NET MVC.

I spent the morning at Headspring which employs many well known members of the .NET community as they’re involved in blogging, C4MVC, MvcContrib, etc. Jeffrey Palermo, Eric Hexter, Jimmy Bogard, Matt Hinze, amongst others (sorry, I don’t know your URLs).

One of the first things I noticed when walking into their office was a big screen TV displaying the statuses of several different builds from their Continuous Integration (CI) server. I watched as a Watin run provided a “ghost in the machine” demonstration of their automated functional test suite.

They walked me through their current project showing how they’re using and customizing ASP.NET MVC and we discussed potential improvements to ASP.NET MVC. One thing they’ve done as they’ve gained experience building ASP.NET MVC applications is to embed many of the lessons they’ve learned into the open source CodeCampServer project.

It may be overkill for what it is, a code camp management website, but the point of the site is to demonstrate practices they use on much larger projects.

Visiting Dovetail

After meeting with Headspring, I headed over to meet the DoveTail guys for lunch. Unfortunately, we didn’t go to Torchy’s since we were short on time and didn’t want to wait. Not only that, I had a sangria margarita for lunch and was carded. Those Austin-ites are sticklers for checking IDs.

We spent lunch discussing a wide range of topics on the .NET community, technology, etc. After lunch we headed over to their office where once again I saw a monitor with the status of their continuous integration server displayed on a monitor. Seems all these Austin developers see the value in continuous integration.

We settled in and Jeremy Miller, Chad Myers, Joshua Flanagan, et all walked me through what they’ve done with FubuMVC. I really liked several of the ideas they’ve put in their framework, some of which may show up in ASP.NET MVC in the future as is typical of technical cross-pollination.

Heading Home

After the meeting at Dovetail, I took a cab to the Austin airport to catch a flight home. Looking back, I wished I had been able to spend more time in Austin. Known as the live music capital of the world, I didn’t get a chance to hit the heart of the city.

Even so, I really enjoyed my visit there. The weather was nice and the local tech community seemed to be quite involved and vibrant. It’s definitely a place I want to visit again., mvc, code 0 comments suggest edit

During the MVP summit, an attendee asked me for some help with a common scenario common among those building content management systems. He wanted his site to use human friendly URLs.

instead of

Notice how the first URL is descriptive whereas the second is not. The first URL contains a URL “slug” while the second one contains the ID for the content, typically associated with the ID in the database.

This is easy enough to set up with routing, but there’s a slight twist. He still wanted the action method which would respond to the first URL to have the integer integer ID as the parameter, not the slug. Let’s look at one possible approach to solving this.

Here’s an example of what the route might look like:

  "Slug", // Route name
  "pages/{slug}", // URL with parameters
  new { controller = "Home", action = "Content" } // Parameter defaults

Notice that the route URL contains one parameter for “slug” and no “id” parameter whatsoever. Here’s an example of the controller action that route should map to.

public ActionResult Content(int id)
  // Note the argument is an id, not slug
  return View();

Note that the action method does not accept a parameter named “slug” but instead expects an integer “id” parameter.

Fortunately, there’s an easy way to do this. Action filters, classes which derive from ActionFilterAttribute, allow hooking into the point in time after the parameters of action method have been bound, but just before the action method has been invoked. This gives us a fine opportunity to muck around with the parameters.

The following is an example of an action filter which converts a slug to an ID (you can imagine a real one would probably look it up in the database, not in a static dictionary like the sample does).

public class SlugToIdAttribute : ActionFilterAttribute
  static IDictionary<string, int> Slugs = new Dictionary<string, int>
    {"this-is-a-slug", 100}, 
    {"another-slug", 101}, 
    {"and-another", 102}

  public override void OnActionExecuting(ActionExecutingContext filterContext)
    var slug = filterContext.RouteData.Values["slug"] as string;
    if(slug != null)
      int id;
      Slugs.TryGetValue(slug, out id);
      filterContext.ActionParameters["id"] = id;

The filter overrides the OnActionExecuting method which is called just before the action method is called. The filter than grabs the slug from the route data, and looks up the corresponding id. Now all we need to do is make sure the id is passed into the action method.

Fortunately the filter context passed into this method allows us to peek into the parameters that will get passed into the action method via the ActionParameters property. Not only that, it allows us to change them!

In this case, I’m grabbing the slug from the route data, and looking up the associated id, and adding a parameter named “id” to the action parameters with the correct id value.

All I need to do now is apply this filter to the action method and when the action method is called, this id will be passed into the method.

This works whether the argument to the action method is a simple primitive type as in this example or whether it’s a complex type. I’ve included a sample project that demonstrates changing parameters to action methods via an action filter., mvc, code 0 comments suggest edit

If you have a model object with a property named Id, you may have run into an issue where your model state is invalid when binding to that model even though you don’t have an “Id” field in your form.

The following scenario should clear up what I mean. Suppose you have the following simple model with two properties.

public class Product {
    public int Id { get; set; }
    public string Name { get; set; }

And you are creating a view to create a new Product. In such a view, you obviously don’t want the user to specify the Id.

<% using (Html.BeginForm()) {%>

    <div class="editor-label">
      <%= Html.LabelFor(model => model.Name) %>
    <div class="editor-field">
      <%= Html.TextBoxFor(model => model.Name) %>
      <%= Html.ValidationMessageFor(model => model.Name) %>
      <input type="submit" value="Create" />

<% } %>

However, when you post it to an action method like so:

public ActionResult Index(Product p)
    if (!ModelState.IsValid) {
        throw new InvalidOperationException("Modelstate not valid");
    return View();

You’ll find that the model state is not valid. What gives!?

Well the issue here is that the Id property of Product is being set to an empty string. Why is that happening when there is no “Id” field in your form? The answer to that, my friend, is routing.

When you crack open a freshly created ASP.NET MVC 1.0 application, you’ll notice the following default route defined.

    new { controller = "Home", action = "Index", id = "" }

To refresh your memory, that’s a route with three URL parameters (controller, action, id), each with a default value (“home”, “index”, “”).

What this means is if you post a form to the URL /Home/Index, without specifying an “ID” in the URL, you’ll still have an empty string route value for the key “id”. And as it turns out, we use route values to bind to action method parameters.

In the scenario above, it just so happens that your model object happens to have a property with the same name, “Id”, as that route value, so the model binder attempts to set the value of the Id property to empty string, and since Id is a non-nullable int, we get a type conversion error.

This wouldn’t be so bad if “Id” wasn’t such a common name for properties. ;)

In ASP.NET MVC 2 RC 2, we added an MVC specific means to work around this issue via the new UrlParameter.Optional value. If you set the default value for a URL parameter to this special value, MVC makes sure to remove that key from the route value dictionary so that it doesn’t exist.

Thus the fix to the above scenario is to change the default route to:

    new { controller = "Home", action = "Index", id = UrlParameter.Optional }

With this in place, if there’s no ID in the URL, there won’t be a value for ID in the route values and thus we’ll never try to set a property named “Id” unless you have a form field named “Id”.

Note that this should be the default in the project templates for ASP.NET MVC 2 RTM.

0 comments suggest edit

As many of you have probably heard, the release candidate for Visual Studio 2010 was recently released containing immense performance improvements and tons of bug fixes.

Another thing that release contains is the release candidate for ASP.NET MVC 2. However, that release is not the latest release of ASP.NET MVC 2 as we recently released a second release candidate for ASP.NET MVC 2 in response to customer feedback.

I apologize for the confusion this may have caused, but we really felt it was important to have another release candidate for ASP.NET MVC to help verify that we were responding to feedback in the correct manner.

If you wish to have Visual Studio 2010 RC and ASP.NET MVC 2 RC 2 installed at the same time, it’s not a problem.

If you installed ASP.NET MVC 2 RC 2 Before installing VS 2010 RC

Believe it or not, you’re all set if you install them in this order.

When installing VS 2010 RC, the installation will detect that a newer version of the ASP.NET MVC runtime (aka the System.Web.Mvc assembly) is already installed and will not overwrite it with the older version included with VS 2010 RC.

Keep in mind that the project templates for VS 2010 will still be the slightly older ASP.NET MVC 2 RC project templates and not the RC 2 templates. Fortunately those templates haven’t changed too much between release candidates.

In this configuration, when you create a project using VS 2010 RC, even though the templates may be slightly older, the project will reference the newer System.Web.Mvc assembly.

If you are installing ASP.NET MVC 2 RC 2 After installing VS 2010 RC

In this case, there’s a tiny bit of work to do. The installer for ASP.NET MVC 2 RC 2 will block if an older version of the ASP.NET MVC 2 runtime is installed.

To remedy the situation, all you need to do is uninstall the ASP.NET MVC 2 runtime. In Add/Remove Programs dialog(also known as the Program and features dialog), this would be the entry named “Microsoft ASP.NET MVC 2”.

If you have an older version of MVC tooling/project templates for Visual Studio 2008 installed (named “Microsoft ASP.NET MVC 2 – Visual Studio 2008 Tools”), you’ll also need to uninstall that, but do not uninstall the MVC tooling for VS 2010.


At this point, you should only have Microsoft ASP.NET MVC 2 – Visual Studio Tools for VS 2010 installed. You may now run the installer for ASP.NET MVC 2 RC 2, which will put the runtime on your machine as well as tooling/project templates for VS 2008.

Hopefully this clears up some of the confusion and gets you going with VS 2010 RC and ASP.NET MVC 2 RC 2.