personal career 0 comments suggest edit

It’s a quiet friday afternoon with all of our devs in training today, so I figured I’d take a breather and respond to this meme I’ve been tagged with by Simone, Keyvan, Steve and others.

How Old Were You When You Started Programming?

Have I even started really programming yet? I guess I got my first taste when I was around eight with my first computer, a TRS-80 Color Computer.


That sucker could display 9 colors, all at once, believe it or not. My programming experience back then was pretty minimal. My dad and I mostly spent hours typing in program listings from books, complete with pages of DATA lines consisting entirely of 0s and 1s. Pretty much typing by hand the equivalent of binary resources. I also wrote simple programs that would draw pictures and my dumb attempts at Zork-like text adventures.

How Did You Get Started In Programming?

Well I would write dumb little programs for my TRS-80, then Commodore 128, then Amiga. But I never wrote any programs of any significance till I took a C and C++ class in college. Even then, those programs were not “real world” programs, but simple assignments. It wasn’t till after college when I had to get a J-O-B that I learned how to really program.

And it was a rough start, writing the most knotty spaghetti ASP code in VBScript ever. It wasn’t till I read Code Complete that I realized that I wasn’t programming yet, I was barfing code.

What Was Your First Language?

English. My first programming language was BASIC for the TRS-80. My first professional language was VBScript. My first Object Oriented language was C++.

What Was The First Real Program You Wrote?

Man, I can barely remember that far back. All I remember was on my first day of my first programming job, a helpful consultant/coworker showing me the ropes. The main thing she taught me that day was when looping through a RecordSet, don’t forget the rs.MoveNext call, or else!

Around that time, I started working on a website for a company called which later became which later got bought by Yahoo. That was the first large website I worked on and the place I had my first and worse major production bug ever. It was a lot of fun because I also signed up on the site and would interact with the other members, since it was a community music site.

What Languages Have You Used Since You Started Programming?

What is this? Some sort of interview? The programming languages I’ve used professionally are: BASIC, Visual Basic, VBScript, Java, J++, Ruby, C#.

What Was Your First Programming Gig?

As I mentioned before, it was right after college I got a job at a consulting firm named Sequoia Softworks in Seal Beach, CA. We had an office right on main street near the beach above some antique store or something. We later changed our name to Solien. They’re still around, but their site needs some love.

If You Knew Then What You Know Now, Would You Have Started Programming?

Well in between investing large sums of money in the right stocks and getting out at the right time, yes, absolutely! I love to write code and write about code.

If There is One Thing You Learned Along the Way That You Would Tell New Developers, What Would It Be?

Learn to write and communicate well. Software development is rich in ideas and being able to communicate your ideas well will get you places. And keep an open mind. Things you’re absolutely sure about now, you might not be so sure about tomorrow.

What’s the Most Fun You’ve Ever Had … Programming?

Hacking on Open Source projects such as Subtext. Recently, working on my [IronRuby

  • MVC prototype]( “IronRuby and MVC”) has been a lot of fun. I find it fun to try out new things as well as making old things better.

tdd 0 comments suggest edit

One principle to follow when writing a unit test is that a unit test should ideally not cross boundaries.


Michael Feathers takes a harder stance in saying…

A test is not a unit test if:

  • It talks to the database
  • It communicates across the network
  • It touches the file system
  • It can’t run at the same time as any of your other unit tests
  • You have to do special things to your environment (such as editing config files) to run it

Tests that do these things aren’t bad. Often they are worth writing, and they can be written in a unit test harness. However, it is important to be able to separate them from true unit tests so that we can keep a set of tests that we can run fast whenever we make our changes.

Speed isn’t the only benefit of following these rules. In order to make sure your tests don’t reach across boundaries, you have to make sure the unit under test is easily decoupled from code across its boundary, which provides benefits for the code being tested.

Suppose you have a function that pulls a list of coordinates from the database and calculated the best fit line for those coordinates. Your unit test for this method should ideally not make an actual database call, as that is reaching across a boundary and coupling your method to a specific data access layer.

Reaching across a boundary is not the only sin of this method. Data access is an orthogonal concern to calculating the best-fit line of a series of points. In The Pragmatic Programmer, Andrew Hunt and Dave Thomas tout Orthogonality as a key trait of well written code. In an interview on, Andy describes orthogonality like so:

The basic idea of orthogonality is that things that are not related conceptually should not be related in the system. Parts of the architecture that really have nothing to do with the other, such as the database and the UI, should not need to be changed together. A change to one should not cause a change to the other. Unfortunately, we’ve seen systems throughout our careers where that’s not the case.

Ideally, you would refactor the method so that the data the method needs is provided to it via some other means (another method passing the data via arguments, dependency injection, whatever). That other means, whatever it is, can perform the necessary data access: that’s not your concern at this moment. You aren’t testing that other means (right now at least, you might later), you’re focused on testing this unit.

This isolation enforced by unit test can be challenging, as it’s easy to get distracted by these other orthogonal concerns. For example, if this method doesn’t do data access, which one does? However, having the discipline to focus on the unit being tested can help shape your code so that it follows the single responsibility principle (SRP for short). If your test needs to access an external resource, it might just be violating SRP.

This provides several key benefits.

  • Your function is no longer tightly coupled to the current system. You could easily move it to another system that happened to have a different data access layer.
  • Your unit test of this function no longer needs to access the database, helping to keep execution of your unit tests extremely fast.
  • It keeps your unit test from being too fragile. Changes to the data access layer will not affect this function, and therefore the unit test of this function.

All this decoupling will provide long term benefits for the maintainability of your code.

aspnetmvc ruby 0 comments suggest edit

UPDATE 02.17.2009: I posted about a newer version of this prototype for ASP.NET MVC RC

Update: I updated the source today. It now has minimal support for layouts. It needs more improvement for sure.

In June, John Lam wrote about a demo he gave at Tech-Ed 2008 where he showed IronRuby running on ASP.NET MVC. He posted the code for the demo online, but it relied on an unreleased version of MVC, so the code didn’t actually work.

IronRuby on ASP.NET MVC
Demo Now that Preview 4 is out, I revisited the prototype and got it working again. I use the term working loosely here. Yeah, it works, but it is really rough around the edges. As in, get a bunch of splinters rough. At least it looks better as I did take a moment to use a CSS layout from Free CSS Templates slightly tweaked by me.

Getting the Prototype Up And Running

The IronRuby assemblies are based on an internal build, so they aren’t the same version as the publicly available ones. As such, they are not fully signed so you might get an ugly error message when you try to run the demo. You’ll need to add a verification entry into the GAC using the sn –Vr assemblyname.dll command.

I was lazy and just ran the following to add a verification entry for any assembly (note: there is a security risk in doing this):

sn –Vr *,*

And when I was done, I ran:

sn –Vu *,*

to remove that catch-all verification entry.

Other Notes

I made a few small improvements to the project since John posted the code. I added helper overloads that accept ruby hashes, for example. This allows you to do the following within the view:

<%= $html.ActionLink("Home", {:controller => "Home", :action => "index"}) %>

I also implemented more of the application, including the ability to edit an item. That forced me to get some more of the form helpers working with IronRuby.

As I mentioned in my previous post on this topic, IronRuby and ASP.NET MVC BFFs Forever:

Disclaimer: This is all a very rough prototype that we’ve been doing in our spare time for fun. We just wanted to prove this could work at all.

If this sort of stuff interests you, have fun with it. I’ll try and post updates as we take this prototype further. It has definitely been a worthwhile exercise as we’ve found many areas for improvement in our extensibility layer. I believe ASP.NET MVC will be better overall because we spent the time to do this.

And before I forget, here’s the DOWNLOAD LINK.

Attributions: The CSS layout and ruby logo are both licensed under the Creative Creative Commons Attribution-ShareAlike 2.5 License. Full attribution is within the source.

aspnetmvc 0 comments suggest edit

(If you want to skip all the blah blah blah, go straight to the release)

What I love about working with The Gu (aka ScottGu, the man with many aliases) is that he makes my life easier with his gargantuan and detailed blog posts covering the features of each release. This allows me to follow up and fill in some details with a much shorter post, as by the time we get a release out the door, I’m usually too exhausted to write such a detailed post as he does. Yeah, excuses excuses.

In his latest post, Scott covers the ASP.NET MVC CodePlex Preview 4 release in two parts. This is the next in a continuing series of preview releases that alternate between full CTP level releases on ASP.NET and interim releases on CodePlex. Unlike previous CodePlex releases, this one contains an MSI installer for convenience. There are still some rough spots with some of the new features as we tried to get a lot into this release to elicit feedback. In fact, I’ve been doing some app building today and have already run into some areas for improvements with the Ajax helpers. I look forward to hearing your feedback as well.

MVC Futures

One thing you’ll notice in the project template that Scott didn’t cover in much detail is that we include a new assembly, Microsoft.Web.Mvc.dll. The release notes explain what this is.

The ASP.NET MVC team builds prototypes for a lot of features during the course of normal development. Some of these features will not be included in the RTM release, but are very likely to be included in a future full release. We’ve moved many of these features into a separate assembly, Microsoft.Web.Mvc.dll.

This follows what the ASP.NET’s team intends the term Futures to mean when it comes to products. Futures should contain features that we think has a decent chance of making it into the framework. If we implement something we are pretty sure we have no intention of including in the framework, we’ll typically post it as a blog sample or something to that effect.

Component Controller

For those that have used this, you’ll notice that we removed the ComponentController class. Instead, we renamed RenderComponent to be RenderAction and re-implemented it so that it works against a normal controller. This code is was moved to the MVC Futures assembly since we’re not planning to include it in the RTM.

My personal opinion is that this violates the separation of concerns so important to the MVC pattern. Having a method within your view calling back into a controller in order to render out a bit more view makes me feel a wee bit dirty ;). We’re developing prototypes for an alternative approach. In the meanwhile, I recognize that for a small sacrifice of pattern purity, this method is very useful, hence its inclusion in the MVC Futures assembly, but do understand that you use it at your own risk.

What’s Next?

The roadmap for ASP.NET MVC has been up on the CodePlex site for a while. We still have more cleanup and implementation work to do on the Ajax features, as well as existing and new helper methods. Likewise, we are tackling the problem of how should you report validation errors to the user via a common error reporting mechanism. This might not handle validation itself, but gives everyone a common place to put validation messages and allows for some of HTML helpers to be aware of these messages and render themselves accordingly.

And before I forget, you can download ASP.NET MVC CodePlex Preview 4 from the release page.

routing aspnetmvc 0 comments suggest edit

By default, ASP.NET Routing ignores requests for files that do not exist on disk. I explained the reason for this in a previous post on upcoming routing changes.

Long story short, we didn’t want routing to attempt to route requests for static files such as images. Unfortunately, this caused us a headache when we remembered that many features of ASP.NET make requests for .axd files which do not exist on disk.

To fix this, we included a new extension method on RouteCollection, IgnoreRoute, that creates a Route mapped to the StopRoutingHandler route handler (class that implements IRouteHandler). Effectively, any request that matches an “ignore route” will be ignored by routing and normal ASP.NET handling will occur based on existing http handler mappings.

Hence in our default template, you’ll notice we have the following route defined.


This handles the standard .axd requests.

However, there are other cases where you might have requests for files that don’t exist on disk. For example, if you register an HTTP Handler directly to a type that implements IHttpHandler. Not to mention requests for favicon.ico that the browser makes automatically. ASP.NET Routing attempts to route these requests to a controller.

One solution to this is to add an appropriate ignore route to indicate that routing should ignore these requests. Unfortunately, we can’t do something like this: {*path}.aspx/{*pathinfo}

We only allow one catch-all route and it must happen at the end of the URL. However, you can take the following approach. In this example, I added the following two routes.

routes.IgnoreRoute("{*allaspx}", new {allaspx=@".*\.aspx(/.*)?"});
routes.IgnoreRoute("{*favicon}", new {favicon=@"(.*/)?favicon.ico(/.*)?"});

What I’m doing here is a technique Eilon showed me which is to map all URLs to these routes, but then restrict which routes to ignore via the constraints dictionary. So in this case, these routes will match (and thus ignore) all requests for favicon.ico (no matter which directory) as well as requests for a .aspx file. Since we told routing to ignore these requests, normal ASP.NET processing of these requests will occur. mvc,, code 0 comments suggest edit

We all know that it is bad bad bad to trust user input. I don’t care if your users are all ascetic monks in a remote monastery, do not trust their input. However, user input often likes to put on sheep’s clothing and disguise itself as something else entirely, such as the case with ViewState.

Another example of this is highlighted in the latest entry of his excellent series of ASP.NET MVC tips. In this post, Stephen Walther writes about how cookie values and server variables can be passed as parameters to action methods.

Immediately, commenters understably asked whether this was safe or not. One person went so far as to call this a security hole in controller actions.

However, to be extremely nitpicky, the security implication isn’t in passing server variables this way. That’s perfectly safe. The security implication is in trusting the values passed to an action method in the first place. If your action method makes decisions with security implications based on assuming that these values are accurate, then you have a potential security problem.

Keep in mind, many of these values can be spoofed with or without ASP.NET MVC. Many of the server variables should never be trusted no matter how you access them, whether via this technique or a call to Request.ServerVariables["variable_name"].

In fact, right there near the top of the MSDN documentation for the IIS Server Variables, it warns against trusting these values:

Some server variables get their information from HTTP headers. It is recommended that you distrust information in HTTP headers because this data can be falsified by malicious users.

In the same way, in a typical configuration for ASP.NET MVC, the parameter values for action methods come directly from the user in the form of the URL or Request parameters. This makes sense after all, since the whole point of a controller in the MVC pattern, according to Wikipedia, is to:

Processes and responds to events, typically user actions, and may invoke changes on the model.

The parameters to an action method generally correspond to user input. It’s really asking for trouble to have parameters in an action method that you consider to be anything but user input.

In the end, I don’t consider this a security flaw so much as a security lure. This is the type of thing that might tempt someone to do the wrong thing and trust these values. We will review this particular case and consider not passing in server variables into action methods, but doing so doesn’t really solve the fundamental issue. There are other ways to pass data to an action method (defaults on a route) that a developer might be tempted to trust (don’t trust it!).

Whether we change this or not, the fundamental issue is that developers should never trust user input and developers should always treat action parameter values as user input.

Tags: aspnetmvc , security

aspnetmvc 0 comments suggest edit

Yesterday, I wrote a quick and dirty ASP.NET HttpModule for displaying the time that a request takes to process. Note that by turning on trace output for a page, you can get timing information for that page. But as far as I understand, and I need to double check this, this only applies to the page lifecycle, which might not have all the information you want in the context of ASP.NET MVC.

Not to mention, I just wanted to see a simple number at the end of the page and not have to wade through all that trace output. Also keep in mind that this number only applies to the time spent in the ASP.NET pipeline. It obviously doesn’t tell you the full time of the request from browser sending the request to the browser rendering the response. For that I would use something like Firebug in Firefox.

Here’s the code for the module. Note that it only works from local requests in Debug mode. That’s a safety precaution so that if someone accidentally deploys this to a production machine, they won’t see this number at the bottom.

using System;
using System.Diagnostics;
using System.Web;

public class TimingModule : IHttpModule {
  public void Dispose() {

  public void Init(HttpApplication context) {
    context.BeginRequest += OnBeginRequest;
    context.EndRequest += OnEndRequest;

  void OnBeginRequest(object sender, System.EventArgs e) {
    if (HttpContext.Current.Request.IsLocal 
        && HttpContext.Current.IsDebuggingEnabled) {
      var stopwatch = new Stopwatch();
      HttpContext.Current.Items["Stopwatch"] = stopwatch;

  void OnEndRequest(object sender, System.EventArgs e) {
    if (HttpContext.Current.Request.IsLocal 
        && HttpContext.Current.IsDebuggingEnabled) {
      Stopwatch stopwatch = 

      TimeSpan ts = stopwatch.Elapsed;
      string elapsedTime = String.Format("{0}ms", ts.TotalMilliseconds);

      HttpContext.Current.Response.Write("<p>" + elapsedTime + "</p>");

Notice that I made use of the System.Diagnostics.Stopwatch class, which provides more accuracy than simply calling taking the difference between two calls to DateTime.Now.

In my web.config, I just needed to add the following to the httpModules section (replacing Namespace and AssemblyName with their appropriate values):

  <!-- ...other modules... -->
  <add name="TimingModule" type="Namespace.TimingModule, AssemblyName" />

For IIS 7, this configuration would go in the <modules /> section.

Lastly, don’t forget to set your website to debug mode by adding the following in your Web.config. If you want to test your perf in release mode, just remove the IsDebuggingEnabled clause in the module and you don’t need to make the following change.

<compilation debug="true">
<!-- ... -->

Hope you find this useful.

blogging 0 comments suggest edit

I credit Google AdSense for really opening up the possibility for small blogs to become sources of passive income. Look around the web and you’ll see nearly every blog sport an AdSense ad or two…or three.

For most people, it amounts to a bit of pocket change - maybe enough money for a coffee or an occasional indulgence. But soon, the lure of adding more ads from other ad networks overwhelms publishers and soon blogs start to look more like the movie Idiocracy.


A while back, Jeff Atwood wrote about how content is becoming dwarfed by advertisements in his post, A World of Endless Advertisements, which is where I took that photo. I was heading down that path when I read his post and it gave me pause.

At that time, I had recently started a new business with a friend and we were struggling, so any source of extra income was welcome. But I was always hoping to tone it down a bit.

Now I’m at a pretty stable company, so I don’t necessarily need the extra income, but I don’t mind it because I also have a kid who can eat us out of house and home. Fortunately, I have the opportunity to have my cake and eat it too by removing all of my ads except for The Lounge. Hopefully this makes my site move farther and farther from the screenshot above.

James Avery and I go way back. He’s been involved with Subtext in the past, I contributed some chapters to a book he and Jim Holmes put together. Like many relationships forged in the online community, we’ve never actually met in person, but I feel like I’ve known the guy for a long time.

What I like about James is he’s a real hustler, which you have to be as an independent entrepreneur/consultant/contractor. He seems to be executing on a huge roster of ideas all at once all the time. I’ve gone that route, and found it both exhilarating and downright tough. So my hats off to James.

The other notable thing about The Lounge is that James is using ASP.NET MVC to build it out and is so far finding the experience to be a good one. Right James?

humor personal 0 comments suggest edit

…and the feeling’s right.

phil-and-akumi If I can muster up the time and motivation, I like to try and post lighter more humorous fare on Fridays such as my recent RAS Syndrome post.

On this beautiful Friday day (is that redundant too?), I started off fresh out of ideas (and motivation) so I wasn’t planning on writing a blog post at all, until this was just handed to me.

Which Software Blogger Do Girls Like Better?

In this post, Nick Berardi takes a quick look around at the demographic information collected by Google’s new ad planner.

Consider for a moment, what this data represents. It is a huge database of information on surfing habits of perhaps nearly the entire Internet, collected via huge data centers consisting of unfathomable computing power (as well as power consumption). Not to mention the huge amount of data it represents and the incomprehensibly advanced statistical analysis algorithms that must be employed to properly sift this data.

Nick has all this power at his disposal to answer the pertinent question of the digital age.

Which geek blogger do chicks dig?

In the list, he compares bloggers such as Jeff Atwood (aka CodingHorror or is it CodingWhore, which might explain his results), Joel Spolsky (aka big red WTF guy), Scott Hanselman (aka Mr. “Writes About Hair”)… and then there’s me, the short end of the stick.

Now Jeff might have over 10 times the subscribers I have, Joel may be the most famous and respected of the bunch, and Scott may have the edge on me in terms of forefivehead, but guess who wins the only metric that matters?

That’s right, me suckas!

Eat that, CodingHorror!

Map Reduce FogCreek to FogWeak, Joel Spolsky!

Hanselminute is a minute too late, Scott Hanselman!

Of course, at this point is when my wife pinches her fingers together and holds them up to my temple and makes a loud hissing sound of air rushing out. After all, compared to the traffic level of these guys, my traffic is small enough that her periodic visits to my site would make a dent in the percentages.

And as my coworker Eilon points out, I’m celebrating what is effectively a made up score. “Hey everyone, I created this chart with this made up score, for which I have the highest one. I rock!” My retort is that his fascination with X-Box Achievement points is no different.

I guess I won’t quit my day job and become a male exotic dancer then. Carry on everyone.

tips aspnetmvc security 0 comments suggest edit

When you create a new ASP.NET MVC project using our default templates, one of the things you might notice is that there is a web.config file within the Views directory. This file is there specifically to block direct access to a view.

Let’s look at the relevant sections.

For IIS 6 (and Cassini)

<add path="*.aspx" verb="*" 

For IIS 7

<add name="BlockViewHandler" path="*.aspx" verb="*" 
  preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>

What these sections do is block all access to any file with the .aspx extension within the Views directory (or subdirectories). Note that access is blocked by mapping these file extensions to the HttpNotFoundHandler, so that a 404 error is returned when trying to access a view directly.

This works great if you are using all the ASP.NET MVC defaults, but what if you’re using an alternative view engine such as NHaml or NVelocity? It turns out you can directly request the view and see the code.

You’ll want to make sure to add extra lines within this web.config file with the appropriate file extensions. For example, if I were using NVelocity, I might add the following (in bold).

For IIS 6 (and Cassini)

<add path="*.aspx" verb="*" 
<add path="*.vm" verb="*" 

For IIS 7

<add name="BlockViewHandler" path="*.aspx" verb="*" 
  preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
<add name="BlockViewHandler" path="*.vm" verb="*" 
  preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>

You might be wondering why we don’t block access to all files within the Views directory. Excellent question! In part, because the Views directory is a common place to put other static content such as images, pdfs, audio files, etc… and we decided not to prevent that option.

However, we’re open to suggestions. We do have a content directory in the default template. We could consider requiring putting static files in there or in another directory other than Views. I’m not sure how people would feel if they couldn’t put assets intended to support Views within the Viewsfolder.

code tools 0 comments suggest edit

UPDATE: Updated the registry settings per James Curran’s comment. Thanks James!

One of the most useful registry hacks I use on a regular basis is one Robert McLaws wrote, the “ASP.NET 2.0 Web Server Here” Shell Extension. This shell extension adds a right click menu on any folder that will start WebDev.WebServer.exe (aka Cassini) pointing to that directory.


I recently had to repave my work machine and I couldn’t find the .reg file I created that would recreate this shell extension. When I brought up Robert’s page, I noticed that the settings he has are out of date for Visual Studio 2008.

Here is the updated registry settings for VS2008 (note, edit the registry at your own risk and this only has the works on my machine seal of approval).

32 bit (x86)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer]
@="ASP.NET Web Server Here"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer\command]
@="C:\\Program Files\\Common Files\\microsoft shared\\DevServer
\\9.0\\Webdev.WebServer.exe /port:8080 /path:\"%1\""

64 bit (x64)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer]
@="ASP.NET Web Server Here"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer\command]
@="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DevServer
\\9.0\\Webdev.WebServer.exe /port:8080 /path:\"%1\""

For convenience, here is a zip file containing the reg files. The x64 one I tested on my machine. The x86 one I did not. If you installed Visual Studio into a non-standard directory, you might have to change the path within the registry file.

visualstudio tips 0 comments suggest edit

I used to find the smart tag really annoying in Visual Studio because it is such a small target to hit with the mouse. Silly me, trying to expand a smart tag with a mouse.


When you highlight the tag with your mouse, it tells you that the keyboard combination of ALT + SHIFT + F10 will expand the menu.

What it doesn’t tell you is that there’s a two key combination that will also expand it. I learned this one from Karen Liu of the C# IDE team who also happens to have a blog post with a nice collection of other tips and tricks written last year.

Just hit the CTRL key plus the period key (CTRL + .)


I really like this approach when performing renames within Visual Studio because it’s totally contextual. Rather than starting with a rename refactoring, I can instead just start renaming something and the smart tag shows up and all I have to do is hit CTRL + . and then ENTER. Booyah!

aspnetmvc 0 comments suggest edit

When approaching an extensibility model, I often find cases in which I want to merely tweak the existing behavior of the default implementation and wish I didn’t have to create a whole new specific type to do so.


Instead of creating a specific type, I tend to write a decorator class that implements the interface and takes in both the default instance of that interface and a delegate (specified using a lambda of course).

Let’s look at a quick example to make all this abstract talk more concrete. I’m playing around with the NVelocity View Engine for ASP.NET MVC from the MvcContrib project. Rather than have each controller specify the view engine, I’d really like to specify this in just one place.

I could take the time to setup a DI container, but I’m feeling lazy and this is just a simple prototype application so I planned to just implement the IControllerFactory interface and have it set the view engine after creating the controller.

For those not intimately acquainted with ASP.NET MVC, you can override how the framework instantiates controllers by implementing the IControllerFactory interface.

However, at this point, I realized I was creating these one-off controller factories all the time. What I really wanted was some way to decorate the existing controller factory with a bit of extra logic. What I did was write an extension method that allowed me to do the following in my Global.asax.cs file.

  (current, context, controllerName) => 
    var controller = current.CreateController(context, controllerName) 
      as Controller;
    if (controller != null) {
      controller.ViewEngine = new NVelocityViewFactory();
    return controller;

It’s a little funky looking, but what is happening here is that I am calling a new Decorate method and passing it a lambda. That lambda will be used to decorate or wrap the current controller factory and will get called when it is time to instantiate a Controller instance.

However, the lambda always receives the original controller factory so it can use it if needed. So in effect, the lambda wraps or decorates whatever the current controller factory happens to be.

In this case, all my lambda is doing is using the default controller to create the controller, and then it sets a property of that controller after the fact. However, if I wanted to, I could have had my lambda completely override creating the controller.

Here is the the code for the extension method to ControllerBuilder.

public static class ControllerFactoryExtensions {
  public static void Decorate(this ControllerBuilder builder
  ,Func<IControllerFactory, RequestContext, string, IController> decorator) {
    IControllerFactory current = builder.GetControllerFactory();
      new DelegatingControllerFactory(current, decorator));

As you can see, under the hood, I am actually replacing the current controller factory with a new one called DelegatingControllerFactory. But the implementation for this new factory is really simple. It simply calls a delegate that you supply. As far as the user of the Decorate method is concerned, this class doesn’t really exist.

internal class DelegatingControllerFactory : IControllerFactory {
  Func<IControllerFactory, RequestContext, string, IController> _factory;
  IControllerFactory _wrappedFactory;

  public DelegatingControllerFactory(IControllerFactory current
    , Func<IControllerFactory
    , RequestContext, string, IController> factoryDelegate) {
    if (factoryDelegate == null) {
      throw new ArgumentNullException("factoryDelegate");
    _wrappedFactory = current;
    _factory = factoryDelegate;

  IController IControllerFactory.CreateController(RequestContext context
  , string controllerName) {
      return _factory(_wrappedFactory, context, controllerName);

  void IControllerFactory.DisposeController(IController controller) {
    if (controller is IDisposable) {

With this in place, the next time I need to implement a one-off controller factory, I can simply decorate the current controller factory instead.

I’m starting to find myself using this pattern in a lot of places. The potential downside of this approach is that if someone else comes along who has to maintain it, they might find it difficult to understand if they’re not well acquainted with lambdas and delegates.

So it is a bit of a tradeoff between convenience for the code author and readability for the code reader.

aspnet, aspnetmvc, code, patterns 0 comments suggest edit

Or, as my recent inbox tells me, you’re not afraid to ask. ;)

A coworker recently asked for some good resources on getting up to speed on the Model View Controller (MVC) pattern. Around the same time, I received another email talking about how people are confused around the difference between MVC and the Model View Presenter (MVP) pattern.

mvcNo better opportunity to apply the DRY principle by answering some of these questions with a blog post.


The first place to start digging into the MVC pattern is to look at the Wikipedia entry. That’ll get you a nice brief summary of the pattern along with a list of resources.

In MVC, the Model represents the information (the data) of the application and the business rules used to manipulate the data, the View corresponds to elements of the user interface such as text, checkbox items, and so forth, and the Controller manages details involving the communication to the model of user actions such as keystrokes and mouse movements.

trygve If you’re really into it, you can go directly to the source and read the original papers from Trygve Reenskaug, the inventor of the pattern.

There you’ll learn from the original paper (pdf) that the initial name for the pattern was Thing-Model-View-Editor. The pattern was baked via a process of extracting, improving, and articulating existing command and control patterns used in the operation of Norwegian ship yards in order to streamline and improve operations.


That ought to get you going with the MVC pattern. Now onto Model View Presenter, which was a response to the inadequacies of the MVC pattern when applied to modern component based graphical user interfaces. In modern GUI systems, GUI components themselves handle user input such as mouse movements and clicks, rather than some central controller.

MVP was popularized by Taligent in this paper on the subject (pdf). More recently, Martin Fowler suggested retiring this pattern in favor of two variants: Supervising Controller and Passive View.

The Difference?

So what’s the diff between MVC and MVP? Using GitHub, here it is!


Sorry, bad joke but I couldn’t resist.

The two patterns are similar in that they both are concerned with separating concerns and they both contain Models and Views. Many consider the MVP pattern to simply be a variant of the MVC pattern. The key difference is in how both patterns solve the following question: Who handles the user input?

With MVC, it’s always the controller’s responsibility to handle mouse and keyboard events. With MVP, GUI components themselves initially handle the user’s input, but delegate to the interpretation of that input to the presenter. This has often been called “Twisting the Triad”, which refers to rotating the three elements of the MVC triangle and replacing the “C” with “P” in order to get MVP.

What About The Web?

If you were playing close attention, most of these articles focus on rich client applications. Applying these patterns to the web is a very different beast because of the stateless nature of the web.

ASP.NET WebForms, for example, attempts to emulate the rich client development paradigm via the use of ViewState. This is why many attempts to apply patterns to ASP.NET focus on the MVP pattern because the MVP pattern is more appropriate for a rich client application with GUI components. A while back I even tossed my Supervising Controller sample into the ring. The Patterns and Practices group at Microsoft ship an MVP Bundle for ASP.NET.

However, many web platforms embrace the stateless nature of the web and forego attempting to simulate a state-full rich client development environment. In such systems, a tweaked MVC pattern is more applicable.

This pattern has been adjusted for the Web for your application development enjoyment.

AFAIK, Struts, a Java web framework, is one of the first widely used web frameworks employing the MVC pattern, though most people now look at Rails as being the tipping point that really brought MVC to the web and popularized the MVC pattern for web applications.

ASP.NET MVC is a new (in development) alternative framework for ASP.NET developers that makes it easy for developers to follow the MVC pattern. This framework employs the MVC pattern rather than the MVP pattern because it does not attempt to emulate rich client development, and thus the MVC pattern is more appropriate.

More Reading

There’s a lot of good content out there that puts these patterns into historical and categorical perspective. Besides the links already mentioned in this paper, I recommend checking out…

humor 0 comments suggest edit

Photo by lizerixt on stock.xchng Yesterday, I wrote a post that contained the phrase “BFFs Forever” in the title. Commenters were quick to point out the redundancy of “Forever” in the title.

Nice - BTW, your title is redundant, so your title reads “IronRuby and ASP.NET Best Friends Forever Forever”

Thanks! But I had made the very same point in that post.

And for those that don’t know, BFF is an acronym for Best Friends Forever. Yes, the “Forever” is redundant in the blog title, but it’s just how people use it.

Case in point, how often do you hear the phrase “PIN Number” which expands to “Personal Identification Number Number”. I started looking for other examples of such redundant acronyms and sure enough, there’s a term for them and a wikipedia article describing them.

RAS syndrome stands for “Redundant Acronym Syndrome syndrome,” and refers to the use of one of the words that make up an initialism or acronym as well as the abbreviation itself, thus in effect repeating that word. It is itself a humorous example of a redundant acronym.

And in case you didn’t notice, “RAS Syndrome” is itself humorously a RAS. The Wikipedia article points to other great examples.

  • ATM machine
  • HIV virus
  • ISBN number
  • CSS style sheets
  • Please RSVP
  • CNN Network

The article references another page with a collection of more redundant acronyms.

  • LAN network
  • DAT tape
  • RF frequency
  • UPC code

It’s not surprising that most of these come from the technology field as we tend to be very acronym happy and love our TLAs (Three Letter Acronyms).

So now it is my turn to coin a RAS. I am going to call it PCS syndrome which stands for “Premature Correction Syndrome syndrome.” This describes the condition in one is compelled to interject with a correction without having read through the rest of the contents, especially when the author offers an explanation for the seemingly erroneous item. ;)

I’m only teasing because PCS happens to me a lot. I find that the comments to many of my blog posts tend to focus on some irrelevant miniscule detail rather than the topic at hand. Which I’m not necessarily opposed to because that provides great fodder for future blog posts!

aspnetmvc dynamic-languages ruby 0 comments suggest edit

UPDATE: I just posted the working demo here.

I wish I could have been there, but I was celebrating my son’s first birthday (which gives me an opening to gratuitously post a picture of the kid here).


I’m talking about Tech-Ed 2008 Orlando of course where John Lam presented a demo of IronRuby running on top of ASP.NET MVC.

This demo builds on prototype work I’ve done with defining ASP.NET MVC routes and views using IronRuby.

The final missing piece was defining controllers using IronRuby. Working with members of John’s team, Levi (a dev on the ASP.NET MVC team) made the necessary adjustments to get a prototype IronRuby controller working with ASP.NET MVC.

Disclaimer: This is all a very rough prototype that we’ve been doing in our spare time for fun. We just wanted to prove this could work at all.

Unfortunately, we can’t release the demo yet because it relies on unreleased ASP.NET MVC code. When we deploy our next CodePlex interim release of ASP.NET MVC, the demo that John provided should actually work. :)

And for those that don’t know, BFF is an acronym for Best Friends Forever. Yes, the “Forever” is redundant in the blog title, but it’s just how people use it. As an aside, I found out recently that a good buddy of mine in L.A. is actually working on the set of a new show tentatively titled “Paris Hilton’s My New BFF”, where contestants compete to become Paris Hilton’s new Best Friend.

aspnetmvc 0 comments suggest edit

My compadre Scott Hunter, another PM on the ASP.NET team, who happens to work on the Dynamic Data feature, recently put together an example of using ASP.NET MVC and Dynamic Data Web Forms together in the same application. Look for the link to on this Code Gallery page.

I’ve been working on a post detailing a couple different ways to integrate WebForms and MVC, but life has been really busy for me lately. Hopefully I’ll get that to you soon.

MysteryPersonIn the meanwhile, you can probably learn all you need to know by looking at this example.

By the way, Scott was recently featured on .NET Rocks. We need to get a better picture of him taken. That whole Smoking Man image has got to go., mvc, code 0 comments suggest edit

tacoma_narrows The design is never right the first time. Nor is it usually right the second time. This is one of those key lessons you learn over time building real software, and is the source of one of the chief complaints leveled at the Waterfall methodology for building software, which puts heavy emphasis on getting the design right up front.

We have to define “right” in this case. If by “right” you mean perfect, then I don’t think the design is ever right, as I’ve argued in the past that there is no perfect design.

Recently, this lesson was driven home as my feature team (ASP.NET MVC) were hashing out some tricky design issues. Many times, we find ourselves in a tight spot in which we have two different audiences demanding a different approach to a design problem. The tough part is that the solutions we come up with inevitable satisfy one camp at the expense of the other.

Let me be clear, it’s not our goal and intention to try and satisfy everyone as that is a sure means to satisfying nobody. As Bill Cosby once said…

I don’t know the key to success, but the key to failure is to trying to please everybody.

At the same time, I also think it’s a copout to simply give up immediately when a thorny design problem comes up with two disagreeing camps. It’s worth a good faith effort to try and gather ideas you haven’t considered before and see if you can’t just solve the problem in a manner that both camps are happy with. Or at least in a manner that one camp is happy, and the other is merely less happy.

An illustration of this point happened recently at work. After many iterations, I sent out our design meeting notes internally with our solution to a particular issue. ScottGu noticed the write-up and had some questions about the design (questions like WTF?) and called me and Eilon (the lead dev) into his office for a “short” meeting to discuss these recent design changes.

I made sure to call my wife before the meeting to let her know I would be late for dinner. Once we get a talking about MVC, I know it won’t be short. We spent two hours hashing out the design, going over options, shooting them down, trying out other ideas, and so on.

At some point, Scott proposed something my team had rejected earlier due to a major flaw. However this time, as he was proposing the idea, it suddenly occurred to me that there were two different ways to implement this idea. The one we thought of wouldn’t work, but a slight adjustment to the idea, the very one Scott was proposing, would make it workable.

Eilon and I left the meeting happy with the improved design, but now concerned with the fact that we had already implemented another solution, had a bunch of unit tests and automated web functional tests. Not to mention having to deal with explaining it to the team and getting buy in so close to our release deadline.

So we did the cowboy thing (which I generally don’t recommend) and decided instead of telling the rest of the team about it, we’d follow the old maxim: “Show, don’t tell”. So that night, we went and coded the whole implementation, updated all the unit and web tests, and had something to demo in the morning rather than talk about. Since we had updated all the tests, QA was much more amenable to signing off on making this change so close to the deadline.

In retrospect, the part that causes me pain in the missed opportunities sense was just how tantalizingly close we were to having implemented this very idea from the beginning. All that time spent prototyping, app building, etc… we could have saved by getting it right the first time.

But that’s the way design goes. Sometimes, you are so close to a great solution that if the wind blows a certain way, you’ll hit upon it, but if it blows another way, you dismiss your line of thought and move onto other plans. Try as you might, it is very difficult to get the design just right the very first time all of the time.

Luckily for us, our team had the agility to respond to a better design. Our suite of unit and integration tests gave us confidence that the changes we were making were not breaking the framework in other areas. To me, this is a real testament to the benefits of applying lean and agile principles in software development, as well as the benefits of having good unit test coverage.

Tags: design , Software Development, mvc, code 0 comments suggest edit

I updated the template to have the correct assembly references so it should work now out of the box. Sorry about that.

northwindA while ago Scott Hanselman linked to my Northwind sample which itself was spawned from an initial sample that Brad Abrams wrote.

As I like to say (to anyone who will listen)

There ain’t no party like a Northwind Party

So I went and updated my sample to work well with the recently released ASP.NET MVC Preview 3Beta.

Download it here.