Brown Field ASP.NET MVC with Webforms

Transcript

1. Brownfield MVC with WebForms

2. None

3. Brownfield MVC with WebForms

4. WHO AM I? • Josh Robb – Robb Heavy Industries

   • @josh_robb • Tech Lead on a 5 Year old SaaS platform. • WebForms + SQL Server + Castle Project ActiveRecord/NHibernate

5. INTRO • Who here has legacy WebForms code? • Who

   here does MVC?

6. WHY? • Want to migrate over time to a MVC

   app.

7. WHY? • Want to migrate over time to a MVC

   app. – YES

8. WHY? • Want to migrate over time to a MVC

   app. – YES • Flexibility

9. WHY? • Want to migrate over time to a MVC

   app. – YES • Flexibility – Maybe • simple JSON web services – $.ajax(‘/controller/returnsJSON’). Vs <asp:UpdatePanel>

10. WHY? • Want to migrate over time to a MVC

    app. – YES • Flexibility – Maybe • simple JSON web services – $.ajax(‘/controller/returnsJSON’). Vs <asp:UpdatePanel> • Improved Developer experience?
11. None

12. NOT REALLY

13. WHY? • Want to migrate over time to a MVC

    app. – YES • Flexibility – Maybe • simple JSON web services – $.ajax(‘/controller/returnsJSON’). Vs <asp:UpdatePanel> • Improved Developer experience? • NO

14. WHY NOT • To get ASP.NET MVC Experience • Because

    it’s cool. • Boredom

15. WHO’S DONE THIS? • Codeplex – Matt Hawley – http://www.eworldui.net/blog/

    – Presentation: • Codeplex - Conversion to MVC - Jul 16, 2010 - http://www.viddler.com/v/d8b6294c

16. WHO’S DONE THIS? • Codeplex – Matt Hawley – http://www.eworldui.net/blog/

    – Presentation here: • Codeplex - Conversion to MVC - Jul 16, 2010 - http://www.viddler.com/v/d8b6294c – Took 2 YEARS

17. 2 YEARS

18. WHO’S DONE THIS? – Addendum

19. WHO’S DONE THIS? – Addendum • NOT 2 years

20. WHO’S DONE THIS? – Addendum • NOT 2 years

21. WHO’S DONE THIS? – Addendum • NOT 2 years •4.5

    YEARS

22. WHO’S DONE THIS? • Codeplex – Matt Hawley – http://www.eworldui.net/blog/

    – Presentation here: • http://www.viddler.com/v/d8b6294c – Took 2 YEARS 4.5 YEARS • Make SURE you have buy-in from team and management

23. TIME TRACKER DEMO • Time Tracker Starter Kit • VS2005

    Sample

24. REFACTORING TO MVC: STEP 0 PREPARE PROJECT • Upgrade project

    to VS2010/VS2012 – Project conversion wizard • Upgrade to CLR4. – <httpRuntime requestValidationMode="2.0" /> • Better in 4.5 Request.Unvalidated.Form – <trust legacyCasModel="true" /> • No dynamic if you do this. – http://www.asp.net/whitepapers/aspnet4/breaking- changes – http://www.asp.net/vnext/overview/aspnet/whats-new

25. REFACTORING TO MVC: STEP 0 PREPARE PROJECT • Convert to

    Web Application (if it’s a “Web Site project”)

26. REFACTORING TO MVC: STEP 1 ADD MVC 3 TO THE

    PROJECT • Bunch of steps. – Add references to OVER 9000 assemblies. – Add /Controllers and /Views projects – Add junk to web.config – Add {9000-000-0000} guids to .csproj file for VS Tooling. OR • Just - nuget - AddMvc3ToWebForms

27. REFACTORING TO MVC: STEP 2 INTRODUCE MASTER PAGE • If

    you like copy and pasting then you don’t need this. • Add .aspx Content View – using master page • Update SiteMap.xml (/home)

28. REFACTORING TO MVC: STEP 3 VIEWSTATE/POSTBACKS • The problem –

    Postbacks. – If(!IsPostBack) ….. • Remove master page viewstate • Remove event handlers in Master Page – they won’t work.

29. MVC WEBFORMS VIEW ENGINE LIFE CYCLE 1. HTTP Request arrives

    2. Routing HTTP Handler executes, matching based on routes 3. MVC Route Handler executes controller & action 4. The ViewPage is rendered (assuming your calling RenderView) 5. The ASP.NET page life cycle is invoked

30. REFACTORING TO MVC: STEP 4 RAZOR • WebForms Master.master with

    Razor views. • Razor _Layout.cshtml with WebForm.aspx views. • Both are possible – google will help. Both have some limitations. • http://www.eworldui.net/blog/post/2011/01/07/Using- Razor-Pages-with-WebForms-Master-Pages.aspx

31. SECURITY • Make sure you know about: [ValidateAntiForgeryToken] and when

    to use it. • Make sure your escaping user input (XSS). Use the WebForms 4 escaping stuff <%: %> NOT <%= %> • Mass assignment vulnerabilities (ala github). ALWAYS Use a ViewModel – don’t bind to Database models directly. • Insecure direct object references (e.g. /users/21) • Know the OWASP Top 10 – https://www.owasp.org/index.php/Top_10_2010

32. DEPLOYMENT • Windows Server 2008 r2. • Possible on Windows

    2003 r2 – but broken in some cases. (URL authorization + Extensionless Routing).

33. OTHER BITS AND PIECES • Web forms routing – MapPageRoute

    • Pretty urls – Microsoft.AspNet.FriendlyUrls

34. Questions