Book Review: Professional ASP.NET MVC 2

ASP.NET MVC is part of the broader ASP.NET framework, and serves as an alternative development model to that of ASP.NET Web Forms.  It adheres to the Model-View-Controller architectural pattern, and offers developers greater control by bringing them closer to the underlying HTTP protocol.  ASP.NET MVC leaves out many of the abstractions that Web Forms uses to hide the stateless nature of HTTP, such as ViewState and events.  This is bewildering to some developers who are comfortable with the high-level, drag-and-drop nature of Web Forms, but it’s liberating to others who feel the Web Form philosophy is too restrictive, or even deceptive.

Several months ago, ASP.NET MVC 2 was released, and about a month ago, Professional ASP.NET MVC 2 hit the shelves.  Some of the authors actually work on the ASP.NET team, which gives this book an authoritative feel.  I decided to pick it up when I chose ASP.NET MVC as the core technology for my new blog engine.

The first chapter is by far the longest, and gives readers a detailed tour of a fully-functioning, nontrivial sample application called “NerdDinner”.  It introduces most of the important ASP.NET MVC concepts without being too overwhelming.  Later chapters dive into these topics in more detail.  Source code for the application is hosted at CodePlex.  You can also download this chapter for free from the publisher’s Web site, or view the app running live.

In Chapter 7, “AJAX”, I was surprised to find the considerable attention paid to disabled-scripting scenarios.  At first I was concerned about spending too much time supporting a very small percentage of users, but as it turns out, ASP.NET MVC lightens the load a lot with IsAjaxRequest().

Chapter 9, which covers security, has some interesting stories and anecdotes, and I’m sure it will be a great reference when I’m making a security checklist for my own apps.  After Chapter 1 (NerdDinner), Chapter 9 is the most important chapter in the book — don’t skip it!

I was impressed with a side note in Chapter 10 that addressed a pet peeve of mine.  There is a code snippet that uses string concatenation with the + operator, rather than using a StringBuilder.  The snippet is correct, but the authors went out of their way to explain to inexperienced developers why StringBuilder should not have been used.  This is nothing new; Google developer Jon Skeet wrote an article about it years ago, but I still die a little inside every time I see code like this:

StringBuilder sb = new StringBuilder();

sb.Append("SELECT * ");
sb.Append("FROM customer ");
sb.Append("LEFT JOIN order ");
sb.Append("ON (customer.customer_id = order.customer_id ");
sb.Append("AND YEAR(order.order_date) = 2010) ");
sb.Append("WHERE order.order_id IS NULL");

string s = sb.ToString();

Chapter 11, “Testable Design Patterns”, wants desperately to promote testability, but is afraid to offend anyone by doing so.  The entire first page is an apology to developers for recommending that they test their code.  Everybody has an opinion — if you think people should be writing testable apps, just come out and say it.

Chapter 12 discusses using Web Forms and MVC together.  With the exception of master pages, I didn’t find it particularly useful.  I’m sure there are teams out there that want to migrate an existing app from Web Forms to MVC one piece at a time, but not me.  The more I read about MVC, the more Web Forms feels like Web development with training wheels.

Throughout the text, the authors mentioned several tools they thought were useful, such as:

  • AntiXSS provides a myriad of encoding functions for user input, including HTML, HTML attributes, XML, CSS and JavaScript.
  • WaitiN is developed in C# and aims to bring you an easy way to automate your tests with Internet Explorer and FireFox using .Net.
  • moq is designed to be a very practical, unobtrusive and straight-forward way to quickly setup dependencies for your tests.

There are some errata in the book.  Some are minor technical errors, while others are typos or simple grammatical problems.  Several appear to be cut-and-paste mistakes that occurred in sections that were updated from MVC 1.0 to MVC 2.  In total, I found about 30 non-verified errata.  I’ve submitted a few to the Wrox Web site, and I’ll be uploading the rest soon.

Overall, Professional ASP.NET MVC 2 is a thorough and engaging book on an alternative Web development framework that’s full of controversy.  It’s not afraid to step outside the boundaries of library functions and markup syntax, and explores many of the related tools and techniques needed to get the most out of the MVC approach.  I recommend it.