ASP.NET « Diganta Kumar's Blog

Why use ASP.NET MVC instead of Web Forms?

May 3, 2012 Leave a comment

I have been asked this question so many times. Why use ASP.NET MVC instead of Web Forms?

My answer is simple, because it’s better. If you are not convinced please see below,

ASP.NET MVC is a completely new framework for building ASP.NET applications, designed from the ground up with SoC and testability in mind.

http://msdn.microsoft.com/en-us/magazine/dd942833.aspx

There are various positive points to moving towards MVC

1. TDD support out of the box as most of the design is based on interfaces.
2. SEO friendly URL by design (though now this is possible in ASP.NET 4 as well)
3. No ViewState (this may seem a bit of moving backward to some), but overall a good design decision.
4. Clean View Markup (no additional HTML emitted)
5. 100% extensible. You can add your own controller with IOC, switch view engines at will, control model binding at wish etc.
6. Rich UI support (possible through client side JS libraries like jQuery UI and others). Telerik has released some controls for MVC which includes Grid control as well (which are merely HTMLHelpers)
7. Session, JS, Ajax works. Validation is even more powerful with DataAnnotations and jquery.
8. Is MVC faster? Yes by default because of lack of viewstate and clean markup. But performance is subject and MVC by design is more performant that traditional ASP.NET webforms (though webforms can be made as fast as required.
9. Out of the box support for mitigating antiforgery attacks and XSS vulnerability (though asp.net does has this to some extent)
10. Out of the box minimal IOC support.
11. Full control over rendered HTML
12. Pluggable architecture

http://www.dofactory.com/topic/1336/why-should-we-use-mvc.aspx

Control over HTML enables developers to build Ajax applications more comfortably, and it facilitates adding more interactivity and responsiveness to existing apps. Direct control over HTML also means better accessibility for implementing compliance with evolving Web standards. The world of Web continually progresses, and ASP.NET MVC is closer than Web Forms to all emerging technology trends.

In addition, ASP.NET MVC uses interface-based contracts, which allow components to be more easily tested in isolation. As a result, cleaner and more testable code is often promoted as a good reason to embrace ASP.NET MVC. Frankly, I don’t consider this a valid primary reason for its selection. Writing clean code should be a practice that transcends the technology. While it can’t be denied that ASP.NET MVC is an inherently more testable framework, testability is more about isolating critical portions of code to gain visibility over internal state and control over input — two factors critical to attain the needed modularity. This practice has more to do with clean design and thoughtful code than with the surrounding framework. Put another way, your chances of writing bad code are nearly the same in Web Forms and ASP.NET MVC. But if you write bad code, MVC will make it easier to diagnose.

http://www.drdobbs.com/windows/231002811

An experienced developer will find MVC intuitive and easier to develop but a developer who has mainly worked in building websites and does not have software engineering skills might find MVC daunting and confusing especially after using regular asp.net for a while.

http://techkn0w.wordpress.com/2008/05/15/mvc-vs-regular-aspnet

Many of VB 6.0 developers had moved to ASP.net web development without knowing the basics of HTTP and web. For simulating windows form model development experience, webforms introduced event-driven approach and also introduced Viewstate and Postback.

http://weblogs.asp.net/shijuvarghese/archive/2008/07/09/asp-net-mvc-vs-asp-net-web-form.aspx

Filed under ASP.NET, C#, MVC

Web Config Encryption/Decryption in Framework 4.0

December 20, 2010 Leave a comment

The RSAProtectedConfigurationProvider is the default protected configuration providers. It supports machine level and user level key containers for key storage. RSA machine key containers are stored in “c:\Documents and Settings\All users\Application data\Microsoft\Crypto\RSA\MachineKeys” in Windows server 2003. The default ‘keycontainerName’ for RSAProtectedConfigurationProvider in machine.config is called ‘NetFrameworkConfigurationKey’ (it’s good practice to change it in the production servers).

To encrypt a web.config file with Framework 4.0 I have used the following steps,

1. Find the location of the root web folder. In this case its “D:\Inetpub\wwwroot\DemoWebsite“
Create an RSA keypair in ContainerName:
2. The default ‘keycontainerName’ for RSAProtectedConfigurationProvider in machine.config is called ‘NetFrameworkConfigurationKey’ (it’s good practice to change it in the production servers). Modify the web.config in the root folder of the DemoWebsite by adding the following sub-section within the Configuration tag section. I have modified the KeyContainerName to “DemoWebsiteConfigurationKey” and the key name to “DemoWebsiteRSAProtectedConfigurationprovide”.

<configProtectedData> <providers> <add keyContainerName="DemoWebsiteConfigurationKey" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" name="DemoWebsiteRSAProtectedConfigurationprovider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </configProtectedData>

Note: The keyContainerName default lives in machine.config (usually in C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CONFIG) we would find this section. We do not want to modify the default machine config, so create a configProtectedData tag in teh DemoWebsite’s web.config file.

<configProtectedData defaultProvider="RsaProtectedConfigurationProvider"> <providers> <add name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="NetFrameworkConfigurationKey" cspProviderName="" useMachineContainer="true" useOAEP="false" /> <add name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt" useMachineProtection="true" keyEntropy="" /> </providers> </configProtectedData>
3. Windows > Run > cmd. If you are using Framework 4.0 the go to folder C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319. Run below to create the RSA cryptographic key container called “DemoWebsiteConfigurationKey”,
aspnet_regiis -pc “DemoWebsiteConfigurationKey” –exp

4. Grant access to the key container by the default asp.net account:
aspnet_regiis -pa “DemoWebsiteConfigurationKey” “NT Authority\Network Service”

Note: If you do not do this step you might see this error “Failed to decrypt using provider ‘RsaProtectedConfigurationProvider’. Error message from the provider: The RSA key container could not be opened”

5. Back up the web.config file, in case.Now to encrypt connection string type below and enter.
aspnet_regiis.exe -pef "connectionStrings" "D:\Inetpub\wwwroot\DemoWebsite" -prov "DemoWebsiteRSAProtectedConfigurationProvider"
6. Now to encrypt appSettings type below and enter.
aspnet_regiis.exe -pef "appSettings" "D:\Inetpub\wwwroot\DemoWebsite" -prov "DemoWebsiteRSAProtectedConfigurationProvider"
Now if you want to modify your web.config you have to decrypt using the steps below first. Then modify and encrypt again. To decrypt I did the following,

1. Windows > Run > cmd.
2. Go to folder C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319.
3. Find the location of the root web folder. In this case its “D:\Inetpub\wwwroot\DemoWebsite“
4. Now to decrypt connection string type below and enter.
aspnet_regiis.exe -pdf "connectionStrings" "D:\Inetpub\wwwroot\DemoWebsite"
5. Now to decrypt appSettings type below and enter.
aspnet_regiis.exe -pdf "appSettings" "D:\Inetpub\wwwroot\DemoWebsite"

Reference:
http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
ASP.NET IIS Registration Tool
Encrypting the connection string in ASP.NET V2.0
RSA Algorithm
Encrypting configuration files using protected configuration
Managing Connection Strings for Web Farms in ASP.NET 2.0

Filed under ASP.NET, Security Tagged with Web Config Encryption/Decryption

Enable Web Services Enhancements (WSE) 3.0 in Visual Studio 2008 and 2010

June 4, 2010 16 Comments

Web Service Enhancements 3 (WSE 3) is not officially supported for Visual Studio 2008. The reason is that Microsoft wants you migrate your code to WCF. Use this work around to enable Web Services Enhancements (WSE) 3.0 in VS2008 and VS2010.

1. Download and install Web Services Enhancements (WSE) 3.0 for Microsoft .NET. Make sure you have all the files after installing WSE v3.0. Note: Close Visual Studio before installing.

WSE v3.0 Installation Filesn under Program Files

2. Go to the folder %ALLUSERSPROFILE%\Application Data\Microsoft\MSEnvShared\AddIns (notice that “Application Data” is hardcoded, which shouldn’t because Windows XP localizes that folder). If the folder is not there close Visual Studio and create the folder as show below.

Examples:
- Windows XP: “C:\Documents and Settings\All Users\Application Data\Microsoft\MSEnvShared\AddIns”
- Windows Vista / Windows 7: “C:\ProgramData\Microsoft\MSEnvShared\AddIns”

3. In the folder in step 2 you will find WSESettingsVS3.AddIn file. Backup WSESettingsVS3.AddIn before modifying. If its not there then create one with the file name WSESettingsVS3.Addin and type the content from the picture shown in step 4.

4. You’ll find two sections. Note that the version is 8.0. Copy and paste these two sections and change the version of the new sections to 9.0 (if using Visual Studio 2008) or 10.0 (if using Visual Studio 2010). Save the file.

WSESettingsVS3.Addin

5. Go to C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE (if using Visual Studio 2008) or C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE (if using Visual Studio 2010) and open the devenv.exe.config file. Backup the devenv.exe.config file and add the following snippet just above the closing tag inside the file. This helps Visual Studio to generate web service proxy classes using WSE.

devenv.exe.config

<system.web>
<webServices>
<soapExtensionImporterTypes>
<add type=“Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35“ />
</soapExtensionImporterTypes>
</webServices>
</system.web>

7. Close all the instances of Visual Studio 2008 or Visual Studio 2010 and start the application again.

8. Open your project in VS2010 and right click on project to see the WSE Setting 3.0 option. Now you could configure WSE setting in VS2010. Good luck.