p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: ASP.NET MVC Website Programming Problem Design Solution ISBN: 9780470410950 (http://p2p.wrox.com/forumdisplay.php?f=472)
-   -   Chapter 5 UserController.cs P.119-129 (http://p2p.wrox.com/showthread.php?t=75635)

ralphbethke August 11th, 2009 11:19 AM

Chapter 5 UserController.cs P.119-129
Hey Guys

You the Men!
It's great to know that all that good Beer was not wasted on you.

A preview release for MVC2.0 is now available so the dll issue might be a moot point. I'll check it out.

Thanks again for all your help

nberardi August 11th, 2009 11:33 AM


Originally Posted by ralphbethke (Post 245116)
You the Men!
It's great to know that all that good Beer was not wasted on you.

A preview release for MVC2.0 is now available so the dll issue might be a moot point. I'll check it out.

Some of the issues have been resolved, however some haven't. Plus a good lively debate never hurt anybody. [B)][:)]

The MVC team really did a disservice by making the AcceptVerb attribute look like a security mechanism. Because it was never intended to be that, and it has fooled many developers. A proper security system rejects the attempt right away, which is what HttpPostOnly was designed to do. It is like saying "immediately reject if the POST verb doesn't match". However AcceptVerb is sort of like a gateway, which says "skip me if you don't have a POST verb". The "skip me" part is where you can have many problems if you have a lot of route rules, or if your application will some day have a lot of route rules, because after this action as been skipped, it will go on and find all the other actions that may match. If it finds one that it wasn't intended to match to, you have a hole in your application that is very hard to find.

That is why I am so passionate about this particular attribute, because it has the ability to give people a false sense of security. Because I fought this tooth and nail over in CodePlex, for them to add more security to this particular action method filter, because me and some others saw the chance for abuse.


I am really glad you like the book, and look forward to seeing your review on Amazon.

kkhan October 26th, 2009 01:12 PM

Can't nuild this solution
I recently bought the book and it looks very promising but I got in same troubles when diving into the actual code.

As per suggested, I tried to subscribe to SVN code branch at codeplex but I get when sync reaches as at \...\Source\TheBeerHouse_35_CS\BeerHouse35\App_The mes\DarkBeer\images\.svn'.

Now fortunately, I was able to download actual zip archive from codeplex but it has the the same famous errors with redirect methid and [ServiceOnly, HttpPostOnly] attributes. Is there any link to get the missing ManagedFusion.Web.dll? further to my surprise, there are no broken references appearing. Also how to get around that redirect overload problem. Thanks

nberardi October 26th, 2009 01:29 PM

Check in the /Resources directory of the downloaded zip file. Everything is there that you need.

fourpastmidnight May 27th, 2010 09:15 AM

I'm disappointed with this book
I'm very disappointed with this book. I came to this forum searching Google for where the ServiceAttribute and HttpPostOnlyAttribute classes were in the .NET Framework, only to find out they don't exist, but are in this ManagedFusion.dll.

Now, I'm not against having a separate library, but not once did the book mention needing to make a reference to this assembly in the project. Like another poster commented, I'm using the book as a learning guide/tutorial. I expected from the title, "Problem, Design, Solution", that this was a step-by-step guide (not necessarily for beginners, but a step-by-step guide nonetheless). To make people have to try to guess how you "designed" this application is poor, given the title of this book. In this regard, I thought the original ASP.Net 2.0 book by Marco for this website was better.

Also, why did you completely re-engineer the membership section of the site? The default MVC 1.0 application template provided a fairly complete account management controller. It even validated certain fields during membership registration which your incarnation of the wheel did not even take into account (would that make it a square wheel?), possibly making the site much less secure. If there's functionality already written, use it, unless it's really really bad. There's nothing worse than re-creating the wheel. Keep it DRY.

I also fault the book with not using very good semantic markup and too much use of inline styles (esepecially in the ManageUser.aspx page). Also, the editor on this book did not do a good job.

I appreciate the fact that you guys even went out to write this book. I appreciate what you're trying to get across. But these issues I've listed above really take away a lot of the good you were trying to get across.

Don't take this too presonally, as I've seen this in Wrox books a lot over the past 5 years. The quality of books going to print (and not just Wrox, I might add) has really gone down and it's a real shame. If you're going to set out to teach, do it well and do it right. Otherwise, don't waste your time.

Another really positive note (as opposed to my mostly negative ones [:(]) : I really liked the discussion in this thread over the use of AcceptVerb vs. HttpPostOnly. I think that the author is correct in his assertions. I was under the assumption that AcceptVerb was a security measure. Upon closer inspection, this was an incorrect view. I was shocked and glad I haven't yet developed a site with MVC, as I would have inappropriately used that attribute for security when it really is a hint to the routing engine and that's it.

I sure hope the next edition of this book will have better use of semantic markup and will clearly explain all the steps needed to design a solution to the problem discussed, as the title implies. I also hope that the use of the DRY principle will also be increased. I hope that next time, I'll be commenting on how good the next edition of this book is.

Sincere Regards,


nberardi May 27th, 2010 11:08 AM

This is a common question and...

A little context is probably necessary to address most of your concerns. This book was started with PR2 of the MVC Framework, and most of what you see today in the MVC 1.0 Framework wasn't yet in the framework at the time. We as the authors did out best to keep the book as close to the framework as possible with each of the 7 releases after PR2.

There were many challenges including keeping the API up to date and other things that come along with trying to write a program for an actively developing framework. Which included, API Changes, Name Changes, Style Changes, Syntax Changes, and full examples like the Membership provider.

This is why you see the "quality" of books going down as you put it. I don't necessarily agree or disagree with that statement. Because these technical books now have to compete with freely published blogs with mostly the same content. And these books take a year or more to complete, so inorder to release the book at the same time as a new framework, many things have to be done in parallel. And unlink blogs we cannot just ignore what we wrote in the past, we have to go through and update the book, which is very time consuming.

So we have to balance our book schedule release, with other logistical factors around the printing press and release dates and framework schedules.

This is why you don't see an exact copy of the membership provider, because it was created way back in PR2 when we first started coding the project, and the current example didn't exist in the MVC solution. We did our best to bring it as close as possible as we could with out having to rewrite the entire chapter from scratch.

I hope this helps in understanding logistically and gives you a context of what it takes to create a book that comes out at the same time as the framework while still trying to stay relevant with a changing framework, even when starting the book a good year before the framework was officially released.

fourpastmidnight May 27th, 2010 12:30 PM

Thanks for the clarification

I again want to stress my thanks for at least gathering all this material and publishing this book. My aim is not to disparage you and your co-authors, nor discourage you from publishing. In fact, to the contrary--I hope that it will spur you on to continue writing and improving the craft (and I'm not saying you're a bad writer, but as you write more, you get better and better at it, it doesn't matter how many years you've been writing [;)]), as well as the content of the book.

I know the beginnings of the MVC were very immature. I did not realize, however, that you started with that early of a release! That does put quite a bit more perspective on the book. One thing that could've helped alleviate some of these concerns is by stating in the Introduction to the book what release of the framework you were writing the book against--since, as you know, the framework was changing almost daily--there were bound to be changes from the time of publication to the time of the release of MVC 1.0.

But again, I hope that you will take the things I said to heart, such as using better semantic markup (so that your content is SEO friendly, as well as your URLs), better formatting of example code in the book, and better description of what should be done when and when 3rd party libraries are in use and when/where to reference them.

I understand the fierce competition with blogs. As much as I like finding information on the web, sometimes it's good to just sit down with a book and leaf through the pages. So, for me, it's best to have a well written, well edited book. Books will never beat blogs in terms of their content, clarity, and cohesiveness (well, the way a lot of books have been done in the past few years, dare I say that perhaps books are "falling down to the level" of blogs--but this is not against the authors, but rather all publishers).

I sure hope that the book industry at large, and their authors will continue to produce high-quality material that is irreplaceable (even from a competition stand point). I look forward to another edition of this book, if there is one forthcoming.

Perhaps an errata item could be made regarding the use of 3rd party libraries, their MVC 1.0 RTM equivalents (if available). Also, in chapter 5, the code listing forgot to include the Login action method (however, I got it from the download, but I was confused when I went to make the Login View knowing I hadn't written an action for it in the UserController).

Again, thank you for the clarification, and your hard work. Providing (I hope constructive) criticism helps make your work better in the future, which helps me get better, so it's in my own best interest, as well as yours, to provide it. If I offended with my comments, I did not intend to, and did not intend anything personal--I'm just worried about the quality of books I see coming out from publishers (and the authors whose names are attached).

Sincerest Regards,


ulikkg May 27th, 2010 05:25 PM

So where is the solution
I am not agree with "fourpastmidnight" about not creating complete new Membership Managing interface and using ASP.NET's pages. It is always good to have own user management GUIs and sections specific for the project. For example for the branding of the website it is very important. Also it is good to have own implementation as it is not existing in MVC.

Anyway, for 2,3 days I am facing a problem for which I cannot get a solution neither in Wrox nor in codeplex. I finished solution part of Chapter 5 - Membership implementation. When I run the project I am having an errors in UserController.cs at role deletion part related to [Service, HttpPostOnly]. Here:

[Authorize(Roles = "Admin")]
[Service, HttpPostOnly]
public ActionResult DeleteRole(string id)
return View(new { id = id });

As I researched it is related to external library called ManagedFusion something on which you discussed a lot in this post.

Nick, you have explained a lots of staff - I appreciate that but I did not see any concrete & exact step-by-step explained solution. As stated by other readers I bought this book to follow Problem-Desgin-SOLUTION steps but not to research blogs. Still being NOT completely new to ASP.NET, I now really stucked at this point. Please provide this missing explanation for your book. As an additional information I am using MVC 2.0 with VS 2008. I finished Solution part of Membership Management - chapter 5. Till that point I did not see anything about ManagedFusion, neither ServiceAttribute.cs if they are also needed please include in explanation.

I am not upset using external library. But explanation should be provided. Also, explanation can be forgotten - maybe. Then it must be covered in these forums or in companion websites which is given in the book.

Additional errors for which no explanation exist are

-Iso3166CountryCodes - does not exist in current context
-TheBeerHouseDataContext in GetOccupationList. Where does this datacontext is created and how? When did you create this occupation list table in DB
- return this.Redirect(303, userInformation.ReturnUrl); argument problems in user Registration action result.


nberardi May 27th, 2010 06:18 PM

Remember how I said most of what we had done and needed for a real site wasn't part of PR2 when we started the project? Well we created many of our own action filters, and slowly replaced them as they became available in the actual framework. Even coming up to the final months before we published the MVC team was still making major changes and adding new functionality and we didn't really know if these filters would get included in the framework or not. There was high hopes that they would, so we wouldn't have to rely on a third-party library. But it didn't workout that way.

However here is the latest copies of the libraries:


They are also available in the original published form on the CodePlex website which is way more up to date than the Wrox site.


Hope this helps.

fourpastmidnight May 27th, 2010 06:24 PM

Referencing ManagedFusion.*dll in your Project

First, I think you misunderstood what I meant by "customized" user membership. You are correct that you would want to design your own membership pages (as far as HTML and presentation are concerned). However, what I was talking about is that ASP.NET MVC provides all the code and logic for user membership and role management in the AccountController.cs file that's included in the standard MVC 1.0 Web Application project template.

As discussed by Nick and I, the book used a very early release of MVC. So the functionality I was talking about that comes "out of the box" came out after the book went to print in the final released version of ASP.NET MVC, hence why I asked about Nick "re-writing" all that code.

As for the ManagedFusion DLL, I'll give you a hand.

First, download the code from codeplex if you haven't already. When you open the zipped file, there will be a folder called Resources. Inside this folder are the ManagedFusion.dll, ManagedFusion.pdb, ManagedFusion.Web.dll and ManagedFusion.Web.pdb files. The *.pdb files, if I remember correctly, are for debugging purposes, so you probably want those, but they aren't strictly necessary.

I created a new directory in my project called 'lib' and extracted these four files into my newly created directory. (You can call the directory anything, but I called it 'lib'). You don't need the System.Web.Mvc.dll file because it's part of the standard ASP.NET MVC framework.

Once you have extracted the files into a folder in your project, you now need to reference them. Right-click the References folder in your project and choose Add Reference.... In Visual Studio 2010, there's a tab in the dialog box that opens called Browse. I don't know if there is a similar tab in Visual Studio 2008, but you need to browse to the directory where you placed the DLLs and choose both the ManagedFusion.dll and ManagedFusion.Web.dll files.

Lastly, in the UserController.cs file, add the following statement under your other 'using' statements:


using ManagedFusion.Web.Mvc;
That should be it for that.


All times are GMT -4. The time now is 01:16 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.