Preventing access to folders using RouteExistingFiles property

When a user request for a static resource like an image, video etc. that is located in a particular folder the ASP.NET happily serves that resource to the user unless we have set some restrictions. Sometimes we need to protect these folders from delivering these resources to users other than the owner. In simple cases we can prevent this through web.config settings but in complex cases like it would be nice if we could control the accessibility through an action/filter and for that we have to direct those requests through MVC pipeline and there comes the RouteExistingFiles property. By setting this property to true we can say MVC to handle those requests instead of giving that responsibility to IIS.

In this article we will see how we can utilize the RouteExistingFiles property with an authorization filter to prevent users from accessing unauthorized resources.

Continue Reading

Customizing property binding through attributes

I don't need to say much about model binding, most of us aware of that. The built-in DefaultModelBinder takes away most of the burden from our shoulders and it's ideal in most of the cases. But in some cases the DefaultModelBinder is not enough for binding a particular model or a property and in those cases normally we go for creating a custom model binder either by creating a brand new one by implementing IModelBinder or by extending the DefaultModelBinder.

The created custom model binder can be registered to a model by two ways either by adding into the Binders collection in Global.asax.cs or through the ModelBinderAttribute. The created custom model binder can be linked to a class but not to a property.

In this article we will see how we can attach custom binding behaviors to a property through attributes.

Continue Reading

UpdateModel/TryUpdateModel gotchas with models created through reflection

The Model Binding feature takes away most of the burden from developers by taking the responsibility of model instantiation from the information available in the request. Sometimes we meet cases where we need to trigger the model binding process explicitly inside a controller. MVC provides two methods for rescue: UpdateModel and TryUpdateModel.

Both these methods perform the same operation, that is they update the model from the value providers. The difference between them is the UpdateModel throws exception if the model state is not valid while TryUpdateModel returns a boolean as false. Both these methods are generic and we don't need to explicitly specify the generic parameter.

Both the methods take overloads that accepts an IValueProvider. When you don't pass a particular value provider the controller uses all the available value providers to fill the instantiated model.

There is a peculiar problem with these two methods when we try to bind a model that is instantiated through reflection. In this article we are going to see about the issue and how we can overcome that.

Continue Reading

Model binding posted file to byte array

The improvements made in model binding from ASP.NET MVC 2 helps to easily map the uploaded files to models. The HttpPostedFileBaseModelBinder is the one that maps the file(s) available in the Request.Files to single or collection of HttpPostedFileBase instances. Whenever you have HttpPostedFileBase as a parameter in an action method or as a property in the model the HttpPostedFileBaseModelBinder comes to play and does the magic.

But sometimes we need little more convenience for ex. when an uploaded file needs to be persisted in database, we would love to have the uploaded file automatically converted into a byte array and available right in the action.

In this article we are going to see how we can achieve that by extending the built-in ByteArrayModelBinder.

Continue Reading

Customizing Authorize attribute

The Authorize attribute available in MVC framework helps to restrict users from accessing secured controllers and actions. When a user who is not authenticated or authorized tries to access the controller or action that is decorated with Authorize attribute generates a 401 response and if the site has forms authentication enabled then the user will be redirected to the login page. The problem with this behavior is the authenticated user (but not authorized) also get redirected to the login page, mostly developers like to show an access denied page in those case.

This article is mostly a kind of tip that describes how we can achieve that by extending the built-in Authorize attribute.

Continue Reading

Creating a custom Ajax Helper

Unobtrusive Ajax is an approach in which the ajax behaviors are separated out from the HTML elements. The ASP.NET MVC framework provides supports for ajax using the AjaxHelper and AjaxHelperExtensions classes. The MVC supports unobtrusive ajax with the help of jquery

In this article we will see how to create an custom ajax helper in ASP.NET MVC.

Continue Reading

A complete look into Filters

Filters are pieces of logic that can be attached over controllers or actions which affects the way in which a request get processed. Filters are normally used to perform the common functionalities in an application like authorization, caching and logging. Filters can be applied over actions, controllers or at global level. When the filters are applied at global level they affect all the actions of all controllers. In this article we will learn about the basic things of filters, types of filters, creating custom filters and more.

Continue Reading

Exception Handling in ASP.NET MVC

Exception handling is a serious matter in any application, whether it’s web or desktop. Implementing a proper exception handling is important in any application. In most cases once we catch the exception we have to log the exception details to database or text file and show a friendly message to the user.

In ASP.NET applications, error handling is done mostly in two ways: at local level using try-catch blocks and at global level using application events. ASP.NET MVC comes with some built-in support for exception handling through exception filters. The HandleError is the default built-in exception filter. Unfortunately, the HandleError filter not gives a complete answer to the exception handling problem and that makes us to still rely on the Application_Error event.

In this article, we will learn about the HandleError filter and discuss about the different exception handling mechanisms that will fit to an MVC application.

Continue Reading

Model Validation in ASP.NET MVC

In a web application the domain classes and the validations associated with those classes forms the Model. Validation plays a core part in a Model. In ASP.NET MVC, model validations are done by using Data Annotations. Data Annotations are nothing but special attributes that are applied to a class or properties of a class. In many cases these built-in validation attributes are not sufficient to fulfill our business requirements and in those cases we can go for building our own custom validations.

In this article we will see how to apply basic validations to a model and also we will see how to create custom validations by implementing the ValidationAttribute class or IValidatableObject interface.

Continue Reading

Using Ninject in ASP.NET MVC

I wrote my first blog post about achieving dependency injection using Ninject right here, there we have discussed about some basic stuff and even tried a small sample. One of the nice things about Ninject is there are different extensions available along with the core assemblies to work with different frameworks. Ninject has extension to work with ASP.NET MVC framework as well. Along with the core assemblies we need to add assemblies Ninject.Web.Common and Ninject.Web.Mvc to use in MVC projects. Ninject.Web.Common is a common library for both web-forms and MVC. You can download the Ninject core and extensions from here.

We have two options to use Ninject MVC extensions in projects: one is adding the binaries directly to the projects and the other way is installing from NuGet Package Manager Console (Install-Package Ninject.MVC3). In this post we have used the first approach.

Continue Reading