Application Security Testing: An Integral Part of DevOps
Microsoft's ASP.NET is a language and platform-neutral technology, arguably, one of the most successful web technologies ever. You can use it to design and develop web applications that can run on top of the managed environment of .NET Framework and inside the context of the IIS web server. Microsoft's MVC Framework is based on the time-tested and proven MVC Design Pattern and provides you a framework for building scalable, robust, high-performance web applications seamlessly. Applications designed using the MVC Design Pattern is easier to test and maintain. This article takes a look at the new features in ASP.NET MVC 2.0 and how one can leverage them in applications.
Getting Started with ASP.NET MVC 2.0
To work with ASP.NET MVC 2.0, you need to install it separately if you are using Microsoft Visual Studio 2008. Alternatively, you can use any one of the following versions of Microsoft Visual Studio 2010 - ASP.NET MVC Framework 2.0 is built-in.
- Microsoft Visual Studio 2010 RC
- Microsoft Visual Studio 2010 Professional or Ultimate
Note that ASP.NET MVC Framework can be installed side by side with your ASP.NET MVC 1.0 and you can easily upgrade your ASP.NET MVC 1.0 applications to ASP.NET MVC 2.0 counterparts with ease. Moreover, Visual Studio 2010 has an built-in upgrade wizard that you can use to migrate your existing ASP.NET MVC 1.x applications to ASP.NET MVC 2.0 counterparts seamlessly. To migrate your old ASP.NET MVC 1.0 applications to ASP.NET MVC 2.0 applications manually, you should replace all occurences of
"System.Web.Mvc, Version=184.108.40.206" with
"System.Web.Mvc,Version=220.127.116.11", replace the old assemblies with newer ones, and also use
bindingRedirect element in the
web.config file of your ASP.NET MVC 1.0 application as shown below:
<runtime> <assemblyBinding xmlns= "urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="18.104.22.168" newVersion="22.214.171.124"/> </dependentAssembly> </assemblyBinding> </runtime>
Looking Back in Time
ASP.NET MVC Framework 1.0 was released as an external component to Microsoft Visual Studio 2008. The Community Technology Preview of ASP.NET MVC was launched in December 2007. ASP.NET MVC 1.0 was released in March 2009 and ASP.NET MVC 2.0 RTM was released in March 2010.
Understanding the Model View Controller Design Pattern
The Model View Controller (or MVC as it is commonly called), is a proven design pattern that facilitates testability and easier maintenance of the application's code. It also promotes a cleaner separation of the application's concerns and is primarily based on the following major architectural components:
- The Model - the component that is responsible for storing the application's data and business logic components
- The View - the component responsible for invalidating the view based on the model's state and presenting the data to the user in the user interface
- The Controller - the component responsible for managing the interaction amongst these components
The primary advantage of this design pattern is easier maintenance, reduced cost and a cleaner isolation of the application's concerns.
What is the ASP.NET MVC Framework?
The ASP.NET MVC Framework is a framework from Microsoft that can be used to design and implement applications based on the MVC Design Pattern. The basic advantages of using the ASP.NET MVC Framework include: a cleaner separation of concerns, better code organization, extensibility, scalability and code reusability. It also provides an excellent support for a REST-based model and all existing ASP.NET features. As the ASP.NET MVC framework is built on top of the ASP.NET runtime, you can leverage the existing ASP.NET features like authentication and authorization, profile settings, localization, and so on.
Scott Guthrie states in his blog: "One of the benefits of using an MVC methodology is that it helps enforce a clean separation of concerns between the models, views and controllers within an application. Maintaining a clean separation of concerns makes the testing of applications much easier, since the contract between different application components are more clearly defined and articulated."