Top 10 ASP.NET MVC Best Practices


Application Security Testing: An Integral Part of DevOps

Take advantage of the powerful features in ASP.NET MVC to build robust applications with ease.

This article takes a look at the 10 best practices that can be followed for best and efficient use of ASP.NET MVC Framework 4.


As of this writing, ASP.NET MVC 4 has been released. To execute the code examples illustrated in this article, you should have the following installed in your system:

  • Visual Studio 2010

What is the ASP.NET MVC Framework?

The ASP.NET MVC Framework is based on the popular and time tested Model View Controller (MVC) Design Pattern. It facilitates designing and implementing applications where you can have a cleaner separation of concerns, better code organization, seamless testability, easy extensibility, scalability and code reuse.

The Official ASP.NET Website states: "The Model-View-Controller (MVC) architectural pattern separates an application into three main components: the model, the view, and the controller. The ASP.NET MVC framework provides an alternative to the ASP.NET Web Forms pattern for creating MVC-based Web applications. The ASP.NET MVC framework is a lightweight, highly testable presentation framework that (as with Web Forms-based applications) is integrated with existing ASP.NET features, such as master pages and membership-based authentication. The MVC framework is defined in the System.Web.Mvc namespace and is a fundamental, supported part of the System.Web namespace." Reference: http://www.asp.net/mvc/tutorials/overview/asp-net-mvc-overview

If you want to upgrade your ASP.NET MVC 3 applications to ASP.NET 4, here’s what you would need to do:

Locate the following text in the application's web.config file:

  • System.Web.Mvc, Version=
  • System.Web.WebPages, Version=
  • System.Web.Helpers, Version=
  • System.Web.WebPages.Razor, Version=

Now, replace the above with the following text:

  • System.Web.Mvc, Version=
  • System.Web.WebPages, Version=
  • System.Web.Helpers, Version=,
  • System.Web.WebPages.Razor, Version=,

Delete all references to the following assemblies in your application:

  • System.Web.Mvc (v3.0.0.0)
  • System.Web.WebPages (v1.0.0.0)
  • System.Web.Razor (v1.0.0.0)
  • System.Web.WebPages.Deployment (v1.0.0.0)
  • System.Web.WebPages.Razor (v1.0.0.0)

Add references to the following assemblies:

  • System.Web.Mvc (v4.0.0.0)
  • System.Web.WebPages (v2.0.0.0)
  • System.Web.Razor (v2.0.0.0)
  • System.Web.WebPages.Deployment (v2.0.0.0)
  • System.Web.WebPages.Razor (v2.0.0.0)

Top 10 Best Practices

In this section we will discuss 10 best practices and tips we should keep in mind when working with ASP.NET MVC applications.

Tip 1: Disable Request Validation

Request Validation is a feature that prevents potentially dangerous content from being submitted. This feature is enabled by default. However, at times you might need your application to post HTML markup tags to the server. You would then need this feature to be disabled. Here is how you can do it:

public ActionResult Create([Bind(Exclude="Id")]Employee empObj)


Tip 2: Cache Your Data

You can improve your application's performance to a considerable extent by caching relatively stale data. That way the network bandwidth between the client and the server is also reduced. It is great if you can also cache the rendered action of web pages that are relatively stale, i.e., don’t change much over time.

public class HomeController : Controller
    public ActionResult Index()

Tip 3: Isolate Data Access Logic From the Controller

The Controller in an ASP.NET MVC application should never have the Data Access logic. The Controller in an ASP.NET MVC application is meant to render the appropriate view based on some user interface action. You should make use of Repository Pattern to isolate Data Access Logic from the Controller – you might need dependency injection to inject the appropriate Repository to your controller at runtime.

Tip 4: Using a Master View Model

We frequently use Master Pages in ASP.NET applications – the same Master Page would be extended by the Content Pages throughout the application to give a similarity as far as look and feel and functionality is concerned. How do we do that in an ASP.NET MVC application? Well, we need a MasterViewModel similar to what is shown in the code snippet below:

public class ViewModelBase
    public ViewModelBase()

//Other methods and properties

Tip 5: Use Strongly Typed Models

A strongly typed view is a view that defines its data model as a CLR type instead of a weakly typed dictionary that may contain potentially anything. To create a strongly typed view, check the "Create a strongly-typed view" checkbox while you are creating the view. If you plan to create a strongly typed view manually later, ensure that your view "Inherits" System.Web.Mvc.<Your Namespace>.<YourClass>

Tip 6: Use Data Annotations for Validation

You can make use of the System.ComponentModel.DataAnnotations assembly to validate your server - side code by simply decorating your model with the necessary attributes. Here is an example:

public class Employee
    [Required(ErrorMessage="Employee Name Cannot be Blank")]
    public string Name { get; set; }

    // ...

Tip 7: Take Advantage of Model Binding

Consider the following code snippet:

public ActionResult Create()
    Employee employee = new Employee();
    employee.Name = Request.Form["Name"];
    // ...
    return View();

You can make use of model binder to save you from having to use the Request and HttpContext properties - just use FormsCollection instead. Here is an example:

public ActionResult Create(FormCollection values)
    Employee employee = new Employee();
    employee.Name = values["Name"];      
    // ...
    return View();

Tip 8: Cache Pages that Contain Shared Data or are Public and don't Require Authorization

You should not cache pages that need authorization in ASP.NET MVC. You should not cache pages that contain private data or need authorization. Caching pages in ASP.NET MVC is simple - just specify the OutputCache directive as shown in the code snippet below:

[OutputCache(Duration = 60)]
public ActionResult Index()
  return View("Index", somedata);

Tip 9: Use Extension Methods

You can make use of Extension Methods to simplifies use of LINQ queries that boost application performance too. This can dramatically reduce the amount of code that you would need to otherwise write when writing your LINQ queries, make your LINQ queries manageable and also improve the application's performance.

Tip 10: Take Advantage of Model Binding

You can take advantage of Microsoft Velocity - a distributed caching engine to boost the application performance of your ASP.NET MVC applications. You can learn more on Velocity from this link: http://blogs.msdn.com/b/velocity/

Suggested Readings



Scott Guthrie states in his blog: “One of the benefits of using an MVC methodology is that it helps enforce a clean separation of concerns between the models, views and controllers within an application. Maintaining a clean separation of concerns makes the testing of applications much easier, since the contract between different application components are more clearly defined and articulated.” Reference: http://weblogs.asp.net/scottgu/archive/2007/10/14/aspnet-mvc-framework.aspx

In this article we discussed the top 10 best practices that we should follow while using ASP.NET MVC Framework 4 applications. Happy reading!

Related Articles


  • mr

    Posted by manikanta on 01/20/2016 06:29am

    thanks for the idea

  • Very Good Article

    Posted by Manoj Kalla on 08/12/2014 03:55am

    Dear, This is very article. Nice. .

  • tip #1

    Posted by hm on 07/05/2014 06:46am

    Very weird to see "Disable Request Validation" as the first tip. You should definately not encourage this. There are always workaround and IF you for whatever reason would ever need to disable this you should disable it on a page-basis and not for the entire web application.

  • N.A

    Posted by Vijay Patel on 04/21/2014 11:13pm

    Sorry but i am not agree with your Tip 1. if you will make it disable Chances of XS attack will be high.

  • Tips and Tricks on how to improve MVC Application Performance

    Posted by Robert on 04/21/2013 02:38am

    Hey Joydip Useful article, thanks We also had issues with slow performance with some MVC apps, so I put together a complete list with code examples to help developers improve permformance. Please take a look and let me know what you think: http://www.robertsindall.co.uk/blog/how-to-improve-mvc-application-performance/ Robert

  • mr

    Posted by Yaron on 01/24/2013 12:43am

    fine points. regarding tip #1 - i prefer to leave the request validation on (security wise); Instead i encode the fields that contain markup when sent to the server, and decode when presenting (this can be done either on server side or client side). Given a system with well defined data types this is quiet easy to achieve.

  • Regards

    Posted by dhanya s on 12/13/2012 10:48pm

    Its very useful and knowledgeable for me.i was stuck while coding this.thanku for sharing this with us. web development services. web development services

  • web development services

    Posted by maketoprank on 11/16/2012 12:20am

    Its a really very informative information. Its very useful and knowledgeable for me. i was stuck while coding this. Thanks for this great information! web development services

  • web development services

    Posted by maketoprank on 11/16/2012 12:18am

    Its very useful and knowledgeable for me.i was stuck while coding this.thanku for sharing this with us. web development services. web development services

  • So many issues with this

    Posted by Daniel15 on 11/02/2012 05:22pm

    There's so many issues with this... Pretty much every "tip" has an issue: - The first "tip" is not a best practice by any stretch of the imagination - Tips 2 and 8 are the same - Tip 3 says "you might need dependency injection" - This fits in with separation of concerns (which is what this tip is trying to recommend) but I can't think of a situation where you'd *need* dependency injection. "Use dependency injection" should be a separate tip. - Tip 4 doesn't make sense - A master view model doesn't help with keeping a consistent look-and-feel - Tip 6 lacks depth - It says about validation attributes but doesn't say how to actually do the validation or show error messages - Tip 7 uses FormCollection instead of properly doing model binding (using an instance of the model class instead of FormCollection). Using FormsCollection doesn't really have any advantages over just using Request.Form - Tip 9 doesn't even make sense - The title of tip 10 doesn't match the text - The summary isn't really a summary

  • Loading, Please Wait ...

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.