Dot in URL in ASP.NET MVC causes 404 error

URLs with dot (.) generate a 404 error. This happens irrespective of whether scaffolding is used or not.

Solution

This can be fixed by enabling RAMMFAR (runAllManagedModulesForAllRequests). The RAMMFAR setting is for per application. Enabling this option will enable all managed modules for all requests. That means static files such as images, PDFs and everything else will be processed by .NET

A smart solution is to add a new HTTP handler that looks for specific path criteria.

Add the following to the site's web.config within the and element

Display Modes

Display modes use a convention based approach to allow selecting different views based on the browser making the request.

For example, if a desktop browser requests the Home page, the application might use the Views\Home\Index.cshtml template. If a mobile browser requests the Home page, the application might return the Views\Home\Index.mobile.cshtml template.

There are two ways to create a custom display mode. The first way is to instantiate the DefaultDisplayMode class and set the ContextCondition property. The second way is to create a class that inherits from the DefaultDisplayMode class and set the ContextCondition property in the constructor.

Technorati Tags: Display modes,ASP.NET MVC

Accept Header and Content Types

The Accept header tells the server what your client wants in the response.

The Content-Type header tells the server what the client sends in the request.

httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("Content-Type", "application/json");

Technorati Tags: .NET,ASP.NET MVC

How to display errors during development with MVC?

Gets a value indicating whether custom errors are enabled for the current HTTP request.

protected override void OnException(ExceptionContext filterContext)
{
	WriteLog(Settings.LogErrorFile, filterContext.Exception.ToString());

	//custom error page
	if (filterContext.HttpContext.IsCustomErrorEnabled)
	{
		filterContext.ExceptionHandled = true;
		this.View("Error").ExecuteResult(this.ControllerContext);
	}
}

This flag is controlled by the customErrors section in web.config. If the customErrors element’s mode attribute is set to On, IsCustomErrorEnabled returns True. If the CustomErrors element’s mode attribute is set to False or RemoteOnly, this flag is set to false.

Technorati Tags: MVC,Custom Errors

Action Filters in ASP.NET MVC

An action filter is an attribute that you can apply to a controller action -- or an entire controller -- that modifies the way in which the action is executed. The ASP.NET MVC framework includes several action filters:

• OutputCache – This action filter caches the output of a controller action for a specified amount of time.
• HandleError – This action filter handles errors raised when a controller action executes.
• Authorize – This action filter enables you to restrict access to a particular user or role.

You also can create your own custom action filters. For example, you might want to create a custom action filter in order to implement a custom authentication system.

using System;
using System.Web.Mvc;

namespace MvcApplication1.Controllers
{
     public class DataController : Controller
     {
          [OutputCache(Duration=10)]
          public string Index()
          {
               return DateTime.Now.ToString("T");

          }
     }
}

In the above example, action is decorated with the OutputCache action filter.

The Different Types of Filters

The ASP.NET MVC framework supports four different types of filters:

1. Authorization filters – Implements the IAuthorizationFilter attribute.
   
2. Action filters – Implements the IActionFilter attribute.
   
3. Result filters – Implements the IResultFilter attribute.
   
4. Exception filters – Implements the IExceptionFilter attribute.

Filters are executed in the order listed above. For example, authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

Authorization filters are used to implement authentication and authorization for controller actions. For example, the Authorize filter is an example of an Authorization filter.

Action filters contain logic that is executed before and after a controller action executes. You can use an action filter, for instance, to modify the view data that a controller action returns.

Result filters contain logic that is executed before and after a view result is executed. For example, you might want to modify a view result right before the view is rendered to the browser.

Exception filters are the last type of filter to run. You can use an exception filter to handle errors raised by either your controller actions or controller action results. You also can use exception filters to log errors.

The base class for all action filters is the System.Web.Mvc.FilterAttribute class. If you want to implement a particular type of filter, then you need to create a class that inherits from the base Filter class and implements one or more of the IAuthorizationFilter, IActionFilter, IResultFilter, or ExceptionFilter interfaces.

The base ActionFilterAttribute class has the following methods that you can override:

• OnActionExecuting – This method is called before a controller action is executed.
  
• OnActionExecuted – This method is called after a controller action is executed.
  
• OnResultExecuting – This method is called before a controller action result is executed.
  
• OnResultExecuted – This method is called after a controller action result is executed.

Technorati Tags: ASP.NET MVC,Action Filters

Cross site Request Forgery (CSRF)

Use Html.AntiForgeryToken() to protect ASP.NET MVC forms and also to validate the incoming post request add the [ValidateAntiForgeryToken] filter to the Target action method.

Adding a salt

If you want to protect multiple forms in your website independent of each other then use a salt value whenever you call Html.AntiForgeryToken() e.g.

<%= Html.AntiForgeryToken(“SomeStringHere”) %>

add the salt to the [ValidateAntiForgeryToken] e.g.

[ValidateAntiForgeryToken(Salt="SomeStringHere")]
public ViewResult SubmitMethod()
{
    // code here
}

Note: AntiForgery Helpers work only with POST requests and not GET requests and the visitors must accept cookies.

Technorati Tags: ASP.NET MVC,CSRF

ASP.NET MVC vs ASP.NET Web API

ASP.NET MVC excels at accepting form data and generating HTML. It returns Views and Data. Requests are mapped to action names. MVC features exists in the System.Web.MVC assembly.

ASP.NET Web API excels at accepting and generating structured data like JSON and XML. It returns only Data not View. Build Restful services and supports content type negotiation (response data format can be JSON, XML, ATOM etc). Requests are mapped to actions based on HTTP Verbs. With the Web API, no longer IIS need to be used to host HTTP services, services can be hosted in a custom Windows service, console application, or any other type of host you need. Provides automatic support for OData. The model binding, filters, routing and others MVC features exist in Web API are different from MVC and exists in the new System.Web.Http assembly. Light weight architecture and good for devices like smart phones.