Calle Arnesten's Blog

On the web it’s considered a good practice that the GET method never changes the state on the server. When state should be changed the POST method should be used. It is good to follow this practice, otherwise there might be problems when search engines tries to visit links (which are GET by default).
By default in ASP.NET MVC any public method on the controller can be accessed both by GET and POST. So I _could_ access my DeleteUser() method by an ordinary link (which is GET).

So, how do I restrict a method in ASP.NET MVC to be only GET or only POST? I could use ActionFilterAttribute and tag each method with it. But tagging every method is a bit noisy in my opinion. The thing I want is GET to be the default way to access methods, and then I want to mark POST methods only with attributes.

In my MVC projects I always have a BaseController, that all my controllers inherit from. With that in place it is actually quite easy to accomplish the above. I just need to override OnActionExecuting like this:

public class BaseController : Controller
{
    protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var attributes = filterContext.ActionMethod.GetCustomAttributes(
            typeof(POSTAttribute), false);
        var method = filterContext.HttpContext.Request.HttpMethod;
        if (attributes.Length > 0 && method != "POST")
        {
            ThrowIllegalMethodException("POST", filterContext);
        }
        else if (attributes.Length == 0 && method != "GET")
        {
            ThrowIllegalMethodException("GET", filterContext);
        }
    }

    private static void ThrowIllegalMethodException(string expectedHttpMethod,
        ActionExecutingContext filterContext)
    {
        var controllerName = filterContext.Controller.GetType().Name;
        var controllerMethod = filterContext.ActionMethod.Name;
        var httpMethod = filterContext.HttpContext.Request.HttpMethod;

        var message = string.Format("Only {0} method allowed for {1}.{2}, but {3} was used.",
            expectedHttpMethod, controllerName, controllerMethod, httpMethod);
        throw new SecurityException(message);
    }
}

And also I need a POSTAttribute which is simplest possible:

public class POSTAttribute : Attribute
{
}

So, now I can write [POST] above methods like this:

public class MyController : BaseController
{
    [POST]
    public ActionResult SaveMyEntity()
    {
        // Code..
    }
}

Pretty cool that you can change the behaviour of the MVC framework this easy.

Just read this. This is great news! I don’t like the way WebForms work today, I think its hard to get testable code close to the UI. I know there are alternatives like MonoRail, but I find the disadvantage of not having third party components like Telerik too big. But if a framework for Model View Controller comes from Microsoft, I’m sure that third party component companies will start develop components for it.

One of the things I missed when I started to look at Cuyahoga two weeks ago was that it didn’t use NHibernate 1.2. As I was used to NHibernate 1.2 from my work with its support for generics, I wanted to use that with Cuyahoga as well. So I decided to make a patch that would enable me to use it.

Besides using the files from the NHibernate 1.2 release, I had to download the subversion source code for Castle.Facilities.NHibernateIntegration.dll. Then I had to make a few adjustments to the code for it to compile against NHibernate 1.2.

After I had upgraded the dll’s, the Cuyahoga compiled. But when I run it NHibernate complained on some things like missing virtuals and wrong mapping scheme (urn:nhibernate-mapping-2.0 instead of urn:nhibernate-mapping-2.2). After that it seems to be working nice.

You can download the patch for Cuyahoga 1.5 source code here. And for Cuyahoga’s latest trunk here.

Unfortunately, I’ve been having some problem applying the entire patches. It complains about some strange character in the beginning of some of the repository files, so you might have to manually edit some files. (The patch file is actually quite human-readable so it can be of help in the manual process). But for those that start from scratch I’ve also created a ready package of Cuyahoga 1.5 with patch applied. Download it here.

Today I was having quite a bit of problem when I wanted to include javascript from a control inside a Telerik Ajax Panel. The javascript in question was dynamically generated and should only be added sometimes depending on what action was made inside the ajax panel.

The first thing I tried is the standard way of registering javascript blocks, namely using Page.ClientScript.RegisterClientScriptBlock. That didn’t work, which when I thought about it was logical as the script is added high up in the html and not inside the ajax panel.

Secondly, I read a bit on Telerik’s support pages. It suggested that I used RadAjaxPanel.EnableOutsideScripts and RadAjaxPanel.ResponseScripts. I didn’t get this to work either directly, and got outofmemory exception in javascript. Due to time constraints I didn’t investigate this properly. I will try and write and update soon, if I remember.

The last thing I tried was to just include the javascript inside the html of the ajax panel. Like the following code suggested I did this by using a LiteralControl, containing the script, that is inserted in the ajax panel’s control collection.

RadAjaxPanel panel = new RadAjaxPanel();

if (someCondition)
{
  string myScript = "function MyAlert() { alert('Hello world'); }";
  LiteralControl scriptControl = new LiteralControl();
  script.Text = string.Format(
    @"<script type=""text/javascript"">{0}</script>",
    myFunction);
  panel.Controls.Add(scriptControl);

  Button alertButton = new Button();
  alertButton.OnClientClick("MyAlert(); return false;");
  panel.Controls.Add(alertButton);
}

For the sake of simplicity the javascript that is dynamically added in this example is rather static. This turned out to work. I should mention that this trick will work just as well with the standard Microsoft ASP.NET Ajax Update Panel.