The purpose of this blog entry is to provide you with an introduction to the xUnit.net unit testing framework, the newest unit testing framework for the .NET framework. I want to demonstrate how you can use the xUnit.net framework when practicing test-driven development. In particular, I focus on using xUnit.net when building an ASP.NET MVC application. This blog entry is divided into three parts. In the first part, I explain how to download and reference the xUnit.net framework when building an ASP.NET MVC application. Next, I provide you with an overview of how you can create unit tests with xUnit.net. Finally,...

In this tip, I recommend that you use standard names for your controller actions in order to make your code more transparent to other developers. Adopting naming conventions makes your code easier to read for other developers and your future self. Naming conventions also saves you time so that you can prevent endless debates about the “right” way to name something. In this tip, I recommend standard names for ASP.NET MVC controller actions. Here is the table of suggested standard names for controller actions: ...

In this tip, I explain how hackers can steal sensitive information from an ASP.NET MVC website by manipulating URLs. I also discuss how you can build unit tests to prevent this type of attack. A hacker can use a URL Manipulation Attack to easily access other people’s data at a website. If you retrieve records by the record Id, and you do not check with each database request that the right person is making the request, then anyone can read anyone else’s database records. One of the benefits of ASP.NET MVC is that the framework exposes intuitive URLs. Unfortunately, this benefit...

In this tip, I show you how to build an ASP.NET MVC View User Control that accepts a set of database records and renders the records in an HTML table automatically. The advantage of using a View User Control is that you can customize the rendering of particular columns. In yesterday’s tip, I explained how you can create a new HTML helper that renders a set of database records in an HTML table. In other words, I showed one method for simulating a GridView control in ASP.NET MVC. In today’s tip, I am going to show you a second method of...

In this tip, you learn how to extend the ASP.NET MVC framework with a new helper method that displays an HTML table of database data. Currently, the ASP.NET MVC framework does not include anything that is the direct equivalent of the ASP.NET Web Forms GridView control. If you want to display a table of database data then you must write out all of the HTML and inline script each and every time that you want to display the data. In this tip, I show you how to add a GridView() extension method to the HtmlHelper class. An extension method is a method...

In this tip, you learn that JavaScript Injection attacks are much more serious than you might think. I show you how to do very evil things with an ASP.NET MVC website using a JavaScript Injection attack and then I explain an easy way to prevent this type of attack. When you collect form data from a visitor to your website, and you redisplay that form data to other visitors, then you should encode the form data. Otherwise, you are opening your website to JavaScript Injection attacks. For example, if you are creating a discussion forum, make sure that you encode the forum...

In this tip, I explain why you should call the RedirectToAction() method after submitting form data instead of returning a view. Imagine that you are collecting information from your website users with an HTML form. The HTML form is displayed by a controller action named HomeController.Create() and the form data is submitted to a controller action named HomeController.New() that adds the form data to the database. After the form data is submitted, you want to display the accumulated survey results (see Figure 1). Figure 1 – Results.aspx View There are two approaches that you might take to writing the New() controller...

In this tip, I explain how to create shared views for controller actions. A shared view can be used with multiple controllers. In particular, I explain how to create shared views for displaying and editing database data. Imagine that the HomeController controller exposes an action named Index(). When the Index() action is invoked, the ASP.NET MVC framework first attempts to retrieve the Index view from the following path: \Views\Home\Index.aspx If the Index.aspx view is not present in the Home folder, the ASP.NET MVC framework next attempts to retrieve the view from the Shared folder: \Views\Shared\Index.aspx If the Index.aspx view can’t be retrieved from either location,...

In this tip, you learn how to create a custom controller base class that exposes actions for performing common database operations such as displaying, inserting, updating, and deleting data. Whenever you write code and you discover that you are writing the same type of code over and over again, that is a good time to stop and consider whether you are wasting huge amounts of time. Yesterday, I discovered that I was in this very situation while building a database-driven ASP.NET MVC web application. I needed to perform the same standard set of database operations – display data, update data,...

In this tip, Stephen Walther explains how you can unit test whether a controller action returns a particular view. He recommends that you be explicit about view names when you plan to create unit tests. The ASP.NET MVC framework was designed to be a very testable framework. You can easily test an MVC controller action to determine whether the action returns the result that you expect. In this tip, I show you how to test whether a controller action returns a particular view. Consider the MVC controller, named HomeController, in Listing 1. This controller contains an action named Index(). The Index() action...

In this tip, I show you how to create a custom action result that you can return from an ASP.NET MVC controller action. This action result generates a Microsoft Excel Document from a LINQ to SQL query. In an MVC application, a controller action returns an action result. In particular, it returns something that derives from the base ActionResult class such as: · ViewResult · EmptyResult · RedirectResult · RedirectToRouteResult · JsonResult · ContentResult For example, you use a ViewResult to return a particular view to the browser and a ContentResult to return text content to the browser. But, what if you want to return some other type of...

In this tip, I show you how you can create two new HTML Helpers that you can use within an ASP.NET MVC View. I show you how you can use extension methods to create new HTML Helpers for displaying bulleted and numbered lists. When building a View for an ASP.NET MVC application, you can take advantage of HTML Helpers to render standard HTML tags. For example, instead of typing this: <input name="inpSubmit" type="submit" value="Click Here!" /> You can type this: <%= Html.SubmitButton("inpSubmit", "Click Here!") %> Over the long run, HTML Helpers can save you a lot time. But what if there isn’t an HTML Helper...

In this post, I provide an introduction to Moq which is the newest of the Mock Object Frameworks. Moq is promoted by its creators as easier to learn and use than other Mock Object Frameworks such as Rhino Mocks and TypeMock Isolator.

I've been collecting book recommendations on software design principles and patterns, test-driven development, and agile development. I wanted to share my current reading list with you in case you are interested in learning more about these topics. If you have any additional book recommendations -- please share! Here's my current list of books: Software Design Principles and Patterns Books Design Patterns : Elements of Reusable Object-Oriented Software by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides This is the book known as the Gang of Four book and it...

It’s official, I’m now working at Microsoft. I have an office in building 42 and they have supplied me with a phone, an email account, and a computer.