Jake Scott

So asp.net mvc by default will validate any Request parameters to make sure that they don’t contain any html tags or scripts which stops xss attacks. This is a good thing. The trouble is detecting this so that you can tell your user that they are doing something naughty. Asp.net mvc will throw a nasty HttpRequestValidationException and your user will end up with a YSOD or some useless error page. For my application I decided to make a FriendlyValidateInputAttribute which will detect this use case, and add an appropriate error to the ModelState so that in your controller all you need to do is check ModelState.IsValid and you should be good to go.

The way this works is pretty hacky. Calling ValidateInput() doesn’t actually validate anything. It just sets flags indicating that on the next usage of certain inputs that they should be validated. Thats why there is a bogus lookup which forces the request to be validated , which allows me to catch the exception. I use the exceptions error message to work out which form field is invalid. Note this code is very prototypish :P so test before use!!

using System.Web;
using System.Web.Mvc;
 
public class FriendlyValidateInputAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        var request = filterContext.Controller.ControllerContext.HttpContext.Request;
        var controller = (Controller) filterContext.Controller;
 
        controller.ValidateRequest = false;
        request.ValidateInput();
 
        try
        {
            var bogus = request["bogus"]; // this will trigger the exception
        }
        catch (HttpRequestValidationException xssException)
        {
            var start = xssException.Message.IndexOf("(") + 1;
            var end = xssException.Message.IndexOf("=");
            
            var formField = xssException.Message.Substring(start, end - start);
            controller.ModelState.AddModelError(formField, xssException.Message);
        }
    }
}

Gearbox Mac OSX style icon I created following this tutorial.

A Mac OSX style Compass I created by following this tutorial. Took about 2 hours.

Don't Create Aggregate Roots

Udi Dahan has posted an interesting article about the creation of Aggregate Root within the context of a person visiting an ecommerce website. Can’t wait to try this out on a project that I have in the pipeline…

NOTE: For a good rundown of NHibernate listeners checkout Ayende’s post on IPreUpdateEventListener and IPreInsertEventListener.

For my simple application I am building I wanted an automatic way of handling the task of setting the created and modified dates on entities when saving them to the database. So I added a IDateModifed to my entities

public interface IDateModified
{
    DateTime Created { get; set; }
    DateTime Modified { get; set; }
}

Then I created a custom event listener that is fired before entities are persisted to the database.

public class CustomDefaultSaveOrUpdateEventListener : DefaultSaveOrUpdateEventListener
{
    protected override object EntityIsPersistent(SaveOrUpdateEvent evt)
    {
        var entity = evt.Entity as IDateModified;
        if (entity != null)
        {
            entity.Modified = DateTime.Now;
        }

        return base.EntityIsPersistent(evt);
    }

    protected override object EntityIsTransient(SaveOrUpdateEvent evt)
    {
        var entity = evt.Entity as IDateModified;
        if (entity != null)
        {
            entity.Created = DateTime.Now;
            entity.Modified = DateTime.Now;
        }

        return base.EntityIsTransient(evt);
    }
}

Finally you need to configure NHibernate with your custom event listener

configuration.EventListeners.SaveOrUpdateEventListeners = new ISaveOrUpdateEventListener[]{new CustomDefaultSaveOrUpdateEventListener() };

Ritesh Rao has implemented a simple Domain Events Pattern for the ncommon project. This is a problem that I have often encountered when trying to encapsulate behaviour in my domain objects. At some point you will find that you need to reach out of your domain “when” something happens in your model.

For example StackOverflow users earn badges after completing certain actions within the site. This would result in a whole bunch of server processing code as well as user interface notifications and possibly an email to congratulate you. _Kinda_ I made this example up :P

Your model should not have to talk to a IEmailNotificationService to send an email and it should definately not have to go and save the badge to the database. You could use the Service Locator Pattern to get the IEmailNotificationService and the service to save the badge but this has always felt incredibly wrong.

Instead the user model should just raise this event and anyone else who is listening can handle the event. So go read about it here and here and tick off that problem in your DDD tool belt.

Sidenote: The ncommon project is a library that contains implementations of commonly used design patterns when developing applications for the .net framework such as Unit of Work, Repository, Guard Class, Validation, Business Rules, Specification Pattern using expressions. The coolest thing about it is that you can choose your underlying ORM such as linq2sql, entity framework and best of all nhibernate!

Nate Kohari of Ninject and Zen fame has just posted an interesting article about storing all your dates in your database in UTC. The problem with this technique is that you then need to localise these dates for each individual user. Forcing the user to select which country they are from on signup is draining and it will also be displayed wrong for users that travel frequently around the world. His solution is crafty and involves using Javascript and Ajax to frequently update the server your current where abouts. Go check it out!

ballpark:

New MetaLab Site

We just launched our new company site. Go check it out!

So after trying many many times to get Visual Studio 2008 to install on Vista x64 and not getting anywhere I’ve had enough. I don’t want to go back to Xp because it is 9 or so years old now, and the default browser it comes with is IE6 which I f&^ken despise.

I decided to have one last go and install Vista x86 at work and install vs 2008 again on that machine but that failed as well. At this point I just didn’t know what to try. It seems the planets must be correctly aligned before it will correctly install. Microsoft - I just want to build some simple web apps! Why should I download a 4GB visual studio when the Ruby on Rails kids download everything they need with Subversion or Git in a matter of minutes.

Here’s an idea, “Microsoft .net Code Editor”. It has a File browser, Text editor, Resharper, Build tools, and some way to download dlls like Ruby Gems.

Anyway after that huge rant, I am still stuck with the problem of not having studio up and running on my home machine. With .net 4.0 coming out pretty soon I decided to run with scissors and install Visual Studio 2010 Beta 1. I also stumbled upon some very good news…

Scientists hypothesize on existence of ReSharper for Visual Studio 2010. They argue pros and cons endlessly, bringing history to the table and even gamble around the odds if ReSharper can run in the new shining Visual Studio 2010 Beta 1.

Jetbrains are going to be releasing a preview of Resharper 5 for Visual Studio 2010 Beta 1!!

Retro style posters, photos and print work by Scott Hansens. Also check out his musical projects: Tycho (Via Creatica Daily)