Last post Nov 18, 2012 04:37 PM by ignatandrei
Jan 16, 2008 06:27 PM|sliderhouserules|LINK
I am curious to know to what degree the MVC team is keeping the principles that the P&P team has been touting (a la WCSF, etc.) as they're developing the MVC framework. I see a lot of talk about DI, etc. but don't really see the robust enterprise-level-framework
feature set even in any discussions or "preview" information (like Phil will post -- IE namespaces for routes is coming).
In particular I am talking about modular architecture that allows composite applications (or frameworks) to be easily built. A particular need is the ability to separate the application vertically into modules, and have those modules be pluggable/swappable
Another concern of mine is robust security. I've always felt that the out-of-the-box security features offered in ASP.NET are rather Mickey Mouse. Who wants to take a large web site with hundreds of pages and try to manage security in web.config? Who can
seriously take a large customizable application and hard-code roles into stuff without shaking your head at it?
Enterprise development, in my experience, needs to focus on giving the operations people the maximum amount of control over the application that they manage, and not require code changes for rather simple things that should be covered by design (for instance,
simply renaming a role cause someone wants it to be "Administrator" instead of "admin" that some developer named it).
Along the lines of some of the stuff I've seen on the forums here and in some blog posts, and in line with what little I understand about the Enterprise Library security features, I'd like to see a very simple security model based on Rules. Rules can be
hard-coded into the application via attributes, then the ops people can group Rules into Roles, and then map Users to Roles -- and they can change it all they want without any code changes! Basically what Adam has here in his Create method, but attribute based:
I don't want to rant. I just want to say that this framework is so elegant it has me very excited. But I'm not going to be using it to build a blog engine. I'm going to be building enterprise-level applications based on a framework that allows us to plug
different versions of the same module (CustomerService, for example) into different implementations for different customers. Scott Guthrie said in his ALT.NET talk that if you're doing enterprise development, you'll probably want to use MVC. Please hold true
to that, and don't base the design on making it easy to build blog engines.
Nov 18, 2012 04:37 PM|ignatandrei|LINK
A particular need is the ability to separate the application vertically into modules, and have those modules be pluggable/swappable through configuration
MVC is not about YOUR architecture. MVC is about a simple framework about binding HTML and Server code. And this is pluggable : http://bradwilson.typepad.com/blog/2010/07/service-location-pt1-introduction.html
For enabling architecture, you can do what you want - see http://msprogrammer.serviciipeweb.ro/2010/03/29/asp-net-mvc-orm-and-viewmodels/
I've always felt that the out-of-the-box security features offered in ASP.NET are rather Mickey Mouse. Who wants to take a large web site with hundreds of pages and try to manage security in web.config?
With this you only show you do not understand MVC . MVC is about ACTION security, not VIEWS pages security (what's a View Model if you do not call an Action ?) Please see http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx
I'm going to be building enterprise-level applications based on a framework that allows us to plug different versions of the same module (CustomerService, for example) into different implementations for different customers.
Please do it. MVC is not taking any decisions about your architecture ... you are doing this.