Jon Galloway

Building Web Apps with ASP.NET Jump Start - Over 6 hours of free ASP.NET video training

Last Friday Microsoft Learning hosted Scott Hansleman, Damian Edwards and me for a full day live video Jump Start event titled Building Web Apps with ASP.NET. We had a nice crowd of about 2,300 attendees joining us during the event - but we were really excited about ending up with a full day of top quality training on ASP.NET 4.5, ASP.NET MVC 4, ASP.NET Web API, SignalR, and Visual Studio - all updated for the ASP.NET and Web Tools 2012.2 release. The Microsoft Learning team has a great studio, event platform, and team, and I think the videos turned out great.


This wouldn't have been possible without the heroic efforts of both Scott Hanselman and Damian Edwards. Scott hadn't been feeling well earlier that week, but presented an entire day of training immediately after a full week at the MVP Summit. Damian wasn't originally scheduled for this, but he was free that day and jumped right in - originally Scott and I invited him just to do the SignalR talk, but when we found he was available the whole day we asked him to help on a bunch of other sessions.

Thanks also to the whole Microsoft Learning team, especially Frank Gartland for setting this up. The Microsoft Virtual Academy puts out a lot of great content, including full courses which help you keep up with new releases (and prepare for certification exams if you're interested).

Content and Sample Code

This content was based on the courseware I just helped update for our current Web Camps tour. A lot of the demos are available in the Web Camps Training Kit, available here. We've got a bunch of free, one day Web Camp events going on over the next few months - with several more being added as we finalize dates and locations.


All nine sessions (over six hours) are up on Channel 9 - you can watch them online (HTML5 video or Silverlight) or download them in a bunch of MP4 or WMV formats. I've got them embedded below, too.

(01) What's New in ASP.NET 4.5


[02:51] - Web development overview

This session starts by overviewing what we're going to cover in the series. The only way I can keep up with all the new releases the ASP.NET and Web Tools teams keep cranking out is to work out a mental map of how it all fits together. For the purpose of this day, we broke things into foundations and scenarios. The foundations include One ASP.NET (including ASP.NET Web Forms, ASP.NET MVC, ASP.NET Web API, and SignalR), Visual Studio, NuGet, and Azure - specifically Windows Azure Web Sites). After covering those tools, we look at using using them in some modern web development scenarios, such as social web applications, mobile web development, etc.

[10:48] - ASP.NET Web Forms model binding

ASP.NET 4.5 includes what I consider the biggest, most fundamental and transformative change to Web Forms since it was first released - model binding. I would have loved to have this years ago, and if you're doing ASP.NET Web Forms and not taking advantage of the new data control features, I really think you're both working too hard and writing lower quality code than you should be. The ASP.NET and Web Tools 2012.2 release includes Friendly URLs support, which gives you the full benefits of URL routing - both cleaner URLs and binding of URL values to control data access methods. My demo shows using the models from the MVC Music Store tutorial in an ASP.NET Web Forms application; it's available in the Web Camps Training Kit.

[20:27] - Bundling and Optimization

Bundling and Optimization is built in to ASP.NET 4.5, so it works across the platform. Scott shows a great example demonstrating bundling and optimization extensibility with both CoffeeScript and LESS minification.

[39:53] - Page inspector

The Visual Studio 2012 Page Inspector lets you interact with the output of your web pages inside of Visual Studio. It's conceptually similar to browser dev tools, but since it's integrated to your source it can give you a lot better information and feedback, answering questions like "Which view / partial view / user control / etc. is actually generating this HTML?" I demo'd the basic features, then showed the new live update feature in the ASP.NET and Web Tools 2012.2 release.

[43:58] - Async

ASP.NET 4.5 includes support for Async just about everywhere, including ASP.NET Web Forms, ASP.NET MVC controllers, etc. Scott shows a nice, simple example in which he changes three synchronous operations to run in parallel in an ASP.NET Web Form.

(02) Building and Deploying Websites with ASP.NET MVC 4

Okay, this one was fun up until my demo fail cliff hanger right at the end. I started with File / New Project, built out a simple ASP.NET MVC site, and deployed it to Windows Azure Web Sites.

[01:26] - Intro to ASP.NET MVC

No ASP.NET MVC talk is compete without a few diagrams, so I start with a review of the how ASP.NET MVC works, complete with some fancy animated diagrams.

[03:58] - Creating a new ASP.NET MVC site

In this part of the talk, I show the different ASP.NET MVC project template, tour through the folder structure, show how routing works, explain the standard conventions used in ASP.NET MVC, and show how the controllers and views work together.

[15:19] - Adding a model, controller, view

This part of the presentation shows how to work with data in an ASP.NET MVC application using models and scaffolding, with data backed by Entity Framework Code First. I set up Entity Framework Code First Migrations to keep changes to my data model synchronized with my database over time.

[34:57] - Deploying to Windows Azure Web Sites

With a complete, working application, it's time to deploy. To the cloud! Well, kind of. I was aware that if people are accessing your URL during a first deployment it can cause problems, but I'd never seen it in practice. Someone F5 bombed me and the deploy failed, which, was corrected by redeploying an unchanged web.config file to refresh the site. But, the cool part is that we built and deployed a site - complete with database and migrations - in under an hour. One of our attendees was so inspired that he created another site to encourage Scott to survive the day:

(03) Creating HTML5 Applications with jQuery

[02:31] - Introduction to HTML5

Scott and Damian explain what HTML5 is, and what it means to you as a web developer, including an overview of modern web development features like responsive design.

[13:13] - HTML5 markup

Scott and Damian show how HTML5 semantic tags are included in ASP.NET MVC 4 and ASP.NET Web Forms 4.5 templates and explain why they're useful. They explain why feature detection is preferable to useragent sniffing and show how Modernizr makes doing the right thing easy.

[27:06] - jQuery overview

Scott and Damian show why everyone's using jQuery and overview the basics. Damian showed off a simple demo I put together that's up on jsbin: (play along at home!)

[48:04] - Visual Studio web tools

Scott shows off a bunch of great new web development features in Visual Studio 2012 (including the 2012.2 updates and the Web Essentials extension) with some cool examples like HTML5 form elements and the new Single Page Application templates.

(04) Building a Service Layer with ASP.NET Web API

This is a whirlwind tour of ASP.NET Web API, including some new features in 2012.2 (Help Pages, Tracing, and OData).

[01:32] - Introduction to Web API

We start by looking at the File / New Project experience for the Web API template, covering Help Pages and Tracing.

[14:40] - Consuming Web API from jQuery

This sample showed using jQuery and the OData query syntax to page through server-side data.

[20:44] - Consuming Web API from Windows 8

One of the key reasons for using ASP.NET Web API is that you're able to work with any client type that can "speak HTTP" - including mobile and desktop applications. In this sample, I demonstrated a Windows Store application that was calling back into an ASP.NET Web API service.

(05) Leveraging Your ASP.NET Development Skills to Build Office Apps

You might not have heard that you can write Apps for Office using web technologies like HTML5, jQuery, and ASP.NET. It's really pretty slick. I thought it was so cool, I squeezed in a quick 15 minute talk to show it off.

[01:25] - HTML5 and jQuery for Office 2013

I start by showing a simple Hello World example, using jQuery to read and write Excel data into a task pane. Note: my demos require the Microsoft Office Developer Tools for Visual Studio 2012.

[07:53] - Adding ASP.NET Web API

This demo goes a bit further by showing an Excel Task Pane app that posts data back to a backing ASP.NET Web API service, then displays the result. Brady Gaster wrote this demo; it's available in the Web Camps Training Kit.

[12:24] - What is an App for Office

After having explained the model, I showed how you can get and sell Apps for Office in the store, then showed where you can find more information.

(06) Building and Leveraging Social Services in ASP.NET

Several people told me this was their favorite session. The scripted part is good - it shows how to let your users log into your ASP.NET applications using OAuth and OpenID, then explains the new Facebook app template in the 2012.2 release.

But our live viewers really liked watching the unscripted part, when Scott and Damian troubleshot a problem with Twitter app setup because Twitter wouldn't allow an authentication callback to Scott's laptop. Hilarity - but also some pretty slick, on the fly troubleshooting - ensued.

03:02] - OAuth flow

Scott and Damian explain how OAuth works, and how you can use it to enable users to log into your ASP.NET sites without a password.

[06:34] - Demo - OAuth and OpenID

Scott and Damian set up Twitter and Google authentication for an ASP.NET application.

[27:47] - Facebook applications

Scott and Damian explain how Facebook Aps work, then show how the new Facebook app template makes it a lot easier to develop Facebook applications and interact with the Facebook "social graph".

(07) Building for the Mobile Web

Scott shows three options for how to deal with the the ever-growing percentage of mobile browsers: do nothing, change the client (adaptive rendering), or change the server (display modes or using jQuery Mobile)

08:24] - Adaptive rendering - change the client

Scott shows you can use CSS @media queries to adapt the HTML for different display dimensions.

[11:24] - Display modes and jQuery Mobile - change the server

Scott shows how you can use ASP.NET MVC 4 display modes to create generic mobile views or custom, device specific views. He demonstrates how to use mobile browser emulators to test how the display modes will work on the target device. You can find out more about mobile device simulators here:

Scott's walkthrough on working with jQuery Mobile in ASP.NET is really worth watching - he demonstrates how to take advantage of some more advanced jQuery mobile features using the ASP.NET MVC 4 Mobile template. You can find out more about using the some of the techniques Scott demonstrates in this tutorial: ASP.NET MVC 4 Mobile Features.

(08) Real-time Communication with SignalR

SignalR makes it easy to do real-time web applications in ASP.NET. If you want to learn about SignalR - and I'd suggest that you do - Damian is the guy. He and David Fowler started developing SignalrR as an open source library two years ago, and he gives a really clear explanation that's both deeply technical and understandable.

[08:00] - Demo - Move shape

Damian shows a nice visual example with two browsers communicating via a SignalR backend; moving a shape in one browser instantly moves it in the other browser. You can find the code for this demo in the SignalR ASP.NET samples, titled ShapeShare.

[29:18] - Connecting to SignalR with C# and JavaScript clients

Damian demonstrates concurrent connections to the same hub from a WPF client and several different browsers.

[36:56] - Real-time gaming: ShootlR

Damian shows off the ShootR multiplayer HTML5 game, with over 260 live players. He explains the mechanics, including the different game loops and how they optimize for realtime multiplayer games. The code for ShootR is available here.

[44:20] - Chat application: JabbR

Damian shows off the JabbR chat system and talks about scaling with backplanes, then shows off some new features they're working on.

(09) Taking Advantage of Windows Azure Services

[01:20] - Azure signup

I explain the Azure signup process and talk about what you can get for free. Scott and I talked about how little it costs, and talked about how caching can make that even lower.

[05:00] -

I talk about how we've been using Windows Azure Web Sites for the site, and Scott and I talk about the ability to scale up and down. I also explain how we use separate Windows Azure Web Sites instances for QA and Staging on, using Git deploy. Scott and I discuss the ability to be able to roll back to previous Git deployments if needed.

[08:45] - Single serving sites

I show off a quick example of a "single serving" site for quick code demos.

[09:40] - Windows Azure Store

Scott and I talk about services - many free - which are available in the Windows Azure Store. I show off a demo what you get in the free version of New Relic.

[15:36] - Azure command line

Scott shows off all the sites he's running in Windows Azure and demonstrates how he can use the Azure command line to manage his sites. He explains that they're written in JavaScript and run cross-platform; for more information on that, see this tutorial: How to use the Windows Azure Command-Line Tools for Mac and Linux

[20:06] - Wrap-up

Scott, Damian and I wrap up the day with an overview of what we've covered and where you can go for more information.

Announcing the ASP.NET and Web Tools 2012.2 Release!

We're excited to announce the official release of ASP.NET and Web Tools 2012.2!

The most important thing to know about this release is that it doesn't affect the ASP.NET runtime or your existing projects and doesn't require any changes on your server. You can think of this as more of a Visual Studio web update that includes some new ASP.NET project templates. It works on my machine, is well behaved, and gentle around children and small pets.

I made a 25 minute video that overviews the features and shows a lot of code samples: Introduction to the ASP.NET and Web Tools 2012.2 Release:

Here's a summary (complete with some pretty pictures) and info on where to learn more.

What's in a name?

This release is named ASP.NET and Web Tools 2012.2, which is a bit of a mouthful. It's a tasty mouthful, though. Here's what it means:

ASP.NET - This release has new templates and tooling for the whole ASP.NET family: ASP.NET Web Forms, ASP.NET MVC, ASP.NET Web API, and more.

Web Tools - Historically, you had to wait for a big Visual Studio release to get updated features. That doesn't cut it these days, when a new language, JavaScript framework or SPA system goes up on Hacker News every week. In addition to the Web Essentials extension (which has nightly builds available if that's your style), the Visual Studio Web Tools team has worked hard to make it possible to officially ship new web features quickly. We just shipped Visual Studio 2012 last August, here's a bunch of new web tools for ya.

2012.2 - Naming is hard. The idea here is that this is a semantic name (or more semantic than Spring CTP Refresh Preview etc. etc.) that says this is an incremental release for the tools and templates that shipped with Visual Studio 2012.

What's in the box?

I made a handy diagram to explain the release. They tell me that software no longer ships in boxes, but if it did I think this should go on the cover:

What's new in Web Forms?

I really like ASP.NET 4.5 model binding and data control model updates. It brings a lot of the patterns I like in ASP.NET MVC to ASP.NET Web Forms, just scoped to the control level. Your data aware controls get and update data via methods which are control agnostic, the updates are model bound and validated, etc. It's quite nice.

The FriendlyURLs package helps you take advantage of that and push it further by bringing URLs inline with this model. It does two things for you:

  • It automatically maps URLs to ASPX pages
  • It automatically passes route values to controls with a nice bindable syntax

That means that you can have a URL like /Album/Edit/1 which maps to /Album/Edit.aspx, passing the 1 ID value so that controls can bind to it like this:

public Album EditAlbum_GetItem([FriendlyUrlSegments] int? id)
    return _db.Albums.Find(id);


What's new in SignalR?

Well, the main thing is that it's now ASP.NET SignalR. That means that, while it's still an open source project, it's officially shipped by and supported by Microsoft.

What's new in ASP.NET Web API?

Three big things:

Automatic Help Page generation - see a live sample here.

Tracing - Everything in the pipeline is output to the System.Diagnostics.Trace, so you can read it in the Visual Studio output window as well as any registered Trace Listener.

OData - Lots of new stuff here, including routing and query validation


ASP.NET MVC gets a few new templates, plus a big new bonus.

First, the Facebook template makes it easy to create full Facebook apps. Your users log in on Facebook, approve your requests to access their Facebook content, and then your app can interact with their social graph.

Secondly, there's a lightweight Single Page Application template based on Knockout.js and ASP.NET Web API.

And, thirdly, the big new bonus - we've made it possible to create new ASP.NET MVC templates using a Visual Studio extension (VSIX). Expect to see a lot more templates from us and others in the community!

What's new in Web Tools?

The web tools features are of course really visual, so I encourage you to watch the video above. Some highlights:

Page Inspector now has live sync, so when you update CSS you'll see it update immediately.

There's IntelliSense support for Knockout bindings, CoffeeScript, and more.

The integrated publishing includes single file publish and compare. That means that you can edit a single file and push it out, or even compare your local changes against the live production version.

Where do I get it?

As always, you can find the new release at

Where can I learn more?

Over the next two months we will have a series of new Web Camp events occurring around the world. We're finalizing several of them over the next few days.  Register today to attend one of these free one day events and learn how to build awesome web apps.

Building Web Apps with ASP.NET Jump Start with Jon Galloway and Scott Hanselman - Full Day Live (and recorded) Event on Feb 22

Update: the videos from this event are now available.

The ASP.NET and Web Tools teams have been cranking out some amazing stuff lately! But it can be a little tough to keep up with it all...

Lucky for you, we've got a great online event coming up on on February 22 which explains it all. Scott Hanselman and I are working with the Microsoft Learning / Virtual Academy team to run a full day Jump Start event. This will be live stream (register now!) and available on-demand later.

We'll be be spending a full eight hours digging into the following topics (and probably some more - who knows what will happen when you give Scott a microphone...):

  • New and advanced features in ASP.NET Web Forms
  • jQuery
  • SignalR
  • Entity Framework
  • Visual Studio 2012
  • Internet Explorer 10 and HTML5
  • Building apps for Office with HTML5
  • Windows Azure Web Sites for ASP.NET developers

This is a great way to get up to speed with our latest releases, including everything you need to know about the ASP.NET and Web Tools 2012.2 release!

This is an online event, so everyone gets a front row seat. We'll be taking your live questions via chat, and we've got some top-notch chat proctors lined up including Brady Gaster and some ASP.NET MVP's. If you're familiar with our current Web Camps tour, this will follow the same general outline and content, but updated with the newest bits Scott and I can get our hands on!

Register now to reserve your spot.

And if you'd like a preview of some of the fun I fear we may all be in for, check out the talk Scott and I did at //build/, Bleeding edge ASP.NET: See what is next for MVC, Web API, SignalR and more…

Now imagine eight hours of this! What have I gotten myself into?

A quick look at Git support in Visual Studio 2012

I use Git a lot these days. My team uses it exclusively for internal work, collaboration with vendors, and public open source releases. I've got several public and private repos on CodePlex, GitHub and BitBucket - open source projects, book sample code, presentation content, etc.

I've used the command line, posh-git, and GitHub for Windows (you knew you can use GitHub for Windows with non-GitHub repositories, right?). I quickly decided that msysgit wasn't helpful, bounced between the command line and Visual Studio for a while, then used the git command line in the Visual Studio Package Manager console.

I've been using GitHub for Windows app a lot since it was released. Some people will make fun of you if you don't use the command line in git; and it's true that the old git windows tools weren't very useful. I've found that the GitHub for Windows client works pretty well for a lot of day to day work, and I can quickly pop open a shell window when I need it (e.g. removing files, merging, git deploy to Azure). If nothing else, GitHub for Windows takes the annoyance thinking about SSH keys out of the picture.

I wasn't sure I'd like GitHub support in Visual Studio, though. It's nice to see file status, history, merges, etc., but I didn't want it locking my files or messing with my project files or... well, changing anything at all. I think of code as files, not a bunch of stuff living in Visual Studio, and I want to manage it.

Disclaimer: There are a lot of good posts about the new Git support in Visual Studio 2012 with lots of nice pictures. I didn't read them, partly because it looked like a lot of work, and partly because I wanted to see if I could just click around and good things would happen. What could go wrong?

tl;dr: It doesn't mess with my code or project files, works well distributed, and integrates cleanly with stuff like .gitignore and .gitattributes. So far I like it. Oh, and it works with Visual Studio Express, too.

Installing the Git tools for Visual Studio 2012

The big Getting Started with Git in Visual Studio and Team Foundation Service post has a Get set up note at the top that worked great for me.

I already had Visual Studio 2012 installed, so step one was installing Visual Studio 2012 Update 2 CTP. I think the download page could be a little more clear - I figured I'd start with the smallest one and it worked on my machine.

Installing Visual Studio 2012 Update 2 CTP 22013-01-30_12h33_33

Note: In case you missed it, Visual Studio's moved to delivering regular updates (with new features) on a shorter delivery interval. Visual Studio 2012 Update 2, a.k.a. VS2012.2, just shipped and has a lot of nice new features (even a blue theme for the nostalgic).

The Visual Studio 2012 Update 2 install took 8 minutes for me and didn't require a reboot - make sure you've got Visual Studio closed when installing the update, of course. Not crazy fast, but barely long enough for me to get a cup of coffee.

Next up was the the Visual Studio Tools for Git extension. I expected this to be a little faster since it's a VSIX, but it was so fast I didn't get screenshot. It installed in maybe 15 seconds - if that. Fast. I, for one, welcome our new VSIX overlords. Fast, lightweight installs are quite nice, and I like that I can disable or uninstall them without fear of setting the house on fire.

Test drive (or, randomly clicking around to see what jumps out at me)

Okay, first I opened up a project I'd previously set up on GitHub. It found the .git folder and shows me status for files - none modified yet, as shown by the blue lock icon thing.


I noticed a mistake in Default.aspx and deleted it, which shows a red checkmark to show it's been modified. It's pretty small, but I don't think that's a big deal as I'll show in a second.


I also delete some database files from App_Data that shouldn't have been included. Now I'm ready to commit my change. I'll right-click on the project and pick "Commit..." Note that Commit was disabled until I made this change.


Okay, now it popped up this Team Explorer thing which shows the changes I've made. The Commit button is disabled and it tells me I need a commit message (standard for a git commit), so I'll need to fill that in.


After filling in the commit message, I can Commit.


And then it shows the details from the Commit.


Now at this point it still sees this as a local repo - it doesn't know that the upstream master is on GitHub. In the spirit of honest dumb guy clicking around, I don't see how to tell Visual Studio about the upstream master to push it.


Hey, notice that little orange logo next to it? I didn't know what that was, either. It turns out it's the official Git logo. Who knew?

Fine, now let's check this out in GitHub for Windows to see if anything wacky happened.


Sync from GitHub for Windows works, or I could pop the console and git pull --rebase / git push if I was in the mood.

Oh, one more neat thing - the branch history shows my local commit.



I'm happy with this. I opened a project I'd previously created on GitHub, it didn't modify a single file, it read my .gitignore and .gitattributes, and it showed me some useful information. I just clicked around and (1) nothing got messed up (2) I saw some useful information as I was working. I guess that's my point - it didn't hurt anything and I'm happy I installed it.

I checked it out with my CodePlex git repos and they were swell, too.

From some more reading, the real goodness shows up when you use the free (for 5 users or with MSDN account) Git hosting at, or when you need to do some merges or other more UI oriented things. You can read more from people who aren't just clicking around at some of the following gold certified urls:

Does ASP.NET Web API + OData filter at the database level? Let's ask IntelliTrace.

Someone asked me via Twitter if ASP.NET Web API queries are filtered at the database level, or if ASP.NET Web API queries the entire result set and then filters in code. Good question. I was pretty sure I knew the answer (below) but since everything in ASP.NET Web API changes so fast and they just released some big OData support updates, I wanted to make sure before answering.

How would you do that?

Option 1: Read the code

Since ASP.NET Web API and OData are both open source code, you can read through the code. A good guess at where to start would be the [Queryable] attribute: ExecuteQuery

private IQueryable ExecuteQuery(IEnumerable query, HttpRequestMessage request, HttpConfiguration configuration, HttpActionDescriptor actionDescriptor) 
    Type originalQueryType = query.GetType(); 
    Type entityClrType = TypeHelper.GetImplementedIEnumerableType(originalQueryType);

    if (entityClrType == null) 
        // The element type cannot be determined because the type of the content 
        // is not IEnumerable<T> or IQueryable<T>. 
        throw Error.InvalidOperation( 

    ODataQueryContext queryContext = CreateQueryContext(entityClrType, configuration, actionDescriptor); 
    ODataQueryOptions queryOptions = new ODataQueryOptions(queryContext, request); 
    ValidateQuery(request, queryOptions);

    // apply the query 
    IQueryable queryable = query as IQueryable; 
    if (queryable == null) 
        queryable = query.AsQueryable(); 

    ODataQuerySettings querySettings = new ODataQuerySettings 
        EnsureStableOrdering = EnsureStableOrdering, 
        HandleNullPropagation = HandleNullPropagation, 
        MaxAnyAllExpressionDepth = MaxAnyAllExpressionDepth, 
        PageSize = _pageSize 

    return queryOptions.ApplyTo(queryable, querySettings); 

Hmm. That's not manually filtering data, but the query itself is obviously a few levels deeper. Oh, let's look at the call stack:

System.Data.dll!System.Data.SqlClient.SqlCommand.ExecuteReader(System.Data.CommandBehavior behavior = {unknown}, string method = {unknown})    
System.Data.dll!System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(System.Data.CommandBehavior behavior = {unknown})    
System.Data.dll!System.Data.Common.DbCommand.ExecuteReader(System.Data.CommandBehavior behavior = {unknown})    
EntityFramework.dll!System.Data.Entity.Core.EntityClient.Internal.EntityCommandDefinition.ExecuteStoreCommands(System.Data.Entity.Core.EntityClient.EntityCommand entityCommand = {unknown}, System.Data.CommandBehavior behavior = {unknown})    
EntityFramework.dll!System.Data.Entity.Core.Objects.Internal.ObjectQueryExecutionPlan.Execute(System.Data.Entity.Core.Objects.ObjectContext context = {unknown}, System.Data.Entity.Core.Objects.ObjectParameterCollection parameterValues = {unknown})    
EntityFramework.dll!System.Data.Entity.Core.Objects.ObjectQuery`1.GetResults(System.String (error) = Internal Error in IntelliTrace)    
mscorlib.dll!Get System.Lazy`1.Value()    
mscorlib.dll!System.Collections.Generic.List`1..ctor(System.Collections.Generic.IEnumerable collection = {unknown})    
System.Core.dll!System.Linq.Enumerable.ToList(System.Collections.Generic.IEnumerable source = {unknown})    
Newtonsoft.Json.dll!Newtonsoft.Json.Serialization.JsonArrayContract.CreateWrapper(object list = {unknown})    
Newtonsoft.Json.dll!Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeValue(Newtonsoft.Json.JsonWriter writer = {unknown}, object value = {unknown}, Newtonsoft.Json.Serialization.JsonContract valueContract = {unknown}, Newtonsoft.Json.Serialization.JsonProperty member = {unknown}, Newtonsoft.Json.Serialization.JsonContainerContract containerContract = {unknown}, Newtonsoft.Json.Serialization.JsonProperty containerProperty = {unknown})    
Newtonsoft.Json.dll!Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(Newtonsoft.Json.JsonWriter jsonWriter = {unknown}, object value = {unknown})    
Newtonsoft.Json.dll!Newtonsoft.Json.JsonSerializer.SerializeInternal(Newtonsoft.Json.JsonWriter jsonWriter = {unknown}, object value = {unknown})    
Newtonsoft.Json.dll!Newtonsoft.Json.JsonSerializer.Serialize(Newtonsoft.Json.JsonWriter jsonWriter = {unknown}, object value = {unknown})    
System.Net.Http.Formatting.dll!System.Threading.Tasks.TaskHelpers.RunSynchronously(System.Action action = {unknown}, System.Threading.CancellationToken token = {unknown})    
System.Net.Http.Formatting.dll!System.Net.Http.Formatting.JsonMediaTypeFormatter.WriteToStreamAsync(System.Type type = {unknown}, object value = {unknown}, System.IO.Stream writeStream = {unknown}, System.Net.Http.HttpContent content = {unknown}, System.Net.TransportContext transportContext = {unknown})    
System.Net.Http.Formatting.dll!System.Net.Http.ObjectContent.SerializeToStreamAsync(System.IO.Stream stream = {unknown}, System.Net.TransportContext context = {unknown})    
System.Net.Http.dll!System.Net.Http.HttpContent.CopyToAsync(System.IO.Stream stream = {unknown}, System.Net.TransportContext context = {unknown})    
System.Net.Http.dll!System.Net.Http.HttpContent.CopyToAsync(System.IO.Stream stream = {unknown})    
System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.WriteBufferedResponseContentAsync(System.Web.HttpContextBase httpContextBase = {unknown}, System.Net.Http.HttpContent responseContent = {unknown}, System.Net.Http.HttpRequestMessage request = {unknown})    
System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.WriteResponseContentAsync(System.Web.HttpContextBase httpContextBase = {unknown}, System.Net.Http.HttpResponseMessage response = {unknown}, System.Net.Http.HttpRequestMessage request = {unknown})    
System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.ConvertResponse(System.Web.HttpContextBase httpContextBase = {unknown}, System.Net.Http.HttpResponseMessage response = {unknown}, System.Net.Http.HttpRequestMessage request = {unknown})    
System.Web.Http.WebHost.dll!<>c__DisplayClass3.AnonymousMethod(System.Net.Http.HttpResponseMessage response = {unknown})    
System.Web.Http.WebHost.dll!<>c__DisplayClass3e`1.AnonymousMethod(System.Threading.Tasks.Task t = {unknown})    
System.Web.Http.WebHost.dll!System.Threading.Tasks.TaskHelpersExtensions.ThenImpl(TTask task = {unknown}, System.Func continuation = {unknown}, System.Threading.CancellationToken cancellationToken = {unknown}, bool runSynchronously = {unknown})    
System.Web.Http.WebHost.dll!System.Threading.Tasks.TaskHelpersExtensions.Then(System.Threading.Tasks.Task task = {unknown}, System.Func continuation = {unknown}, System.Threading.CancellationToken token = {unknown}, bool runSynchronously = {unknown})    
System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.BeginProcessRequest(System.Web.HttpContextBase httpContextBase = {unknown}, System.AsyncCallback callback = {unknown}, object state = {unknown})    
System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(System.Web.HttpContext httpContext = {unknown}, System.AsyncCallback callback = {unknown}, object state = {unknown})    
System.Web.dll!System.Web.HttpApplication.ExecuteStep(IExecutionStep step = {unknown}, ref bool completedSynchronously = {unknown})    
System.Web.dll!PipelineStepManager.ResumeSteps(System.Exception error = {unknown})    
System.Web.dll!System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext context = {unknown}, System.AsyncCallback cb = {unknown})    
System.Web.dll!System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest wr = {unknown}, System.Web.HttpContext context = {unknown})    
System.Web.dll!System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(System.IntPtr rootedObjectsPointer = {unknown}, System.IntPtr nativeRequestContext = {unknown}, System.IntPtr moduleData = {unknown}, int flags = {unknown})    
System.Web.dll!System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(System.IntPtr rootedObjectsPointer = {unknown}, System.IntPtr nativeRequestContext = {unknown}, System.IntPtr moduleData = {unknown}, int flags = {unknown})    
System.Web.dll!System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(System.IntPtr rootedObjectsPointer = {unknown}, System.IntPtr nativeRequestContext = {unknown}, System.IntPtr moduleData = {unknown}, int flags = {unknown})    
System.Web.dll!System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(System.IntPtr rootedObjectsPointer = {unknown}, System.IntPtr nativeRequestContext = {unknown}, System.IntPtr moduleData = {unknown}, int flags = {unknown})

Okay, it's got to be in there somewhere. But looking for it seems like hard work. On to Option 2!

Option 2: Use IntelliTrace

If you've got Visual Studio Ultimate, this is one of those times you can enjoy your Ultimate Elite Preferred Coder status. View IntelliTrace Events using either Debug / IntelliTrace Events / View IntelliTrace Events or using keyboard shortcuts:

  • CTRL+ALT+Y, F <- Nice that there's a shortcut, but you're not going to remember this
  • CTRL+Q (Quick Launch) +  type "intellitrace events"  + hit Enter

Then scroll down the events list to see the ADO.NET calls and click on one that looks promising:


Just to show the end result, here's the JSON result in the browser tools with the executed SQL query below:

ASP.NET Web API - OData Filtering

That query in text is:

[Extent1].[AlbumId] AS [AlbumId], 
[Extent1].[GenreId] AS [GenreId], 
[Extent1].[ArtistId] AS [ArtistId], 
[Extent1].[Title] AS [Title], 
[Extent1].[Price] AS [Price], 
[Extent1].[AlbumArtUrl] AS [AlbumArtUrl], 
[Extent2].[GenreId] AS [GenreId1], 
[Extent2].[Name] AS [Name], 
[Extent2].[Description] AS [Description], 
[Extent3].[ArtistId] AS [ArtistId1], 
[Extent3].[Name] AS [Name1] 
FROM   [dbo].[Albums] AS [Extent1] 
INNER JOIN [dbo].[Genres] AS [Extent2] ON [Extent1].[GenreId] = [Extent2].[GenreId] 
INNER JOIN [dbo].[Artists] AS [Extent3] ON [Extent1].[ArtistId] = [Extent3].[ArtistId] 
WHERE N'Kind of Blue' = [Extent1].[Title]

Final Answer: Yes

As long as your data provider supports deferred queries and you don't force evaluation by calling something like .ToList(), the query will not be evaluated until the OData filters are applied, and they'll be handled at the database level.

Announcing a Web Camps Winter World Tour starting December 2012

We have a great lineup of international Web Camps events scheduled for the next month. Come join us! Space for these events really is limited, so if you want to get in on them you need to sign up fast.

Web Camps: Free, one day events to show you how to make the most of the Microsoft web platform

Web Camps are an amazing opportunity to see how Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4 and Windows Azure fit together, and how you can put them to work today to solve real world problems, leveraging cutting edge web technologies.

ASP.NET today is about more than web pages

ASP.NET today is also about services running on ASP.NET Web API in the cloud, powering your Windows 8 applications, applications for Office, social website integration and more. ASP.NET on Windows Azure can be the hub that ties your development strategy together. This day's content is designed to show you how you can use the Microsoft web platform to rule - well, of course the web - but also the rest of the universe.

Play along! Learn, build and deploy working apps throughout the day!

Everyone knows that you learn best when you're doing, not just watching. And a website isn't done until it's deployed, right? So we'll be taking advantage of the free offerings from Windows Azure Web Sites to build and deploy working applications throughout the day, and we'll show you how you can, too, as you  follow along with us as we build and deploy multiple ASP.NET solutions to Windows Azure Web Sites throughout the day.

December Tour

Location Date Notes
Vancouver, Canada 4-Dec-12 With Brady Gaster and Xinyang Qiu and me. This one will be live streamed, and there's still a little more room at the event, too! Info here.
Stockholm, Sweden 10-Dec-12 With Nathen Totten and Mads Kristensen
Hong Kong 12-Dec-12 With Haishi Bai and Wenming Ye
Copenhagen, Denmark 12-Dec-12 With Nathen Totten and Mads Kristensen
Bangkok, Thailand 14-Dec-12 Me! Hopefully a special guest, too.
Singapore 17-Dec-12 Also me! Also maybe a special guest.

Details and registration links are on the DevCamps site:

In the works (location and speaker TBD)

  • 1/28 - India
  • 1/30 - India
  • 2/18 - Germany
  • 2/20 - Russia

Want one in your area? Tell your local Microsoft developer evangelist folks!

Fresh Web content!

We are updating the Web Camps content to focus on putting the latest web platform releases to use. We will start the day with a look at the key building blocks (Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC and ASP.NET Web API) - including a look at the ASP.NET Fall 2012 Update announced at //build/. Then we will put them to work in a number of short targeted sessions focused on some key web application scenarios:

  • Keynote: The ASP.NET Web Platform in Context
  • What’s new in ASP.NET 4.5
  • Building and deploying websites with ASP.NET MVC 4
  • Creating HTML5 Applications with jQuery
  • Building a service layer with ASP.NET Web API
  • Leveraging your ASP.NET development skills to build apps for Office
  • Building and leveraging social web apps in ASP.NET
  • Building for the mobile web
  • Real-time communications with SignalR
  • Using Cloud Application Services

The full agenda is available here:   All of the slides, demos, and hands-on labs will be available for download at quite soon.

Ten - oh, wait, eleven - Eleven things you should know about the ASP.NET Fall 2012 Update

Today, just a little over two months after the big ASP.NET 4.5 / ASP.NET MVC 4 / ASP.NET Web API / Visual Studio 2012 / Web Matrix 2 release, the first preview of the ASP.NET Fall 2012 Update is out. Here's what you need to know:

  1. There are no new framework bits in this release - there's no change or update to ASP.NET Core, ASP.NET MVC or Web Forms features. This means that you can start using it without any updates to your server, upgrade concerns, etc.
  2. This update is really an update to the project templates and Visual Studio tooling, conceptually similar to the ASP.NET MVC 3 Tools Update.
  3. It's a relatively lightweight install. It's a 41MB download. I've installed it many times and usually takes 5-7 minutes; it's never required a reboot. You can download it here.
  4. It adds some new project templates to ASP.NET MVC: Facebook Application and Single Page Application templates.
  5. It adds a lot of cool enhancements to ASP.NET Web API.
  6. It adds some tooling that makes it easy to take advantage of features like SignalR, Friendly URLs, and Windows Azure Authentication.
  7. Most of the new features are installed via NuGet packages - some from Microsoft, a few from the community.
  8. Since ASP.NET is open source, nightly NuGet packages are available, and the roadmap is published, most of this has really been publicly available for a while.
  9. The official name of this drop is the ASP.NET Fall 2012 Update BUILD Prerelease. Please do not attempt to say that ten times fast. While the EULA doesn't prohibit it, it WILL legally change your first name to Scott.
  10. As with all new releases, you can find out everything you need to know about the Fall Update at (especially the release notes!)
  11. I'm going to be showing all of this off, assisted by special guest code monkey Scott Hanselman, this Friday at BUILD: Bleeding edge ASP.NET: See what is next for MVC, Web API, SignalR and more… (and I've heard it will be livestreamed).

Let's look at some of those things in more detail.

No new bits

ASP.NET 4.5, MVC 4 and Web API have a lot of great core features. I see the goal of this update release as making it easier to put those features to use to solve some useful scenarios by taking advantage of NuGet packages and template code.

If you create a new ASP.NET MVC application using one of the new templates, you'll see that it's using the ASP.NET MVC 4 RTM NuGet package (4.0.20710.0):

This means you can install and use the Fall Update without any impact on your existing projects and no worries about upgrading or compatibility.

New Facebook Application Template

ASP.NET MVC 4 (and ASP.NET 4.5 Web Forms) included the ability to authenticate your users via OAuth and OpenID, so you could let users log in to your site using a Facebook account. One of the new changes in the Fall Update is a new template that makes it really easy to create full Facebook applications.

You could create Facebook application in ASP.NET already, you'd just need to go through a few steps:

  1. Search around to find a good Facebook NuGet package, like the Facebook C# SDK (written by my friend Nathan Totten and some other Facebook SDK brainiacs).
  2. Read the Facebook developer documentation to figure out how to authenticate and integrate with them.
  3. Write some code, debug it and repeat until you got something working.
  4. Get started with the application you'd originally wanted to write.

What this template does for you: eliminate steps 1-3.

Erik Porter, Nathan and some other experts built out the Facebook Application template so it automatically pulls in and configures the Facebook NuGet package and makes it really easy to take advantage of it in an ASP.NET MVC application.

One great example is the the way you access a Facebook user's information. Take a look at the following code in a File / New / MVC / Facebook Application site. First, the Home Controller Index action:

[FacebookAuthorize(Permissions = "email")]
public ActionResult Index(MyAppUser user, FacebookObjectList<MyAppUserFriend> userFriends)
    ViewBag.Message = "Modify this template to jump-start your Facebook application using ASP.NET MVC.";

    ViewBag.User = user;
    ViewBag.Friends = userFriends.Take(5);

    return View();

First, notice that there's a FacebookAuthorize attribute which requires the user is authenticated via Facebook and requires permissions to access their e-mail address. It binds to two things: a custom MyAppUser object and a list of friends. Let's look at the MyAppUser code:

using Microsoft.AspNet.Mvc.Facebook.Attributes;
using Microsoft.AspNet.Mvc.Facebook.Models;

// Add any fields you want to be saved for each user and specify the field name in the JSON coming back from Facebook

namespace MvcApplication3.Models
    public class MyAppUser : FacebookUser
        public string Name { get; set; }

        [FacebookField(FieldName = "picture", JsonField = "")]
        public string PictureUrl { get; set; }

        public string Email { get; set; }

You can add in other custom fields if you want, but you can also just bind to a FacebookUser and it will automatically pull in the available fields. You can even just bind directly to a FacebookUser and check for what's available in debug mode, which makes it really easy to explore.

For more information and some walkthroughs on creating Facebook applications, see:

Single Page Application template

Early releases of ASP.NET MVC 4 included a Single Page Application template, but it was removed for the official release. There was a lot of interest in it, but it was kind of complex, as it handled features for things like data management. The new Single Page Application template that ships with the Fall Update is more lightweight. It uses Knockout.js on the client and ASP.NET Web API on the server, and it includes a sample application that shows how they all work together.

I think the real benefit of this application is that it shows a good pattern for using ASP.NET Web API and Knockout.js. For instance, it's easy to end up with a mess of JavaScript when you're building out a client-side application. This template uses three separate JavaScript files (delivered via a Bundle, of course):

  • todoList.js - this is where the main client-side logic lives
  • todoList.dataAccess.js - this defines how the client-side application interacts with the back-end services
  • todoList.bindings.js - this is where you set up events and overrides for the Knockout bindings - for instance, hooking up jQuery validation and defining some client-side events

This is a fun one to play with, because you can just create a new Single Page Application and hit F5.

Quick, easy install (with one gotcha)

One of the cool engineering changes for this release is a big update to the installer to make it more lightweight and efficient. I've been running nightly builds of this for a few weeks to prep for my BUILD demos, and the install has been really quick and easy to use. The install takes about 5 minutes, has never required a reboot for me, and the uninstall is just as simple.

There's one gotcha, though. In this preview release, you may hit an issue that will require you to uninstall and re-install the NuGet VSIX package. The problem comes up when you create a new MVC application and see this dialog:

The solution, as explained in the release notes, is to uninstall and re-install the NuGet VSIX package:

  1. Start Visual Studio 2012 as an Administrator
  2. Go to Tools->Extensions and Updates and uninstall NuGet.
  3. Close Visual Studio
  4. Navigate to the ASP.NET Fall 2012 Update installation folder:
    1. For Visual Studio 2012: Program Files\Microsoft ASP.NET\ASP.NET Web Stack\Visual Studio 2012
    2. For Visual Studio 2012 Express for Web: Program Files\Microsoft ASP.NET\ASP.NET Web Stack\Visual Studio Express 2012 for Web
  5. Double click on the NuGet.Tools.vsix to reinstall NuGet

This took me under a minute to do, and I was up and running.

ASP.NET Web API Update Extravaganza!

Uh, the Web API team is out of hand. They added a ton of new stuff: OData support, Tracing, and API Help Page generation.

OData support

Some people like OData. Some people start twitching when you mention it. If you're in the first group, this is for you. You can add a [Queryable] attribute to an API that returns an IQueryable<Whatever> and you get OData query support from your clients. Then, without any extra changes to your client or server code, your clients can send filters like this: /Suppliers?$filter=Name eq ‘Microsoft’

For more information about OData support in ASP.NET Web API, see Alex James' mega-post about it: OData support in ASP.NET Web API

ASP.NET Web API Tracing

Tracing makes it really easy to leverage the .NET Tracing system from within your ASP.NET Web API's. If you look at the \App_Start\WebApiConfig.cs file in new ASP.NET Web API project, you'll see a call to TraceConfig.Register(config). That calls into some code in the new \App_Start\TraceConfig.cs file:

public static void Register(HttpConfiguration configuration)
    if (configuration == null)
        throw new ArgumentNullException("configuration");

    SystemDiagnosticsTraceWriter traceWriter =
        new SystemDiagnosticsTraceWriter()
            MinimumLevel = TraceLevel.Info,
            IsVerbose = false

    configuration.Services.Replace(typeof(ITraceWriter), traceWriter);

As you can see, this is using the standard trace system, so you can extend it to any other trace listeners you'd like. To see how it works with the built in diagnostics trace writer, just run the application call some API's, and look at the Visual Studio Output window:

iisexpress.exe Information: 0 : Request, Method=GET, Url=http://localhost:11147/api/Values, Message='http://localhost:11147/api/Values'
iisexpress.exe Information: 0 : Message='Values', Operation=DefaultHttpControllerSelector.SelectController
iisexpress.exe Information: 0 : Message='WebAPI.Controllers.ValuesController', Operation=DefaultHttpControllerActivator.Create
iisexpress.exe Information: 0 : Message='WebAPI.Controllers.ValuesController', Operation=HttpControllerDescriptor.CreateController
iisexpress.exe Information: 0 : Message='Selected action 'Get()'', Operation=ApiControllerActionSelector.SelectAction
iisexpress.exe Information: 0 : Operation=HttpActionBinding.ExecuteBindingAsync
iisexpress.exe Information: 0 : Operation=QueryableAttribute.ActionExecuting
iisexpress.exe Information: 0 : Message='Action returned 'System.String[]'', Operation=ReflectedHttpActionDescriptor.ExecuteAsync
iisexpress.exe Information: 0 : Message='Will use same 'JsonMediaTypeFormatter' formatter', Operation=JsonMediaTypeFormatter.GetPerRequestFormatterInstance
iisexpress.exe Information: 0 : Message='Selected formatter='JsonMediaTypeFormatter', content-type='application/json; charset=utf-8'', Operation=DefaultContentNegotiator.Negotiate
iisexpress.exe Information: 0 : Operation=ApiControllerActionInvoker.InvokeActionAsync, Status=200 (OK)
iisexpress.exe Information: 0 : Operation=QueryableAttribute.ActionExecuted, Status=200 (OK)
iisexpress.exe Information: 0 : Operation=ValuesController.ExecuteAsync, Status=200 (OK)
iisexpress.exe Information: 0 : Response, Status=200 (OK), Method=GET, Url=http://localhost:11147/api/Values, Message='Content-type='application/json; charset=utf-8', content-length=unknown'
iisexpress.exe Information: 0 : Operation=JsonMediaTypeFormatter.WriteToStreamAsync
iisexpress.exe Information: 0 : Operation=ValuesController.Dispose

API Help Page

When you create a new ASP.NET Web API project, you'll see an API link in the header:

Clicking the API link shows generated help documentation for your ASP.NET Web API controllers:

And clicking on any of those APIs shows specific information:

What's great is that this information is dynamically generated, so if you add your own new APIs it will automatically show useful and up to date help. This system is also completely extensible, so you can generate documentation in other formats or customize the HTML help as much as you'd like. The Help generation code is all included in an ASP.NET MVC Area:


SignalR is a really slick open source project that was started by some ASP.NET team members in their spare time to add real-time communications capabilities to ASP.NET - and .NET applications in general. It allows you to handle long running communications channels between your server and multiple connected clients using the best communications channel they can both support - websockets if available, falling back all the way to old technologies like long polling if necessary for old browsers.

SignalR remains an open source project, but now it's being included in ASP.NET (also open source, hooray!). That means there's real, official ASP.NET engineering work being put into SignalR, and it's even easier to use in an ASP.NET application. Now in any ASP.NET project type, you can right-click / Add / New Item... SignalR Hub or Persistent Connection.

And much more...

There's quite a bit more. You can find more info at, and we'll be adding more content as fast as we can. Watch my BUILD talk to see as I demonstrate these and other features in the ASP.NET Fall 2012 Update, as well as some other even futurey-er stuff!

Professional ASP.NET MVC 4 is out!

Look what showed up yesterday!

Note: These bobsledders on the cover may look familiar, but they have in fact been upgraded to ASP.NET MVC 4.

Up on Amazon

Professional ASP.NET MVC 4 is available on Amazon, both in paperback and Kindle format. At least in the US, I hear they're shipping these out really fast.

E-Book Versions

There are two E-book options, both with some nice features.

The Kindle version is in color and allows you to do all the standard Kindle font size / background / layout tweaking. I think they turned out pretty nice:



The other option is to get the e-book versions from Wrox. Those aren't in color, but they're available in three formats (PDF, Mobi, and ePub) and they're DRM free. I don't think they're available yet, but should be up in early October.

What's New

For this book, we focused on a few main things:

  • Updates for ASP.NET MVC 4 and Visual Studio 2012
  • More professional / advanced / real-world content
  • Better flow for people who are new to ASP.NET MVC - or are experienced with it
  • Responding to feedback and reviews


Obviously, we updated the content, code and screenshots for ASP.NET MVC 4 and Visual Studio 2012. Some of the implications of the updates aren't immediately obvious, though - for instance, I felt that the security chapter should consider the implications of OAuth and OpenID authentication.

Professional / Advanced / Real World Content

One bit of feedback we heard from the previous book was that it didn't have enough "real world" content. That can be kind of tricky, but it's a fair criticism. For this version of the book, we focused on two areas for that. First, we reviewed the content so that the content would flow a bit better for different skill levels - more on that next. Secondly , Phil wrote a new chapter at the very end of the book that explains how he and other ASP.NET MVC pros built and maintain the NuGet Gallery site at He covers things like exception logging, profiling, data access, migration and membership.

Better Flow

I had some beginning developers tell me that the book started throwing advanced concepts at them too early, while some advanced developers told me the book seemed too basic. After talking to people in more depth, this was really the same problem - the book's flow needed to improve. We worked to make the book build more evenly, so it starts easier at the beginning and adds in more advanced content later. While this benefits the beginner, it also lets advanced developers skip over the simple stuff and jump into meaty chapters later in the book without interruptions to teach them the basics.

It's not exact, but in general Chapters 1-6 cover the basics and Chapters 7-16 cover intermediate and advanced content. So as an advanced developer, I'd recommend reading Chapter 1 to get the overview of what's new in ASP.NET MVC 4, then skimming chapters 2-6 (controllers, models, views, Ajax, and data annotations) and reading more thoroughly starting with Chapter 7 on Security.  One example of that is Chapter 3 on Views - it now focuses more on the beginner level stuff you need to know, and the advanced view information (like custom view engines) is covered in the Views section of the Advanced Topics chapter.

The table of contents is available as a PDF, take a look and see how we did.

Responding to feedback and reviews

We do take reviews - both positive and negative - seriously. We read through comments from the previous book and did our best to keep making the book better.


ASP.NET Web API is a big subject, and really an entire book could easily be written on it. However, since it ships with ASP.NET MVC 4 and is so useful in ASP.NET MVC applications, we felt like it would be good to have a one chapter overview. Brad wrote a great overview that explains not just what ASP.NET Web API is, but how it fits in with ASP.NET MVC.

What's Not New

Same amazing author team, same way to get the sample code (NuGet), same technical editor, same bobsledders. Oh, but the bobsledders have been upgraded, remember.

And speaking of our technical editor, I want to call out what an amazing job Eilon Lipton does on this book. In additional to top notch technical feedback, he also regularly points out bigger issues in structure and content. He regularly recommends that we cover content or features we'd left out, or that we stop recommending something that's not a good idea, or just tells us that a part of a chapter is boring or hard to follow. The book wouldn't be what it is without his invaluable input.

The whole team at Wrox has been great, too. It's both humbling and incredibly rewarding to work with a sharp editorial team, and this was another great experience.

But I already have a previous edition!

Weren't you listening? There's tons of new content. This book is about ASP.NET MVC 4 and ASP.NET Web API, what's your old book about?

Look, you can still use your old copies of the book for other things. For instance, the whole bobsled book family makes a great play set... and the holidays are coming soon...

Oh, and also Amazon's got it incredibly cheap now, so there's that. So go get it!

Guest (and occasional co-host) on Jesse Liberty's Yet Another Podcast

I was a recent guest on Jesse Liberty's Yet Another Podcast talking about the latest Visual Studio, ASP.NET and Azure releases.

Download / Listen:

Yet Another Podcast #75–Jon Galloway on ASP.NET/ MVC/ Azure

Co-hosted shows:

Jesse's been inviting me to co-host shows and I told him I'd show up when I was available. It's a nice change to be a drive-by co-host on a show (compared with the work that goes into organizing / editing / typing show notes for Herding Code shows). My main focus is on Herding Code, but it's nice to pop in and talk to Jesse's excellent guests when it works out. Some shows I've co-hosted over the past year:

Yet Another Podcast #76–Glenn Block on Node.js & Technology in China

Yet Another Podcast  #73 - Adam Kinney on developing for Windows 8 with HTML5

Yet Another Podcast #64 - John Papa & Javascript

Yet Another Podcast #60 - Steve Sanderson and John Papa on Knockout.js

Yet Another Podcast #54–Damian Edwards on ASP.NET

Yet Another Podcast #53–Scott Hanselman on Blogging

Yet Another Podcast #52–Peter Torr on Windows Phone Multitasking

Yet Another Podcast #51–Shawn Wildermuth: //build, Xaml Programming & Beyond

And some more on the way that haven't been released yet. Some of these I'm pretty quiet, on others I get wacky and hassle the guests because, hey, not my podcast so not my problem.

Show notes from the ASP.NET / MVC / Azure show:

  • What was just released
    • Visual Studio 2012 Web Developer features
    • ASP.NET 4.5 Web Forms
      • Strongly Typed data controls
      • Data access via command methods
      • Similar Binding syntax to ASP.NET MVC
      • Some context: Damian Edwards and WebFormsMVP
      • Two questions from Jesse:
        • Q: Are you making this harder or more complicated for Web Forms developers?
          • Short answer: Nothing's removed, it's just a new option
          • History of SqlDataSource, ObjectDataSource
        • Q: If I'm using some MVC patterns, why not just move to MVC?
          • Short answer: This works really well in hybrid applications, doesn't require a rewrite
          • Allows sharing models, validation, other code between Web Forms and MVC
      • Adaptive Rendering (oh, also, this is in Web Forms 4.5 as well)
      • Display Modes
      • Mobile project template using jQuery Mobile
      • OAuth login to allow Twitter, Google, Facebook, etc. login
    • Jon (and friends') MVC 4 book on the way: Professional ASP.NET MVC 4
    • Windows 8 development
      • Jesse and Jon announce they're working on a new book: Pro Windows 8 Development with XAML and C#
      • Jon and Jesse agree that it's nice to be able to write Windows 8 applications using the same skills they picked up for Silverlight, WPF, and Windows Phone development.
    • Compare / contrast ASP.NET MVC and Windows 8 development
      • Q: Does ASP.NET and HTML5 development overlap?
        • Jon thinks they overlap in the MVC world because you're writing HTML views without controls
        • Jon describes how his web development career moved from a preoccupation with server code to a focus on user interaction, which occurs in the browser
        • Jon mentions his NDC Oslo presentation on Learning To Love HTML as Beautiful Code
      • Q: How do you apply C# / XAML or HTML5 skills to Windows 8 development?
      • Q: If I'm a XAML programmer, what's the learning curve on getting up to speed on ASP.NET MVC?
        • Jon describes the difference in application lifecycle and state management
        • Jon says it's nice that web development is really interactive compared to application development
      • Q: Can you learn MVC by reading a book? Or is it a lot bigger than that?
    • What is Azure, and why would I use it?
      • Jon describes the traditional Azure platform mode and how Azure Web Sites fits in
      • Q: Why wouldn't Jesse host his blog on Azure Web Sites?
        • Domain names on Azure Web Sites
        • File hosting options
      • Q: Is Azure just another host? How is it different from any of the other shared hosting options?
        • A: Azure gives you the ability to scale up or down whenever you want
        • A: Other services are available if or when you want them
Posted by Jon Galloway | 4 comment(s)
Filed under: , ,

SimpleMembership, Membership Providers, Universal Providers and the new ASP.NET 4.5 Web Forms and ASP.NET MVC 4 templates

The ASP.NET MVC 4 Internet template adds some new, very useful features which are built on top of SimpleMembership. These changes add some great features, like a much simpler and extensible membership API and support for OAuth. However, the new account management features require SimpleMembership and won't work against existing ASP.NET Membership Providers. I'll start with a summary of top things you need to know, then dig into a lot more detail.


  • SimpleMembership has been designed as a replacement for the previous ASP.NET Role and Membership provider system
  • SimpleMembership solves common problems developers ran into with the Membership provider system and was designed for modern user / membership / storage needs
  • SimpleMembership integrates with the previous membership system, but you can't use a MembershipProvider with SimpleMembership
  • The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProviders
  • You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 - just not with the ASP.NET MVC 4 AccountController
  • The existing ASP.NET Role and Membership provider system remains supported, as it is part of the ASP.NET core
  • ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership
  • The ASP.NET Web Site Administration Tool (WSAT) is not compatible with SimpleMembership

The following is the result of a few conversations with Erik Porter (PM for ASP.NET MVC) to make sure I had some the overall details straight, combined with a lot of time digging around in ILSpy and Visual Studio's assembly browsing tools.

SimpleMembership: The future of membership for ASP.NET

The ASP.NET Membership system was introduced with ASP.NET 2.0 back in 2005. It was designed to solve common site membership requirements at the time, which generally involved username / password based registration and profile storage in SQL Server. It was designed with a few extensibility mechanisms - notably a provider system (which allowed you override some specifics like backing storage) and the ability to store additional profile information (although the additional  profile information was packed into a single column which usually required access through the API). While it's sometimes frustrating to work with, it's held up for seven years - probably since it handles the main use case (username / password based membership in a SQL Server database) smoothly and can be adapted to most other needs (again, often frustrating, but it can work).

The ASP.NET Web Pages and WebMatrix efforts allowed the team an opportunity to take a new look at a lot of things - e.g. the Razor syntax started with ASP.NET Web Pages, not ASP.NET MVC. The ASP.NET Web Pages team designed SimpleMembership to (wait for it) simplify the task of dealing with membership. As Matthew Osborn said in his post Using SimpleMembership With ASP.NET WebPages:

With the introduction of ASP.NET WebPages and the WebMatrix stack our team has really be focusing on making things simpler for the developer. Based on a lot of customer feedback one of the areas that we wanted to improve was the built in security in ASP.NET. So with this release we took that time to create a new built in (and default for ASP.NET WebPages) security provider. I say provider because the new stuff is still built on the existing ASP.NET framework. So what do we call this new hotness that we have created? Well, none other than SimpleMembership. SimpleMembership is an umbrella term for both SimpleMembership and SimpleRoles.

Part of simplifying membership involved fixing some common problems with ASP.NET Membership.

Problems with ASP.NET Membership

ASP.NET Membership was very obviously designed around a set of assumptions:

  • Users and user information would most likely be stored in a full SQL Server database or in Active Directory
  • User and profile information would be optimized around a set of common attributes (UserName, Password, IsApproved, CreationDate, Comment, Role membership...) and other user profile information would be accessed through a profile provider

Some problems fall out of these assumptions.

Requires Full SQL Server for default cases

The default, and most fully featured providers ASP.NET Membership providers (SQL Membership Provider, SQL Role Provider, SQL Profile Provider) require full SQL Server. They depend on stored procedure support, and they rely on SQL Server cache dependencies, they depend on agents for clean up and maintenance. So the main SQL Server based providers don't work well on SQL Server CE, won't work out of the box on SQL Azure, etc.

Note: Cory Fowler recently let me know about these Updated scripts for use with Microsoft SQL Azure which do support membership, personalization, profile, and roles. But the fact that we need a support page with a set of separate SQL scripts underscores the underlying problem.

Aha, you say! Jon's forgetting the Universal Providers, a.k.a. System.Web.Providers! Hold on a bit, we'll get to those...

Custom Membership Providers have to work with a SQL-Server-centric API

If you want to work with another database or other membership storage system, you need to to inherit from the provider base classes and override a bunch of methods which are tightly focused on storing a MembershipUser in a relational database. It can be done (and you can often find pretty good ones that have already been written), but it's a good amount of work and often leaves you with ugly code that has a bunch of System.NotImplementedException fun since there are a lot of methods that just don't apply.

Designed around a specific view of users, roles and profiles

The existing providers are focused on traditional membership - a user has a username and a password, some specific roles on the site (e.g. administrator, premium user), and may have some additional "nice to have" optional information that can be accessed via an API in your application.

This doesn't fit well with some modern usage patterns:

  • In OAuth and OpenID, the user doesn't have a password
  • Often these kinds of scenarios map better to user claims or rights instead of monolithic user roles
  • For many sites, profile or other non-traditional information is very important and needs to come from somewhere other than an API call that maps to a database blob

What would work a lot better here is a system in which you were able to define your users, rights, and other attributes however you wanted and the membership system worked with your model - not the other way around.

Requires specific schema, overflow in blob columns

I've already mentioned this a few times, but it bears calling out separately - ASP.NET Membership focuses on SQL Server storage, and that storage is based on a very specific database schema.


Update: This schema has been improved a lot with Universal Providers. The views and stored procedures have been removed, and the tables are simplified.


Still, the main issues are unchanged: you're not in control of the schema, and any profile data is stored in property value blobs in the Profiles table:


SimpleMembership as a better membership system

As you might have guessed, SimpleMembership was designed to address the above problems.

Works with your Schema

As Matthew Osborn explains in his Using SimpleMembership With ASP.NET WebPages post, SimpleMembership is designed to integrate with your database schema:

All SimpleMembership requires is that there are two columns on your users table so that we can hook up to it – an “ID” column and a “username” column. The important part here is that they can be named whatever you want. For instance username doesn't have to be an alias it could be an email column you just have to tell SimpleMembership to treat that as the “username” used to log in.

Matthew's example shows using a very simple user table named Users (it could be named anything) with a UserID and Username column, then a bunch of other columns he wanted in his app.


Then we point SimpleMemberhip at that table with a one-liner:

WebSecurity.InitializeDatabaseFile("SecurityDemo.sdf", "Users", "UserID", "Username", true);

No other tables are needed, the table can be named anything we want, and can have pretty much any schema we want as long as we've got an ID and something that we can map to a username.

Broaden database support to the whole SQL Server family

While SimpleMembership is not database agnostic, it works across the SQL Server family. It continues to support full SQL Server, but it also works with SQL Azure, SQL Server CE, SQL Server Express, and LocalDB. Everything's implemented as SQL calls rather than requiring stored procedures, views, agents, and change notifications.

Note that SimpleMembership still requires some flavor of SQL Server - it won't work with MySQL, NoSQL databases, etc. You can take a look at the code in WebMatrix.WebData.dll using a tool like ILSpy if you'd like to see why - there are places where SQL Server specific SQL statements are being executed, especially when creating and initializing tables. It seems like you might be able to work with another database if you created the tables separately, but I haven't tried it and it's not supported at this point.

Note: I'm thinking it would be possible for SimpleMembership (or something compatible) to run Entity Framework so it would work with any database EF supports. That seems useful to me - thoughts?

Note: SimpleMembership has the same database support - anything in the SQL Server family - that Universal Providers brings to the ASP.NET Membership system.

UPDATE: Newer updates of Universal Providers - I believe starting with the 1.2 release on 8/16 - are now really database agnostic, so they'll work on any database that has an Entity Framework provider.

Easy to with Entity Framework Code First

The problem with with ASP.NET Membership's system for storing additional account information is that it's the gate keeper. That means you're stuck with its schema and accessing profile information through its API.

SimpleMembership flips that around by allowing you to use any table as a user store. That means you're in control of the user profile information, and you can access it however you'd like - it's just data. Let's look at a practical based on the AccountModel.cs class in an ASP.NET MVC 4 Internet project. Here I'm adding a Birthday property to the UserProfile class.

public class UserProfile
    public int      UserId { get; set; }
    public string   UserName { get; set; }
    public DateTime Birthday { get; set; }

Now if I want to access that information, I can just grab the account by username and read the value.

var context = new UsersContext();
var username = User.Identity.Name;
var user = context.UserProfiles.SingleOrDefault(u => u.UserName == username);
var birthday = user.Birthday;

So instead of thinking of SimpleMembership as a big membership API, think of it as something that handles membership based on your user database. In SimpleMembership, everything's keyed off a user row in a table you define rather than a bunch of entries in membership tables that were out of your control.

How SimpleMembership integrates with ASP.NET Membership

Okay, enough sales pitch (and hopefully background) on why things have changed. How does this affect you? Let's start with a diagram to show the relationship (note: I've simplified by removing a few classes to show the important relationships):


So SimpleMembershipProvider is an implementaiton of an ExtendedMembershipProvider, which inherits from MembershipProvider and adds some other account / OAuth related things. Here's what ExtendedMembershipProvider adds to MembershipProvider:


The important thing to take away here is that a SimpleMembershipProvider is a MembershipProvider, but a MembershipProvider is not a SimpleMembershipProvider.

This distinction is important in practice: you cannot use an existing MembershipProvider (including the Universal Providers found in System.Web.Providers) with an API that requires a SimpleMembershipProvider, including any of the calls in WebMatrix.WebData.WebSecurity or Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.

However, that's as far as it goes. Membership Providers still work if you're accessing them through the standard Membership API, and all of the core stuff  - including the AuthorizeAttribute, role enforcement, etc. - will work just fine and without any change.

Let's look at how that affects you in terms of the new templates.

Membership in the ASP.NET MVC 4 project templates

ASP.NET MVC 4 offers six Project Templates:

  • Empty - Really empty, just the assemblies, folder structure and a tiny bit of basic configuration.
  • Basic - Like Empty, but with a bit of UI preconfigured (css / images / bundling).
  • Internet - This has both a Home and Account controller and associated views. The Account Controller supports registration and login via either local accounts and via OAuth / OpenID providers.
  • Intranet - Like the Internet template, but it's preconfigured for Windows Authentication.
  • Mobile - This is preconfigured using jQuery Mobile and is intended for mobile-only sites.
  • Web API - This is preconfigured for a service backend built on ASP.NET Web API.


Out of these templates, only one (the Internet template) uses SimpleMembership.

ASP.NET MVC 4 Basic template

The Basic template has configuration in place to use ASP.NET Membership with the Universal Providers. You can see that configuration in the ASP.NET MVC 4 Basic template's web.config:

<profile defaultProvider="DefaultProfileProvider">
    <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
<membership defaultProvider="DefaultMembershipProvider">
    <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
<roleManager defaultProvider="DefaultRoleProvider">
    <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />

This means that it's business as usual for the Basic template as far as ASP.NET Membership works.

ASP.NET MVC 4 Internet template

The Internet template has a few things set up to bootstrap SimpleMembership:


  • \Models\AccountModels.cs defines a basic user account and includes data annotations to define keys and such
  • \Filters\InitializeSimpleMembershipAttribute.cs creates the membership database using the above model, then calls WebSecurity.InitializeDatabaseConnection which verifies that the underlying tables are in place and marks initialization as complete (for the application's lifetime)
  • \Controllers\AccountController.cs makes heavy use of OAuthWebSecurity (for OAuth account registration / login / management) and WebSecurity. WebSecurity provides account management services for ASP.NET MVC (and Web Pages)

WebSecurity can work with any ExtendedMembershipProvider. There's one in the box (SimpleMembershipProvider) but you can write your own. Since a standard MembershipProvider is not an ExtendedMembershipProvider, WebSecurity will throw exceptions if the default membership provider is a MembershipProvider rather than an ExtendedMembershipProvider.

Practical example:

  1. Create a new ASP.NET MVC 4 application using the Internet application template
  2. Install the Microsoft ASP.NET Universal Providers for LocalDB NuGet package
  3. Run the application, click on Register, add a username and password, and click submit

You'll get the following execption in AccountController.cs::Register: To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".


This occurs because the ASP.NET Universal Providers packages include a web.config transform that will update your web.config to add the Universal Provider configuration I showed in the Basic template example above. When WebSecurity tries to use the configured ASP.NET Membership Provider, it checks if it can be cast to an ExtendedMembershipProvider before doing anything else.

So, what do you do?


If you want to use the new AccountController, you'll either need to use the SimpleMembershipProvider or another valid ExtendedMembershipProvider. This is pretty straightforward.

If you want to use an existing ASP.NET Membership Provider in ASP.NET MVC 4, you can't use the new AccountController. You can do a few things:

  1. Replace  the AccountController.cs and AccountModels.cs in an ASP.NET MVC 4 Internet project with one from an ASP.NET MVC 3 application (you of course won't have OAuth support). Then, if you want, you can go through and remove other things that were built around SimpleMembership - the OAuth partial view, the NuGet packages (e.g. the DotNetOpenAuthAuth package, etc.)
  2. Use an ASP.NET MVC 4 Internet application template and add in a Universal Providers NuGet package. Then copy in the AccountController and AccountModel classes.
  3. Create an ASP.NET MVC 3 project and upgrade it to ASP.NET MVC 4 using the steps shown in the ASP.NET MVC 4 release notes.

None of these are particularly elegant or simple. Maybe we (or just me?) can do something to make this simpler - perhaps a NuGet package. However, this should be an edge case - hopefully the cases where you'd need to create a new ASP.NET but use legacy ASP.NET Membership Providers should be pretty rare. Please let me (or, preferably the team) know if that's an incorrect assumption.

Membership in the ASP.NET 4.5 project template

ASP.NET 4.5 Web Forms took a different approach which builds off ASP.NET Membership. Instead of using the WebMatrix security assemblies, Web Forms uses Microsoft.AspNet.Membership.OpenAuth assembly. I'm no expert on this, but from a bit of time in ILSpy and Visual Studio's (very pretty) dependency graphs, this uses a Membership Adapter to save OAuth data into an EF managed database while still running on top of ASP.NET Membership.


Note: There may be a way to use this in ASP.NET MVC 4, although it would probably take some plumbing work to hook it up.

How does this fit in with Universal Providers (System.Web.Providers)?

Just to summarize:

  • Universal Providers are intended for cases where you have an existing ASP.NET Membership Provider and you want to use it with another SQL Server database backend (other than SQL Server). It doesn't require agents to handle expired session cleanup and other background tasks, it piggybacks these tasks on other calls.
  • Universal Providers are not really, strictly speaking, universal - at least to my way of thinking. They only work with databases in the SQL Server family.
  • Universal Providers do not work with Simple Membership.
  • The Universal Providers packages include some web config transforms which you would normally want when you're using them.

What about the Web Site Administration Tool?

Visual Studio includes tooling to launch the Web Site Administration Tool (WSAT) to configure users and roles in your application.


WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there:

  1. Use the WebSecurity and OAuthWebSecurity API to manage the users and roles
  2. Create a web admin using the above APIs
  3. Since SimpleMembership runs on top of your database, you can update your users as you would any other data - via EF or even in direct database edits (in development, of course)


More Posts « Previous page - Next page »