This post walks through the steps I've taken to create simple Dynamic Data Web Application. I just loved the development model for DTO [Data Transfer Object] and Input Validation options.
Summary of steps
- Step 1 - Download and install ASP.NET Extensions.
- Step 2 - Create New Dynamic Data Web Application in VS2008
- Step 3 - Add "LINQ to SQL Classes" file to the project
- Step 4 - Test the project
- Step 5 - Create Model Class and add validation rules
Following are detailed explanations for each step.
Validation rules propagated to both client [for usability] and server [for security], this is how violation of input validation looks in it default view:
Focus on Security
I can create data driven web pages using GridView and DataSets. The drawback is that validation is not that straightforward. On other hand I can create custom collections and manually data bind it - the code is much nicer and cleaner and validation rules are easy to add but there is the need of writing extra code. In the case of Dynamic Data there is fantastic combination of design time productivity and also clean code where validation rules are applied directly to the model. Less room for mistake to introduce security vulnerability.
Focus on Performance
Ready to go templates that are generated with the default Dynamic Data projects already implement AJAX and paging. It reduces dramatically amount of data that round trips over the wire. Large HTML output - including ViewState - is one of the biggest performance vulnerabilities I've noticed recently. AJAX and paging is a great way to overcome this issue.
My related posts
- AJAX Security - Client Side Validation Is For Usability Only, Not For Security
- Typed DataSet - Potential Performance And Security Risk