Tuesday, November 17, 2015

Anemic data models (ADM) VS Rich Data Models (RDM) in C#

What are anemic data models?
What are Rich Data models ?
Anemic data model VS Technical concerns
3 big Complaints about Anemic model
Anemic model in disguise of IOC and DI
Conclusion
Further references and reading

What are anemic data models?

Anemic in English means plain so Anemic Models means plain Models.

Plain models are classes without business logic / behaviors. For example below is a simple “Customer” model which just has the data (properties) but it does not have business logic (behavior).

class Customer
    {
        private string _CustomerName;

        public string CustomerName
        {
            get { return _CustomerName; }
            set { _CustomerName = value; }
        }
        private string _CustomerCode;

        public string CustomerCode
        {
            get { return _CustomerCode; }
            set { _CustomerCode = value; }
        }

    }

Now in real world plain models are of no use without business logic unless you are creating DTO ( data transfer objects) which are meant for different purpose. Some developers feel comfortable in pushing these actions and methods in a separate classes which are named with different vocabularies like service, façade , manager , utility etc. These plain models are then passed to these classes who run the behavior over them.

For example below is a simple service class which validates the “Customer” object and decides if the object valid or not. Putting in simple words Anemic model has behavior in separate service / utility / manager classes.

class CustomerValidationService
    {
        public bool Validate(Customer obj)
        {
            if (obj.CustomerCode.Length == 0)
            {
  return false;
            }
            if (obj.CustomerName.Length == 0)
            {
                return false;
            }
                return true;
        }
    }

What are Rich Data models ?

Rich data models have both data and behavior in the same class. Below is the RDM for the previously defined ADM. You can see the data ( CustomerCode and CustomerName) and behavior (Validate) both are part of the same model.

class Customer
    {
        private string _CustomerName;

        public string CustomerName
        {
            get { return _CustomerName; }
            set { _CustomerName = value; }
        }
        private string _CustomerCode;

        public string CustomerCode
        {
            get { return _CustomerCode; }
            set { _CustomerCode = value; }
        }

        public bool Validate()
        {
                if (CustomerCode.Length == 0)
                {
                    return false;
                }
                if (CustomerName.Length == 0)
                {
                    return false;
                }
                return true;
          
            
        }
        
    }

Anemic data model VS Technical concerns

Lot of developers confuse Technical cross cutting concerns with Anemic model. In Anemic model the behaviors in the service class is the behavior of the real world model.

Lot of developers create utility or service classes which decouple technical behavior from the model which is not anemic model. For example someone can create a “Dal” class as shown below and pass the “Customer” object to be inserted in to the database. Lot of people term this kind of approach as “Repository” pattern.

class Dal
{
        public void InsertDb(Customer obj)
        {
            // Code of ADO.NET goes here
        }
}

Now this kind of model is not anemic model. This is separating the technical behavior from the business behavior which perfectly makes sense. In the previous example we had “validate” method which actually belongs to the “Customer” model. So Anemic model are those models which have business behavior separated in a different class and not technical behavior. So the above “Dal” class is not an Anemic model.

Customer cust = new Customer();
cust.CustomerName = "Shiv";
Dal dal = new Dal();
dal.InsertDb(cust);

3 big Complaints about Anemic model

Lot of developers unknowingly follow Anemic model because of simplicity, but OOP community has the below concerns for ADM:-

  • Anemic model disrespects OOP concepts. Objects in OOP have data and behavior. Object should model real time entity. By separating the behavior we are not following OOP. With behaviors residing in a separate class it would be difficult to inherit , apply polymorphism , abstraction and so on.
     
  • Anemic models can have inconsistent states at any time. For example see the below code we have first created a valid customer object and the validation service logic ran over it and set the “IsValid” to true. So till step 1 everything is fine “IsValid” is true and in synch with the customer object data. Now somewhere down the line you can say in step 2 customer name property is set to nothing. In this step the customer object is not valid in reality but if you try to display in Step 3 it shows valid. In order words the data and the IsValid flag is not in synch
Customer obj = new Customer();
obj.CustomerName = "Shiv";
obj.CustomerCode = "1001";

CustomerValidationService validationService = new CustomerValidationService();
validationService.Validate(obj);
Console.WriteLine(obj.IsValid); // Step 1 :- till here Valid

obj.CustomerName = ""; // Step 2 :-  we made the model invalid
Console.WriteLine(obj.IsValid); // Step 3 :- but it says Still Valid

Anemic model in disguise of IOC and DI

With all respect to the views of OOP developers Anemic models exists very beautifully and amicably in the disguise of DI IOC architecture today. I personally find it very cruel to say it’s an Anti-pattern.

Consider the below scenario where we have a customer class who has different kind of discount calculations. So rather than putting the discount calculation logic inside the customer class you can inject the object from the constructor as shown in the below. In case you are new to dependency injection please read this DI IOC in C#.

class Customer
    {
        private IDiscount _Discount = null;
        public Customer(IDiscount _Dis)
        {
            _Discount = _Dis;
        }
        private string _CustomerName;

        public string CustomerName
        {
            get { return _CustomerName; }
            set { _CustomerName = value; }
        }

        public string Region { get; set; }
        public double Amount { get; set; }
        public double CalculateDiscount()
        {
            return _Discount.Calculate(this);
        }
        
    }

And your discount calculation logic is in a different class all together which takes the customer object for calculating discount.

public interface IDiscount
{
        double Calculate(Customer Cust);
}

Below are two kinds of discount calculations one is a week end discount and the other is a special discount. The week end discount does calculation as per region and week day while the special discount is a 30% flat.

Now the below classes also follow anemic model because the actions are in a different class but still its perfectly decoupled, valid and OO.

public class WeekEndDiscount : IDiscount
{
        public double Calculate(Customer Cust)
        {
            if (Cust.Region == "Asia")
            {
                if (DateTime.Today.DayOfWeek == DayOfWeek.Sunday)
                {
                    return (Cust.Amount * 0.20);
                }
            }
            return (Cust.Amount * 0.10);
        }
    }
    public class SpecialDiscount : IDiscount
    {

        public double Calculate(Customer Cust)
        {
            return (Cust.Amount * 0.30);
        }
    }

Conclusion

  • Anemic data model is a simple plain model class with only data and behavior resides in a separate class.
  • Rich data model have both data and behavior.
  • Anemic model is criticized for not been OO , extensible , inconsistent and follows procedural programming approach.
  • Anemic model should be confused with cross cutting concern technical classes like Logging , Repository etc.
  • DI IOC indirectly forces anemic model. So Anemic model in today world is very much present in the disguise of DI IOC.

Further references and reading

I have been writing a lot on design patterns, architecture, domain driven development and so on. So below are the link feel free to read and do give feedback.

Thursday, November 12, 2015

Aggregate root pattern in C#

Aggregate root are cluster / group of objects that is treated as single unit of data.

I am sure lots of developers are already using this pattern unknowingly, via this short note I would like to inform you formally what you are doing.

Let us try to understand the above definition with an example. Consider the below “Customer” class which has the capability to add multiple “Address” objects to it. In order to achieve the same we have exposed an address collection from the customer class to represent the 1 to many relationships.

The above class structure works perfectly well. You can create object of customer and add multiple addresses object to it.

Customer cust = new Customer();
cust.CustomerName = "Shiv koirala";
cust.DateofBirth = Convert.ToDateTime("12/03/1977");

Address Address1 = new Address();
Address1.Address1 = "India";
Address1.Type = "Home";
cust.Addresses.Add(Address1);

Address Address2 = new Address();
Address2.Address1 = "Nepal";
Address2.Type = "Home";
cust.Addresses.Add(Address2);

Now let's say we want to implement the following validations:-

“Customer can only have one address of Home type”.

At this moment the address collection is a NAKED LIST COLLECTION which is exposed directly to the client. In other words there are no validations and restrictions on the “Add” method of the list. So you can add whatever and how much ever address objects as you wish.

cust.Addresses.Add(Address2);

So how to address this problem in a clean and logical way. If you think logically “Customer” is composed of Addressescollection, so Customer is like a main root.So rather than allowing DIRECT NAKED ACCESS to Addresses list how about accessing the address list from the customer class.In other words centralizing access to address objects from the customer class.

So below are three steps which I have implemented to put a centralize address validation.

Step 1 :- I have made the address list private. So no direct access to the collection is possible.

Step 2 :- Created a “Add” method in the “Customer” class for adding the “Address” object. In this add method we have put the validation that only one “Home” type address can be added.

Step 3 :- Clients who want to enumerate through the address collection for them we have exposed “IEnumerable” interface.

If you analyze the above solution closely the customer is now the root and the address object is manipulated and retrieved via the customer class.

Why did we do this? , because “Customer” and “Address” object is one logical data unit. To maintain integrity of address validation we need to go via the “Customer” class. In the same way loading of data ,updation , deletion etc should all happen via the “Customer” class so that we have proper data integrity maintained.

So when we say load customer from database all the respective address objects should also get loaded.

So when a group of objects which form one logical unit should have centralized root via which the manipulation of the contained object should happen. This kind of arrangement is terms as “Aggregate Root”.

The best way to Learn Design pattern is by doing a project. So if interested you can start from the below youtube video which demonstrates Design pattern by doing a project.

Friday, November 6, 2015

Data Transfer object design pattern in C#

Introduction and Definition

Scenario 1 :- Improve performance

Scenario 2:- Flatten object hierarchy

Scenario 3:- Exclude properties

Difference between DTO and Business objects

Introduction and Definition

DTO(Data Transfer objects) is a data container for moving data between layers. They are also termed as transfer objects. DTO is only used to pass data and does not contain any business logic. They only have simple setters and getters.

For example below is an Entity class or a business class. You can see that it has business logic in the setters.

class CustomerBO
{
        private string _CustomerName;
        public string CustomerName
        {
            get { return _CustomerName; }
            set 
            {
                if (value.Length == 0)
                {
                    throw new Exception("Customer name is required");
                }
                _CustomerName = value; 
            }
        }

}

A data transfer object of the above Customer entity class would look something as shown below. It will only have setters and getters that means only data and no business logic.

class CustomerDTO
{
        public string CustomerName { get; set; }
}

So in this article let us try to understand in what kind of scenarios DTO’s are used.

Scenario 1 :- Improve performance

Consider the below scenario we have a customer business class and a product business class.

class CustomerBO
{
        private string _CustomerName;
        public string CustomerName
        {
            get { return _CustomerName; }
            set 
            {
                if (value.Length == 0)
                {
                    throw new Exception("Customer name is required");
                }
                _CustomerName = value; 
            }
        }
}
public class ProductsBO
    {
        private string _ProductName;

        public string ProductName
        {
            get { return _ProductName; }
            set 
            {
                if (value.Length == 0)
                {
                    throw new Exception("Product Name is required");
                }
                _ProductName = value; 
            }
        }

        public double ProductCost { get; set; }
    }

Assume there is a remote client which is making calls to get Customer data and the Products they bought. Now the client has to make two calls one to get Customer data and the other to get Products data. Now that quiet inefficient. It would be great if we can get data in one call.

DataAccessLayer dal = new DataAccessLayer();
//Call 1:-  get Customer data
CustomerBO cust = dal.getCustomer(1001);

//Call 2:-  get Products for the customer
ProductsBO prod = dal.getProduct(100);

So to achieve the same we can create a unified simple class which has properties from both the classes.

class CustomerProductDTO
{
  // Customer properties
        public string CustomerName { get; set; }
   // Product properties
        public string ProductName { get; set; }
        public double ProductCost { get; set; }
}

You can now get both Customer and Product data in one go.

//Only one call
CustomerProductDTO cust = dal.getCustomer(1001);

Proxy objects in WCF and Web services are good candidates for data transfer objects to improve performance.

Scenario 2:- Flatten object hierarchy

The second scenario where I end up using DTO objects isfor flattening the object hierarchy for easy data transfer.

For example you have a customer business class which has one to many relationships with an address class. But now let us say we want to write this whole data to a CSV file or transfer it across layers. In those scenarios a flattened denormalized structure makes things easier.

So you have a customer class which has one to many relationship with address objects. It also has business rules in it.

class CustomerBO
{
 // Customer properties removed for reading clarity
public List Addresses { get; set; }
}
class AddressBO
    {
private string _Address1;

public string Address1
        {
get { return _Address1; }
set
            {
if (value.Length == 0)
                {
throw new Exception("Address is required");
                }
                _Address1 = value; 
            }
        }

    }

To create a DTO of the above customer and address class we can just merge both the properties of the classes in to one class and exclude the business logic.

class CustomerDTO
{
public string CustomerName { get; set; }
public string ProductName { get; set; }
public double ProductCost { get; set; }
}

Scenario 3:- Exclude properties

Because DTO is completely detached from the main business object you have the liberty to remove certain fields which you do not want to transfer to the other layers. For example below is a simple customer business object class which has two properties called as “IsAdmin” and “CustomerName”.

When you pass this business object to the UI layer you do not wish to transfer the “IsAdmin” value to the UI.

class CustomerBO
{
 private bool _IsAdmin;
        public string IsAdmin
        {
            get { return _IsAdmin; }
        }
        private string _CustomerName;
        public string CustomerName
        {
            get { return _CustomerName; }
            set 
            {
                if (value.Length == 0)
                {
                    throw new Exception("Customer name is required");
                }
                _CustomerName = value; 
            }
        }
}

So you can create a DTO which just has the “CustomerName” property.

class CustomerDTO
{
        public string CustomerName { get; set; }
}

Difference between DTO and Business objects

  Business objects DTO
Data Yes Yes
Business logic Yes No
Structure Normalized Normalized or Denormalized

If we can mathematically summarize:-

Business object = Data + Logic
                 DTO = Data

In case you want to learn design pattern I would suggest to learn design pattern with a project. Do not learn each design pattern individually. Because when design patterns are used in project they overlap with each other and such kind of experience can only be felt by doing an actual project and implementing design patterns on demand and naturally.

Below is a youtube video which demonstrates 15 important design pattern in a C# project.

Sunday, November 1, 2015

Value Object design pattern in C#

Introduction of Value object design pattern

Definition: - “Value object is an object whose equality is based on the value rather than identity. “

Let us understand the above statement with more clarity. When you create two objects and even if their values are same they represent different entities. For example in the below code we have created two person objects with the same name “Shiv”.

Person PersonfromIndia = new Person();
 PersonfromIndia.Name = "Shiv";
 PersonfromIndia.Age = 20;
 
 Person PersonfromNepal = new Person();
 PersonfromNepal.Name = "Shiv";
 PersonfromNepal.Age = 20;
 
But the first person stays in “India” and the other stays in “Nepal”. So in other words “PersonFromIndia” object is different from “PersonFromNepal” object even if the person’s name and age is same. In other words they have DIFFERENT IDENTITIES.

If you try to compare the above C# object it will return false and this is completely in line with our expectations. You can use the “Equal” method or you can use “==”.



if (PersonfromIndia.Equals(PersonfromNepal))
 {
                
 }
 
But now consider the below scenario of a money example. We are creating two money objects of 1 rupee value but one is using a paper material and the other is made of steel material.



But in this case “OneRupeeCoin” value is equal to “OneRupeeNote” value. So even if the objects are of different instances they are equal by money value. So if the money and currency type matches both the objects are equal.

Money OneRupeeCoin = new Money();
 OneRupeeCoin.Value = 1;
 OneRupeeCoin.CurrencyType = "INR";
 OneRupeeCoin.CurrencyType = "INR";
 OneRupeeCoin.SerialNo = "A3123JJK332";
 
 Money OneRupeeNote = new Money();
 OneRupeeNote.Value = 1;
 OneRupeeCoin.CurrencyType = "INR";
 OneRupeeCoin.CurrencyType = "INR";
 OneRupeeNote.Material = "Paper";
 OneRupeeCoin.SerialNo = "Z2232V4455";

In other words value objects when compared are same when the values of the properties are same.

Implementing Value object pattern in C# is a two step process , so in the further article let us run through those steps.

Step 1 :- Making Value object pattern work logically in C#

Now for the above “Money” value object to function properly the below comparison should work both for “Equals” and “==”. But technically C# does object reference comparison and not value.



if (OneRupeeCoin==OneRupeeNote)
 {
 Console.WriteLine("They are equal");
 }
 if (OneRupeeCoin.Equals(OneRupeeNote))
 {
 Console.WriteLine("They are equal");
 }

So to achieve the same we need to override the “equals” methods and overload “==” operator as shown in the code below. You can see now the equality is compared on the base of “Value” and “CurrencyType”. If the “CurrencyType” and “Value” is same that means the objects are same.


class Money
     {
         public override bool Equals(object obj)
         {
             var item = obj as Money;
             if (item.Value == Value)
             {
                 return true;
             }
             return false;
         }
         public static bool operator !=(Money money1, Money money2)
         {
             if ((money1.Value == money2.Value) &&
                 (money1.CurrencyType == money1.CurrencyType))
             {
                 return true;
             }
             return false;
         }
         public static bool operator ==(Money money1, Money money2)
         {
             if ((money1.Value == money2.Value)&&
                 (money1.CurrencyType == money1.CurrencyType))
             {
                 return true;
             }
             return false;
         }
     }

Once the above methods are incorporated the equality will work on the values and not the reference. This is in synch with the Value object pattern behavior we discussed in the introduction.

Step 2 :- Value objects should be immutable

Now let us say we are using the above money object inside a product class. So you can see we have created two product objects one for shoes and one for chocolates.

But BY MISTAKE we have assigned the same “Money” object to both the products. In other words the money object is now shared between both the products.



Product shoes = new Product();
 shoes.ProductName = "WoodLand";
 
 // Step 1:- Money object set to 100 INR
 Money Cost = new Money();
 Cost.CurrencyType = "INR";
 Cost.Value = 100;
 shoes.Cost = Cost;
 
 // Step 2 :- the same money  object is modified to 1 value
 // this affected the shoes cost as well
 Product Chocolates = new Product();
 Chocolates.ProductName = "Cadbury";
 Chocolates.Cost = Cost;
 Chocolates.Cost.Value = 1;
 Chocolates.Cost.CurrencyType = "USD";
 
So in Step 1 the money object was set to 100 INR and in step 2 it was modified to 1 USD. Step 2 affected the cost of Shoes product as well. This can cause lot of defects and unusual behavior.

A Value “100” cannot be replaced by anything, “100” is “100”. In other words value objects should be made IMMUTABLE to avoid confusion. In case you are new to the concept of immutability I would suggest reading this article on C# Immutable objects.

Immutable means once the object is filled with data, that data cannot be changed.

To make the money class immutable is a 2 step process:-
  • Make the property set as private.
  • Make provisions to set data via constructor.
Below is the code with comments of both the steps.


class Money
 {
         // Step 1 :- Make the sets private
         public readonly double Value { get; private set; }
         public readonly string CurrencyType { get; private set; }
         public readonly string Material { get; private set; }
         
 // Step 2 :- Pass data via constructor
         public Money(double _Value,
                      string _CurrencyType,
                     string _Material)
         {
             Value = _Value;
             CurrencyType = _CurrencyType;
             Material = _Material;
         }
 // Code of Equals and == operator removed for simplification
 }
 
Below is the code which shows how the product object will be assigned with money immutable object. This would further avoid changes to the money object and any confusion around the same. Now the money value object of shoes is different from chocolates.


Product shoes = new Product();
 shoes.ProductName = "WoodLand";
 shoes.Cost = new Money(100, "INR", "Paper");
 
 Product Chocolates = new Product();
 Chocolates.ProductName = "Cadbury";
 Chocolates.Cost = new Money(1, "USD", "Coin");
 


Conclusion about Value object pattern


  • Value objects equality is based on value rather than identity.
  • Value objects should me IMMUTABLE to avoid confusion.
  • In C# to ensure proper behavior of value object we need to override “Equals” method and “==” operator.
The best way to learn design pattern is by doing a project. Below is a simple customer project in which I have implemented 8 design patterns (Factory Pattern,Lazy Loading,RIP Pattern,Stratergy Pattern,Decorator pattern,Repository,Unit of Work and Template pattern).

Below is the first video of Learn Design pattern in 8 hours.

Sunday, October 25, 2015

Immutable objects in C#

Introduction


There is saying which goes “MAKE THE POT WHILE THE MUD IS WET”. Once Mud becomes dry it cannot be changed. Immutable objects walks on the similar lines. Once the object is created it cannot be modified by anyway.

What are immutable objects?

Immutable objectsare objects which once loaded cannot be changed / modified by anyway external or internal.

Where are immutable objects used?

If I put in one line Immutable objects are used for data WHICH IS STATIC. Below are some of the instances of the same.
Master data: - One of the biggest uses of immutable objects is to load master data. Master data like country,currency , region etc rarely change. So we would like to load master data once in the memory and then we do not want it to be modified.

Configuration data: - All application needs configuration data. In Microsoft world we normally store these configuration data in to Web.config or App.config file. Such kind of data is represented by objects and these data once loaded in the application memory will not change.Its again a good practice to make these kind of configuration data objects as immutable.

Singleton objects: -In applications we normally create singleton objects for shared static data. So if the shared data is not changing it’s aawesome candidate for immutable objects. In case you are new to Singleton pattern please refer this article Singleton Pattern in C#
 

How can we create immutable objects in C#?

Immutable objects can be created only from immutable classes. To create an immutable class is a three step process :-

• Step 1:- Remove the setters of the class only have getters.
The first step towards creating an immutable class is to remove the setters. As we said values of a immutable class cannot be modified EXTERNALLY or INTERNALLY. So by removing the getters any client who creates the object of this class cannot modify the data once loaded.
 


• Step 2:- Provide parameters via constructor.
We have removed the getters so there is no way to load data in to the class. So to provide data we need to create constructors with parameters via which we can pass data to the object. Below is the modified code for the same.
 



• Step 3 :- Make the variables of the property READONLY

As we said in the previous definition immutableobjects cannot be modified by ANYWAY once the data is loaded. I will go one step further and say it cannot be modified EXTERNALLY by client or INTERNALLY by the class code himself.
 

But if you see our currency class the variables can be modified after the object creation. In other words see the below class code. We have created a method in the class called as “SomeLogic”. This method is able to successfully modify the variables after the object has been created.

So the solution for the above to make the variables “READONLY”. Below is the currency class modified where the property variables are made readonly.Readonly variables can be only initialized in the constructor and later they cannot be modified.

Hope you enjoyed this short note on Immutable objects. Immutable objects is a design pattern which was first officially discussed in Java concurrency in practice book. In case you are interested to learn design pattern I would suggest creating a full blown project and starting implementing design pattern in the same.
 

You can start from the below youtube video in which I have demonstrated design pattern with a full blown project.

Monday, September 28, 2015

Out and REF in C#

Out and REF are one of those most confused topics in C#. In this small article we will try to simplify the same.

There are three important points to remember about OUT and REFand once you understand these three points you would never have problem with OUT and REF.

Point number 1:- By default variables are passed BYVAL to methods and functions. Out and Ref helps to pass variable BY REF (By reference) .
Let us try to understand the above point. Consider the below code snapshot where we have the “Main” method and its calling “SomeFunction” method and its passing “OutSideVar” variable to “SomeFunction”.

Now by default only value of “OutSideVar” will be copied to the method so any changes in “InsideVar” variable change will have no affect outside. You can see after the function call “OutSideVar” still has value “20”. In other words by default the values are passed BY VAL.


So if we summarize in a normal situation data is passed BY VAL , from the caller to callee. Any modifications done in the callee will not be reflected to the caller.


Point number 2:- When we mark parameters with REF, reference of the variable is passed to the function / method and any modification in that method and function will affect to the outside variable.
In the below code you can see we have marked variablesusing the REF keyword and you can see how the changes within the function modifies the outside variable also. This is happening because now variable is passed by reference.


Summarizing in this scenario DATA + REFERENCE is passed to the function and any modification inside the function affects the outside variable.


Point number 3:- When we mark parameters with OUT, ONLY reference of the variable is passed to the function or method and NOT DATA.Any modification in that method and function will affect outside variable as well. Also its compulsory to initialize the variable.

When we mark the variable as OUT only reference is passed no data is passed to the function. For instance in the below code the value “20” from “OutSideVar” is not sent to the function. But any modification in variable from the inside function is reflected to the outside variable.


Summarizing, you can term this also has one way but it’s one way from the callee to the caller and any data sent from the caller is discarded.


So summarizing what we have learnt:-
  • Out and Ref help to pass variables by reference.
  • In REF with reference data is also passed from caller to the callee and vice versa. It’s two way i.e. from caller to the callee and vice-versa.
  • In OUT only reference is passed and modified data from the callee is passed to the caller variable. This is one way from the callee to the caller.
  • In OUT if data is passed from the caller function it is discarded and the variable has to be initialized inside the function.
Below image summarizes what we talked in the above article.


Below is a nice C# video which explain Out Vs Ref.

Thursday, September 3, 2015

C# Out VS Ref

Lot of times we come across C# fundamentals which are bit confusing and one such concept which is discussed a lot is Out VS Ref. So this small blogpost would make a full attempt to simplify the OUT vs REF concept.

Out and Ref are keywords which you need to worry when you want to get MULTIPLE values from a function. It helps you to define how data would be passed from caller to the callee and vice versa.

For example take the case of a simple “Add” function below. It has only one output so with just a single return call things work perfectly well.

static int Add(int num1,int num2)
{
      return num1 + num2;
}

But now lets do something more complicated. In the below function we need to get 4 outputs or putting in other words we have four OUT parameter values. This is where OUT keyword comes to help.

static int Maths(int num1,int num2)
{
int Add = num1 + num2;
int Sub = num1 - num2;
int Divide = num1 / num2;
int Multi = num1 * num2;
}

When you use OUT keyword you are indicating that you are expecting output from the function but you do not intend to pass data to the function. It is just ONE WAY :- so the Caller get data from the Callee.

So to indicate this one-way data transfer you need to use the OUT keyword on the Callee as shown below.

static void Maths(int num1,
int num2,
out int Add,
out int Sub,
out int Multi,
out int Div)
{
             Add = num1 + num2;
             Sub = num1 - num2;
            Div = num1 / num2;
            Multi = num1 * num2;
}

The caller also needs to provide the variables in which the data will be received and the caller needs to mark the variables with OUT keyword while making the call. In short both the caller and callee will have the OUT keyword indicating that data will come out of these variables.

int Add,Sub,Multi,Div=0;
Maths(10, 10,out Add,
      out Sub,
      out Multi,
out Div);

Note :-
If you are specifying a variable as OUT and also trying to set data while calling, the passed DATA WILL BE DISCARDED inside the method / function.

Now let us take a scenario of a swapping number function code as shown below. In this scenario we want that the function should take “num1” and “num2” values and update the swapped values in the same two variables.

static void Swap(int num1, int num2)
{
            num1 = num1 + num2;
            num2 = num1 - num2;
            num1 = num1 - num2;
}

For that we need use the REF keyword as shown below.

static void Swap(ref int num1,ref int num2)
{
            num1 = num1 + num2;
            num2 = num1 - num2;
            num1 = num1 - num2;
}

From the caller side we need to again use the REF keyword as shown below.

int num1 = 10;
int num2 = 20;
Swap(ref num1,ref  num2);

In REF the data will be passed to the function / method and when the callee method updates the variables it will update the caller variables as well.


Below is a visual diagram which explains the difference between REF and OUT. In REF Parameter + Data is passed while in OUT only parameter is passed and data is set from the callee.


So the conclusion is as follows of the above post is as follows:-
  • It should be used only when we are expecting multiple outputs from a function or a method.
  • REF and OUT are keywordswhich dictate how data is passed from caller to callee and vice versa.
REF
OUT
Data passes two way. From caller to callee and vice-versa. Data passes only one way from callee to caller. Caller data if passed is rejected.

Below is one such concept which is not known to many developers, the C# yield keyword. Below is a simple video of the same which explains the same in a practical manner.

Thursday, May 28, 2015

Preventing XSS Attacks in ASP.NET MVC using ValidateInput and AllowHTML

Introduction
What is XSS?
How can we prevent the same in MVC?
What is the difference between “ValidateInput” and “AllowHTML” in MVC ?

Introduction

In this blog we will try to understand how we can prevent and fine tune XSS(Cross Site Security) security attacks in ASP.NET MVC.

What is XSS?

XSS(Cross Site Security) is a security attack where the attacker injects malicious code while doing data entry. This code can be a javascript, vbscript or any other scripting code. Once the code is injected in end user’s browser. This code can run and gain access to cookies,sessions, local files and so on.
For instance below is a simple product data entry form. You can see in the product description how the attacker has injected a javascript code.

Once we click submit you can see the JavaScript code actually running.

How can we prevent the same in MVC?

In MVC by default XSS attack is validated. So if any one tries to post javascript or HTML code he lands with the below error.

What is the difference between “ValidateInput” and “AllowHTML” in MVC?

As said in the previous question in ASP.NET MVC we are not allowed to post scripts and HTML code by default. But consider the below situation where we want HTML to be written and submitted.
The other scenario where we need HTML to be posted is HTML editors. So there is always a need now and then to post HTML to the server.

So for those kinds of scenarios where we want HTML to be posted we can decorate the action with “ValidateInput” set to false.This by passes the HTML and Script tag checks for that action.
You can see in the below code we have requested the MVC framework to NOT VALIDATE the input to the action.
[ValidateInput(false)]
public ActionResult PostProduct(Product obj)
{
return View(obj);
} 
But the above solution is not proper and neat. It opens a complete Pandora box of security issues. In this product screen scenario we just HTML in product description and not in product name.
But because we have now decorated validate false at the action level , you can also write HTML in product name field as well. We would love to have more finer control on the field level rather than making the complete action naked.

That’s where “AllowHTML” comes to help. You can see in the below code we have just decorated the “ProductDescription” property .
public class Product
{
        public string ProductName { get; set; }
        [AllowHtml]
        public string ProductDescription { get; set; }
}
And from the action we have removed “ValidateInput” attribute.
public ActionResult PostProduct(Product obj)
{
            return View(obj);
}
If you now try to post HTML in product name field you will get the below error saying you cannot post HTML tags in product name field.

So the difference between ValidateInput and AllowHTML is the granularity of preventing XSS attacks.
Hope you have enjoyed this blog.
Also the other dead attack which happens on a MVC website is CSRF, see the below facebook video which demonstrates how CSRF attack can be prevented.

Monday, May 25, 2015

What is CSRF attack and how can we prevent the same in MVC?

CSRF (Cross site request forgery) is a method of attacking a website where the attacker imitates a.k.a forges as a trusted source and sends data to the site. Genuine site processes the information innocently thinking that data is coming from a trusted source.

For example conside the below screen of a online bank. End user’s uses this screen to transfer money.

Below is a forged site created by an attacker which looks a game site from outside, but internally it hits the bank site for money transfer.

The internal HTML of the forged site has those hidden fields which have the account number and amount to do money transfer.

Now let’s say the user has logged in to the genuine bank site and the attacker sent this forged game link to his email. The end user thinking that it’s a game site clicks on the “Play the Ultimate Game” button and internally the malicious code does the money transfer process.

So a proper solution to this issue can be solved by using tokens: -

  • End user browses to the screen of the money transfer. Before the screen is served server injects a secret token inside the HTML screen in form a hidden field.
  • Now hence forth when the end user sends request back he has to always send the secret token. This token is validated on the server.

Implementing token is a two-step process in MVC: -

First apply “ValidateAntiForgeryToken” attribute on the action.

[ValidateAntiForgeryToken]
public ActionResult Transfer()
{
            // password sending logic will be here
            return Content(Request.Form["amount"] + 
                " has been transferred to account " 
                + Request.Form["account"]);
}

Second in the HTML UI screen call “@Html.AntiForgeryToken()” to generate the token.

So now henceforth when any untrusted source send a request to the server it would give the below forgery error.

If you do a view source of the HTML you would find the below verification token hidden field with the secret key.

Tuesday, May 19, 2015

How to handle multiple Submit button issues in ASP.NET MVC? (MVC Interview Questions)

How to handle multiple Submit button issues in ASP.NET MVC? (MVC Interview Questions)

Let us understand the above problem in more detail.

Take a scenario where you have a view with two submit buttons as shown in the below code.

In the above code when the end user clicks on any of the submit buttons it will make a HTTP POST to “Action1”.

The question from the interviewer is: -

“What if we have want that on “Submit1” button click it should invoke “Action1” and on the “Submit2” button click it should invoke “Action2”.”

There are three basic approaches to solve the above problem scenario.

HTML way: -

In the HTML way we need to create two forms and place the “Submit” button inside each of the forms. And every form’s action will point to different / respective actions. You can see the below code the first form is posting to “Action1” and the second form will post to “Action2” depending on which “Submit” button is clicked.

AJAX way: -

In case you are an AJAX lover this second option would excite you more. In the Ajax way we can create two different functions “Fun1” and “Fun1”, see the below code. These functions will make Ajax calls by using JQUERY or any other framework. Each of these functions is binded with the “Submit” button’s “OnClick” events. Each of these function make call to respective action names.

Using “ActionNameSelectorAttribute”: -

This is a great and a clean option. The “ActionNameSelectorAttribute” is a simple attribute class where we can write decision making logic which will decide which action can be executed.

So the first thing is in HTML we need to put proper name’s to the submit buttons for identifying them on the server.

You can see we have put “Save” and “Delete” to the button names. Also you can notice in the action we have just put controller name “Customer” and not a particular action name. We expect the action name will be decide by “ActionNameSelectorAttribute”.

So when the submit button is clicked, it first hits the “ActionNameSelector” attribute and then depending on which submit is fired it invokes the appropriate action.

So the first step is to create a class which inherits from “ActionNameSelectorAttribute” class. In this class we have created a simple property “Name”.

We also need to override the “IsValidName” function which returns true or flase. This function is where we write the logic whether an action has to be executed or not. So if this function returns true then the action is executed or else it is not.

public class SubmitButtonSelector : ActionNameSelectorAttribute
    {
        public string Name { get; set; }
        public override bool IsValidName(ControllerContext controllerContext, string actionName, System.Reflection.MethodInfo methodInfo)
        {
            // Try to find out if the name exists in the data sent from form
var value = controllerContext.Controller.ValueProvider.GetValue(Name);
            if (value != null)
            {
                return true;
            }
            return false;

        }
    }

The main heart of the above function is in the below code. The “ValueProvider” collection has all the data that has been posted from the form. So it first looks up the “Name” value and if its found in the HTTP request it returns true or else it returns false.

var value = controllerContext.Controller.ValueProvider.GetValue(Name);
if (value != null)
      {
 return true;
      }
      return false;

This attribute class can then decorated on the respective action and the respective “Name” value can be provided. So if the submit is hitting this action and if the name matches of the HTML submit button name it then executes the action further or else it does not.

public class CustomerController : Controller
{
        [SubmitButtonSelector(Name="Save")]
        public ActionResult Save()
        {
            return Content("Save Called");
        }
        [SubmitButtonSelector(Name = "Delete")]
        public ActionResult Delete()
        {
            return Content("Delete Called");
        }
}

Monday, May 11, 2015

Validation’s using C# “DataAnnotation”

Introduction
How to use “DataAnnotations” ?
Step 1:- Refer System.ComponentModel.DataAnnotations
Step 2:- Decorate the class with attributes
Step 3:- Call the “Validator” for validation.

Introduction

Validations are one of the most important aspects of any software application. Normally as a best practice we put these validation’s in the business class , model etc. So if you normally see the trend, developers end up writing these validations in the “set” method of the class property.

 
public class Customer
    {

        private string _CustomerName;
        public string CustomerName
        {
            get { return _CustomerName; }
            set 
            {
                if (value.Length == 0)
                {
                    throw new Exception("Customer Name is required");
                }
                _CustomerName = value; 
            }
        }    
    }

“DataAnnotation” gives you ready made attributes which you can decorate on the class properties and the validation will be applied accordingly.

[Required]
public string CustomerName
{
            get { return _CustomerName; }
            set {_CustomerName = value; }
}

How to use “DataAnnotations” ?


Step 1:- Refer System.ComponentModel.DataAnnotations

The first step is to add reference to “System.ComponentModel.DataAnnotations” assembly to your class library project.

Step 2:- Decorate the class with attributes

The next step is to decorate the class with validation attributes. For instance on the “CustomerName” property we have decorated the “Required” attribute.

public class Customer
{
        private string _CustomerName;

        [Required]
        public string CustomerName
        {
            get { return _CustomerName; }
            set {_CustomerName = value; }
        }
        
}

Step 3:- Call the “Validator” for validation.

Once the validation attributes are decorated we need to call the “Validator” class to do the validations. Create the customer object and set the “CustomerName” property to nothing , so validation errors fire up.

Customer obj = new Customer();
obj.CustomerName = "";

Use the above created object to create the “ValidationContext” object.

var context = new ValidationContext(obj,null,null);

Use “Validator” to call  “TryValidateObject” method to run the validations. The validation errors get collected in the “ValidationResult” collection.

var result = new List();
var isValid = Validator.TryValidateObject(obj, context, result,true);

If you wish to loop through the error results you can run a “foreach” on the “result” collection.

foreach (var str in result)
{
Console.WriteLine(str.ErrorMessage.ToString());
}

Below is a pictorial representation of the above code. In simple words the object to be validated is passed to the “validator” class with the context and the error results come out in “ValidationResult” collection.

FYI :- If you have multiple validation do not forget to make the last property true.

var isValid = Validator.TryValidateObject(obj, context, result,true);

Monday, April 27, 2015

What is Automapper?

Contents

What is Automapper ?

I have not specified mapping how does it work ?

How can we map different property names in Automapper ?

Can you give some real time scenarios of the use of Automapper ?

From where to get AutoMapper ?


What is Automapper ?


Automapper is a simple reusable component which helps you to copy data from object type to other. If you wish to get automapper read this.

For example below is a simple employee class loaded with some dummy data.
class Employee 
{
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public decimal Salary { get; set; }
}
// Loaded with some data
Employee emp = new Employee();
emp.FirstName = "Shiv";
emp.LastName = "Koirala";
emp.Salary = 100;
Now let’s say we want to load the above employee data in to a “Person” class object.
class Person
{
        public string FirstName { get; set; }
        public string LastName { get; set; }
}
So normally developers end up writing mapping code as shown in the below snippet.
Person per = new Person();
per.FirstName = emp.FirstName;
per.LastName = emp.LastName;

At the first glance this does not look much of a problem but wait…think, what if you want to use this mapping code again and again.

So as a best practice you would like to centralize this mapping code and reuse this mapping code again and again. This is where our super hero “AutoMapper” comes for rescue.“Automapper” sits in between both the objects like a bridge and maps the property data of both objects.


Using Automapper is a two-stepprocess:-
  • Create the Map.
  • Use the Map so that objects can communicate.
Mapper.CreateMap(); // Create Map
Person per =  Mapper.Map(emp); // Use the map

I have not specified mapping how does it work ?


In the above example property names of both classes are same so the mapping happens automatically.

How can we map different property names in Automapper ?


If the classes have different property names then we need to use “ForMember” function to specify the mapping.
Mapper.CreateMap()
.ForMember(dest => dest.FName , opt => opt.MapFrom(src => src.FirstName))
.ForMember(dest => dest.LName , opt => opt.MapFrom(src => src.LastName));

Can you give some real time scenarios of the use of Automapper ?

  • When you are moving data from ViewModel to Model in projects like MVC.
  • When you are moving data from DTO to Model or entity objects and vice versa.

From where to get AutoMapper ?


The easiest way is to use nugget. In case you are new to nuget see this YouTube video





Or you can download the component form their main site http://automapper.org/