Home

Castle Stronghold

Table of contents

  • 1 General questions
    • 1.1 Is MonoRail stable? Why it's not 1.0?
    • 1.2 Is there any public site using MonoRail?
    • 1.3 Where to ask for help?
  • 2 Installation
    • 2.1 Cassini refuses to start
  • 3 Ajax Support
    • 3.1 How do you provide Ajax support?
    • 3.2 What other javascript libraries come with MonoRail?
    • 3.3 I'm trying to pass some parameters to my action but it's not working. What's wrong?
  • 4 Security
    • 4.1 Is there anything I should be concerned about related to security when using MonoRail?
  • 5 Authentication/Authorization
    • 5.1 How to handle authentication / authorization?
  • 6 NVelocity View Engine
    • 6.1 Is there a way to render a content of another view within a view?
    • 6.2 Is there any way to generate arrays with NVelocity?
    • 6.3 I'm trying to access an indexer on a NVelocity template with no success
    • 6.4 Can I use WebForm Controls on NVelocity template?

FAQ

» Home » MonoRail » FAQ

This page has a list of frequently asked questions.

General questions

Is MonoRail stable? Why it's not 1.0?

Yes, very stable, albeit there's always room for improvements. Check our issue tracker.

We are not 1.0 because there is an important feature not implemented yet: Caching support.

Is there any public site using MonoRail?

See this forum section

Where to ask for help?

The best place for ask for help - and to check if your question hasn't been asked before - is our forum.

Installation

Cassini refuses to start

Make sure you have registered Cassini.dll in the GAC (global assembly cache). 

> gacutil /i Cassini.dll

Ajax Support

How do you provide Ajax support?

We did not reinvent the wheel. We use the awesome prototype js library

What other javascript libraries come with MonoRail?

I'm trying to pass some parameters to my action but it's not working. What's wrong?

You need to use the with parameter used by the AjaxUpdater/AjaxRequest. For example: 

 
$AjaxHelper.LinkToRemote("Some action", "ProcessItem.rails", "%{update='resultdiv', with='productid=10'}")

Controller's code:


public void ProcessItem(int productid)
{
  ...
}

Security

Is there anything I should be concerned about related to security when using MonoRail?

Yes, a few things.

First if your view directory is on the web folder then clients can potentially see the source code of the views, which is not good. To prevent this, associate the view extension with a IHttpHandler that comes with ASP.Net.

For nvelocity view engine:


<system.web>
    <httpHandlers>    
        <add verb="*" path="*.vm" type="System.Web.HttpForbiddenHandler"/>
        ...

For brail


<system.web>
    <httpHandlers>    
        <add verb="*" path="*.boo" type="System.Web.HttpForbiddenHandler"/>
        ...

And for the StringTemplate view engine


<system.web>
    <httpHandlers>    
        <add verb="*" path="*.st" type="System.Web.HttpForbiddenHandler"/>
        <add verb="*" path="*.sti" type="System.Web.HttpForbiddenHandler"/>
        <add verb="*" path="*.stg" type="System.Web.HttpForbiddenHandler"/>
        ...

Second, if you use the DataBinder to populate classes, you might want to inform a Exclude or Allow list to prevent people from populating properties that are not on the form. Check the DataBind documentation for more information.

Authentication/Authorization

How to handle authentication / authorization?

There is not only one way of handling this. You can rely on the standard support offered by ASP.Net framework by setting up the an authentication strategy (using FormsAuthentication or PassportAuthentication or WindowsAuthentication) and use the OnAuthenticate event to supply an implementation of IPrincipal. Then control the authorization using the authorization node.

Or you can create your own by using a MonoRail filters. A filter can check if the user is authenticated by looking for a cookie or an entry in the session, for example. If not authenticated, it can redirect the client to a login action and return false to stop further processing for the request.

Another option is to mix both methods. Providing an implementation of IPrincipal and setting it on the request activity allows you to enfore some authorization using the PrincipalPermission. For example 


public class AdminController : AbstractSecureController
{
  [PrincipalPermission(SecurityAction.Demand, Role="IsAdmin")]
  public void Index()
  {
  }

  ...

  [PrincipalPermission(SecurityAction.Demand, Role="CanChangePasswords")]
  public void ChangeUserPassword(...)
  {
    ...
  }
}

The good thing is that the PrincipalPermission is part of the .Net security infrastructure, so it's up to it to enforce the rules. You can also associate a rescue with the SecurityException so you can present a nice error message for the user.

For more information read the Authentication/Authorization document on the User's guide.

NVelocity View Engine

Is there a way to render a content of another view within a view?

Sometimes this is asked in another form: "What's the equivalent of render partial in NVelocity?"

Use the #parse directive. Suppose you have the following directory structure 

WebFolder
  Views
    Shared

And on the ''shared'' folder there's a 'header.vm' file. You can then, from any view, invoke it 


#parse("Shared/header.vm")

Is there any way to generate arrays with NVelocity?

Yes. See the following examples: 


#foreach($day in [1..30])
  $day
#end

#set($months = ['Jan', 'Feb'])

I'm trying to access an indexer on a NVelocity template with no success

You can use get_Item or a different format when the key is fixed: 


$dict.get_Item("key")


$dict.key

Both code snippets are equivalent. But the former allows the key to come from a variable: 


#set($var = "key")
$dict.get_Item($var)

Can I use WebForm Controls on NVelocity template?

No. There are hacks, though. But the best way to handle these situations is to use the Composite View Engine and have NVelocity and WebForm (aspx) views on the same project.

Google
Search WWW Search castleproject.org