Today, I was examining one ASP.NET MVC application for code optimization. And at the same time as a part of code rearrangement, I required to access base controller instance from view. So here in this post we will see how we can access base controller instance from within view. Before looking at actual implementation, let me describe how all controller were arranged.

AllowAnonymous attribute is used to skip authorization enforced by Authorize attribute. Action method marked with AllowAnonymous will be always accessible by all users including anonymous users.

Authorize attribute is used to restrict the access of action method based on role or logged in username. We have to supply comma separated list of user name or role with this attribute name. If user is not logged in then it will redirect it to login page.

In web application, many times we are redirecting domain to other (sub)domain or one url to another url within same domain. So here in this post we will discuss what are the best practices for domain redirection with respect to ASP.NET & IIS and what is the performance impact of it.

What are the scenarios for domain/url redirection?

Following two is the most common scenario for domain/url redirection.

• To enforce primary or canonical domain many time we want to redirect all request to either domain.com or www.domain.com i.e. with www or without www. Indeed this is also required for better SEO rank. You can read my post on same here.
• Change in URL sometime due to change in web url, we are redirecting one url (pattern) to another url (pattern).

OutputCache action filter attribute is used to control the output cache of action method result. We can also apply this attribute at controller level, once we apply this attribute at controller level, all action method result will be cached. Once action result are cached any subsequent request will be served from cache instead of processing it again.

SessionState attributes specify the session state behavior for the controller. We can use this attribute only with controller. Sometime we require that we want to disable session state for specific controller, in this case we can apply SessionState attribute in ASP.NET MVC controller. Please note that this attribute control the session state behavior for the specific controller and not session state mode for entire application.

In ASP.NET MVC, by default all user posted data (i.e. query string params, form element, etc.) are validated for any potential dangerous content (i.e. HTML tag or script) to avoid XSS attacks. But sometime we need to accept such HTML content from user. For e.g. for blog application developed in MVC must allow publisher to post HTML content or sometime we allow user to post HTML comment etc. In such scenario we can use ValidateInput action filter to allow user to post HTML content and to bypass request validation for specific action method.