Hi list, On 10 July 2015 at 21:20, Greg Keogh <[email protected]> wrote: > > I know that VS Web API projects can detect the accept type headers and > automatically send back XML or JSON, which sounds neat, but in reality it's > another piece of auto-configured "magic" plumbing that is a throwback to > the old ASP.NET pipeline nightmare. Last year I spent a whole weekend > trying to coerce the Web API to respond with XML shaped the way I wanted, > and I eventually gave up in disgust as the plumbing sprang leaks and > tangled with itself and I wrote a raw ashx handler which did all the work > manually, and it was easier to read and maintain. I think I posted here > last year to complain that the Web API projects were another Rube > Goldberg Machine <https://en.wikipedia.org/wiki/Rube_Goldberg_machine> > that betrayed their promise of simplifying things. >
[begin opinionated rant] I totally agree with Greg that there is far too much "dynamic magic" in the MVC and Web API frameworks. Applying the MVC pattern to web frameworks was a great step forward, if unoriginal, but the implementation is bug-prone. Yet again, they threw away the awesome power of the type system to prevent bugs and left us an API full of magic strings (i.e. routes), dynamic objects and automagic semantics. In the statically-typed languages that we use here in the .NET world, I would call these antipatterns. (Yes, that means I disagree with the design of string.Format and System.Text.RegularExpressions as well. No, I am not a C++ aficionado.) I guess when they designed MVC and Web API they just copied what was going on in Rails, Django and Node.js, but these frameworks are all for dynamic languages and they should have thought about it harder. I also question the rationality behind following Rails, as Rails naivete has caused almost as many embarrassing security vulnerabilities as PHP. Thought SQL injection was dead? Rails resurrected it [1]. Ruby and Python programmers have to write gazillions of unit tests to verify the most trivial properties because their compiler does not (and cannot) do this for them. When I take the time to write a program that type-checks in C#, I don't want to have to write tests for things that the compiler should have been able to verify for me. But when I use MVC or Web API, I suddenly have to because of all the unverified, weakly-typed magic in these frameworks. I want my typos to cause compiler errors, not security vulnerabilities. The benefits of coding in a statically-typed language like C# are being eroded by this assault of "dynamic magic" frameworks. Nevertheless, MVC is still an enormous improvement over Web Forms. But like Greg, I am less impressed by Web API. [end rant] [1] http://arstechnica.com/business/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby/ -- Thomas Koster
