Book Review: ASP.NET 3.5 Content Management System Development by Curt Christianson and Jeff Cochran

Since I work a lot with ASP.NET and work in the business of Content Management Systems in my job as Technical Director at Dynamicweb, I was immediately interested when I saw the book "ASP.NET 3.5 Content Management System Development" from Packt Publishing. So I ordered a review copy hoping for a great book on ASP.NET and CMS. Having read the book now, I am quite disappointed.

The book starts off with a gentle introduction on acquiring and installing Visual Web Developer Express 2008 and IIS targeting Windows XP and Vista. You'll also see how to get and use the FCKEditor, a free and open source Rich Text Editor. In the first chapter you'll build a simple CMS page that writes content to a file. The main purpose of this "CMS" is to show its shortcomings and to demonstrate what's needed to build a more flexible and maintainable CMS.

In Chapter 2 you learn how to install and SQL Server 2005 Express and how to create the database that is used for the sample application: SimpleCMS.

The third chapter guides you through the design of a CMS. You'll learn more about a multi-tier architecture (which, as discussed in the book should really be a multi-layer architecture but the authors freely mix the terms tiers and layers as if they were the same). The authors discuss the data access layer (using Typed DataSets), the business logic layer and the presentation layer using Web Forms and Master Pages.

Chapter 4 deals with security and shows you how to use ASP.NET Membership and Role providers to build a security system that enables you to control who can access the site and post content. It has some good information on setting up your database for membership and roles using the aspnet_regsql tool.

With the CMS foundation done, Chapter 5 digs into building the Articles Module; a sub system that enables you to publish and display the content on the web site. It also shows you how to use membership and roles to protect your pages from unauthorized access (more on that later).

Chapter 6 deals with presentation and shows you how to build your pages, using ASP.NET concepts like Master Pages, Themes and Menus.

In Chapter 7 you see how to create galleries that allow you to upload pictures and documents and how to develop a simple, yet effective RSS feed.

Chapter 8 shows you how to build a (reusable) Site Settings section that lets you control things like the name of the site, the main logo image and the active theme. In addition you see how to build a simple on-line user management section which is very useful in a site like this as you cannot use the Web Site Administration Tool that ships with Visual Web Developer on a production site.

The final chapter shows you a number of enhancements to the site, including the use of Base Pages, error handling and upsizing to a commercial version of SQL Server.

While the topics discussed in this book could result in a great book on ASP.NET 3.5 and Content Management Systems I think this book suffers from a number of issues which can broadly be categorized in the following three topics:

  1. Target Audience
  2. Use of ASP.NET 3.5 Technology
  3. Promoting Best Practices

Target Audience

The introduction of the book states that it's "for beginning to intermediate ASP.NET users, who have managed to learn Visual Web Developer and want to take on their first real world application". However, I am not so sure about the actual target audience. For true beginners, the book takes too many short cuts, leaving out important background and explanations. For intermediate developers, the topics discussed may be too simple and shallow and thus not represent a "real world application". Numerous times the book says that "it's keeping things simple" to make things easy to understand, but in my opinion it's often too simple so you end up learning a little bit about a specific topic but not enough to make good use of it. For example, if you really want to publish content using a CMS, there's a fair chance you want to categorize your articles, or maybe you want to filter content lists based on the month of the year. Both are quite common features in many blog sites. I don't think that a beginning programmer will be able to build a category system based on the information provided in this book.

Use of ASP.NET 3.5 Technology

Although the book is titled "ASP.NET 3.5 CMS Development" there is not a single piece of new ASP.NET 3.5 technology anywhere to be found in book and the sample application. I tried downgrading the application to ASP.NET 2.0 using Visual Web Developer and it ran without an issue. I think this is the greatest omission in the book. The book should really be titled "ASP.NET 2.0 CMS Development". There is no LINQ to Objects, no LINQ to DataSet, no LINQ to SQL or ADO.NET Entities Framework (which would have been a great replacement for the older Typed DataSets technology), no AJAX, and no use of any new controls like the ListView. It feels like this book was written for .NET 2.0, got delayed and then got a new cover stating it can be used for .NET 3.5 as well. Surely this works as .NET 3.5 is backwards compatible but in my opinion it's a big disappointment that a book which claims to deal with ASP.NET 3.5 does not discuss a single new feature of that framework.

Promoting Best Practices

Although I understand this book targets beginning developers I feel it's taking too many short cuts and bad coding principles, giving new developers a not so great start in developing real world applications. I won't go into all of them, but just highlight a few that caught my attention:

  • Typed DataSets versus technologies like LINQ to SQL or the ADO.NET Entities Framework - Why were Typed DataSets chosen? They were great and useful in the .NET 1.x world, but I think much better alternatives are available today. LINQ to SQL would have been an excellent candidate for the Data Access Layer. It's relatively easy to understand for beginners (maybe even easier than Typed DataSets) and offers an easy to work with, clean object model for all your data access. Page 10 of the book says that LINQ to SQL will be used for a portion of the application but I haven't been able to find any reference to it afterward, not in the book and not in the accompanying source code.
  • Security - The book uses the handy Membership and Role providers to handle stuff like account management, sign ups and roles. But when it comes down to applying that security, it all of a sudden uses custom, hand-written, .NET 1.1-like code, like this, found in AddArticle.aspx:
    If Not Page.User.Identity.IsAuthenticated Then
      Response.Redirect("login.aspx")
    Else
      If Not Page.User.IsInRole("Author") _
          AndAlso Not Page.User.IsInRole("Editor") _
          AndAlso Not Page.User.IsInRole("Administrator") Then
        ' User Does Not have Access
        Response.Redirect("default.aspx")
      End If
    End If
    Heuh? What's up with that? Why manually write (hardcoded) code that's difficult to see, understand and maintain when a simple location element in web.config does the trick?

    <location path="AddArticle.aspx">
      <system.web>
        <authorization>
          <allow roles="Editor,Administrator"/>
          <deny users="*"/>
        </authorization>
      </system.web>
    </location>
    
  • Paging - The statistics tool of the site is a nice feature to see what pages in the site have been visited. However, the reporting page does not use server side paging at all. If you have a fairly busy site with, say 100 users a day visiting 5 pages each, you accumulate over 15,000 records a months; not something you want to display on a page using Select * from SiteStats and with paging in the GridView control. With LINQ to SQL or EF this would have been super easy to implement using Skip() and Take().
  • Databases best practices - Why does the book use the older text and ntext data types and not the new nvarchar(max) type? Why does it check @@Error for database errors instead of using the newer (introduced in SQL Server 2005) Try / Catch blocks?
  • Front end validation - Although the code uses some validation in the business layer, I wonder why there are no Validation controls used anywhere? They're great in providing quick feedback to users, helping them understand what to enter and how.
  • No CSS - All styling is done through in-line .NET attributes which result in in-line styles. Why does the theme not deploy CSS (there is an empty .css file in the theme's folder but it's just not used)?
     

All in all, I cannot really recommend this book. It would have been a great book back in 2003 when .NET 1.x was still da bomb. Nowadays, with the many new features and enhancements that .NET 2.0 and .NET 3.5 have brought, it feels a bit limited and outdated. The book and the sample application are simply not taking advantage of the many new features that are available in .NET 3.5. On top of that, the book takes too many short cuts and keeps things way too simple to be really useful. I guess one of the authors summarizes it best at page 193: "However, if we want to make things easy on ourselves (and who doesn't want to).....". Exactly, too simple, and too many shortcuts.

Final score: 2 or maybe 2.5 stars out of 5. If you're somewhere between a beginner and an intermediate developer, you may find this book useful. Otherwise, there are better and more complete books available.


Where to Next?

Wonder where to go next? You can read existing comments below or you can post a comment yourself on this article .


Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.



Feedback by Other Visitors of Imar.Spaanjaars.Com

On Thursday, November 19, 2009 8:48:08 AM Jignesh said:
Hi Imar,

i am reading your articles and learning lots from it. I have read your idea about this book so can me suggest me good CMS book in asp.net

Thanks
On Friday, November 20, 2009 10:08:56 AM Imar Spaanjaars said:
Hi Jignesh,

Not for beginners, but "ASP.NET 2.0 Website Programming: Problem - Design - Solution" from Wrox is definitely worth checking out.

Cheers,

Imar
On Saturday, November 21, 2009 7:03:09 AM Jignesh said:
Hi Imar,

Thanks for your quick reply. Thanks for your suggestion and i will surely read this book " ASP.NET 2.0 Website Programming: Problem - Design - Solution ". I think its ISBN no: 0764584642 , author : Marco Bellinaso , i hope  this isbn and author's book only you have suggested and i am not making any mistake.

second thing i have one of your's book "About ASP.NET 2.0 Instant Results " and there is Special chapter for CMS (Chapter - 5) and i am reading it and getting good idea for CMS and i hope which book you suggested me will give me more idea on CMS  bcoz i want to make good CMS application.

Thanks

Jignesh
On Tuesday, January 26, 2010 2:25:15 PM Chris said:
I downloaded the code for this book because I was curious to see what you were talking about in your review. You are so on the money, I did not see one thing that could be called .net 3.5. I was somewhat surprised to open the DAL folder and see DataSets rather than a .dbml file and when I investigated further and saw that there was no Linq, well I lost interest in it there.

So kudos for the review, you were up front and honest in your words and I agree with you, save your money and skip this book, it's not work the 30+ dollars they're asking for.
On Tuesday, January 26, 2010 3:45:33 PM Imar Spaanjaars said:
Hi Chris,

On top of that I submitted over 20 errata entries four months ago. After many follow up e-mails to ask about the status, only three or four of them (some cheesy ones) were posted on their web site a few days ago. I am losing faith in Packt which is a shame as they used to create some good books....

Imar

Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the QuickDocId of the document.

For more information about the Talk Back feature, check out this news item.