Book Review: ASP.NET 3.5 Content Management System Development by Curt Christianson and Jeff Cochran

The book starts off with a gentle introduction on acquiring and installing Visual Web Developer Express 2008 and IIS targeting Windows XP and Vista. You'll also see how to get and use the FCKEditor, a free and open source Rich Text Editor. In the first chapter you'll build a simple CMS page that writes content to a file. The main purpose of this "CMS" is to show its shortcomings and to demonstrate what's needed to build a more flexible and maintainable CMS.

In Chapter 2 you learn how to install and SQL Server 2005 Express and how to create the database that is used for the sample application: SimpleCMS.

The third chapter guides you through the design of a CMS. You'll learn more about a multi-tier architecture (which, as discussed in the book should really be a multi-layer architecture but the authors freely mix the terms tiers and layers as if they were the same). The authors discuss the data access layer (using Typed DataSets), the business logic layer and the presentation layer using Web Forms and Master Pages.

Chapter 4 deals with security and shows you how to use ASP.NET Membership and Role providers to build a security system that enables you to control who can access the site and post content. It has some good information on setting up your database for membership and roles using the aspnet_regsql tool.

With the CMS foundation done, Chapter 5 digs into building the Articles Module; a sub system that enables you to publish and display the content on the web site. It also shows you how to use membership and roles to protect your pages from unauthorized access (more on that later).

Chapter 6 deals with presentation and shows you how to build your pages, using ASP.NET concepts like Master Pages, Themes and Menus.

In Chapter 7 you see how to create galleries that allow you to upload pictures and documents and how to develop a simple, yet effective RSS feed.

Chapter 8 shows you how to build a (reusable) Site Settings section that lets you control things like the name of the site, the main logo image and the active theme. In addition you see how to build a simple on-line user management section which is very useful in a site like this as you cannot use the Web Site Administration Tool that ships with Visual Web Developer on a production site.

The final chapter shows you a number of enhancements to the site, including the use of Base Pages, error handling and upsizing to a commercial version of SQL Server.

While the topics discussed in this book could result in a great book on ASP.NET 3.5 and Content Management Systems I think this book suffers from a number of issues which can broadly be categorized in the following three topics:

1. Target Audience
2. Use of ASP.NET 3.5 Technology
3. Promoting Best Practices

Target Audience

The introduction of the book states that it's "for beginning to intermediate ASP.NET users, who have managed to learn Visual Web Developer and want to take on their first real world application". However, I am not so sure about the actual target audience. For true beginners, the book takes too many short cuts, leaving out important background and explanations. For intermediate developers, the topics discussed may be too simple and shallow and thus not represent a "real world application". Numerous times the book says that "it's keeping things simple" to make things easy to understand, but in my opinion it's often too simple so you end up learning a little bit about a specific topic but not enough to make good use of it. For example, if you really want to publish content using a CMS, there's a fair chance you want to categorize your articles, or maybe you want to filter content lists based on the month of the year. Both are quite common features in many blog sites. I don't think that a beginning programmer will be able to build a category system based on the information provided in this book.

Use of ASP.NET 3.5 Technology

Although the book is titled "ASP.NET 3.5 CMS Development" there is not a single piece of new ASP.NET 3.5 technology anywhere to be found in book and the sample application. I tried downgrading the application to ASP.NET 2.0 using Visual Web Developer and it ran without an issue. I think this is the greatest omission in the book. The book should really be titled "ASP.NET 2.0 CMS Development". There is no LINQ to Objects, no LINQ to DataSet, no LINQ to SQL or ADO.NET Entities Framework (which would have been a great replacement for the older Typed DataSets technology), no AJAX, and no use of any new controls like the ListView. It feels like this book was written for .NET 2.0, got delayed and then got a new cover stating it can be used for .NET 3.5 as well. Surely this works as .NET 3.5 is backwards compatible but in my opinion it's a big disappointment that a book which claims to deal with ASP.NET 3.5 does not discuss a single new feature of that framework.

Promoting Best Practices

Although I understand this book targets beginning developers I feel it's taking too many short cuts and bad coding principles, giving new developers a not so great start in developing real world applications. I won't go into all of them, but just highlight a few that caught my attention:

• Typed DataSets versus technologies like LINQ to SQL or the ADO.NET Entities Framework - Why were Typed DataSets chosen? They were great and useful in the .NET 1.x world, but I think much better alternatives are available today. LINQ to SQL would have been an excellent candidate for the Data Access Layer. It's relatively easy to understand for beginners (maybe even easier than Typed DataSets) and offers an easy to work with, clean object model for all your data access. Page 10 of the book says that LINQ to SQL will be used for a portion of the application but I haven't been able to find any reference to it afterward, not in the book and not in the accompanying source code.
• Security - The book uses the handy Membership and Role providers to handle stuff like account management, sign ups and roles. But when it comes down to applying that security, it all of a sudden uses custom, hand-written, .NET 1.1-like code, like this, found in AddArticle.aspx:
  

  If Not Page.User.Identity.IsAuthenticated Then
    Response.Redirect("login.aspx")
  Else
    If Not Page.User.IsInRole("Author") _
        AndAlso Not Page.User.IsInRole("Editor") _
        AndAlso Not Page.User.IsInRole("Administrator") Then
      ' User Does Not have Access
      Response.Redirect("default.aspx")
    End If
  End If

  Heuh? What's up with that? Why manually write (hardcoded) code that's difficult to see, understand and maintain when a simple location element in web.config does the trick?
  
  

  <location path="AddArticle.aspx">
    <system.web>
      <authorization>
        <allow roles="Editor,Administrator"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  

• Paging - The statistics tool of the site is a nice feature to see what pages in the site have been visited. However, the reporting page does not use server side paging at all. If you have a fairly busy site with, say 100 users a day visiting 5 pages each, you accumulate over 15,000 records a months; not something you want to display on a page using Select * from SiteStats and with paging in the GridView control. With LINQ to SQL or EF this would have been super easy to implement using Skip() and Take().
• Databases best practices - Why does the book use the older text and ntext data types and not the new nvarchar(max) type? Why does it check @@Error for database errors instead of using the newer (introduced in SQL Server 2005) Try / Catch blocks?
• Front end validation - Although the code uses some validation in the business layer, I wonder why there are no Validation controls used anywhere? They're great in providing quick feedback to users, helping them understand what to enter and how.
• No CSS - All styling is done through in-line .NET attributes which result in in-line styles. Why does the theme not deploy CSS (there is an empty .css file in the theme's folder but it's just not used)?
   

All in all, I cannot really recommend this book. It would have been a great book back in 2003 when .NET 1.x was still da bomb. Nowadays, with the many new features and enhancements that .NET 2.0 and .NET 3.5 have brought, it feels a bit limited and outdated. The book and the sample application are simply not taking advantage of the many new features that are available in .NET 3.5. On top of that, the book takes too many short cuts and keeps things way too simple to be really useful. I guess one of the authors summarizes it best at page 193: "However, if we want to make things easy on ourselves (and who doesn't want to).....". Exactly, too simple, and too many shortcuts.

Final score: 2 or maybe 2.5 stars out of 5. If you're somewhere between a beginner and an intermediate developer, you may find this book useful. Otherwise, there are better and more complete books available.