ASP.NET v2 API's

Published 26 July 5 10:12 PM | GregLow

Just got back from an entertaining session by Charles Sterling at our MSDN user group. Chuck covered the membership and webpart management API's in ASP.NET v2.

While I really like how easy the ASP.NET team have made it to set up these tools, I really, really do not like the API's they've come up with. Unless I'm missing something, they are completely inconsistent with how things are “normally“ done in the .NET Framework. One of the biggest contributions the .NET Framework made was to clean up the mess of API's that were associated with Win32. Whey then do we want to mess with this?

First example: enumerations.

What's up with the following code?

WebPartManager1.DisplayMode = WebPartManager.EditDisplayMode

and

WebPartManager1.DisplayMode = WebPartManager.BrowseDisplayMode

Why isn't this a WebPartManagerDisplayMode enumeration with values like “Edit” and “Browse”, etc.? Surely the code should have been:

WebPartManager1.DisplayMode = WebPartManagerDisplayMode.Edit

and

WebPartManager1.DisplayMode = WebPartManagerDisplayMode.Browse

2nd example: lack of collection-based code

What's up with the following code:

Web.Security.Roles.AddUserToRole(someuser,somerole)

Why isn't it:

Web.Security.Roles(somerole).Users.Add(someuser)

and why don't we delete a user by:

Web.Security.Users(someuser).Delete

All the methods seem to ignore standard collection-based code.

3rd example: poor use of classes

Why is role a string and not a class? How on earth will they ever extend it if they need to? What if someone wants to build their own role object? Surely there should at least be either base classes or interfaces with names like IWebUser, IWebRole, etc.

4th example: poor integration with Active Directory and Code Access Security

The .NET Framework already has role based security that's integrated with Active Directory. Surely we should have at least been dealing with IPrincipal and/or IUser objects, etc.

5th example: inconsistent return types

Some of the methods return error values when they don't work, some return exceptions. There seems to be no clear structure to this. Also, why don't methods like CreateUser return a user object?

I have grown so used to being impressed by most things coming out of the ASP.NET group and their dynamic work. With this work, I'm seriously disappointed. I'd love to find out I've missed something.