Ayende @ Rahien

My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:


+972 52-548-6969

, @ Q c

Posts: 6,125 | Comments: 45,488

filter by tags archive

Refactoring toward frictionless & odorless codeThe case for the view model

time to read 5 min | 814 words

Originally posted at 3/30/2011

Remember, we are running on an action scoped session, and this is the code that we run:

public class HomeController : SessionController
    public ActionResult Blog(int id)
        var blog = Session.Get<Blog>(id);

        return Json(blog, JsonRequestBehavior.AllowGet);

The error that we get is a problem when trying to serialize the Blog. Let us look again the the class diagram:


As you can see, we have a collection of Users, but it is lazily loaded. When the Json serializer (which I use instead of writing a view, since it makes my life easier) touches that property, it throws, because you cannot iterate on a lazily loaded collection when the session has already been closed.

One option that we have is to modify the code for Blog like so:

public class Blog
    public virtual int Id { get; set; }

    public virtual string Title { get; set; }

    public virtual string Subtitle { get; set; }

    public virtual bool AllowsComments { get; set; }

    public virtual DateTime CreatedAt { get; set; }

    public virtual ISet<User> Users { get; set; }

    public Blog()
        Users = new HashedSet<User>();

I don’t like it for several reasons. First, and least among them, serialization duties aren’t one of the responsibilities of the domain model. Next, and most important, is the problem that this approach is incredibly brittle. Imagine what would happen if we added a new lazily loaded property. Suddenly, unless we remembered to add [ScriptIgnore] we would break everything that tried to serialize a Blog instance.

I much rather use an approach that wouldn’t break if I breathed on it. Like the following:

public class HomeController : SessionController
    public ActionResult Blog(int id)
        var blog = Session.Get<Blog>(id);

        return Json(new
        }, JsonRequestBehavior.AllowGet);

By projecting the values out into a known format, we can save a lot of pain down the road.

But wait a second, this looks quite familiar, doesn’t it? This is the view model pattern, but we arrived at it through an unusual journey.

I don’t really care if you are using anonymous objects or named classes with something like AutoMapper, but I do think that a clear boundary make it easier to work with the application. And if you wonder why you need two models for the same data, the avoidance of accidental queries and the usage of the action scoped session is another motivator.

More posts in "Refactoring toward frictionless & odorless code" series:

  1. (12 Apr 2011) What about transactions?
  2. (11 Apr 2011) Getting rid of globals
  3. (10 Apr 2011) The case for the view model
  4. (09 Apr 2011) A broken home (controller)
  5. (08 Apr 2011) Limiting session scope
  6. (07 Apr 2011) Hiding global state
  7. (06 Apr 2011) The baseline



The other reason to do this is security. Imagine doing:

return Json(user, JsonRequestBehavior.AllowGet);

Say helo to the users credentials - I'm not saying it's something most would do but this could easilly be a mistake made by some new bod on the project. Or perhaps a slip in concentration - but the result is the users credentials getting serialized.

You want to control what gets sent down the wire and you want to minimise the risk of something bad happening.


Also the amount of work needed for separate view models is very low. I usually reuse them as input parameters in post methods.


I have to agree with wayne and I'll add that while performance (and bug-free software) is extremely important, security is more. lazy loading is only exposing a bigger problem with your architecture,.

Let's say lazy loading worked perfectly and was blazingly fast. You still have a major problem here, as you're not explicilty controlling what your application exposes to the outside world, you expose information that should never get out of your system.

So, it's true that there's a technical problem because of Lazy Loading, yet I wish you'd touch the bigger issue at hand. Looking at this in a OO sort of way, you're basically violating encapsulation.



have you tried in any of your application implicit solution, by replacing the data of JsonResult in an action filter? I mean using sth like Automapper or your own convention.

Ayende Rahien


Yuck, that sounds like a recipe for disaster, to tell you the truth.


The only problem I've found so far with this is that if you are using an IoC container, such as Windsor, you cannot inject classes into your controller that have a dependency on ISession, such as the Rhino Security services. The session isn't opened until after the controller is instantiated so it fails.

You could use a service locator pattern to get around that but that's quite an unpopular approach.

You could also change the Rhino Security services to have a dependency on some sort of ISession provider, what do yo think?



never tried solution like automapper but doesnt it take you back? i mean when you decide for something like viewmodel you are telling that you want to be explicit about what is going to be send.

the only problem you solve with implicit mapping is the lazyloading. in this article ayende is dealing only with the loading problem so it is appropriate to mention your way of mapping but in general you are getting exposed to all kind of aforementioned issues like security etc....



Even for trivial cases, when all but the proxy loaded data can be passed? I don't agree. Using convention by default, getting code explicit as you need to overwrite it (as you showed omitting Title property).


There's no security hole in conventional json serialization for cases where you know, you can go with it. Security checks and so on can be applied to the actions as well. If you write about sending some passwords, etc. - be explicit then.



yeah i was writing about credentials example mentioned by @wayne-o.



It'd be very unwise of me, advocating using implicit paradigm in all the cases ;-) What I meant, was rather sth like 20% coverage.

Comment preview

Comments have been closed on this topic.


  1. RavenDB 3.5 Whirlwind tour: I need to be free to explore my data - one day from now
  2. RavenDB 3.5 whirl wind tour: I'll have the 3+1 goodies to go, please - 4 days from now
  3. The design of RavenDB 4.0: Voron has a one track mind - 5 days from now
  4. RavenDB 3.5 whirl wind tour: Digging deep into the internals - 6 days from now
  5. The design of RavenDB 4.0: Separation of indexes and documents - 7 days from now

And 11 more posts are pending...

There are posts all the way to May 30, 2016


  1. The design of RavenDB 4.0 (14):
    05 May 2016 - Physically segregating collections
  2. RavenDB 3.5 whirl wind tour (14):
    04 May 2016 - I’ll find who is taking my I/O bandwidth and they SHALL pay
  3. Tasks for the new comer (2):
    15 Apr 2016 - Quartz.NET with RavenDB
  4. Code through the looking glass (5):
    18 Mar 2016 - And a linear search to rule them
  5. Find the bug (8):
    29 Feb 2016 - When you can't rely on your own identity
View all series


Main feed Feed Stats
Comments feed   Comments Feed Stats