6 kinds of code you should not have within your .NET controllers

“Your .NET controllers ought to be thin”

The ever-repeated comment with three metric a lot of baggage to withdraw.

Why ought to they be skinny? however will that profit you? What steps am i able to fancy get them thin if they aren’t already? however do I keep them that way?

All valid (and common) follow-up queries. I’ve mentioned a part of the why in some earlier articles, therefore during this article we have a tendency to area unit getting to take another angle.

To begin the method of distinctive the steps required to skinny out controllers, we want to know a number of the common ways in which they’ll become fat.

In my expertise, I’ve found via common forms of code that sneak into our controllers that ultimately would be higher suited elsewhere. This list isn’t comprehensive although, as I’m certain their area unit even additional.

Mapping information Transfer Objects (DTOs)

Because our controller’s area unit on the figurative front lines of the request pipeline, there’s typically a desire to make request and response objects if the wants of the request area unit additional sophisticated than merely victimisation universal resource locator arguments and HTTP standing code responses.

Any time you’ve got DTOs, you’ve additionally got a desire to map the values they hold to one thing additional useful sort of a domain entity.

You know, this sort of stuff:

This mapping logic is innocent enough, however, it quickly bloats the controller and adds further responsibility. Ideally, our controller’s single responsibility is just to delegate consecutive action at the extent of the HTTP request.

Obviously, we have a tendency to can’t have unhealthy input creating its method into the inner castle walls of our domain. Validation protects us from that, sometimes 1st on the consumer, once more} again on the server.


I like to treat controllers variety of like head chefs. they need assistants that prepare all the ingredients for them so that they will work their magic on the ultimate plating.

There area unit many ways in which you’ll created validators on the request pipeline in ASP.NET MVC in order that the controller will assume the request is valid and delegate consecutive action.

This type of code is unexcusable!

Rubbish! (spoken in an exceedingly Gordon Ramsay voice)

Business Logic

If you’ve got something business-related within the controller, you’ll doubtless write it once more elsewhere.

Sometimes there’s overlap with validation too. If your validation logic has rules that a business person would be deciding (rather than easy things like range ranges or things a string will be), you run the chance of getting to repeat that code.


Authorization is analogous to validation therein it’s a protecting barrier. instead of unhealthy requests creating it into the domain, authorization prevents unhealthy users from obtaining somewhere they’re not allowed.

Also like validation, ASP.NET offers some ways to disunite authorization (middleware and filters, for instance.)

If you’re checking properties on your User among the controller action to grant/block one thing, you might have some refactoring to try and do.

Error Handling

It burns, it BURNS!

This one is kind of broad, and generally handling exceptions should be wiped out the controller, however, I’ve found there’s nearly always a far better, additional localized place. And if there isn’t, you’ll cash in} of worldwide exception handling middleware to catch the most common errors and come back one thing consistent to your purchasers.

Going back to the pinnacle cook image, I prefer my head cook to not ought to worry that reasonably issue. allow them to do their single responsibility and assume somebody else can handle something suddenly.

Information Storage/Retrieval

Work like obtaining or saving entities employing a Repository typically finishes up within the controller to avoid wasting time. If the controller’s area unit simply CRUD endpoints, then hey, why the hell not.

I even have associate degree older article that shows controllers with this terribly attribute.

Rather than simply vocation this a foul behavior, i believe commenting an alternate method can highlight why this may bloat your controller’s unneccesarily.

First, viewing it from a style perspective (with attention on the one Responsibility Principle), if you’ve got objects that area unit designed for persistence being employed by your controllers, your controller’s area unit then have over one reason to vary.

Beyond basic CRUD, persistence logic within the controller could be a code smell for extra sprouts of logic that may be higher suited deeper down the chain.

This is wherever I prefer to use either some reasonably application service (behind associate degree interface) to handle the work or delegate to some reasonably CQRS command/query object.

That’s it!
Can you consider from now on types?