I was professionally evaluated, and here's what I need to learn...

[ahmedyarub]

MAIN PART
I had an interview for an online C#, MVC and Web API programming job and they gave me a good evaluation for the test project but I still couldn't score high enough to beat the competitors. I hope that you can help me finding solutions for these problems, which although I'm pretty sure that I do know how to solve, the interviewers are very picky and there are thousands of applicants for this position so they want solutions tailored to huge enterprise applications. I prefer solutions that don't depend on external tools as the point behind this test is demonstrating my software engineering and coding skills. Here is what they didn't like with my comments:

• No Exception Handling

I didn't add that simply because I was exhausted and I didn't think that it would be required for such kind of project. I'm pretty sure that they want something more advanced than a simply try/catch.

• Modularity

I've separated the application into individual classes according to their use. Although the use of design patterns and their implementation was praised by the reviewer, I'm still lacking in "modularity". Is it enough to just separate the classes into separate projects while lowering the dependencies and coupling among classes?

• More code comments required

Of course I know how to do that, but I hope that you can give me some standards for commenting MVC/Web API projects.

• Inline Javascript

I'm thinking of putting the Javascript code into separate .js files in MVC views. Can you give me a solution that is clean and looks more professional?

• More layering required

This one I really don't know how to solve! Please see my description for the whole application below.

• Not enough unit test coverage

I'm collecting some essential unit tests for databases, MVC controllers, MVC views, and Web API. If you have anything to add here, please don't hesitate.

• User passwords were not encrypted

I did that because they simply gave me a script that creates the database, and the password was not encrypted. I don't really know whether I should create my own tables with encrypted passwords and then create an importing script, what would you do if you were in my place?

• Coding skills could be better

I had a face-to-face interview, where I was asked to extend the project with some simple MVC controller and view. Unfortunately, I've been working for the past 3 months exclusively on PHP so I had to use a book to remember the most basic tasks. I think I can solve this problem easily by studying the PRO ASP .NET MVC 5 book slowly and applying everything by hand.
The test project was for a simple CRUD application which assigns tasks to users. The work is done by a Web API service and an accompanying MVC application is used to connect the user to the Web API service. I've created interfaces for a repository and implemented one that uses a NoSql database. I have 3 months to study and apply again to the same position.
END OF MAIN PART
FAQ:
1- Why do you accept such harsh requirements for a rather low salary?
I live in a poor country which I really like and I'll never leave. I can easily make good salary here but this job is giving me 3 times what I earn here working from the house!!
2- Why do you keep on applying for this position?
It's simply because I found their evaluation very professional. First time I applied for a C++ position with similar requirements, I had so much trouble implementing the required functions because I'm not that professional in C++, so I didn't have enough time to write code for anything beyond the basics. Their evaluation for me was terrible, but it revealed to me so many things that I was missing in my programming style which I could apply even to my C# code (which I'm very comfortable coding with). The second time, I was praised for more than 16 points (including all the points that they complained about in the first interview), and I went to the last interview which went pretty well. Unfortunately, I didn't score high enough to get the job. However, this journey has taught me so much about what I'm missing as a programmer and it even made my current clients happier due to added extensibility and flexibility of code.
3- What's your programming background?
I have 14 years experience in programming in many programming languages (Java, C++, C#, PHP, Basic, etc...) making many types of applications (ERP, utility software, educational software, hardware drivers, statistical applications, robotic applications, etc...). Unfortunately, I was mostly self-taught so I've mostly concentrated on the functional part of coding, without any regard to the program structure, flexibility, extensibility, or readability of code. But since my first interview with this company, I've solved many of these problems.
4- What's the name of the company?
I can't tell you that, sorry. And if you know it, please don't mention it here as it might affect my chances for getting the job in the near future.
5- Why don't you get an easier job instead of wasting your time?
In fact, I do have a job! I'm working from the house for multiple online clients mostly for C# based client applications and PHP based server applications. There are two factors pushing me to study and apply again for these jobs: finding what I'm missing and tackling it, and the fact that my current clients are kinda "dirty" and I prefer working with professionals.

 

[jmcilhinney]

Some of what you're asking for can't really be provided without knowing more about the project requirements and implementation and, to be honest, I'm not really interested in going into that much detail for more than a small section at a time. I'll provide some general information though.

No Exception Handling: You should provide appropriate exception handling throughout the application, i.e. provide it where it's appropriate but don't overdo it, but you should also have a global exception handler, so that even the exceptions you didn't anticipate will be handled in some way. Exactly how you implement a global exception handler depends on the version of MVC you're targeting.

Modularity: In the MVC projects that we put out from my office, our solutions contain a large number of projects. We have individual projects for: EF model, repositories and unit of work, service classes, web service (mostly WCF in our case but we're looking at Web API in future), DTOs, web site. We also use an IoC container and a tool for mapping between entities DTOs and between DTOs and view models.

More code comments required: Well-written code should be pretty much self-documenting as far as WHAT it is doing. There may be times where you need comments for a long LINQ query or the like though. Where comments are critical is to explain WHY the code is doing what it's doing. So many time I read that others or even myself have written and it's perfectly clear what the code is doing but I haven't the foggiest why it needs to be done or why it's been implemented the way it has. You can never have too many comments of that kind because what seems obvious when you're writing code is more often not so obvious to anyone else or even you soon after.

Inline Javascript: We have one or more JS files for common functions but anything that is specific to a view goes in that view. We tend to have a partial view dedicated to the script for a view and that gets loaded via a section in the main view. This goes for full and partial views, e.g. we may have an Index view and an IndexScript partial view to go with it and an _Edit partial view with an _EditScript partial view.

More layering required: I think that this is closely related to the modularity information I provided.

User passwords were not encrypted: If that's talking about user records in the database then you should probably look at hashing the passwords. ASP.NET Identity does that by default. If you're not familiar with the process, when a user registers and provides a password, that password is hashed and the result stored in the database. Generally you would generate a random salt and store that too, so that the same password for multiple users will still generate different hashes. The salt can be stored separately or concatenated to the hashed password. When a user logs in and provides a password, the user name is first used to get the corresponding hashed password and salt from the database. The salt is then used to hash the password used to log in and the result compared to the has in the database. If they match then the user is authenticated. A strength of this system is that the original password cannot be determined from the hash stored in the database.

 

[ahmedyarub]

Thank you for the tips I found them so helpful