Things Every ASP.NET Developer Should Know

chunkyscreechΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

79 εμφανίσεις


Things Every ASP.NET Developer Should Know


Robert Boedigheimer

About
Me


MCPD ASP.NET Developer 3.5


MCPD
Web, Charter Member


MCSD .NET, Early Achiever


Web
developer since 1995


Columnist for
aspalliance.com


Wrox

Author


ASP.NET MVP



http://aspadvice.com/blogs/robertb/


robertb@aspalliance.com

Agenda


Tools/IIS


Fiddler


Network Monitor


IIS Logs,
LogParser


IE Developer Toolbar


HTTP Compression


Content Expirations


Ajax
Minifier


Etags


CSS Sprites



ASP.NET


Tracing


Configuration


Application_Error
( )


“Safe” Functions


Page Control Tree


Validation Controls


Caching


Session and Timeouts


Adapters


Techniques





HTTP


Hypertext Transfer Protocol


Protocol defined in
RFC 2068
(Http
1.1), January 1997


Request/response paradigm


Header and
body



http://www.ietf.org/rfc/rfc2068.txt

Http Request

GET http://localhost:99/default.aspx HTTP/1.1

Accept: */*

Accept
-
Language: en
-
us

UA
-
CPU: x86

Accept
-
Encoding:
gzip
, deflate

User
-
Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET
CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)

Host: localhost:99

Proxy
-
Connection: Keep
-
Alive

Pragma
: no
-
cache

Http Response

HTTP/1.1 200 OK

Cache
-
Control: private

Content
-
Type: text/html;
charset
=utf
-
8

Server: Microsoft
-
IIS/7.0

X
-
AspNet
-
Version: 2.0.50727

X
-
Powered
-
By: ASP.NET

Date: Sun, 07 Mar 2010 19:22:19 GMT

Content
-
Length: 686



<!DOCTYPE html PUBLIC "
-
//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1
-
transitional.dtd">


<html
xmlns
="http://www.w3.org/1999/xhtml" >

<head><title>


Home Page

</title><link type="text/
css
"
href
="Styles.css" />


<style type="text/
css
">


body {background
-
color:Green
;}


</style>

</head>

<body class="basic">


<form name="form1" method="post" action="default.aspx" id="form1">

<div>

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" />

</div>



<div style="background
-
color:Blue
">


<h3>Home</h3>


</div>


</form>

</body>

</html>

Fiddler


Tracing tool specifically for HTTP


Shows complete request and response
(not packets)


Can save archive of session


Can be used on own machine
(ipv4.fiddler, ipv6.fiddler)


Can create own GET requests


Can decrypt SSL traffic!



http://tinyurl.com/3drk5t


Fiddler (Transfer Timeline)

Microsoft Network Monitor


General network tracing tool for many
protocols


Hooks into network adapters


See network frames at multiple levels


Apply filters for specific protocols, IP
addresses, etc



http://tinyurl.com/cozr3b


IIS Log Files


Time Taken (execute, queue, and
time to client


IIS 7/6)


Sub
-
status codes are very useful for
indicating the exact problems


Log entries are made AFTER the page
execution is complete


Log file entries are always in GMT


Setup cookie, referrer, bytes sent

IIS Log File Configuration

Log Parser


Utility to query IIS log files, event
logs, etc


Query syntax nearly identical to SQL


Write series of queries for site health
(HTTP status, time taken, file sizes,
down pages, orders, etc)


ASP.NET
Response.AppendToLog
( )



http://tinyurl.com/5uoxz




Microsoft IE Developer Toolbar


Included in IE 8


See what styles are applied to elements


Script debugging, profiling


Resize the browser to various
resolutions


Disable script, CSS


Links to
validator

for HTML, CSS,
accessibility



http://tinyurl.com/8rwb8 (IE 7)

HTTP Compression


Server evaluates the “Accept
-
Encoding”
header for request, compresses resulting
response



largeGridView.aspx
-

41 frames down to 7



Implemented in February 2003 when about
3% of Fortune 1000 web sites utilized


Used 53% less bandwidth, ~25% faster
Keynote measurements


Now use IIS Compression (free)

HTTP Compression (cont)


IIS 7


Can control when to stop using if CPU
usage is too high


Minimum default file size is 256K


Only static compression is on by default



Detailed article about enabling IIS 6
compression at
http://tinyurl.com/yjdo7w

Content Expirations


Client asks “if
-
modified
-
since”


Small content files it is just as expensive
to see if modified as to receive content



Setup expiration times for content
folders


Avoid requests for files that seldom
change (.
js
, .
css
, images, etc)


Rename the file if need to override
browser caching

Content Expirations (cont)

Ajax
Minifier


Microsoft Ajax
Minifier

(Codeplex.com)


Minimize CSS and JavaScript files


Remove whitespace, comments,
excessive semicolons, etc


Command line, .
dll
, and build tasks


jQuery
-
1.4.2.js minimized 55.5%


Test after minimize!


MSBuild

Extension Pack (version #)

ETags


Used for cache validation


IIS sends the
ETag

header in response
for
static

files


hash:changeNumber


IIS 6



changeNumber



specific to server


Set to 0 with
Metabase

Explorer,
http://tinyurl.com/2agsbtc


IIS 7


changeNumber

-

0 by default


Completely remove header with
HttpModule




CSS Sprites


Combine
small

images into a single
image


Use CSS to “index” into the larger image



Often 70
-
95% of time taken for a user is
time requesting components (images,
.
css
, .
js
)


Reduce the number of requests



http://spritegen.website
-
performance.org/

Tracing


Setup ASP.NET to save information
about recent requests



<trace enabled="true"
pageOutput
="false"
localOnly
="false"
requestLimit
="2"
mostRecent
="true" />



/Trace.axd

Configuration


<
deployment retail=”true”
/>
(
machine.config

only)


<
customErrors

mode=”On” />


<compilation debug=”false” />


<tracing enabled=“false” />



External
config

files (no restart)

Global.asax

Application_Error
( )


Every ASP.NET web site should have
this coded to ensure that unhandled
exceptions are caught and logged



\
HKLM
\
System
\
CurrentControlSet
\
Ser
vices
\
EventLog
\
Application and add
key for source


Use <
customErrors

mode=“On” /> to
redirect to a down page

“Safe” Functions


Production problems with “Object
Reference Not Set”


Caused by a reference type with null
value


Often difficult to pinpoint cause


Coding more safely is viewed as too
much work (hurts productivity)



Goal is to keep code concise yet get
better diagnostics


Page Control Tree


ASP.NET creates objects for controls
used on the page (including literal
content) and stores in a tree


Can view the tree using trace.axd


Released

after the response is
created for the client



Recursive generic processing

Validation Controls


OWASP Top 10


XSS (Cross Site Scripting)


SQL Injection


All input from web controls needs to be verified


Leverage client validation for user experience
but must validate on the server



Common
validators


RequiredFieldValidator


RangeValidator


RegularExpressionValidator


CompareValidator


CustomValidator

Caching


Data caching (Cache), cut 50% of our
SQL queries which was 72,080,000 less
queries each month!


Substitution


Output caching (shared)



Don’t cache page (set specific cache
ability)


Response.Cache.SetCacheability
(
System.We
b.HttpCacheability.NoCache
);


Session and Timeouts


Cookie sent after initial request, uses
to lookup the information, gets
all

session data


EnableSessionState



None (module
does not need to retrieve),
ReadOnly

(
inProcess

still modified)



Timeout detection code


http://aspalliance.com/520

Adapters


Provide an alternative rendering or behavior for
controls or pages


Originally designed to facilitate development of mobile
web sites


Wanted one set of controls that would render appropriately
based on the user agent device


Dropped after ASP.NET 2.0 Beta 1


Browser capabilities moved out to .browser files


Visual Studio designer does not display alternate
rendering



Modify without altering existing code



http://www.asp.net/CSSAdapters/

Miscellaneous ASP.NET


Request.SaveAs
( )


Context.Items


Response.AppendToLog
( )


App_offline.htm


Techniques


Prototype designs


Feedback before deep into
design/implementation


Determine if riskier areas work


Take it out of the page and try in
isolated area (MUCH easier to
debug!)


“Stub” web service methods for data

Useful Sites


HTML Validation
(http://validator.w3.org/)


CSS Validation
(http://jigsaw.w3.org/css
-
validator/)


W3C (http://www.w3.org/)


www.asp.net (Learn tab
-
> videos)


www.iis.net


www.aspalliance.com


Summary


Understand how HTTP works


Learn about IIS


Use compression and expirations


Leverage tools to debug and
understand how things work (solve
many of your own problems)


Utilize more ASP.NET techniques

Questions


http://aspadvice.com/blogs/robertb/


robertb@aspalliance.com