Things Every ASP.NET Developer Should Know
Robert Boedigheimer
About
Me
MCPD ASP.NET Developer 3.5
MCPD
Web, Charter Member
MCSD .NET, Early Achiever
Web
developer since 1995
Columnist for
aspalliance.com
Wrox
Author
ASP.NET MVP
http://aspadvice.com/blogs/robertb/
robertb@aspalliance.com
Agenda
Tools/IIS
Fiddler
Network Monitor
IIS Logs,
LogParser
IE Developer Toolbar
HTTP Compression
Content Expirations
Ajax
Minifier
Etags
CSS Sprites
ASP.NET
Tracing
Configuration
Application_Error
( )
“Safe” Functions
Page Control Tree
Validation Controls
Caching
Session and Timeouts
Adapters
Techniques
HTTP
Hypertext Transfer Protocol
Protocol defined in
RFC 2068
(Http
1.1), January 1997
Request/response paradigm
Header and
body
http://www.ietf.org/rfc/rfc2068.txt
Http Request
GET http://localhost:99/default.aspx HTTP/1.1
Accept: */*
Accept
-
Language: en
-
us
UA
-
CPU: x86
Accept
-
Encoding:
gzip
, deflate
User
-
Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET
CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)
Host: localhost:99
Proxy
-
Connection: Keep
-
Alive
Pragma
: no
-
cache
Http Response
HTTP/1.1 200 OK
Cache
-
Control: private
Content
-
Type: text/html;
charset
=utf
-
8
Server: Microsoft
-
IIS/7.0
X
-
AspNet
-
Version: 2.0.50727
X
-
Powered
-
By: ASP.NET
Date: Sun, 07 Mar 2010 19:22:19 GMT
Content
-
Length: 686
<!DOCTYPE html PUBLIC "
-
//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1
-
transitional.dtd">
<html
xmlns
="http://www.w3.org/1999/xhtml" >
<head><title>
Home Page
</title><link type="text/
css
"
href
="Styles.css" />
<style type="text/
css
">
body {background
-
color:Green
;}
</style>
</head>
<body class="basic">
<form name="form1" method="post" action="default.aspx" id="form1">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" />
</div>
<div style="background
-
color:Blue
">
<h3>Home</h3>
</div>
</form>
</body>
</html>
Fiddler
Tracing tool specifically for HTTP
Shows complete request and response
(not packets)
Can save archive of session
Can be used on own machine
(ipv4.fiddler, ipv6.fiddler)
Can create own GET requests
Can decrypt SSL traffic!
http://tinyurl.com/3drk5t
Fiddler (Transfer Timeline)
Microsoft Network Monitor
General network tracing tool for many
protocols
Hooks into network adapters
See network frames at multiple levels
Apply filters for specific protocols, IP
addresses, etc
http://tinyurl.com/cozr3b
IIS Log Files
Time Taken (execute, queue, and
time to client
–
IIS 7/6)
Sub
-
status codes are very useful for
indicating the exact problems
Log entries are made AFTER the page
execution is complete
Log file entries are always in GMT
Setup cookie, referrer, bytes sent
IIS Log File Configuration
Log Parser
Utility to query IIS log files, event
logs, etc
Query syntax nearly identical to SQL
Write series of queries for site health
(HTTP status, time taken, file sizes,
down pages, orders, etc)
ASP.NET
Response.AppendToLog
( )
http://tinyurl.com/5uoxz
Microsoft IE Developer Toolbar
Included in IE 8
See what styles are applied to elements
Script debugging, profiling
Resize the browser to various
resolutions
Disable script, CSS
Links to
validator
for HTML, CSS,
accessibility
http://tinyurl.com/8rwb8 (IE 7)
HTTP Compression
Server evaluates the “Accept
-
Encoding”
header for request, compresses resulting
response
largeGridView.aspx
-
41 frames down to 7
Implemented in February 2003 when about
3% of Fortune 1000 web sites utilized
Used 53% less bandwidth, ~25% faster
Keynote measurements
Now use IIS Compression (free)
HTTP Compression (cont)
IIS 7
Can control when to stop using if CPU
usage is too high
Minimum default file size is 256K
Only static compression is on by default
Detailed article about enabling IIS 6
compression at
http://tinyurl.com/yjdo7w
Content Expirations
Client asks “if
-
modified
-
since”
Small content files it is just as expensive
to see if modified as to receive content
Setup expiration times for content
folders
Avoid requests for files that seldom
change (.
js
, .
css
, images, etc)
Rename the file if need to override
browser caching
Content Expirations (cont)
Ajax
Minifier
Microsoft Ajax
Minifier
(Codeplex.com)
Minimize CSS and JavaScript files
Remove whitespace, comments,
excessive semicolons, etc
Command line, .
dll
, and build tasks
jQuery
-
1.4.2.js minimized 55.5%
Test after minimize!
MSBuild
Extension Pack (version #)
ETags
Used for cache validation
IIS sends the
ETag
header in response
for
static
files
hash:changeNumber
IIS 6
changeNumber
–
specific to server
Set to 0 with
Metabase
Explorer,
http://tinyurl.com/2agsbtc
IIS 7
changeNumber
-
0 by default
Completely remove header with
HttpModule
CSS Sprites
Combine
small
images into a single
image
Use CSS to “index” into the larger image
Often 70
-
95% of time taken for a user is
time requesting components (images,
.
css
, .
js
)
Reduce the number of requests
http://spritegen.website
-
performance.org/
Tracing
Setup ASP.NET to save information
about recent requests
<trace enabled="true"
pageOutput
="false"
localOnly
="false"
requestLimit
="2"
mostRecent
="true" />
/Trace.axd
Configuration
<
deployment retail=”true”
/>
(
machine.config
only)
<
customErrors
mode=”On” />
<compilation debug=”false” />
<tracing enabled=“false” />
External
config
files (no restart)
Global.asax
Application_Error
( )
Every ASP.NET web site should have
this coded to ensure that unhandled
exceptions are caught and logged
\
HKLM
\
System
\
CurrentControlSet
\
Ser
vices
\
EventLog
\
Application and add
key for source
Use <
customErrors
mode=“On” /> to
redirect to a down page
“Safe” Functions
Production problems with “Object
Reference Not Set”
Caused by a reference type with null
value
Often difficult to pinpoint cause
Coding more safely is viewed as too
much work (hurts productivity)
Goal is to keep code concise yet get
better diagnostics
Page Control Tree
ASP.NET creates objects for controls
used on the page (including literal
content) and stores in a tree
Can view the tree using trace.axd
Released
after the response is
created for the client
Recursive generic processing
Validation Controls
OWASP Top 10
XSS (Cross Site Scripting)
SQL Injection
All input from web controls needs to be verified
Leverage client validation for user experience
but must validate on the server
Common
validators
RequiredFieldValidator
RangeValidator
RegularExpressionValidator
CompareValidator
CustomValidator
Caching
Data caching (Cache), cut 50% of our
SQL queries which was 72,080,000 less
queries each month!
Substitution
Output caching (shared)
Don’t cache page (set specific cache
ability)
Response.Cache.SetCacheability
(
System.We
b.HttpCacheability.NoCache
);
Session and Timeouts
Cookie sent after initial request, uses
to lookup the information, gets
all
session data
EnableSessionState
–
None (module
does not need to retrieve),
ReadOnly
(
inProcess
still modified)
Timeout detection code
http://aspalliance.com/520
Adapters
Provide an alternative rendering or behavior for
controls or pages
Originally designed to facilitate development of mobile
web sites
Wanted one set of controls that would render appropriately
based on the user agent device
Dropped after ASP.NET 2.0 Beta 1
Browser capabilities moved out to .browser files
Visual Studio designer does not display alternate
rendering
Modify without altering existing code
http://www.asp.net/CSSAdapters/
Miscellaneous ASP.NET
Request.SaveAs
( )
Context.Items
Response.AppendToLog
( )
App_offline.htm
Techniques
Prototype designs
Feedback before deep into
design/implementation
Determine if riskier areas work
Take it out of the page and try in
isolated area (MUCH easier to
debug!)
“Stub” web service methods for data
Useful Sites
HTML Validation
(http://validator.w3.org/)
CSS Validation
(http://jigsaw.w3.org/css
-
validator/)
W3C (http://www.w3.org/)
www.asp.net (Learn tab
-
> videos)
www.iis.net
www.aspalliance.com
Summary
Understand how HTTP works
Learn about IIS
Use compression and expirations
Leverage tools to debug and
understand how things work (solve
many of your own problems)
Utilize more ASP.NET techniques
Questions
http://aspadvice.com/blogs/robertb/
robertb@aspalliance.com
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο