things every asp.net developer should know

Things Every ASP.NET Developer Should Know

Robert Boedigheimer

About Me MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP

http://aspadvice.com/blogs/robertb/ robertb@aspalliance.com

Agenda Tools/IIS

Fiddler Network Monitor IIS Logs, LogParser IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites

ASP.NET Tracing Configuration Application_Error( ) “Safe” Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques

HTTP Hypertext Transfer Protocol Protocol defined in RFC 2068

(Http 1.1), January 1997 Request/response paradigm Header and body

http://www.ietf.org/rfc/rfc2068.txt

Http RequestGET http://localhost:99/default.aspx HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: x86Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows

NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)

Host: localhost:99Proxy-Connection: Keep-AlivePragma: no-cache

Http ResponseHTTP/1.1 200 OKCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.0X-AspNet-Version: 2.0.50727X-Powered-By: ASP.NETDate: Sun, 07 Mar 2010 19:22:19 GMTContent-Length: 686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" ><head><title>

Home Page</title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style></head><body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"><div><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"

value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /></div>

<div style="background-color:Blue"> <h3>Home</h3> </div> </form></body></html>

Fiddler Tracing tool specifically for HTTP Shows complete request and response

(not packets) Can save archive of session Can be used on own machine

(ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic!

http://tinyurl.com/3drk5t

Fiddler (Transfer Timeline)

Microsoft Network Monitor General network tracing tool for

many protocols Hooks into network adapters See network frames at multiple

levels Apply filters for specific

protocols, IP addresses, etc

http://tinyurl.com/cozr3b

IIS Log Files Time Taken (execute, queue, and

time to client – IIS 7/6) Sub-status codes are very useful

for indicating the exact problems Log entries are made AFTER the

page execution is complete Log file entries are always in

GMT Setup cookie, referrer, bytes sent

IIS Log File Configuration

Log Parser Utility to query IIS log files, event

logs, etc Query syntax nearly identical to

SQL Write series of queries for site

health (HTTP status, time taken, file sizes, down pages, orders, etc)

ASP.NET Response.AppendToLog( )

http://tinyurl.com/5uoxz

Microsoft IE Developer Toolbar

Included in IE 8 See what styles are applied to

elements Script debugging, profiling Resize the browser to various

resolutions Disable script, CSS Links to validator for HTML, CSS,

accessibility

http://tinyurl.com/8rwb8 (IE 7)

HTTP Compression Server evaluates the “Accept-Encoding”

header for request, compresses resulting response

largeGridView.aspx - 41 frames down to 7

Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized

Used 53% less bandwidth, ~25% faster Keynote measurements

Now use IIS Compression (free)

HTTP Compression (cont) IIS 7

Can control when to stop using if CPU usage is too high

Minimum default file size is 256K Only static compression is on by

default

Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w

Content Expirations Client asks “if-modified-since” Small content files it is just as

expensive to see if modified as to receive content

Setup expiration times for content folders

Avoid requests for files that seldom change (.js, .css, images, etc)

Rename the file if need to override browser caching

Content Expirations (cont)

Ajax Minifier Microsoft Ajax Minifier

(Codeplex.com) Minimize CSS and JavaScript files

Remove whitespace, comments, excessive semicolons, etc

Command line, .dll, and build tasks jQuery-1.4.2.js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #)

ETags Used for cache validation IIS sends the ETag header in response

for static files hash:changeNumber

IIS 6 changeNumber – specific to server Set to 0 with Metabase Explorer,

http://tinyurl.com/2agsbtc IIS 7

changeNumber - 0 by default Completely remove header with

HttpModule

CSS Sprites Combine small images into a single

image Use CSS to “index” into the larger image

Often 70-95% of time taken for a user is time requesting components (images, .css, .js)

Reduce the number of requests

http://spritegen.website-performance.org/

Tracing Setup ASP.NET to save

information about recent requests

<trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" />

/Trace.axd

Configuration <deployment

retail=”true” /> (machine.config only) <customErrors mode=”On” /> <compilation debug=”false” /> <tracing enabled=“false” />

External config files (no restart)

Global.asax Application_Error( ) Every ASP.NET web site should have

this coded to ensure that unhandled exceptions are caught and logged

\HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source

Use <customErrors mode=“On” /> to redirect to a down page

“Safe” Functions Production problems with “Object

Reference Not Set” Caused by a reference type with

null value Often difficult to pinpoint cause Coding more safely is viewed as

too much work (hurts productivity)

Goal is to keep code concise yet get better diagnostics

Page Control Tree ASP.NET creates objects for

controls used on the page (including literal content) and stores in a tree

Can view the tree using trace.axd

Released after the response is created for the client

Recursive generic processing

Validation Controls OWASP Top 10

XSS (Cross Site Scripting) SQL Injection

All input from web controls needs to be verified Leverage client validation for user experience

but must validate on the server

Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator

Caching Data caching (Cache), cut 50% of

our SQL queries which was 72,080,000 less queries each month!

Substitution Output caching (shared)

Don’t cache page (set specific cache ability)

Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);

Session and Timeouts Cookie sent after initial request,

uses to lookup the information, gets all session data

EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified)

Timeout detection code http://aspalliance.com/520

Adapters Provide an alternative rendering or behavior for

controls or pages Originally designed to facilitate development of

mobile web sites Wanted one set of controls that would render

appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1

Browser capabilities moved out to .browser files Visual Studio designer does not display alternate

rendering

Modify without altering existing code

http://www.asp.net/CSSAdapters/

Miscellaneous ASP.NET Request.SaveAs( ) Context.Items Response.AppendToLog( ) App_offline.htm

Techniques Prototype designs

Feedback before deep into design/implementation

Determine if riskier areas work Take it out of the page and try in

isolated area (MUCH easier to debug!)

“Stub” web service methods for data

Useful Sites HTML Validation

(http://validator.w3.org/) CSS Validation

(http://jigsaw.w3.org/css-validator/)

W3C (http://www.w3.org/) www.asp.net (Learn tab ->

videos) www.iis.net www.aspalliance.com

Summary Understand how HTTP works Learn about IIS Use compression and expirations Leverage tools to debug and

understand how things work (solve many of your own problems)

Utilize more ASP.NET techniques

Questions http://aspadvice.com/blogs/

robertb/ robertb@aspalliance.com