Things that Every ASP.NET

Developer should know

Darren Sim Microsoft MVP (ASP.NET / IIS)

Member, Microsoft Developer Guidance Web Advisory Council

Director, Singapore Software Quality Testing Board (SGTQB)

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

Fundamentals

• Internet is based on TCP/IP

• World Wide Web is based on HTTP

– HTTP based on Request/Response paradigm

– Header and body

– Stateless

– Specification @ http://www.ietf.org/rfc/rfc2068.txt

Http Request

GET http://localhost:99/default.aspx HTTP/1.1

Accept: */*

Accept-Language: en-us

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)

Host: localhost:99

Proxy-Connection: Keep-Alive

Pragma: no-cache

Http Response

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.0

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Date: Sun, 07 Mar 2010 19:22:19 GMT

Content-Length: 686

<head><title> Home Page </title></head>

<body class="basic">

<form name="form1" method="post" action="default.aspx" id="form1">

<div>

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"

value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" />

</div>

<div style="background-color:Blue">

<h3>Home</h3>

</div>

</form>

</body>

</html>

Header

Body

How we connect to the internet?

ISP

Kernel Mode

User Mode

IIS Architecture

Configuration

SvcHost.exe

WWW Publishing

Service (W3SVC)

Windows Process

Activation Service (WAS)

Application Pool

w3wp.exe

HTTP.sys

Configuration File

Root web.config

Applicationhost.config

Site web.config

<system.Web>

<system.webServer>

Application web.config

<system.Web>

<system.webServer>

Machine.config

*Web.config has a 100Kb file size limit.

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

Fiddler

• Tracing tool specifically for HTTP

• Shows complete request and response (not packets)

• Can save archive of session

• Can be used on own machine (ipv4.fiddler, ipv6.fiddler)

• Can create own GET requests

• Can decrypt SSL traffic!

Microsoft Network Monitor

• General network tracing tool for many protocols

• Hooks into network adapters

• See network frames at multiple levels

• Apply filters for specific protocols, IP addresses, etc

Free download at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-

4658-b7f6-3088333d062f&displaylang=en

IIS Log Files

• Time Taken (execute, queue, and time to client – IIS 7/6)

• Sub-status codes are very useful for indicating the exact problems

• Log entries are made AFTER the page execution is complete

• Log file entries are always in GMT

• Setup cookie, referrer, bytes sent

Log Parser

• Utility to query IIS log files, event logs, etc

• Query syntax nearly identical to SQL

• Write series of queries for site health (HTTP status, time taken, file

sizes, down pages, orders, etc)

• ASP.NET Response.AppendToLog( )

Download Log Parser at http://tinyurl.com/5uoxz

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

Performance Culprits

• HTTP requests are the biggest web performance killer

• Reduce Requests, massively improve performance

Problem Statement

Performance Culprits

• Combine all Javascript into one file

• Combine all CSS into one file

• Using MSAjax CDN instead of your own

Solution

Reduce & Avoid Requests

• Avoid Response.Redirect

– Invokes an extra client side HTTP Request

• Use Server.Transfer instead

Reduce Page Size

• The smaller the page, the quicker the download

• Especially important in these areas

– Mobile Applications (Windows Mobile, IPhone, 3G Data Card)

– Non Broadband Users

– Many offices have less capacity than broadband

– Developing Countries

Reduce Page Size

• Most Browsers support HTTP Compression

– GZIP & Deflate

– IE, Firefox etc

• Drastically reduces page size

• Steps

– Browser Passes Accept-Encoding in Request Header

– Data is compressed and sent to browser

– Browser decompresses html

• Only GET is compressed, POST IS NOT Compressed

HTTP Compression

• Server evaluates the “Accept-Encoding” header for request,

compresses resulting response

• largeGridView.aspx - 41 frames down to 7

• Implemented in February 2003 when about 3% of Fortune 1000 web

sites utilized

• Used 53% less bandwidth, ~25% faster Keynote measurements

• Now use IIS Compression (free)

HTTP Compression (cont…)

• IIS 7

– Can control when to stop using if CPU usage is too high

– Minimum default file size is 256K

– Only static compression is on by default

Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w

Content Expirations

• Client asks “if-modified-since”

• Small content files it is just as expensive to see if modified as to

receive content

• Setup expiration times for content folders

• Avoid requests for files that seldom change (.js, .css, images, etc)

• Rename the file if need to override browser caching

Ajax Minifier

• Microsoft Ajax Minifier (Codeplex.com)

• Minimize CSS and JavaScript files

– Remove whitespace, comments, excessive semicolons, etc

• Command line, .dll, and build tasks

• jQuery-1.4.2.js minimized 55.5%

• Test after minimize!

• MSBuild Extension Pack (version #)

ETags

• Used for cache validation

• IIS sends the ETag header in response for static files

– hash:changeNumber

• IIS 6

– changeNumber – specific to server

– Set to 0 with Metabase Explorer, http://tinyurl.com/2agsbtc

• IIS 7

– changeNumber - 0 by default

– Completely remove header with HttpModule

CSS Sprite

• Combine small images into a single image

• Use CSS to “index” into the larger image

• Often 70-95% of time taken for a user is time requesting components

(images, .css, .js)

• Reduce the number of requests

**Free CSS Sprite generator at http://spritegen.website-performance.org/

Tracing

• Setup ASP.NET to save information about recent requests

• <trace enabled="true" pageOutput="false" localOnly="false"

requestLimit="2" mostRecent="true" />

• /Trace.axd

Tracing (code)

Trace Outputs

Analysis of Trace Output

Error Page Configurations

• <deployment retail=”true” /> (machine.config only)

– <customErrors mode=”On” />

– <compilation debug=”false” />

– <tracing enabled=“false” />

• External config files (no restart)

Global.asax Application_Error( )

• Every ASP.NET web site should have this coded to ensure that

unhandled exceptions are caught and logged

• \HKLM\System\CurrentControlSet\Services\EventLog\Application and

add key for source

• Use <customErrors mode=“On” /> to redirect to a down page

Validation Controls

• OWASP Top 10

– XSS (Cross Site Scripting)

– SQL Injection

• All input from web controls needs to be verified

• Leverage client validation for user experience but must validate on the server

• Common validators

– RequiredFieldValidator

– RangeValidator

– RegularExpressionValidator

– CompareValidator

– CustomValidator

Caching

– Data caching (Cache), cut 50% of our SQL queries which was 72,080,000

less queries each month!

– Substitution

– Output caching (shared)

– Don’t cache page (set specific cache ability)

• Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);

Yahoo! A List Browsers

Win XP Win 7 Mac 10.6.† iOS 3.† iOS 4.† Android 2.2.†

Safari 5.† A-grade

Chrome † (latest stable)

A-grade

Firefox 4.† A-grade (upon GA

release) A-grade (upon GA

release)

Firefox 3.6.† A-grade A-grade A-grade

IE 9.0 A-grade (upon GA

release)

IE 8.0 A-grade A-grade

IE 7.0 A-grade

IE 6.0 A-grade

Safari for iOS A-grade A-grade

WebKit for Android OS

A-grade

Complete list available at http://developer.yahoo.com/yui/articles/gbs/

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

Reference Model to Guide Architecture Projects

Model for Web 2.0

Users

Client applications/runtimes

Connectivity/reachability

Services

Capabilities

Basic Service-Consumer Pattern

Capability

Service

Interface

Offered as

Consumed via

internet Client Applications

Provides View

Landscape leading to hybrid platforms

Web 2.0 Reference Architecture (basic)

Web 2.0 Reference Architecture (detailed)

Components of a pattern (basic)

Components of a pattern (detailed)

Patterns for Web 2.0

• The Service-Oriented Architecture Pattern

• The Software as a Service (SaaS) Pattern

• The Participation-Collaboration Pattern

• The Asynchronous Particle Update Pattern

• The Mashup Pattern

• The Rich User Experience Pattern

Patterns for Web 2.0 (cont…)

• The Synchronized Web Pattern

• The Collaborative Tagging Pattern

• The Declarative Living and Tag Gardening Pattern

• The Semantic Web Grounding Pattern

• The Persistent Rights Management (PRM) Pattern

• The Structured Information Pattern

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

AGENDA

HTTP and Web Server Fundamentals

Debugging and Analysis Tools

Development Techniques

Patterns & Practices

Resources & Readings

Performance Management http://www.sitepoint.com/books/aspnetant1/aspnetant1-sample.pdf

ASP.NET Developer Guidance Map

http://www.darrensim.com

itsme@darrensim.com http://www.facebook.com/darrensim http://www.twitter.com/darrensim