Things Every ASP.NET Developer Should Know Robert Boedigheimer.

Download Things Every ASP.NET Developer Should Know Robert Boedigheimer.

Post on 14-Dec-2015

212 views

Category:

Documents

0 download

TRANSCRIPT

  • Slide 1

Things Every ASP.NET Developer Should Know Robert Boedigheimer Slide 2 About Me MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD.NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP http://aspadvice.com/blogs/robertb/ robertb@aspalliance.com Slide 3 Agenda Tools/IIS Fiddler Network Monitor IIS Logs, LogParser IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites ASP.NET Tracing Configuration Application_Error( ) Safe Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques Slide 4 HTTP Hypertext Transfer Protocol Protocol defined in RFC 2068 (Http 1.1), January 1997 Request/response paradigm Header and body http://www.ietf.org/rfc/rfc2068.txt Slide 5 Http Request GET http://localhost:99/default.aspx HTTP/1.1 Accept: */* Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1;.NET CLR 2.0.50727;.NET CLR 3.0.04506;.NET CLR 1.1.4322; InfoPath.2;.NET CLR 3.5.21022) Host: localhost:99 Proxy-Connection: Keep-Alive Pragma: no-cache Slide 6 Http Response HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Sun, 07 Mar 2010 19:22:19 GMT Content-Length: 686 Home Page body {background-color:Green;} Home Slide 7 Fiddler Tracing tool specifically for HTTP Shows complete request and response (not packets) Can save archive of session Can be used on own machine (ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic! http://tinyurl.com/3drk5t Slide 8 Fiddler (Transfer Timeline) Slide 9 Microsoft Network Monitor General network tracing tool for many protocols Hooks into network adapters See network frames at multiple levels Apply filters for specific protocols, IP addresses, etc http://tinyurl.com/cozr3b Slide 10 IIS Log Files Time Taken (execute, queue, and time to client IIS 7/6) Sub-status codes are very useful for indicating the exact problems Log entries are made AFTER the page execution is complete Log file entries are always in GMT Setup cookie, referrer, bytes sent Slide 11 IIS Log File Configuration Slide 12 Log Parser Utility to query IIS log files, event logs, etc Query syntax nearly identical to SQL Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc) ASP.NET Response.AppendToLog( ) http://tinyurl.com/5uoxz Slide 13 Microsoft IE Developer Toolbar Included in IE 8 See what styles are applied to elements Script debugging, profiling Resize the browser to various resolutions Disable script, CSS Links to validator for HTML, CSS, accessibility http://tinyurl.com/8rwb8 (IE 7) Slide 14 HTTP Compression Server evaluates the Accept-Encoding header for request, compresses resulting response largeGridView.aspx - 41 frames down to 7 Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized Used 53% less bandwidth, ~25% faster Keynote measurements Now use IIS Compression (free) Slide 15 HTTP Compression (cont) IIS 7 Can control when to stop using if CPU usage is too high Minimum default file size is 256K Only static compression is on by default Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w Slide 16 Content Expirations Client asks if-modified-since Small content files it is just as expensive to see if modified as to receive content Setup expiration times for content folders Avoid requests for files that seldom change (.js,.css, images, etc) Rename the file if need to override browser caching Slide 17 Content Expirations (cont) Slide 18 Ajax Minifier Microsoft Ajax Minifier (Codeplex.com) Minimize CSS and JavaScript files Remove whitespace, comments, excessive semicolons, etc Command line,.dll, and build tasks jQuery-1.4.2.js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #) Slide 19 ETags Used for cache validation IIS sends the ETag header in response for static files hash:changeNumber IIS 6 changeNumber specific to server Set to 0 with Metabase Explorer, http://tinyurl.com/2agsbtc http://tinyurl.com/2agsbtc IIS 7 changeNumber - 0 by default Completely remove header with HttpModule Slide 20 CSS Sprites Combine small images into a single image Use CSS to index into the larger image Often 70-95% of time taken for a user is time requesting components (images,.css,.js) Reduce the number of requests http://spritegen.website- performance.org/ Slide 21 Tracing Setup ASP.NET to save information about recent requests /Trace.axd Slide 22 Configuration (machine.config only) External config files (no restart) Slide 23 Global.asax Application_Error( ) Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged \HKLM\System\CurrentControlSet\Ser vices\EventLog\Application and add key for source Use to redirect to a down page Slide 24 Safe Functions Production problems with Object Reference Not Set Caused by a reference type with null value Often difficult to pinpoint cause Coding more safely is viewed as too much work (hurts productivity) Goal is to keep code concise yet get better diagnostics Slide 25 Page Control Tree ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree Can view the tree using trace.axd Released after the response is created for the client Recursive generic processing Slide 26 Validation Controls OWASP Top 10 XSS (Cross Site Scripting) SQL Injection All input from web controls needs to be verified Leverage client validation for user experience but must validate on the server Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator Slide 27 Caching Data caching (Cache), cut 50% of our SQL queries which was 72,080,000 less queries each month! Substitution Output caching (shared) Dont cache page (set specific cache ability) Response.Cache.SetCacheability(System.We b.HttpCacheability.NoCache); Slide 28 Session and Timeouts Cookie sent after initial request, uses to lookup the information, gets all session data EnableSessionState None (module does not need to retrieve), ReadOnly (inProcess still modified) Timeout detection code http://aspalliance.com/520 Slide 29 Adapters Provide an alternative rendering or behavior for controls or pages Originally designed to facilitate development of mobile web sites Wanted one set of controls that would render appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1 Browser capabilities moved out to.browser files Visual Studio designer does not display alternate rendering Modify without altering existing code http://www.asp.net/CSSAdapters/ Slide 30 Miscellaneous ASP.NET Request.SaveAs( ) Context.Items Response.AppendToLog( ) App_offline.htm Slide 31 Techniques Prototype designs Feedback before deep into design/implementation Determine if riskier areas work Take it out of the page and try in isolated area (MUCH easier to debug!) Stub web service methods for data Slide 32 Useful Sites HTML Validation (http://validator.w3.org/) CSS Validation (http://jigsaw.w3.org/css-validator/) W3C (http://www.w3.org/) www.asp.net (Learn tab -> videos) www.iis.net www.aspalliance.com Slide 33 Summary Understand how HTTP works Learn about IIS Use compression and expirations Leverage tools to debug and understand how things work (solve many of your own problems) Utilize more ASP.NET techniques Slide 34 Questions http://aspadvice.com/blogs/robertb/ robertb@aspalliance.com