things every asp.net developer should know
DESCRIPTION
Things Every ASP.NET Developer Should Know. Robert Boedigheimer. About Me. MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP http://aspadvice.com/blogs/robertb/ - PowerPoint PPT PresentationTRANSCRIPT
Things Every ASP.NET Developer Should Know
Robert Boedigheimer
About Me MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP
http://aspadvice.com/blogs/robertb/ [email protected]
Agenda Tools/IIS
Fiddler Network Monitor IIS Logs, LogParser IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites
ASP.NET Tracing Configuration Application_Error( ) “Safe” Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques
HTTP Hypertext Transfer Protocol Protocol defined in RFC 2068
(Http 1.1), January 1997 Request/response paradigm Header and body
http://www.ietf.org/rfc/rfc2068.txt
Http RequestGET http://localhost:99/default.aspx HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: x86Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows
NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)
Host: localhost:99Proxy-Connection: Keep-AlivePragma: no-cache
Http ResponseHTTP/1.1 200 OKCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.0X-AspNet-Version: 2.0.50727X-Powered-By: ASP.NETDate: Sun, 07 Mar 2010 19:22:19 GMTContent-Length: 686
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" ><head><title>
Home Page</title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style></head><body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"><div><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /></div>
<div style="background-color:Blue"> <h3>Home</h3> </div> </form></body></html>
Fiddler Tracing tool specifically for HTTP Shows complete request and response
(not packets) Can save archive of session Can be used on own machine
(ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic!
http://tinyurl.com/3drk5t
Fiddler (Transfer Timeline)
Microsoft Network Monitor General network tracing tool for
many protocols Hooks into network adapters See network frames at multiple
levels Apply filters for specific
protocols, IP addresses, etc
http://tinyurl.com/cozr3b
IIS Log Files Time Taken (execute, queue, and
time to client – IIS 7/6) Sub-status codes are very useful
for indicating the exact problems Log entries are made AFTER the
page execution is complete Log file entries are always in
GMT Setup cookie, referrer, bytes sent
IIS Log File Configuration
Log Parser Utility to query IIS log files, event
logs, etc Query syntax nearly identical to
SQL Write series of queries for site
health (HTTP status, time taken, file sizes, down pages, orders, etc)
ASP.NET Response.AppendToLog( )
http://tinyurl.com/5uoxz
Microsoft IE Developer Toolbar
Included in IE 8 See what styles are applied to
elements Script debugging, profiling Resize the browser to various
resolutions Disable script, CSS Links to validator for HTML, CSS,
accessibility
http://tinyurl.com/8rwb8 (IE 7)
HTTP Compression Server evaluates the “Accept-Encoding”
header for request, compresses resulting response
largeGridView.aspx - 41 frames down to 7
Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized
Used 53% less bandwidth, ~25% faster Keynote measurements
Now use IIS Compression (free)
HTTP Compression (cont) IIS 7
Can control when to stop using if CPU usage is too high
Minimum default file size is 256K Only static compression is on by
default
Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w
Content Expirations Client asks “if-modified-since” Small content files it is just as
expensive to see if modified as to receive content
Setup expiration times for content folders
Avoid requests for files that seldom change (.js, .css, images, etc)
Rename the file if need to override browser caching
Content Expirations (cont)
Ajax Minifier Microsoft Ajax Minifier
(Codeplex.com) Minimize CSS and JavaScript files
Remove whitespace, comments, excessive semicolons, etc
Command line, .dll, and build tasks jQuery-1.4.2.js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #)
ETags Used for cache validation IIS sends the ETag header in response
for static files hash:changeNumber
IIS 6 changeNumber – specific to server Set to 0 with Metabase Explorer,
http://tinyurl.com/2agsbtc IIS 7
changeNumber - 0 by default Completely remove header with
HttpModule
CSS Sprites Combine small images into a single
image Use CSS to “index” into the larger image
Often 70-95% of time taken for a user is time requesting components (images, .css, .js)
Reduce the number of requests
http://spritegen.website-performance.org/
Tracing Setup ASP.NET to save
information about recent requests
<trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" />
/Trace.axd
Configuration <deployment
retail=”true” /> (machine.config only) <customErrors mode=”On” /> <compilation debug=”false” /> <tracing enabled=“false” />
External config files (no restart)
Global.asax Application_Error( ) Every ASP.NET web site should have
this coded to ensure that unhandled exceptions are caught and logged
\HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source
Use <customErrors mode=“On” /> to redirect to a down page
“Safe” Functions Production problems with “Object
Reference Not Set” Caused by a reference type with
null value Often difficult to pinpoint cause Coding more safely is viewed as
too much work (hurts productivity)
Goal is to keep code concise yet get better diagnostics
Page Control Tree ASP.NET creates objects for
controls used on the page (including literal content) and stores in a tree
Can view the tree using trace.axd
Released after the response is created for the client
Recursive generic processing
Validation Controls OWASP Top 10
XSS (Cross Site Scripting) SQL Injection
All input from web controls needs to be verified Leverage client validation for user experience
but must validate on the server
Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator
Caching Data caching (Cache), cut 50% of
our SQL queries which was 72,080,000 less queries each month!
Substitution Output caching (shared)
Don’t cache page (set specific cache ability)
Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
Session and Timeouts Cookie sent after initial request,
uses to lookup the information, gets all session data
EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified)
Timeout detection code http://aspalliance.com/520
Adapters Provide an alternative rendering or behavior for
controls or pages Originally designed to facilitate development of
mobile web sites Wanted one set of controls that would render
appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1
Browser capabilities moved out to .browser files Visual Studio designer does not display alternate
rendering
Modify without altering existing code
http://www.asp.net/CSSAdapters/
Miscellaneous ASP.NET Request.SaveAs( ) Context.Items Response.AppendToLog( ) App_offline.htm
Techniques Prototype designs
Feedback before deep into design/implementation
Determine if riskier areas work Take it out of the page and try in
isolated area (MUCH easier to debug!)
“Stub” web service methods for data
Useful Sites HTML Validation
(http://validator.w3.org/) CSS Validation
(http://jigsaw.w3.org/css-validator/)
W3C (http://www.w3.org/) www.asp.net (Learn tab ->
videos) www.iis.net www.aspalliance.com
Summary Understand how HTTP works Learn about IIS Use compression and expirations Leverage tools to debug and
understand how things work (solve many of your own problems)
Utilize more ASP.NET techniques
