1 / 34

Things Every ASP.NET Developer Should Know

Things Every ASP.NET Developer Should Know. Robert Boedigheimer. About Me. MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP http://aspadvice.com/blogs/robertb/

salene
Download Presentation

Things Every ASP.NET Developer Should Know

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Things Every ASP.NET Developer Should Know Robert Boedigheimer

  2. About Me • MCPD ASP.NET Developer 3.5 • MCPD Web, Charter Member • MCSD .NET, Early Achiever • Web developer since 1995 • Columnist for aspalliance.com • Wrox Author • ASP.NET MVP • http://aspadvice.com/blogs/robertb/ • robertb@aspalliance.com

  3. Agenda • Tools/IIS • Fiddler • Network Monitor • IIS Logs, LogParser • IE Developer Toolbar • HTTP Compression • Content Expirations • Ajax Minifier • Etags • CSS Sprites • ASP.NET • Tracing • Configuration • Application_Error( ) • “Safe” Functions • Page Control Tree • Validation Controls • Caching • Session and Timeouts • Adapters • Techniques

  4. HTTP • Hypertext Transfer Protocol • Protocol defined in RFC 2068 (Http 1.1), January 1997 • Request/response paradigm • Header and body • http://www.ietf.org/rfc/rfc2068.txt

  5. Http Request GET http://localhost:99/default.aspx HTTP/1.1 Accept: */* Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022) Host: localhost:99 Proxy-Connection: Keep-Alive Pragma: no-cache

  6. Http Response HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Sun, 07 Mar 2010 19:22:19 GMT Content-Length: 686 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head><title> Home Page </title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style> </head> <body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /> </div> <div style="background-color:Blue"> <h3>Home</h3> </div> </form> </body> </html>

  7. Fiddler • Tracing tool specifically for HTTP • Shows complete request and response (not packets) • Can save archive of session • Can be used on own machine (ipv4.fiddler, ipv6.fiddler) • Can create own GET requests • Can decrypt SSL traffic! • http://tinyurl.com/3drk5t

  8. Fiddler (Transfer Timeline)

  9. Microsoft Network Monitor • General network tracing tool for many protocols • Hooks into network adapters • See network frames at multiple levels • Apply filters for specific protocols, IP addresses, etc • http://tinyurl.com/cozr3b

  10. IIS Log Files • Time Taken (execute, queue, and time to client – IIS 7/6) • Sub-status codes are very useful for indicating the exact problems • Log entries are made AFTER the page execution is complete • Log file entries are always in GMT • Setup cookie, referrer, bytes sent

  11. IIS Log File Configuration

  12. Log Parser • Utility to query IIS log files, event logs, etc • Query syntax nearly identical to SQL • Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc) • ASP.NET Response.AppendToLog( ) • http://tinyurl.com/5uoxz

  13. Microsoft IE Developer Toolbar • Included in IE 8 • See what styles are applied to elements • Script debugging, profiling • Resize the browser to various resolutions • Disable script, CSS • Links to validator for HTML, CSS, accessibility • http://tinyurl.com/8rwb8 (IE 7)

  14. HTTP Compression • Server evaluates the “Accept-Encoding” header for request, compresses resulting response • largeGridView.aspx - 41 frames down to 7 • Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized • Used 53% less bandwidth, ~25% faster Keynote measurements • Now use IIS Compression (free)

  15. HTTP Compression (cont) • IIS 7 • Can control when to stop using if CPU usage is too high • Minimum default file size is 256K • Only static compression is on by default • Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w

  16. Content Expirations • Client asks “if-modified-since” • Small content files it is just as expensive to see if modified as to receive content • Setup expiration times for content folders • Avoid requests for files that seldom change (.js, .css, images, etc) • Rename the file if need to override browser caching

  17. Content Expirations (cont)

  18. Ajax Minifier • Microsoft Ajax Minifier (Codeplex.com) • Minimize CSS and JavaScript files • Remove whitespace, comments, excessive semicolons, etc • Command line, .dll, and build tasks • jQuery-1.4.2.js minimized 55.5% • Test after minimize! • MSBuild Extension Pack (version #)

  19. ETags • Used for cache validation • IIS sends the ETag header in response for static files • hash:changeNumber • IIS 6 • changeNumber – specific to server • Set to 0 with Metabase Explorer, http://tinyurl.com/2agsbtc • IIS 7 • changeNumber - 0 by default • Completely remove header with HttpModule

  20. CSS Sprites • Combine small images into a single image • Use CSS to “index” into the larger image • Often 70-95% of time taken for a user is time requesting components (images, .css, .js) • Reduce the number of requests • http://spritegen.website-performance.org/

  21. Tracing • Setup ASP.NET to save information about recent requests • <trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" /> • /Trace.axd

  22. Configuration • <deployment retail=”true” /> (machine.config only) • <customErrors mode=”On” /> • <compilation debug=”false” /> • <tracing enabled=“false” /> • External config files (no restart)

  23. Global.asaxApplication_Error( ) • Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged • \HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source • Use <customErrors mode=“On” /> to redirect to a down page

  24. “Safe” Functions • Production problems with “Object Reference Not Set” • Caused by a reference type with null value • Often difficult to pinpoint cause • Coding more safely is viewed as too much work (hurts productivity) • Goal is to keep code concise yet get better diagnostics

  25. Page Control Tree • ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree • Can view the tree using trace.axd • Released after the response is created for the client • Recursive generic processing

  26. Validation Controls • OWASP Top 10 • XSS (Cross Site Scripting) • SQL Injection • All input from web controls needs to be verified • Leverage client validation for user experience but must validate on the server • Common validators • RequiredFieldValidator • RangeValidator • RegularExpressionValidator • CompareValidator • CustomValidator

  27. Caching • Data caching (Cache), cut 50% of our SQL queries which was 72,080,000 less queries each month! • Substitution • Output caching (shared) • Don’t cache page (set specific cache ability) • Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);

  28. Session and Timeouts • Cookie sent after initial request, uses to lookup the information, gets all session data • EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified) • Timeout detection code • http://aspalliance.com/520

  29. Adapters • Provide an alternative rendering or behavior for controls or pages • Originally designed to facilitate development of mobile web sites • Wanted one set of controls that would render appropriately based on the user agent device • Dropped after ASP.NET 2.0 Beta 1 • Browser capabilities moved out to .browser files • Visual Studio designer does not display alternate rendering • Modify without altering existing code • http://www.asp.net/CSSAdapters/

  30. Miscellaneous ASP.NET • Request.SaveAs( ) • Context.Items • Response.AppendToLog( ) • App_offline.htm

  31. Techniques • Prototype designs • Feedback before deep into design/implementation • Determine if riskier areas work • Take it out of the page and try in isolated area (MUCH easier to debug!) • “Stub” web service methods for data

  32. Useful Sites • HTML Validation (http://validator.w3.org/) • CSS Validation (http://jigsaw.w3.org/css-validator/) • W3C (http://www.w3.org/) • www.asp.net (Learn tab -> videos) • www.iis.net • www.aspalliance.com

  33. Summary • Understand how HTTP works • Learn about IIS • Use compression and expirations • Leverage tools to debug and understand how things work (solve many of your own problems) • Utilize more ASP.NET techniques

  34. Questions • http://aspadvice.com/blogs/robertb/ • robertb@aspalliance.com

More Related