Things Every ASP.NET Developer Should Know Robert Boedigheimer.

Things Every ASP.NET Developer Should Know

Robert Boedigheimer

About Me

MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP

http://aspadvice.com/blogs/robertb/ [email protected]

Agenda Tools/IIS

Fiddler Network Monitor IIS Logs, LogParser IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites

ASP.NET Tracing Configuration Application_Error( ) “Safe” Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques

HTTP Hypertext Transfer Protocol Protocol defined in RFC 2068

(Http 1.1), January 1997 Request/response paradigm Header and body

http://www.ietf.org/rfc/rfc2068.txt

Http RequestGET http://localhost:99/default.aspx HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: x86Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows

NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)

Host: localhost:99Proxy-Connection: Keep-AlivePragma: no-cache

Http ResponseHTTP/1.1 200 OKCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.0X-AspNet-Version: 2.0.50727X-Powered-By: ASP.NETDate: Sun, 07 Mar 2010 19:22:19 GMTContent-Length: 686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" ><head><title>

Home Page</title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style></head><body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"><div><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"

value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /></div>

<div style="background-color:Blue"> <h3>Home</h3> </div> </form></body></html>

Fiddler Tracing tool specifically for HTTP Shows complete request and

response (not packets) Can save archive of session Can be used on own machine

(ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic!

http://tinyurl.com/3drk5t

Fiddler (Transfer Timeline)

Microsoft Network Monitor General network tracing tool for

many protocols Hooks into network adapters See network frames at multiple

levels Apply filters for specific

protocols, IP addresses, etc

http://tinyurl.com/cozr3b

IIS Log Files

Time Taken (execute, queue, and time to client – IIS 7/6)

Sub-status codes are very useful for indicating the exact problems

Log entries are made AFTER the page execution is complete

Log file entries are always in GMT

Setup cookie, referrer, bytes sent

IIS Log File Configuration

Log Parser

Utility to query IIS log files, event logs, etc

Query syntax nearly identical to SQL

Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc)

ASP.NET Response.AppendToLog( )

http://tinyurl.com/5uoxz

Microsoft IE Developer Toolbar

Included in IE 8 See what styles are applied to

elements Script debugging, profiling Resize the browser to various

resolutions Disable script, CSS Links to validator for HTML, CSS,

accessibility

http://tinyurl.com/8rwb8 (IE 7)

HTTP Compression Server evaluates the “Accept-Encoding”

header for request, compresses resulting response

largeGridView.aspx - 41 frames down to 7

Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized

Used 53% less bandwidth, ~25% faster Keynote measurements

Now use IIS Compression (free)

HTTP Compression (cont)

IIS 7 Can control when to stop using if

CPU usage is too high Minimum default file size is 256K Only static compression is on by

default

Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w

Content Expirations Client asks “if-modified-since” Small content files it is just as

expensive to see if modified as to receive content

Setup expiration times for content folders

Avoid requests for files that seldom change (.js, .css, images, etc)

Rename the file if need to override browser caching

Content Expirations (cont)

Ajax Minifier Microsoft Ajax Minifier

(Codeplex.com) Minimize CSS and JavaScript files

Remove whitespace, comments, excessive semicolons, etc

Command line, .dll, and build tasks jQuery-1.4.2.js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #)

ETags Used for cache validation IIS sends the ETag header in

response for static files hash:changeNumber

IIS 6 changeNumber – specific to server Set to 0 with Metabase Explorer,

http://tinyurl.com/2agsbtc IIS 7

changeNumber - 0 by default Completely remove header with

HttpModule

CSS Sprites Combine small images into a single

image Use CSS to “index” into the larger

image

Often 70-95% of time taken for a user is time requesting components (images, .css, .js)

Reduce the number of requests

http://spritegen.website-performance.org/

Tracing

Setup ASP.NET to save information about recent requests

<trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" />

/Trace.axd

Configuration

<deployment retail=”true” /> (machine.config only) <customErrors mode=”On” /> <compilation debug=”false” /> <tracing enabled=“false” />

External config files (no restart)

Global.asax Application_Error( )

Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged

\HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source

Use <customErrors mode=“On” /> to redirect to a down page

“Safe” Functions

Production problems with “Object Reference Not Set”

Caused by a reference type with null value

Often difficult to pinpoint cause Coding more safely is viewed as

too much work (hurts productivity)

Goal is to keep code concise yet get better diagnostics

Page Control Tree

ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree

Can view the tree using trace.axd

Released after the response is created for the client

Recursive generic processing

Validation Controls OWASP Top 10

XSS (Cross Site Scripting) SQL Injection

All input from web controls needs to be verified

Leverage client validation for user experience but must validate on the server

Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator

Caching Data caching (Cache), cut 50% of

our SQL queries which was 72,080,000 less queries each month!

Substitution Output caching (shared)

Don’t cache page (set specific cache ability)

Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);

Session and Timeouts

Cookie sent after initial request, uses to lookup the information, gets all session data

EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified)

Timeout detection code http://aspalliance.com/520

Adapters Provide an alternative rendering or behavior for

controls or pages Originally designed to facilitate development of

mobile web sites Wanted one set of controls that would render

appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1

Browser capabilities moved out to .browser files Visual Studio designer does not display alternate

rendering

Modify without altering existing code

http://www.asp.net/CSSAdapters/

Miscellaneous ASP.NET

Request.SaveAs( ) Context.Items Response.AppendToLog( ) App_offline.htm

Techniques

Prototype designs Feedback before deep into

design/implementation Determine if riskier areas work

Take it out of the page and try in isolated area (MUCH easier to debug!)

“Stub” web service methods for data

Useful Sites

HTML Validation (http://validator.w3.org/)

CSS Validation (http://jigsaw.w3.org/css-validator/)

W3C (http://www.w3.org/) www.asp.net (Learn tab ->

videos) www.iis.net www.aspalliance.com

Summary

Understand how HTTP works Learn about IIS Use compression and expirations Leverage tools to debug and

understand how things work (solve many of your own problems)

Utilize more ASP.NET techniques

Questions

http://aspadvice.com/blogs/robertb/

[email protected]