340 likes | 514 Views
Things Every ASP.NET Developer Should Know. Robert Boedigheimer. About Me. MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP http://aspadvice.com/blogs/robertb/
E N D
Things Every ASP.NET Developer Should Know Robert Boedigheimer
About Me • MCPD ASP.NET Developer 3.5 • MCPD Web, Charter Member • MCSD .NET, Early Achiever • Web developer since 1995 • Columnist for aspalliance.com • Wrox Author • ASP.NET MVP • http://aspadvice.com/blogs/robertb/ • robertb@aspalliance.com
Agenda • Tools/IIS • Fiddler • Network Monitor • IIS Logs, LogParser • IE Developer Toolbar • HTTP Compression • Content Expirations • Ajax Minifier • Etags • CSS Sprites • ASP.NET • Tracing • Configuration • Application_Error( ) • “Safe” Functions • Page Control Tree • Validation Controls • Caching • Session and Timeouts • Adapters • Techniques
HTTP • Hypertext Transfer Protocol • Protocol defined in RFC 2068 (Http 1.1), January 1997 • Request/response paradigm • Header and body • http://www.ietf.org/rfc/rfc2068.txt
Http Request GET http://localhost:99/default.aspx HTTP/1.1 Accept: */* Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022) Host: localhost:99 Proxy-Connection: Keep-Alive Pragma: no-cache
Http Response HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Sun, 07 Mar 2010 19:22:19 GMT Content-Length: 686 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head><title> Home Page </title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style> </head> <body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /> </div> <div style="background-color:Blue"> <h3>Home</h3> </div> </form> </body> </html>
Fiddler • Tracing tool specifically for HTTP • Shows complete request and response (not packets) • Can save archive of session • Can be used on own machine (ipv4.fiddler, ipv6.fiddler) • Can create own GET requests • Can decrypt SSL traffic! • http://tinyurl.com/3drk5t
Microsoft Network Monitor • General network tracing tool for many protocols • Hooks into network adapters • See network frames at multiple levels • Apply filters for specific protocols, IP addresses, etc • http://tinyurl.com/cozr3b
IIS Log Files • Time Taken (execute, queue, and time to client – IIS 7/6) • Sub-status codes are very useful for indicating the exact problems • Log entries are made AFTER the page execution is complete • Log file entries are always in GMT • Setup cookie, referrer, bytes sent
Log Parser • Utility to query IIS log files, event logs, etc • Query syntax nearly identical to SQL • Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc) • ASP.NET Response.AppendToLog( ) • http://tinyurl.com/5uoxz
Microsoft IE Developer Toolbar • Included in IE 8 • See what styles are applied to elements • Script debugging, profiling • Resize the browser to various resolutions • Disable script, CSS • Links to validator for HTML, CSS, accessibility • http://tinyurl.com/8rwb8 (IE 7)
HTTP Compression • Server evaluates the “Accept-Encoding” header for request, compresses resulting response • largeGridView.aspx - 41 frames down to 7 • Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized • Used 53% less bandwidth, ~25% faster Keynote measurements • Now use IIS Compression (free)
HTTP Compression (cont) • IIS 7 • Can control when to stop using if CPU usage is too high • Minimum default file size is 256K • Only static compression is on by default • Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w
Content Expirations • Client asks “if-modified-since” • Small content files it is just as expensive to see if modified as to receive content • Setup expiration times for content folders • Avoid requests for files that seldom change (.js, .css, images, etc) • Rename the file if need to override browser caching
Ajax Minifier • Microsoft Ajax Minifier (Codeplex.com) • Minimize CSS and JavaScript files • Remove whitespace, comments, excessive semicolons, etc • Command line, .dll, and build tasks • jQuery-1.4.2.js minimized 55.5% • Test after minimize! • MSBuild Extension Pack (version #)
ETags • Used for cache validation • IIS sends the ETag header in response for static files • hash:changeNumber • IIS 6 • changeNumber – specific to server • Set to 0 with Metabase Explorer, http://tinyurl.com/2agsbtc • IIS 7 • changeNumber - 0 by default • Completely remove header with HttpModule
CSS Sprites • Combine small images into a single image • Use CSS to “index” into the larger image • Often 70-95% of time taken for a user is time requesting components (images, .css, .js) • Reduce the number of requests • http://spritegen.website-performance.org/
Tracing • Setup ASP.NET to save information about recent requests • <trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" /> • /Trace.axd
Configuration • <deployment retail=”true” /> (machine.config only) • <customErrors mode=”On” /> • <compilation debug=”false” /> • <tracing enabled=“false” /> • External config files (no restart)
Global.asaxApplication_Error( ) • Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged • \HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source • Use <customErrors mode=“On” /> to redirect to a down page
“Safe” Functions • Production problems with “Object Reference Not Set” • Caused by a reference type with null value • Often difficult to pinpoint cause • Coding more safely is viewed as too much work (hurts productivity) • Goal is to keep code concise yet get better diagnostics
Page Control Tree • ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree • Can view the tree using trace.axd • Released after the response is created for the client • Recursive generic processing
Validation Controls • OWASP Top 10 • XSS (Cross Site Scripting) • SQL Injection • All input from web controls needs to be verified • Leverage client validation for user experience but must validate on the server • Common validators • RequiredFieldValidator • RangeValidator • RegularExpressionValidator • CompareValidator • CustomValidator
Caching • Data caching (Cache), cut 50% of our SQL queries which was 72,080,000 less queries each month! • Substitution • Output caching (shared) • Don’t cache page (set specific cache ability) • Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
Session and Timeouts • Cookie sent after initial request, uses to lookup the information, gets all session data • EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified) • Timeout detection code • http://aspalliance.com/520
Adapters • Provide an alternative rendering or behavior for controls or pages • Originally designed to facilitate development of mobile web sites • Wanted one set of controls that would render appropriately based on the user agent device • Dropped after ASP.NET 2.0 Beta 1 • Browser capabilities moved out to .browser files • Visual Studio designer does not display alternate rendering • Modify without altering existing code • http://www.asp.net/CSSAdapters/
Miscellaneous ASP.NET • Request.SaveAs( ) • Context.Items • Response.AppendToLog( ) • App_offline.htm
Techniques • Prototype designs • Feedback before deep into design/implementation • Determine if riskier areas work • Take it out of the page and try in isolated area (MUCH easier to debug!) • “Stub” web service methods for data
Useful Sites • HTML Validation (http://validator.w3.org/) • CSS Validation (http://jigsaw.w3.org/css-validator/) • W3C (http://www.w3.org/) • www.asp.net (Learn tab -> videos) • www.iis.net • www.aspalliance.com
Summary • Understand how HTTP works • Learn about IIS • Use compression and expirations • Leverage tools to debug and understand how things work (solve many of your own problems) • Utilize more ASP.NET techniques
Questions • http://aspadvice.com/blogs/robertb/ • robertb@aspalliance.com