Presentation is loading. Please wait.

Presentation is loading. Please wait.

Things Every ASP.NET Developer Should Know

Similar presentations

Presentation on theme: "Things Every ASP.NET Developer Should Know"— Presentation transcript:

1 Things Every ASP.NET Developer Should Know
Robert Boedigheimer

2 About Me MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member
MCSD .NET, Early Achiever Web developer since 1995 Columnist for Wrox Author ASP.NET MVP

3 Agenda Tools/IIS ASP.NET Fiddler Network Monitor IIS Logs, LogParser
IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites ASP.NET Tracing Configuration Application_Error( ) “Safe” Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques

4 HTTP Hypertext Transfer Protocol
Protocol defined in RFC 2068 (Http 1.1), January 1997 Request/response paradigm Header and body

5 Http Request GET http://localhost:99/default.aspx HTTP/1.1 Accept: */*
Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR ; .NET CLR ; .NET CLR ; InfoPath.2; .NET CLR ) Host: localhost:99 Proxy-Connection: Keep-Alive Pragma: no-cache Multiple method types GET, POST (forms) User-Agent – client agent type (IE browser, version), disturbing that your .Net version is transmitted… Host – DNS name of web site (host headers for web site sharing)

6 Http Response HTTP/1.1 200 OK Cache-Control: private
Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: X-Powered-By: ASP.NET Date: Sun, 07 Mar :22:19 GMT Content-Length: 686 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ""> <html xmlns="" > <head><title> Home Page </title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style> </head> <body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /> </div> <div style="background-color:Blue"> <h3>Home</h3> </form> </body> </html> 200 – HTTP status Server – type and version of web server (possible to mask) Content-Type – MIME type of data, used by client to know how to interpret response contents Body that includes the specified content (of the given content type)

7 Fiddler Tracing tool specifically for HTTP
Shows complete request and response (not packets) Can save archive of session Can be used on own machine (ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic! Tool developed by Eric Lawrence of Microsoft Troubleshoot problems (404, 3rd party issues) Useful to archive off before and after for historical purposes

8 Fiddler (Transfer Timeline)
Great visual to demonstrate what takes time on page requests, which files are too big, that we have too many 80-90% of pages times today are due to components (CSS, js, images)

9 Microsoft Network Monitor
General network tracing tool for many protocols Hooks into network adapters See network frames at multiple levels Apply filters for specific protocols, IP addresses, etc

10 IIS Log Files Time Taken (execute, queue, and time to client – IIS 7/6) Sub-status codes are very useful for indicating the exact problems Log entries are made AFTER the page execution is complete Log file entries are always in GMT Setup cookie, referrer, bytes sent IIS 6 started using general status codes to “hide” what is actually going on… Need a sub-status code to get the exact details ( MIME type not defined, get a 404 (not found) if check it will be a which means the MIME type is not configured

11 IIS Log File Configuration

12 Log Parser Utility to query IIS log files, event logs, etc
Query syntax nearly identical to SQL Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc) ASP.NET Response.AppendToLog( ) Headers for “columns” are in the IIS log file itself Help with logParser.exe /? AppendToLog( ) – write out customer number or other id to help find records related to the user Also search by session id or client IP

13 Microsoft IE Developer Toolbar
Included in IE 8 See what styles are applied to elements Script debugging, profiling Resize the browser to various resolutions Disable script, CSS Links to validator for HTML, CSS, accessibility (IE 7) Know that anyone with IE 8 will have the tools (don’t need to install and get blamed for everything!)

14 HTTP Compression Server evaluates the “Accept-Encoding” header for request, compresses resulting response largeGridView.aspx - 41 frames down to 7 Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized Used 53% less bandwidth, ~25% faster Keynote measurements Now use IIS Compression (free)

15 HTTP Compression (cont)
IIS 7 Can control when to stop using if CPU usage is too high Minimum default file size is 256K Only static compression is on by default Detailed article about enabling IIS 6 compression at

16 Content Expirations Client asks “if-modified-since”
Small content files it is just as expensive to see if modified as to receive content Setup expiration times for content folders Avoid requests for files that seldom change (.js, .css, images, etc) Rename the file if need to override browser caching

17 Content Expirations (cont)

18 Ajax Minifier Microsoft Ajax Minifier (
Minimize CSS and JavaScript files Remove whitespace, comments, excessive semicolons, etc Command line, .dll, and build tasks jQuery js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #) C:\Program Files (x86)\Microsoft\Microsoft Ajax Minifier 4>ajaxmin c:\inetpub\wwwroot\thingsToKnow\js\jquery js -out jquery ajaxMin.js

19 ETags Used for cache validation
IIS sends the ETag header in response for static files hash:changeNumber IIS 6 changeNumber – specific to server Set to 0 with Metabase Explorer, IIS 7 changeNumber - 0 by default Completely remove header with HttpModule People suggested adding own header Etag with value “”, but this did not work on IIS 7

20 CSS Sprites Combine small images into a single image
Use CSS to “index” into the larger image Often 70-95% of time taken for a user is time requesting components (images, .css, .js) Reduce the number of requests Most often the single image is smaller than the sizes added together

21 Tracing Setup ASP.NET to save information about recent requests
<trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" /> /Trace.axd

22 Configuration <deployment retail=”true” /> (machine.config only)
<customErrors mode=”On” /> <compilation debug=”false” /> <tracing enabled=“false” /> External config files (no restart) customErrors mode=“off” looks really bad and reveals too much information compilation debug=“true” caused us production memory problems tracing enabled=“true” reveals too much information about requests

23 Global.asax Application_Error( )
Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged \HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source Use <customErrors mode=“On” /> to redirect to a down page Only use a local try/catch if you can recover from the situation (much less code required)

24 “Safe” Functions Production problems with “Object Reference Not Set”
Caused by a reference type with null value Often difficult to pinpoint cause Coding more safely is viewed as too much work (hurts productivity) Goal is to keep code concise yet get better diagnostics

25 Page Control Tree ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree Can view the tree using trace.axd Released after the response is created for the client Recursive generic processing

26 Validation Controls OWASP Top 10
XSS (Cross Site Scripting) SQL Injection All input from web controls needs to be verified Leverage client validation for user experience but must validate on the server Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator

27 Caching Data caching (Cache), cut 50% of our SQL queries which was 72,080,000 less queries each month! Substitution Output caching (shared) Don’t cache page (set specific cache ability) Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);

28 Session and Timeouts Cookie sent after initial request, uses to lookup the information, gets all session data EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified) Timeout detection code ReadOnly – does not write information back to the session store

29 Adapters Provide an alternative rendering or behavior for controls or pages Originally designed to facilitate development of mobile web sites Wanted one set of controls that would render appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1 Browser capabilities moved out to .browser files Visual Studio designer does not display alternate rendering Modify without altering existing code ASP.NET 2.0 CSS Friendly Adapters – render with more CSS friendly output for many built in ASP.NET controls (menu, treeview, gridview, etc)

30 Miscellaneous ASP.NET Request.SaveAs( ) Context.Items
Response.AppendToLog( ) App_offline.htm

31 Techniques Prototype designs
Feedback before deep into design/implementation Determine if riskier areas work Take it out of the page and try in isolated area (MUCH easier to debug!) “Stub” web service methods for data Give prototype to customer to get a feel for flow, navigation, experience SOA we agree to the intended output from web service, developer hardcodes and delivers to client developer can work then implements the actual method Parallelism Can quickly see what won’t work well for client developer Easy to see whose fault it is when get final product

32 Useful Sites HTML Validation (
CSS Validation ( W3C ( (Learn tab -> videos)

33 Summary Understand how HTTP works Learn about IIS
Use compression and expirations Leverage tools to debug and understand how things work (solve many of your own problems) Utilize more ASP.NET techniques

34 Questions

Download ppt "Things Every ASP.NET Developer Should Know"

Similar presentations

Ads by Google