Embed Size (px)
Citation preview
Things Every ASP.NET Developer Should Know
Robert Boedigheimer
About Me
MCPD ASP.NET Developer 3.5 MCPD Web, Charter Member MCSD .NET, Early Achiever Web developer since 1995 Columnist for aspalliance.com Wrox Author ASP.NET MVP
http://aspadvice.com/blogs/robertb/ [email protected]
Agenda Tools/IIS
Fiddler Network Monitor IIS Logs, LogParser IE Developer Toolbar HTTP Compression Content Expirations Ajax Minifier Etags CSS Sprites
ASP.NET Tracing Configuration Application_Error( ) “Safe” Functions Page Control Tree Validation Controls Caching Session and Timeouts Adapters Techniques
HTTP Hypertext Transfer Protocol Protocol defined in RFC 2068
(Http 1.1), January 1997 Request/response paradigm Header and body
http://www.ietf.org/rfc/rfc2068.txt
Http RequestGET http://localhost:99/default.aspx HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: x86Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows
NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)
Host: localhost:99Proxy-Connection: Keep-AlivePragma: no-cache
Http ResponseHTTP/1.1 200 OKCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.0X-AspNet-Version: 2.0.50727X-Powered-By: ASP.NETDate: Sun, 07 Mar 2010 19:22:19 GMTContent-Length: 686
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" ><head><title>
Home Page</title><link type="text/css" href="Styles.css" /> <style type="text/css"> body {background-color:Green;} </style></head><body class="basic"> <form name="form1" method="post" action="default.aspx" id="form1"><div><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" /></div>
<div style="background-color:Blue"> <h3>Home</h3> </div> </form></body></html>
Fiddler Tracing tool specifically for HTTP Shows complete request and
response (not packets) Can save archive of session Can be used on own machine
(ipv4.fiddler, ipv6.fiddler) Can create own GET requests Can decrypt SSL traffic!
http://tinyurl.com/3drk5t
Fiddler (Transfer Timeline)
Microsoft Network Monitor General network tracing tool for
many protocols Hooks into network adapters See network frames at multiple
levels Apply filters for specific
protocols, IP addresses, etc
http://tinyurl.com/cozr3b
IIS Log Files
Time Taken (execute, queue, and time to client – IIS 7/6)
Sub-status codes are very useful for indicating the exact problems
Log entries are made AFTER the page execution is complete
Log file entries are always in GMT
Setup cookie, referrer, bytes sent
IIS Log File Configuration
Log Parser
Utility to query IIS log files, event logs, etc
Query syntax nearly identical to SQL
Write series of queries for site health (HTTP status, time taken, file sizes, down pages, orders, etc)
ASP.NET Response.AppendToLog( )
http://tinyurl.com/5uoxz
Microsoft IE Developer Toolbar
Included in IE 8 See what styles are applied to
elements Script debugging, profiling Resize the browser to various
resolutions Disable script, CSS Links to validator for HTML, CSS,
accessibility
http://tinyurl.com/8rwb8 (IE 7)
HTTP Compression Server evaluates the “Accept-Encoding”
header for request, compresses resulting response
largeGridView.aspx - 41 frames down to 7
Implemented in February 2003 when about 3% of Fortune 1000 web sites utilized
Used 53% less bandwidth, ~25% faster Keynote measurements
Now use IIS Compression (free)
HTTP Compression (cont)
IIS 7 Can control when to stop using if
CPU usage is too high Minimum default file size is 256K Only static compression is on by
default
Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w
Content Expirations Client asks “if-modified-since” Small content files it is just as
expensive to see if modified as to receive content
Setup expiration times for content folders
Avoid requests for files that seldom change (.js, .css, images, etc)
Rename the file if need to override browser caching
Content Expirations (cont)
Ajax Minifier Microsoft Ajax Minifier
(Codeplex.com) Minimize CSS and JavaScript files
Remove whitespace, comments, excessive semicolons, etc
Command line, .dll, and build tasks jQuery-1.4.2.js minimized 55.5% Test after minimize! MSBuild Extension Pack (version #)
ETags Used for cache validation IIS sends the ETag header in
response for static files hash:changeNumber
IIS 6 changeNumber – specific to server Set to 0 with Metabase Explorer,
http://tinyurl.com/2agsbtc IIS 7
changeNumber - 0 by default Completely remove header with
HttpModule
CSS Sprites Combine small images into a single
image Use CSS to “index” into the larger
image
Often 70-95% of time taken for a user is time requesting components (images, .css, .js)
Reduce the number of requests
http://spritegen.website-performance.org/
Tracing
Setup ASP.NET to save information about recent requests
<trace enabled="true" pageOutput="false" localOnly="false" requestLimit="2" mostRecent="true" />
/Trace.axd
Configuration
<deployment retail=”true” /> (machine.config only) <customErrors mode=”On” /> <compilation debug=”false” /> <tracing enabled=“false” />
External config files (no restart)
Global.asax Application_Error( )
Every ASP.NET web site should have this coded to ensure that unhandled exceptions are caught and logged
\HKLM\System\CurrentControlSet\Services\EventLog\Application and add key for source
Use <customErrors mode=“On” /> to redirect to a down page
“Safe” Functions
Production problems with “Object Reference Not Set”
Caused by a reference type with null value
Often difficult to pinpoint cause Coding more safely is viewed as
too much work (hurts productivity)
Goal is to keep code concise yet get better diagnostics
Page Control Tree
ASP.NET creates objects for controls used on the page (including literal content) and stores in a tree
Can view the tree using trace.axd
Released after the response is created for the client
Recursive generic processing
Validation Controls OWASP Top 10
XSS (Cross Site Scripting) SQL Injection
All input from web controls needs to be verified
Leverage client validation for user experience but must validate on the server
Common validators RequiredFieldValidator RangeValidator RegularExpressionValidator CompareValidator CustomValidator
Caching Data caching (Cache), cut 50% of
our SQL queries which was 72,080,000 less queries each month!
Substitution Output caching (shared)
Don’t cache page (set specific cache ability)
Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
Session and Timeouts
Cookie sent after initial request, uses to lookup the information, gets all session data
EnableSessionState – None (module does not need to retrieve), ReadOnly (inProcess still modified)
Timeout detection code http://aspalliance.com/520
Adapters Provide an alternative rendering or behavior for
controls or pages Originally designed to facilitate development of
mobile web sites Wanted one set of controls that would render
appropriately based on the user agent device Dropped after ASP.NET 2.0 Beta 1
Browser capabilities moved out to .browser files Visual Studio designer does not display alternate
rendering
Modify without altering existing code
http://www.asp.net/CSSAdapters/
Miscellaneous ASP.NET
Request.SaveAs( ) Context.Items Response.AppendToLog( ) App_offline.htm
Techniques
Prototype designs Feedback before deep into
design/implementation Determine if riskier areas work
Take it out of the page and try in isolated area (MUCH easier to debug!)
“Stub” web service methods for data
Useful Sites
HTML Validation (http://validator.w3.org/)
CSS Validation (http://jigsaw.w3.org/css-validator/)
W3C (http://www.w3.org/) www.asp.net (Learn tab ->
videos) www.iis.net www.aspalliance.com
Summary
Understand how HTTP works Learn about IIS Use compression and expirations Leverage tools to debug and
understand how things work (solve many of your own problems)
Utilize more ASP.NET techniques
