Beruflich Dokumente
Kultur Dokumente
at www.cramsession.com
> Discussion Boards
http://boards.cramsession.com
Your Trusted
Study Resource > Info Center
for http://infocenter.cramsession.com
Technical
Certifications > SkillDrill
http://www.skilldrill.com
Written by experts.
The most popular > Newsletters
study guides http://newsletters.cramsession.com/default.asp
on the web.
In Versatile > CramChallenge Questions
http://newsletters.cramsession.com/signup/default.asp#cramchallenge
PDF file format
> Discounts & Freebies
http://newsletters.cramsession.com/signup/ProdInfo.asp
Notice: While every precaution has been taken in the preparation of this material, neither the author nor
Cramsession.com assumes any liability in the event of loss or damage directly or indirectly caused by any
inaccuracies or incompleteness of the material contained in this document. The information in this document
is provided and distributed "as-is", without any expressed or implied warranty. Your use of the information in
this document is solely at your own risk, and Cramsession.com cannot be held liable for any damages
incurred through the use of this material. The use of product names in this work is for information purposes
only, and does not constitute an endorsement by, or affiliation with Cramsession.com. Product names used
in this work may be registered trademarks of their manufacturers. This document is protected under US and
international copyright laws and is intended for individual, personal use only.
For more details, visit our legal page.
CRAMSESSION SINGLE USER LICENSE
This is a legal agreement between you, an individual user, and BrainBuzz.com, Inc. (BrainBuzz.com). BrainBuzz.com
provides you with the content, information, and other material associated with this CramSession study guide,
hereinafter referred to as the Content, solely under the following terms and conditions, hereinafter referred to as the
License. By accessing the Content, you agree to be bound by the terms of this License. If you do not agree to be bound
by the terms of this License, do not access, view, or use the Content. Each time you access, view, or use the Content,
you reaffirm your agreement to and understanding of this License.
1. Grant of License.
BrainBuzz.com hereby grants to you a nonexclusive, nontransferable, non-assignable, limited right and license to access, view, and use the
Content on one (1) computer or workstation at a time for your individual, personal, non-commercial use. You may further print one (1) copy
of the Content for your individual, personal, non-commercial use, but may not otherwise copy or reproduce the Content.
You may not share or allow others to view the Content. You may not network the Content or display or use it on more than one computer or
workstation at the same time. You may not upload, post, transmit, or distribute printed or electronic versions of the Content in any manner
to any other party. You may not sell, rent, lease, lend, sublicense, or otherwise transfer or distribute the Content to any other party. You
may not modify or create a derivative work based on the Content. You may not modify or delete any proprietary notices contained in the
Content, including, but not limited to, any product identification, product restriction, trademark, copyright, or other proprietary notices.
2. Term of License.
In the event that you are in breach of any provision of this License, this License shall thereby be automatically terminated with no further
action required by BrainBuzz.com. In the event of such termination, you agree to immediately destroy all printed and electronic versions of
the Content in your possession, custody, or control.
3. Ownership.
The Content is the proprietary product of BrainBuzz.com and is protected by copyright, trade secret, and other intellectual property laws.
You are acquiring only the right to access, view, and use the Content as expressly provided above. BrainBuzz.com now holds and shall
retain all right, title, and interest in and to the Content, including, but not limited to, all copyrights, patent rights, trade secret rights,
trademark rights, and other similar property rights with respect to the Content. Upon termination of this License, you shall retain no rights of
any nature with respect to the Content.
The Content contains links that may take you to other third-party web sites, pages, or services not under BrainBuzz.coms control.
BrainBuzz.com provides these links on its web site only as a convenience to you. BrainBuzz.com is not responsible for content of these
third party offerings. You should not infer that BrainBuzz.com endorses the content accessible through these links in any way.
5. Applicable Law.
This agreement shall be governed in its construction, interpretation, and performance by the laws of the State of Florida, without reference
to law pertaining to choice of laws or conflict of laws. In the event of any claim or dispute arising out of or relating to this agreement or the
breach, termination, validity, or enforcement of this agreement, venue shall be exclusively in Pinellas County, Florida.
PLEASE READ CAREFULLY. THE FOLLOWING LIMITS SOME OF YOUR RIGHTS, INCLUDING THE RIGHT TO BRING A LAWSUIT IN
COURT. By accepting this agreement, you and BrainBuzz.com agree that all claims or disputes between us will be submitted to binding
arbitration if demanded by either party. The arbitration will be handled by the American Arbitration Association and governed by its rules.
This agreement requiring arbitration (if demanded) is still fully binding even if a class action is filed in which you would be a class
representative or member. You and BrainBuzz.com agree that the arbitration of any claim or dispute between the parties will be conducted
apart from all other claims or disputes of other parties and that there will be no class or consolidated arbitration of any claim or dispute
covered by this agreement. You and BrainBuzz.com also agree that this agreement does not affect the applicability of any statute of
limitations.
6. Waiver.
No failure or delay on the part of BrainBuzz.com in exercising any right or remedy with respect to a breach of this agreement by you shall
operate as a waiver thereof or of any prior or subsequent breach of this agreement by you, nor shall the exercise of any such right or
remedy preclude any other or future exercise thereof or exercise of any other right or remedy in connection with this agreement. Any waiver
must be in writing and signed by BrainBuzz.com.
Web Applications with Microsoft Visual Basic .NET and Microsoft Visual Studio.NET
Abstract:
This study guide will help you prepare for Microsoft exam 70-305,
Developing and Implementing Web Applications with Microsoft Visual
Basic .NET and Microsoft Visual Studio .Net. Exam topics include:
Creating User Services; Creating and Managing Components and .NET
Assemblies; Consuming and Manipulating Data; Testing and
Debugging; Deploying a Web Application; Maintaining and Supporting
a Web Application; and Configuring and Securing a Web Application.
Contents:
Creating User Services.................................................................................... 5
Create ASP.NET pages................................................................................. 5
Add and set directives on ASP.NET pages.................................................... 6
Separate user interface resources from business logic................................... 7
Add Web server controls, HTML server controls, user controls, and HTML code to
ASP.NET pages........................................................................................... 7
Set properties on controls........................................................................10
Load controls dynamically........................................................................11
Apply templates. ....................................................................................11
Set styles on ASP.NET pages by using cascading style sheets. ......................12
Implement navigation for the user interface. .................................................13
Manage the view state. ...........................................................................13
Manage data during postback events.........................................................14
Use session state to manage data across pages. .........................................14
Validate user input.....................................................................................15
Implement error handling in the user interface...............................................17
Configure custom error pages. .................................................................17
Implement Global.asax, application, page-level, and page event error handling.
...........................................................................................................18
Display and update data. ............................................................................19
Bind data to the user interface. ................................................................19
Transform and filter data .........................................................................20
Use controls to display data. ....................................................................20
Instantiate and invoke a Web service or component........................................20
Instantiate and invoke a Web service. .......................................................20
Instantiate and invoke a COM or COM+ component. ....................................22
Instantiate and invoke a .NET component. .................................................23
Call native functions by using platform invoke. ...........................................25
Implement globalization. ............................................................................25
Implement localizability for the user interface.............................................26
Convert existing encodings. .....................................................................27
Implement right-to-left and left-to-right mirroring.......................................27
Prepare culture-specific formatting............................................................27
Handle events. ..........................................................................................28
Create event handlers. ............................................................................29
Raise events. .........................................................................................30
Use and edit intrinsic objects. Intrinsic objects include response, request, session,
server, and application. ..............................................................................30
Creating and Managing Components and .NET Assemblies ..................................31
Create and modify a .NET assembly. ............................................................31
Create and implement satellite assemblies. ................................................31
Create resource-only assemblies...............................................................32
Configure and implement session state in various topologies such as a Web garden
and a Web farm.........................................................................................55
Use session state within a process. ...........................................................55
Use session state with session state service. ..............................................55
Use session state with Microsoft SQL Server. ..............................................55
Install and configure server services. ............................................................56
Install and configure a Web server. ...........................................................56
Install and configure ASP.NET ..................................................................57
Install and configure Microsoft FrontPage Server Extensions. .....................57
New features of Visual Basic.NET.....................................................................57
Its then possible to specify the location of the project that can be on the local
computer (http://localhost/) or on another machine with IIS installed.
Directives must be declared within <%@ and %> (open and close directive tags).
When the directive name is missing, Page is assumed for an .aspx file and Control is
assumed for an .ascx file.
The HTML tags and ASP.NET directives are saved in .aspx files, and the code is saved
in .aspx.vb files.
The link between the two set of files is maintained in the Page directive (like in the
previous paragraph).
When the user loads an .aspx page, the code-behind is loaded and is compiled with
the page. This allows having two different groups of developers that work on the
project: one group designing the pages and the other group writing the code.
By default, Visual Studio.NET generates a code-behind version of every ASP.NET
page.
To add controls to a page, simply select the Toolbox and drag the desired control to
the design view of a page.
HTML server controls are typical HTML elements that have the runat attribute set to
server. This setting enables the persistence of the selections made by the user and
other interesting behaviors (that are different for each control). HTML server controls
maintain the naming used in normal HTML tags and are typically used to migrate
existing ASP or HTML pages. To convert an HTML control in an HTML server control,
simply add the attribute in the HTML view or right-click the control in design view
and select Run as Server control.
Web server controls (also called ASP.NET server controls) are similar to HTML server
controls (they also require the runat=server attribute), but they have different
names and different properties (that are coherent between different controls). Web
server controls are more than HTML controls: there are complex controls like a
calendar, the AdRotator, DataGrid, and so on.
Another difference is that Web server controls support a greater number of events.
Its possible to set default properties of a control by editing the control in the HTML
view. Its also possible to change or to read properties of a control in VISUAL BASIC
.NET code simply by using the dot notation (control.property).
myLabel.Text = "Cramsession"
Container1.Controls.Add(myLabel)
Apply templates.
Templates are used to change how some of the Web server controls are rendered in
HTML. Templates consist of HTML and/or embedded server controls that are
rendered in place of the default HTML for the control.
DataList and Repeater controls require a template to display output (their default
templates are empty).
A control can have multiple templates, one for every part of the control.
Here is a list of controls that supports templates and their templates:
Its also possible to set properties like ForeColor, BackColor, Font (Bold, Italic and so
on) on controls and have these properties rendered as a STYLE attribute if the user
browser supports it, or render in other ways (like, for example, a FONT statement) if
it doesnt support style sheets.
Composite controls can have multiple styles (for example the Calendar control can
have DayStyle, SelectedDayStyle, WeekEndDayStyle, etc., each used on different
part of the control).
Its also possible to set the CSSClass property of a control if classes were defined in
the CSS file.
The CSSStyle property is available on some controls allowing you to set style
attributes. But, if explicit properties are also declared (like ForeColor), they take
precedence.
Here are some ways to solve this problem (MSDN: Introduction to Web Forms State
Management):
Session variables - Items that are local to the current session (single user)
can be stored in Session variables.
Application variables Are used to store items that must be available to all
users of the application.
Its also possible to store and retrieve custom information, in the form of strings.
The value red from the ViewState collection is an object that must be converted to
the desired type.
The ViewState collection is stored in a hidden form field on the HTML page, and
requires one <form runat=server> to run.
When a form redirects the user on the same page, the page must retain the user
selected values.
To distinguish between these cases, the IsPostBack property of the page can be
used. If its true, the page was posted back from the browser, and so it must not be
cleared with the default values.
When a browser requests a page and a session state is enabled, the server
recognizes that the clients requesting its first page. It then raises the
Session_OnStart event and creates a session context.
Everything that is stored in session variables can be read only by pages requested
from the same browser.
If the browser doesnt requires a page before the timeout period, or the session is
explicitly closed, the Session_OnEnd event is raised and the session is closed.
Validation controls are used to validate user input in Web Forms. They allow
validating on both the server and client side (on IE 4.0 or later).
Simply add a validation control from the Toolbox to the Web Form (typically next to
the control that must be validated).
Multiple validation rules can be applied to a single control. Validation controls are
always combined using a logical AND.
Its possible to display the error information near the control or in a specific place on
a page. The ValidationSummary control can be used to display information about
every error in the page in one place. Typically the control is put on the top or on the
bottom of the page, or where there is enough space for some lines.
Its also possible to force a validation by calling the Validate method on a validation
control.
VISUAL BASIC .NET, like many other object-oriented languages allows, handles
errors using exceptions.
Try
Finally
End Try
There can be more than one catch block, from the most detailed exception to the
most general one.
Catch and finally blocks are optional, but at least one of them is needed.
Exceptions are objects derived from System.Exception. Its possible to define custom
exceptions (that derive from System.ApplicationException) or to use system
exceptions (that derive from System.SystemException).
If errors are not trapped, they are handled by the ASP.NET runtime.
The <customErrors> tag can contain a defaultredirect attribute that specifies the
page that is called when there is a generic error. The mode attribute can be set to
On, forcing the redirection to the error page, or to Off, forcing a detailed
description of the error by the ASP.NET runtime. The RemoteOnly setting works
like On for remote clients and like Off for the users on the local server.
A <customErrors> tag can contain more <error> tags that must specify the
statuscode of the error (in numeric format; i.e., 404 for File Not Found) and the
redirect page.
Here is an example:
</customErrors>
While it is possible to configure the same information in IIS, this requires editing and
deploying the IIS metabase, whereas using the web.config method only requires the
distribution of a text file.
This error handling technique works only for ASP.NET files (.aspx, .ascx, .asmx,
etc), while IIS error handling works for every file type (.htm, .gif, .jpg, etc.)
The Page_Error event handler is called when there is an error on a page, and is
called before all the other methods.
Use the Page_Error event handler if you want to trap the error in the page that has
generated it. Use the ErrorPage directive if you want to specify an error page for a
specific page. Use the Application_Error if you want to handle errors at application
level, and use the Web.config file if you want to handle errors in a declarative way,
without writing the error handler.
Use Server.ClearError to prevent the error from flowing from Page_Error to the
ErrorPage directive, to the Application_Error, and then to the Web.config.
For example, you bind the datafield field of the first record of the dataView to a
TextBox with the following code:
</asp:TextBox>
You can also use the visual designer and select the DataBindings property. From the
DataBindings dialog box, bind every property of the control to a data source.
When there are list controls on the page (Repeater, DataList, DataGrid,
CheckBoxList, and RadioButtonList), the data binding for those controls must be
specified as a whole using special data-binding properties:
The DataMember property is used to define the table of the dataset that is
mapped.
Two events, Format and Parse, allow transforming the data before sending the data
to the control and vice versa.
These events also allow creating custom formats for displaying data.
The Format event is fired when the property is bound, when the Position changes, or
when the data is changed (sorted or filtered).
The Parse event is fired after the Validated event, when the Position changes, or
when the EndCurrentEdit method is called.
To filter data in a DataSet, use the Select statement or a DataView (that is a View on
the DataSet).
The DataBind method is typically called only when the page is first loaded, and not
on every post back, in order to avoid overwriting the value of the control selected or
edited by the user.
Using the Add Web Reference displays a form where it is possible to find Web
Services on the UDDI Registry, or by using the WSDL description of the service
directly.
result = sampleCalculator.Add(10,20)
The namespace, the name of the class and the name of the methods are taken from
the WSDL description of the XML Web Service.
There are a set of properties and methods that are always generated. These allow
you to control the Web Service client. For example, the Url property allows you to
change the URL of the Web Service.
The RCW is created when a .NET Client loads a COM component. There is one RCW
for each COM component, ensuring that they represent a single object identity.
When the RCW is created, it reads the COM type library of the component and
exposes every interface and every method of the component.
The RCW is responsible for keeping the COM object alive as long as the RCW is not
garbage collected.
When a method is called on the RCW, it converts the parameters between .NET and
COM types and vice-versa.
Then the RCW converts the HRESULT errors (if there are any) from the COM
component in .NET exceptions, and converts results into .NET types.
To generate the RCW, use the TLBIMP.EXE command-line utility or the Visual
Studio.NET Add Reference command in the Project menu.
When a component is created (via the new operator), the component is created in
the garbage collected heap.
When there are no more references to the component, the garbage collector marks
the component and, when the memory is needed, the finalizer is called.
If the component holds references to some expensive resources, these resources are
taken until the component is finalized. The Dispose method can be explicitly called to
release those resources and free them.
A .NET component can be included by using the Add Reference menu of the Visual
Studio.NET or by customizing the Toolbox. Every .NET component has the RAD
support built in the Framework, without requiring other code from the developer.
Imports System.Runtime.InteropServices
Public Class Win32
Declare Function MessageBox Lib "user32.dll"(hWnd As Integer, _
txt As String, caption As String, Typ As Integer) As Integer
End Class
To use the function, simply think the Declare Function as a Static method of the
containing class.
Implement globalization.
The .NET Framework supports multiple cultures and languages. The CultureInfo
class contains culture specific information like:
Language
Country/region
Calendar
Etc.
Each culture has a unique name formed by two lowercase letters, called culture code
(the language; e.g., en, it, fr, de, etc.), and optionally two uppercase letters that
specify the country or the region (e.g., IT, CH, etc.)
Simply prepare several versions of the same page, each with localized content and
with the <%@Page Culture="..." %> directive.
The Culture directive allows you to change the default culture used by the page, so
its possible to format a date using <%=DateTime.Now.ToString("f", null)%> in the
localized format.
The second way is to use controls that support localization of the content. Its always
better to specify the UICulture Page directive, with the same value of the Culture
directive, because the UICulture is often used by controls to determine the
localization.
The third way is to put localization data in resource only assemblies (see later), so
when there is the need of a new language, simply add a new DLL to the web
application.
The last way is to put localization data in a database, and use this data when
required.
To set the Culture and UICulture of a page by code (for example, by matching the
users selection on the browser) the following code is required:
Thread.CurrentThread.CurrentCulture =
CultureInfo.CreateSpecificCulture(Request.UserLanguages(0))
Thread.CurrentThread.CurrentUICulture = New
CultureInfo(Request.UserLanguages(0))
If the Encoding must be set on all the files of the web application, it must be
declared in the web.config file, using the fileEncoding attribute of the
globalization element:
<globalization
fileEncoding="utf-8"
/>
Generally the ToString method is used to convert any type into a string.
There are overloaded versions of the ToString method that allow specifying the
format to use when converting the type into the string. The first method allows you
to specify a format string (like C for currency), and uses the current culture. The
other methods allow specifying an IFormatProvider derived class (like CultureInfo,
DateTimeFormatInfo and NumberFormatInfo) that can specify another cultures
information.
For example, its possible to format a number using a different culture other than the
current one.
Handle events.
Events can occur at the application, session, page or server control level.
Application_Start Called when the first user visits the first page of the Web
Application
Session_Start Called every time a new user visits its first page
Server control events can occur on both client-side and server-side and are divided
into three categories:
Post-Back events These client-side events cause the Web page to be sent
back to the server, and then server-side events are raised.
Cached events These client-side events are cached in the ViewState and will
be processed when a Post-Back event is raised. Cached events are
immediately processed like Post-Back events if the AutoPostBack property is
set to true.
Validation events These events can occur at the client and also at the
server.
To create non-default event handlers, go to the Code Editor for the aspx.vb page, go
to the top of the window, select the control from the left-hand drop-down list, then
select the event from the right-hand drop-down list.
Raise events.
To raise an event server-side, simply call the event handler by invoking
control.event(sender, eventargs).
To raise a server-side event from an HTML page in the browser, a JScript code that
calls the RaisePostBackEvent method is required.
Browser Contains information about the browser that has required the
page, such as the major and minor version, the model, if it supports cookies,
etc.
ClientCertificates Contains all the client certificates that the browser has
sent to authenticate the client.
Cookies Contains the cookies that the browser has sent to the server.
Files Contains the files that were (eventually) uploaded by the client.
InputStream Allows the reading of raw data from the stream that the
browser has sent to the server.
QueryString Contains all the parameters that were sent on the query string
or via a GET request
Form Contains all the values that were submitted via a POST request
The Response object (derived from HttpResponse object) is used to send data to the
browser. Here is a list of its most important properties and methods:
The Server object (derived from HttpServerUtility object) contains a set of utilities
that are useful when developing Web Applications, such as HtmlEncode and
HtmlDecode, UrlEncode, etc.
The Session object (derived from HttpSessionState object) contains data that are
related to a particular user, and that are accessible when that user accesses a page.
The Application object (derived from HttpApplication object) contains data that are
common for every user of the application, and that remain valid after the Web
Application is disposed.
Satellite assemblies contain only resource files and no code. Satellite assemblies can
be replaced or updated without modifying the main assembly.
Satellite assemblies can be generated with Visual Studio.NET or via the Assembly
Linker (al.exe).
If you want to create a localized resource file, add the culture identifier (e.g., it-IT or
de-CH) to the resource name.
Response.Write(resMan.GetString("strMessage"))
If there are localized versions of the same assembly, the right one is selected.
Web custom controls are controls that are created only with code, but they offer
great support for consumers.
Here are the main differences between the two types of controls:
Web user controls are web pages with the .ascx extension. Web user controls
cannot contain <HTML>, <BODY>, <FORM> elements, which must be
contained in the page that hosts the control.
Its possible to create them by using the HTML editor or by using the Visual
Designer, selecting the Add New Item and then selecting Web User Control.
Stored procedures are T-SQL commands stored in the database for later use.
Unstructured data
Connected
Disconnected.
System.Xml
System.Data
System.Data.Common
System.Data.SqlTypes
System.Data.SqlClient
System.Data.OleDb
The last two namespaces are used to access data. The first is used to access SQL
Server 7.0 and SQL Server 2000, and the second is used for all the other OLE DB
data sources. Other data access providers (with their namespace) are coming
(ODBC, Oracle, DB2, MySql, etc.)
where xxx can be Sql for the SqlClient data source and OleDb for the OleDb data
source.
After the data adapter is created, it can be used to obtain a DataSet with a wizard:
XML is an important part of data access, because its possible to retrieve an ADO.NET
DataSet and see it as an XML document or vice versa. Its also possible to fill a
DataSet with XML data.
LineNumber The line number within the SQL stored procedure or batch file
The most common approach to unit testing requires the implementation of drivers
and stubs. Drivers are used to simulate a call from another unit, whereas stubs are
used to simulate a called unit.
Implementing drivers and stubs is expensive, and sometimes unit testing is not
implemented or has a low priority in the project. This is a great mistake, because its
proven that a large percentage of bugs are identified during these kinds of tests.
Moreover, trying to discover errors across the entire application is more complicated
than finding them in every single unit.
Implement tracing.
There are two classes used to trace debugging or other information when the
program runs:
Write, WriteLine They always send the information to the trace listener.
WriteIf, WriteLineIf They send the information to the trace listener if the
condition is true.
Assert Tests a condition and stops the program execution if its false
Listeners can be used with both Debug and Trace classes. Three types of listeners
are already implemented in the .NET Framework:
In addition to this behavior, Fail and failed Assert generate a message box.
To add a listener to Debug or Trace classes simply create it and add it to the
Listeners collection of one of them.
Here is an example:
Its also possible to create a Listener and use it without adding it to the Debug or
Trace classes.
Simply use the Write or WriteLine methods of the listener, but remember to call the
Flush method at the end. This is not required if the listener is added to the Listeners
collection.
Trace switches are used to enable or disable tracing. There are two types of
predefined switches:
Here is an example:
Trace switches can also be configured with the XML configuration file using:
<system.diagnostics>
<switches>
</switches>
</system.diagnostics>
Enabling Trace not only allows displaying information from the Trace class, but tells
the ASP.NET runtime to generate complete trace information of all the events, server
variables, cookies, etc. on the page.
With Tracing enabled on the browser, its also possible to use the Trace.Warn
statement, which prints the trace text in red.
In the Edit and Continue tab you can set enable the feature for each .NET language.
Its better to use a Unicode text generation utility that can generate text according to
different languages rules.
Its also very important to test how the Web application is rendered in different
cultures. English strings are generally shorter than those of any other language.
Execute tests.
Its important to have some test machines that allow testing for different
configurations. For example, if the Web application is localized, its important to test
it with a different representative user locale, like German to test Western Europe
characters, and Japanese to test East Asian characters.
So modifying code is possible, even when the application is deployed and is running.
The .msi file is more practical if deploying the application using a removable media
(like CD-ROM), while copying all the files is easier on a network (for example using
FTP to deploy the application).
You can then add files to the Web Application Folder, and to its bin subfolder. Its
also possible to add other special directories to the project.
You can check for the existence of the IIS, to edit the target machine registry, to add
components to the GAC (Global Assembly Cache), etc.
By simply copying the application to the appropriate directory on the target machine,
the application should run without other modifications.
You may also run different versions of the same Web application side-by-side on the
same Web server.
Assemblies must have a Strong Name because of the strict naming rules used to
ensure that the correct assembly is loaded when requested.
The .NET installer installs a shell-extension that displays extended information about
the assemblies on the GAC in Windows Explorer:
Use caching to store and retrieve data, fragments and whole pages without
re-executing them
Use tracing to determine how much time was taken by every piece of the
page and try to optimize them
Disable sessions that arent necessary, or use the fastest state provider that
is compatible with other issues (like Web farms, reliability, etc.)
Remember to look at HTML source that is received by the browser, because its
possible to find what doesnt work by looking at the HTML code generated by Web or
HTML controls.
<appSettings>
</appSettings>
</configuration>
Principal Roles associated with a user, like Windows users and groups or
custom roles
File authorization Used with Windows authentication and uses windows ACLs
to determine if a user can access a resource.
URL authorization Used with all authentication providers and maps users
and roles to pieces of the URL, giving positive and negative authorization
assertions.
<authorization>
<allow users="xxx"/>
</authorization>
The above must be set in the Web.config file of the specified URL path. ? and * are
special identities associated with the anonymous user and with all the users.
Implement impersonation.
Impersonation is the ability to execute an ASP.NET application with a user that is not
the client user.
To cache an entire page, the @ OutputCache directive can be used and the Duration
and VaryByParam attributes are required. The VaryByParam attribute allows caching
multiple versions of a Page.
Its also possible to use a low-level set of APIs by using the HttpCachePolicy class,
available through the HttpResponse.Cache property or from the Page.Response
property of the Page object.
To cache data, the Cache object is used. To add an element, use the Cache.Add and
Cache.Insert methods. To retrieve an item, simply use the Cache(key) notation.
The Cache object can delete some objects if doesnt have enough memory. If an
object is deleted, trying to access it returns a null pointer. Typically, its a good idea
to catch this exception and recreate the object in the cache for a later use.
The first can be used only with one Web Server, while the others can also be used
with a Web garden and Web farm.
To configure how to store the session state, use the Web.config file.
Next, the <sessionState> element in the Web.config file must include the
mode=StateServer and stateConnectionString =
tcpip=remoteServer:42424 attributes.
Next, the <sessionState> element in the Web.config file must include the
mode=SQLServer and sqlConnectionString = data source=remoteServer;
user id=xxx; password= xxx attributes.
Check Web and NTFS permissions: if they are different, the most restrictive
ones are used.
Use the most restrictive permission possible: if you use the site only for static
content, enable only the read permission; if you use ASP but no other
executables, enable Script Only permissions instead of Script and Executables
Use Write permissions with extreme caution, especially if you use ASP or
other executables, because a malicious user can upload unsafe code to the
server and then execute it.
To authenticate users, use the most secure method. Basic Authentication sends the
password in clear, but it is compatible with all the browsers. Windows Integrated and
Digest are more secure but require Internet Explorer.
You can also use certificates to authenticate users. You can map the certificate to the
user one-to-one or one-to-many. The first is most secure, but the second is easier to
implement and maintain.
Set the number of users in the performance tab according to the expected traffic on
your site. The three possibilities are fewer than 10,000, fewer than 100,000 and
more than 100,000.
While IIS (in different versions) can be installed under Windows NT4, Windows 9x,
Windows 2000, Windows XP and Windows 2003, ASP.NET can run only on Windows
2000, XP or 2003.
If IIS is not installed on the local machine when the .NET Framework was installed, it
must be installed to create and test a Web Application on the local machine, and
must also be registered with the aspnet_regiis.exe command that is present in one
of the subdirectories of Microsoft.NET\Framework under the Windows directory
(WINDOWS or WINNT).
See MSDN - Error: ASP.NET Not Installed and TECHNET ASP.NET Registration Tool.
The Windows Component Update CD-ROM contains FP Server Extensions, which are
also available on the Microsoft site.
The most important thing is that Visual Basic.NET is compliant to the Common
Language Specification (CLS). These specifications are used to standardize things
like data types, objects, classes, components and so on. The compliance with these
specifications allows a Visual Basic.NET class to inherit from a C# class or from
another CLS compliant language and vice-versa.
There are many other things and details that are changed, like Arrays that now are
always zero-based, or Forms that now are full-fledged classes. Also, many other
important aspects are changed or new, like ADO.NET, Web Services, Internet
support, and so on.
There are also a lot of changes in the Visual Studio.NET IDE, and in the debugger.
They are much more powerful than their Visual Basic 6 equivalents.
The new object-oriented features of the language require rethinking how applications
are designed, making it quite impossible to port an application without rewriting it.
Special thanks to
Lorenzo Barbieri
for contributing this Cramsession.