ASP.NET 3.5 Mike Ormond Developer & Platform Group Microsoft Ltd [email protected] .
CTU June 2011 - Things that Every ASP.NET Developer Should Know
-
Upload
spiffy -
Category
Technology
-
view
3.003 -
download
2
description
Transcript of CTU June 2011 - Things that Every ASP.NET Developer Should Know
Things that Every ASP.NET
Developer should know
Darren Sim Microsoft MVP (ASP.NET / IIS)
Member, Microsoft Developer Guidance Web Advisory Council
Director, Singapore Software Quality Testing Board (SGTQB)
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
Fundamentals
• Internet is based on TCP/IP
• World Wide Web is based on HTTP
– HTTP based on Request/Response paradigm
– Header and body
– Stateless
– Specification @ http://www.ietf.org/rfc/rfc2068.txt
Http Request
GET http://localhost:99/default.aspx HTTP/1.1
Accept: */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022)
Host: localhost:99
Proxy-Connection: Keep-Alive
Pragma: no-cache
Http Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 07 Mar 2010 19:22:19 GMT
Content-Length: 686
<head><title> Home Page </title></head>
<body class="basic">
<form name="form1" method="post" action="default.aspx" id="form1">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwULLTE0MDkxNzYwNDNkZKn1tb3qjzVWNrSAgGULkE4nvHPg" />
</div>
<div style="background-color:Blue">
<h3>Home</h3>
</div>
</form>
</body>
</html>
Header
Body
How we connect to the internet?
ISP
Kernel Mode
User Mode
IIS Architecture
Configuration
SvcHost.exe
WWW Publishing
Service (W3SVC)
Windows Process
Activation Service (WAS)
Application Pool
w3wp.exe
HTTP.sys
Configuration File
Root web.config
Applicationhost.config
Site web.config
<system.Web>
<system.webServer>
Application web.config
<system.Web>
<system.webServer>
Machine.config
*Web.config has a 100Kb file size limit.
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
Fiddler
• Tracing tool specifically for HTTP
• Shows complete request and response (not packets)
• Can save archive of session
• Can be used on own machine (ipv4.fiddler, ipv6.fiddler)
• Can create own GET requests
• Can decrypt SSL traffic!
Microsoft Network Monitor
• General network tracing tool for many protocols
• Hooks into network adapters
• See network frames at multiple levels
• Apply filters for specific protocols, IP addresses, etc
Free download at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-
4658-b7f6-3088333d062f&displaylang=en
IIS Log Files
• Time Taken (execute, queue, and time to client – IIS 7/6)
• Sub-status codes are very useful for indicating the exact problems
• Log entries are made AFTER the page execution is complete
• Log file entries are always in GMT
• Setup cookie, referrer, bytes sent
Log Parser
• Utility to query IIS log files, event logs, etc
• Query syntax nearly identical to SQL
• Write series of queries for site health (HTTP status, time taken, file
sizes, down pages, orders, etc)
• ASP.NET Response.AppendToLog( )
Download Log Parser at http://tinyurl.com/5uoxz
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
Performance Culprits
• HTTP requests are the biggest web performance killer
• Reduce Requests, massively improve performance
Problem Statement
Performance Culprits
• Combine all Javascript into one file
• Combine all CSS into one file
• Using MSAjax CDN instead of your own
Solution
Reduce & Avoid Requests
• Avoid Response.Redirect
– Invokes an extra client side HTTP Request
• Use Server.Transfer instead
Reduce Page Size
• The smaller the page, the quicker the download
• Especially important in these areas
– Mobile Applications (Windows Mobile, IPhone, 3G Data Card)
– Non Broadband Users
– Many offices have less capacity than broadband
– Developing Countries
Reduce Page Size
• Most Browsers support HTTP Compression
– GZIP & Deflate
– IE, Firefox etc
• Drastically reduces page size
• Steps
– Browser Passes Accept-Encoding in Request Header
– Data is compressed and sent to browser
– Browser decompresses html
• Only GET is compressed, POST IS NOT Compressed
HTTP Compression
• Server evaluates the “Accept-Encoding” header for request,
compresses resulting response
• largeGridView.aspx - 41 frames down to 7
• Implemented in February 2003 when about 3% of Fortune 1000 web
sites utilized
• Used 53% less bandwidth, ~25% faster Keynote measurements
• Now use IIS Compression (free)
HTTP Compression (cont…)
• IIS 7
– Can control when to stop using if CPU usage is too high
– Minimum default file size is 256K
– Only static compression is on by default
Detailed article about enabling IIS 6 compression at http://tinyurl.com/yjdo7w
Content Expirations
• Client asks “if-modified-since”
• Small content files it is just as expensive to see if modified as to
receive content
• Setup expiration times for content folders
• Avoid requests for files that seldom change (.js, .css, images, etc)
• Rename the file if need to override browser caching
Ajax Minifier
• Microsoft Ajax Minifier (Codeplex.com)
• Minimize CSS and JavaScript files
– Remove whitespace, comments, excessive semicolons, etc
• Command line, .dll, and build tasks
• jQuery-1.4.2.js minimized 55.5%
• Test after minimize!
• MSBuild Extension Pack (version #)
ETags
• Used for cache validation
• IIS sends the ETag header in response for static files
– hash:changeNumber
• IIS 6
– changeNumber – specific to server
– Set to 0 with Metabase Explorer, http://tinyurl.com/2agsbtc
• IIS 7
– changeNumber - 0 by default
– Completely remove header with HttpModule
CSS Sprite
• Combine small images into a single image
• Use CSS to “index” into the larger image
• Often 70-95% of time taken for a user is time requesting components
(images, .css, .js)
• Reduce the number of requests
**Free CSS Sprite generator at http://spritegen.website-performance.org/
Tracing
• Setup ASP.NET to save information about recent requests
• <trace enabled="true" pageOutput="false" localOnly="false"
requestLimit="2" mostRecent="true" />
• /Trace.axd
Tracing (code)
Trace Outputs
Analysis of Trace Output
Error Page Configurations
• <deployment retail=”true” /> (machine.config only)
– <customErrors mode=”On” />
– <compilation debug=”false” />
– <tracing enabled=“false” />
• External config files (no restart)
Global.asax Application_Error( )
• Every ASP.NET web site should have this coded to ensure that
unhandled exceptions are caught and logged
• \HKLM\System\CurrentControlSet\Services\EventLog\Application and
add key for source
• Use <customErrors mode=“On” /> to redirect to a down page
Validation Controls
• OWASP Top 10
– XSS (Cross Site Scripting)
– SQL Injection
• All input from web controls needs to be verified
• Leverage client validation for user experience but must validate on the server
• Common validators
– RequiredFieldValidator
– RangeValidator
– RegularExpressionValidator
– CompareValidator
– CustomValidator
Caching
– Data caching (Cache), cut 50% of our SQL queries which was 72,080,000
less queries each month!
– Substitution
– Output caching (shared)
– Don’t cache page (set specific cache ability)
• Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
Yahoo! A List Browsers
Win XP Win 7 Mac 10.6.† iOS 3.† iOS 4.† Android 2.2.†
Safari 5.† A-grade
Chrome † (latest stable)
A-grade
Firefox 4.† A-grade (upon GA
release) A-grade (upon GA
release)
Firefox 3.6.† A-grade A-grade A-grade
IE 9.0 A-grade (upon GA
release)
IE 8.0 A-grade A-grade
IE 7.0 A-grade
IE 6.0 A-grade
Safari for iOS A-grade A-grade
WebKit for Android OS
A-grade
Complete list available at http://developer.yahoo.com/yui/articles/gbs/
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
Reference Model to Guide Architecture Projects
Model for Web 2.0
Users
Client applications/runtimes
Connectivity/reachability
Services
Capabilities
Basic Service-Consumer Pattern
Capability
Service
Interface
Offered as
Consumed via
internet Client Applications
Provides View
Landscape leading to hybrid platforms
Web 2.0 Reference Architecture (basic)
Web 2.0 Reference Architecture (detailed)
Components of a pattern (basic)
Components of a pattern (detailed)
Patterns for Web 2.0
• The Service-Oriented Architecture Pattern
• The Software as a Service (SaaS) Pattern
• The Participation-Collaboration Pattern
• The Asynchronous Particle Update Pattern
• The Mashup Pattern
• The Rich User Experience Pattern
Patterns for Web 2.0 (cont…)
• The Synchronized Web Pattern
• The Collaborative Tagging Pattern
• The Declarative Living and Tag Gardening Pattern
• The Semantic Web Grounding Pattern
• The Persistent Rights Management (PRM) Pattern
• The Structured Information Pattern
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
AGENDA
HTTP and Web Server Fundamentals
Debugging and Analysis Tools
Development Techniques
Patterns & Practices
Resources & Readings
Performance Management http://www.sitepoint.com/books/aspnetant1/aspnetant1-sample.pdf
ASP.NET Developer Guidance Map
http://www.darrensim.com
[email protected] http://www.facebook.com/darrensim http://www.twitter.com/darrensim