Published on ONDotNet.com (http://www.ondotnet.com/)
 See this if you're having trouble printing code examples


by Wei-Meng Lee, author of ASP.NET: A Developer's Notebook
Use ClickOnce to Deploy Windows Applications
ASP.NET (Active Server Pages .NET) is a web development technology from Microsoft. Part of the .NET Framework, ASP.NET allows developers to build dynamic web applications and web services using compiled languages like VB.NET and C#. Using Visual Studio, the development tool from Microsoft, web developers can develop very compelling applications using ASP.NET, with the ease of drag-and-drop server controls. Currently in its next major release, ASP.NET 2.0 is slated to be released in November 2005.

In This Article:

  1. A Brief History of ASP.NET
  2. How ASP.NET Works
  3. What Do You Need to Run ASP.NET?
  4. Visual Studio and ASP.NET
  5. ASP.NET Improvements
  6. New Features in ASP.NET 2.0
  7. Summary

In the early days of the Web, the contents of web pages were largely static. Pages needed to be constantly, and manually, modified. To create websites that were dynamic and would update automatically, a number of server-side technologies sprouted up, including Microsoft's Active Server Pages (ASP). ASP executed on the server side, with its output sent to the user's web browser, thus allowing the server to generate dynamic web pages based on the actions of the user.

These server-side technologies are important contributions to the development of the Web. Without them, web applications that we've become accustomed to today, such as Amazon.com, eBay.com, and so on, would not be possible. In this article, I will delve into ASP.NET, with a look at what it is, how it works, and the newest important features of 2.0.

A Brief History of ASP.NET

Microsoft Active Server Pages (ASP) started its life as a public beta (v1.0) in October 1996 as an upgrade to Internet Information Server (IIS) 2.0. From that point on, ASP slowly evolved into version 2.x, and then finally 3.0. In the initial three versions, ASP used a scripting language, VBScript, as the default language. Using a scripting language has its flaws; code is interpreted rather than compiled, and using VBScript as the default language turned some people off (though technically you can configure ASP to use other languages such as JScript and Perl, but this was not commonly done). This interpreted code model of ASP seriously limited performance.

In early 2000, Microsoft introduced the new .NET Framework, and together with it, introduced the upgrade of ASP: ASP.NET 1.0 (previously known as ASP+). Over the last few years, ASP.NET has gone through a few evolutions, from ASP.NET 1.0 to 1.1, and now to ASP.NET 2.0, due to be released at the end of this year (November 2005).

In ASP.NET, you are not limited to scripting languages. You can now use the following .NET languages:

Related Reading

ASP.NET 2.0: A Developer's Notebook
By Wei-Meng Lee

How ASP.NET Works

When a web browser requests a page from a web server, the web server (IIS) will first check if the request is for an HTML page. If it is, the request is fulfilled by fetching the files from the OS and then returning it to the client (web browser). If the client is requesting an ASP.NET page, IIS will pass the request to the ASP.NET runtime, which will then process the application and return the output to the client.

ASP.NET pages use the .aspx extension. This is to ensure that ASP.NET is able to run side by side with classic ASP on the same server, which uses the extension .asp.

One of the inherent problems with the HTTP protocol is its stateless nature. Put simply, a request made by a user is loaded into memory, fulfilled, and then unloaded. Subsequent requests by the same user are treated just like any request; the server makes no attempt to remember what the user has previously requested. This stateless nature makes writing web applications a challenge, because the application developer must explicitly devise mechanisms to enable the server to remember the previous state of the application. Several mechanisms have been devised over the years, such as cookies and the use of query strings for passing information to and from the server and the client.

In classic ASP, you typically need to write pages of code in order to preserve the state of the page after the user has posted a value back to the server. In ASP.NET, all of these mundane tasks (collectively known as state management) are accomplished by the ASP.NET runtime. You will learn more on this in the following sections.

What Do You Need to Run ASP.NET?

ASP.NET is supported on the following operating systems:

To run ASP.NET, you need to install IIS on your computer (IIS is not installed by default). To obtain the ASP.NET runtime, you must install the .NET Framework on your machine. You can obtain the .NET Framework from the following sites:

Visual Studio and ASP.NET

One of the strengths of Microsoft is its very powerful development tool known as Visual Studio. Visual Studio has gone through a few evolutionary changes, with the recent Visual Studio 6.0, to the highly integrated Visual Studio .NET 2002/2003, to the soon-to-be-released Visual Studio 2005.

Using Visual Studio, Microsoft has made web development using ASP.NET a much more efficient and effective process. Contrast this to ASP, where a significant portion of developers uses a plain text editor to painstakingly write their code. In ASP.NET, Microsoft introduces the concept of a Web Form, much akin to a Windows Forms for Windows programming. Using Web Forms, an ASP.NET developer can develop web applications by dragging and dropping controls onto a design pane. Figure 1 shows the Visual Studio 2005 development tool in action. In the design pane, you can visually view the design of the Web Form. And more importantly, Microsoft has supplied a collection of common controls (known as Web Server Controls and HTML controls) to meet your needs for common tasks (such as the Calendar controls shown in Figure 1).

If the controls supplied by Microsoft do not meet your needs, you can always purchase third-party controls to do the job.

Figure 1
Figure 1. Editing a Web Form using Visual Studio 2005

ASP.NET Improvements

Another concept that Microsoft introduced in ASP.NET was the use of code behinds. Using code behinds, you can have a clean separation of the UI code and the application logic. Figure 2 shows the code-behind view of a Web Form. To switch back to the Design view, simply click on the other tab.

Figure 2
Figure 2. The code behinds of a Web Form

The use of code behinds is a vast improvement over the old "spaghetti" code model of ASP, where UI elements (HTML) and application logic are intertwined. This new model allows UI designer to work on the look and feel of the web pages and leave the business logic to the developers.

State Management

As mentioned previously, ASP.NET automatically takes care of state management. To understand what I mean by state management, consider the following example, shown in Figure 3.

Figure 3
Figure 3. A simple ASP.NET application

The example in Figure 3 prompts the user to enter a name and then click the Click Me button. The following code is the code behind for the application. When the button is clicked, it displays the name of the user in the Label control:

Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Button1_Click( _
       ByVal sender As Object, _
       ByVal e As System.EventArgs) _
       Handles Button1.Click
        Label1.Text = "Hello  " & TextBox1.Text
    End Sub
End Class

Here is how it looks like when run (see Figure 4).

Figure 4
Figure 4. Testing the application

Notice that after the button is clicked, the text contained within the TextBox control is still available. If you were using classic ASP, you would need to explicitly write code in your application to ensure that the text in the TextBox control remained visible.

To understand how ASP.NET maintains state between postbacks (when you submit a request back to the server), examine the source of the page in Internet Explorer (do a View -> Source):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" 

<html xmlns="http://www.w3.org/1999/xhtml">
	Untitled Page
   <form method="post" action="Default.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" 
ZWktTWVuZyBMZWVkZGQVx6NLNcu0P+TBFnYu2ubB4x3vdQ==" />

        Please enter your name:<br />
        <input name="TextBox1" type="text" value="Wei-Meng Lee" 
id="TextBox1" />
        <input type="submit" name="Button1" value="Click Me" 
id="Button1" />
        <br />
        <span id="Label1">Hello  Wei-Meng Lee</span><br />
        <br />

In particular, look out for the hidden input element known as _VIEWSTATE. This element contains the state information of the page and is passed between the client and the server. By storing information in this element, the server is able to maintain the state of the page as it gets posted back to the server. (It does so by examining the content of the _VIEWSTATE element.)

Note that the information in the _VIEWSTATE element is only encoded, not encrypted.

Tracing and Debugging

In the previous example, I mentioned that you can view the Web Form in either Design view or Code-Behind view. Visual Studio supports yet another view: Source view. Using Source view, you can view the source of a page (the markup elements that make up the UI of a page). Figure 5 shows the Source view of the previous example:

Figure 5
Figure 5. Switching to Source view

One useful feature in ASP.NET is the enhanced support for tracing and debugging. You can trace the flow of your application by using the Trace attribute in the <Page> directive:

<%@ Page Language="VB" Trace="true" 
   AutoEventWireup="false" CodeFile="Default.aspx.vb" 
   Inherits="_Default" %>

When you enable tracing, you will see output similar to that shown in Figure 6. You would be able to examine detailed execution information such as the sequence in which the events are fired, as well as the values of the environment variables, and so on.

Figure 6
Figure 6. Enabling tracing for your ASP.NET application

You can also insert Trace statements into your application. For example, in the following code I have inserted two Trace statements: one to display a warning when the user did not enter a string for the TextBox control, and another to simply display the contents of the TextBox control:

    Protected Sub Button1_Click( _
       ByVal sender As Object, _
       ByVal e As System.EventArgs) _
       Handles Button1.Click
        If TextBox1.Text = "" Then
            Trace.Warn("Empty string for textbox1")
        End If
        Label1.Text = "Hello  " & TextBox1.Text
    End Sub

When run, notice the red warning text (see Figure 7) when the button is clicked.

Figure 7
Figure 7. Displaying a warning message in red

But if you type some text into the TextBox control, the trace message will be printed in black (see Figure 8).

Figure 8
Figure 8. Displaying trace information

The nice feature about the Trace class is that when it comes to time to deploy the application, you can simply turn off tracing by setting the Trace attribute to "off;" there is no need for you to remove the trace statements.

Besides tracing, you also have the ability to step through the execution of your application code. Figure 9 shows that you can perform debugging on an ASP.NET web application in real time.

Figure 9
Figure 9. Debugging an ASP.NET application using Visual Studio


Caching of web pages is an effective way of increasing performance while minimizing the use of precious server resources. ASP.NET supports various forms of caching:

To illustrate how caching works in ASP.NET, let's consider an example using output caching. Assuming that you have an ASP.NET web form, add a new OutputCache directive to the ASP.NET form:

<%@ OutputCache Duration="15" VaryByParam="*" %>
<%@ Page Language="vb" AutoEventWireup="false"
    Codebehind="WebForm1.aspx.vb" Inherits="Caching.WebForm1"%>

The OutputCache directive specifies the various criteria for caching the page. In this example, the output of the page will be cached for 15 seconds. This means that if the page is loaded again within the next 15 seconds, it is refreshed; the Web server will serve the same content without needing to dynamically regenerate the page (and thus avoiding access the database, if part of the content of the page is retrieved from a database).

The VaryByParam attribute specifies how the caching should be performed, based on the query string supplied to the page. For example, if I used the following URL:


The query string passed to the page is name=John&newsid=12. Now, suppose I change the VaryByParam attribute to:

<%@ OutputCache Duration="15" VaryByParam="Name" %>

The page will then be cached according to the Name key. This means that if I issue requests using the following two URLs, the second request will still be from the cache, as the cache will only be refreshed if the value of Name changes:


The following URLs will cause the second request to be refreshed:


If you want to force the page to be regenerated if more than one key changes (such as Name and NewsID), you simply add the NewsID key into the VaryByParam attribute:

<%@ OutputCache Duration="15" VaryByParam="Name;NewsID" %>

In this case, this is equivalent to using a *, which means all keys will cause the page to be regenerated:

<%@ OutputCache Duration="15" VaryByParam="*" %>

If you want to cache the page regardless of query string, you can use the value none:

<%@ OutputCache Duration="15" VaryByParam="none" %>

Refer to my articles on ONDotnet.com for more information on caching:

Configuration Files

ASP.NET uses external configuration files to store detailed information about the application. For example, the web.config file stores information such as:

One of the best practices in ASP.NET is to save your database connection strings in the web.config file instead of hard-coding it into your code. This allows you to change database servers easily, without needing to modify your code. As an additional protection, it is always better to use integrated Windows security to access your database, rather than using SQL Server authentication and thus including your SQL server credentials in the connection string.

The following code segment shows part of web.config, containing a database connection string:

      <add name="pubsConnectionString" 
         connectionString="Data Source="(local)";
         Initial Catalog=pubs;Integrated 
         providerName="System.Data.SqlClient" />

However, it's not such a good idea to save your connection strings as plain text in web.config; you should ideally encrypt the connection strings so that it leaves no chance for a potential hacker to easily get more information about your database server.

In ASP.NET 2.0, Microsoft has taken this further by allowing you to encrypt the connection strings in web.config, all without much plumbing on your part. Two Protection Configuration Providers are available in .NET 2.0 to allow you to encrypt your connection strings (as well as other sections in web.config):

To learn how to encrypt your database connection string in ASP.NET 2.0, check out www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html.

New Features in ASP.NET 2.0

ASP.NET 2.0 represents a huge leap over ASP.NET 1.x. The new features in ASP.NET 2.0 can be grouped into three broad categories: new controls and control functionality, improvements to the Page framework, and new services and APIs (see Table 1).


ASP.NET 2.0 ships with several new controls to make the life of a web application developer easier. In ASP.NET 2.0, there are now new controls that help you to perform data access, site navigation, login, and personalization using Web Parts.

Earlier you had a glimpse of some of the controls (TextBox, Label, and Button) shipped in ASP.NET. Figure 10 shows the controls shipped with ASP.NET 2.0. They are categorized based on their functionalities.

Figure 10
Figure 10. The various controls in ASP.NET 2.0

Page Framework

ASP.NET 2.0 supports some useful additions to its Page framework, such as visual inheritance, technically known as Master Pages. Besides Master Pages, ASP.NET 2.0 also supports "theming" through themes and skins, allowing you to maintain a consistent look and feel for your websites. Another noteworthy feature in ASP.NET is the improved support for localization, which reduces the amount of work you need to do to internationalize your web applications.

Services and APIs

Behind the various new controls in ASP.NET 2.0 lie the foundation services and APIs that do the heavy lifting needed to enable the controls to do their work. For example, behind the new Login controls you'll find the new collection of Membership APIs, which perform such tasks such as user authentication, registration of new users, and so on. Besides using the new controls, you can directly make use of these APIs in code.

Table 1. New Features in ASP.NET 2.0

Controls Page Framework Services and APIs
Data Controls
Includes controls that simplify the connection to data sources as well as the new GridView and DetailsView controls.
Master Pages
Visual page inheritance for Web Forms.
The core service for user management, such as user creation, deletion, authentication, retrieval of passwords, etc.
Login Controls
Contains controls that makes website user management and user authentication easy and efficient.
Themes and Skins
Maintain consistent look and feel for the entire site by using Skins definitions grouped by themes.
Role Management
Manages the assigning of roles to users, such as add user to role, delete user from role, inquire if user's in role, etc.
Web Parts
Provides the infrastructure for creating Web Parts.
Simplify the steps needed to globalize and localize your web applications.
Site Maps
Supports the retrieval of site information, as well as the display of site maps.
Navigation Controls
Contains controls that display site information and menus.
Supports dynamic compilation of business logic without the need for explicit recompilation when the code is changed. Also supports automatic generation of web services proxy class using WSDL.
Supports the personalization of websites through the Profile object.
Additional Standard Controls
Contains controls such as ImageMap, FileUpload, MultiView, and TreeView.

For a detailed discussion of the new features in ASP.NET 2.0, refer to ASP.NET 2.0: A Developer's Notebook.


In this article, you have seen some of the most important features of ASP.NET. If you have never developed a web application before, I strongly encourage you to take ASP.NET 2.0 for a spin today. You will be amazed at how easy it is to start building compelling applications with so little effort. Of course, one of the easiest ways is to grab a copy of my book and spend a few good afternoon trying out all the features. Have fun!

To try out ASP.NET 2.0, download Microsoft Visual Web Developer 2005 Express Edition Beta 2, or, if you are a MSDN subscriber, download Visual Studio 2005 Beta 2.

Wei-Meng Lee (Microsoft MVP) http://weimenglee.blogspot.com is a technologist and founder of Developer Learning Solutions http://www.developerlearningsolutions.com, a technology company specializing in hands-on training on the latest Microsoft technologies.

Return to ONDotnet.com.

Copyright © 2009 O'Reilly Media, Inc.