In the early days of the Web, the contents of web pages were largely static. Pages needed to be constantly, and manually, modified. To create websites that were dynamic and would update automatically, a number of server-side technologies sprouted up, including Microsoft's Active Server Pages (ASP). ASP executed on the server side, with its output sent to the user's web browser, thus allowing the server to generate dynamic web pages based on the actions of the user.
These server-side technologies are important contributions to the development of the Web. Without them, web applications that we've become accustomed to today, such as Amazon.com, eBay.com, and so on, would not be possible. In this article, I will delve into ASP.NET, with a look at what it is, how it works, and the newest important features of 2.0.
Microsoft Active Server Pages (ASP) started its life as a public beta (v1.0) in October 1996 as an upgrade to Internet Information Server (IIS) 2.0. From that point on, ASP slowly evolved into version 2.x, and then finally 3.0. In the initial three versions, ASP used a scripting language, VBScript, as the default language. Using a scripting language has its flaws; code is interpreted rather than compiled, and using VBScript as the default language turned some people off (though technically you can configure ASP to use other languages such as JScript and Perl, but this was not commonly done). This interpreted code model of ASP seriously limited performance.
In early 2000, Microsoft introduced the new .NET Framework, and together with it, introduced the upgrade of ASP: ASP.NET 1.0 (previously known as ASP+). Over the last few years, ASP.NET has gone through a few evolutions, from ASP.NET 1.0 to 1.1, and now to ASP.NET 2.0, due to be released at the end of this year (November 2005).
In ASP.NET, you are not limited to scripting languages. You can now use the following .NET languages:
When a web browser requests a page from a web server, the web server (IIS) will first check if the request is for an HTML page. If it is, the request is fulfilled by fetching the files from the OS and then returning it to the client (web browser). If the client is requesting an ASP.NET page, IIS will pass the request to the ASP.NET runtime, which will then process the application and return the output to the client.
ASP.NET pages use the .aspx extension. This is to ensure that ASP.NET is able to run side by side with classic ASP on the same server, which uses the extension .asp.
One of the inherent problems with the HTTP protocol is its stateless nature. Put simply, a request made by a user is loaded into memory, fulfilled, and then unloaded. Subsequent requests by the same user are treated just like any request; the server makes no attempt to remember what the user has previously requested. This stateless nature makes writing web applications a challenge, because the application developer must explicitly devise mechanisms to enable the server to remember the previous state of the application. Several mechanisms have been devised over the years, such as cookies and the use of query strings for passing information to and from the server and the client.
In classic ASP, you typically need to write pages of code in order to preserve the state of the page after the user has posted a value back to the server. In ASP.NET, all of these mundane tasks (collectively known as state management) are accomplished by the ASP.NET runtime. You will learn more on this in the following sections.
ASP.NET is supported on the following operating systems:
To run ASP.NET, you need to install IIS on your computer (IIS is not installed by default). To obtain the ASP.NET runtime, you must install the .NET Framework on your machine. You can obtain the .NET Framework from the following sites:
One of the strengths of Microsoft is its very powerful development tool known as Visual Studio. Visual Studio has gone through a few evolutionary changes, with the recent Visual Studio 6.0, to the highly integrated Visual Studio .NET 2002/2003, to the soon-to-be-released Visual Studio 2005.
Using Visual Studio, Microsoft has made web development using ASP.NET a much more efficient and effective process. Contrast this to ASP, where a significant portion of developers uses a plain text editor to painstakingly write their code. In ASP.NET, Microsoft introduces the concept of a Web Form, much akin to a Windows Forms for Windows programming. Using Web Forms, an ASP.NET developer can develop web applications by dragging and dropping controls onto a design pane. Figure 1 shows the Visual Studio 2005 development tool in action. In the design pane, you can visually view the design of the Web Form. And more importantly, Microsoft has supplied a collection of common controls (known as Web Server Controls and HTML controls) to meet your needs for common tasks (such as the Calendar controls shown in Figure 1).
If the controls supplied by Microsoft do not meet your needs, you can always purchase third-party controls to do the job.
Figure 1. Editing a Web Form using Visual Studio 2005
Another concept that Microsoft introduced in ASP.NET was the use of code behinds. Using code behinds, you can have a clean separation of the UI code and the application logic. Figure 2 shows the code-behind view of a Web Form. To switch back to the Design view, simply click on the other tab.
Figure 2. The code behinds of a Web Form
The use of code behinds is a vast improvement over the old "spaghetti" code model of ASP, where UI elements (HTML) and application logic are intertwined. This new model allows UI designer to work on the look and feel of the web pages and leave the business logic to the developers.
As mentioned previously, ASP.NET automatically takes care of state management. To understand what I mean by state management, consider the following example, shown in Figure 3.
Figure 3. A simple ASP.NET application
The example in Figure 3 prompts the user to enter a name and then click the Click Me button. The following code is the code behind for the application. When the button is clicked, it displays the name of the user in the Label control:
Partial Class _Default Inherits System.Web.UI.Page Protected Sub Button1_Click( _ ByVal sender As Object, _ ByVal e As System.EventArgs) _ Handles Button1.Click Label1.Text = "Hello " & TextBox1.Text End Sub End Class
Here is how it looks like when run (see Figure 4).
Figure 4. Testing the application
Notice that after the button is clicked, the text contained within the TextBox control is still available. If you were using classic ASP, you would need to explicitly write code in your application to ensure that the text in the TextBox control remained visible.
To understand how ASP.NET maintains state between postbacks (when you submit a request back to the server), examine the source of the page in Internet Explorer (do a View -> Source):
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head><title> Untitled Page </title></head> <body> <form method="post" action="Default.aspx" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTU5MTA2ODYwOQ9kFgICAw9kFgICBQ8PFgIeBFRleHQFE0hlbGxvICBX ZWktTWVuZyBMZWVkZGQVx6NLNcu0P+TBFnYu2ubB4x3vdQ==" /> </div> <div> Please enter your name:<br /> <input name="TextBox1" type="text" value="Wei-Meng Lee" id="TextBox1" /> <input type="submit" name="Button1" value="Click Me" id="Button1" /> <br /> <span id="Label1">Hello Wei-Meng Lee</span><br /> <br /> </div> </form> </body> </html>
In particular, look out for the hidden input element known as
element contains the state information of the page and is passed between the client
and the server. By storing information in this element, the server is able to maintain
the state of the page as it gets posted back to the server. (It does so by examining
the content of the
Note that the information in the
_VIEWSTATE element is only encoded, not
In the previous example, I mentioned that you can view the Web Form in either Design view or Code-Behind view. Visual Studio supports yet another view: Source view. Using Source view, you can view the source of a page (the markup elements that make up the UI of a page). Figure 5 shows the Source view of the previous example:
Figure 5. Switching to Source view
One useful feature in ASP.NET is the enhanced support for tracing and debugging.
You can trace the flow of your application by using the
Trace attribute in the
<%@ Page Language="VB" Trace="true" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>
When you enable tracing, you will see output similar to that shown in Figure 6. You would be able to examine detailed execution information such as the sequence in which the events are fired, as well as the values of the environment variables, and so on.
Figure 6. Enabling tracing for your ASP.NET application
You can also insert
Trace statements into your application. For example, in the
following code I have inserted two
Trace statements: one to display a warning when
the user did not enter a string for the TextBox control, and another to simply display
the contents of the TextBox control:
Protected Sub Button1_Click( _ ByVal sender As Object, _ ByVal e As System.EventArgs) _ Handles Button1.Click If TextBox1.Text = "" Then Trace.Warn("Empty string for textbox1") Else Trace.Write(TextBox1.Text) End If Label1.Text = "Hello " & TextBox1.Text End Sub
When run, notice the red warning text (see Figure 7) when the button is clicked.
Figure 7. Displaying a warning message in red
But if you type some text into the TextBox control, the trace message will be printed in black (see Figure 8).
Figure 8. Displaying trace information
The nice feature about the
Trace class is that when it comes to time to deploy the
application, you can simply turn off tracing by setting the
Trace attribute to "off;"
there is no need for you to remove the trace statements.
Besides tracing, you also have the ability to step through the execution of your application code. Figure 9 shows that you can perform debugging on an ASP.NET web application in real time.
Figure 9. Debugging an ASP.NET application using Visual Studio
Caching of web pages is an effective way of increasing performance while minimizing the use of precious server resources. ASP.NET supports various forms of caching:
Output caching: Output caching caches the output of a page (or portions of it) so that a page's content need not be generated every time it is loaded.
Caching objects in a page: While output caching is useful, a much more powerful and flexible approach would be to cache individual objects in your web application, rather than entire pages.
Smart caching with dependencies: The cache would automatically invalidate itself when some external events happen (such as the modification of a text file, and so on).
Time-based caching: Another technique for caching is based on time. For example, the cache can expire on a certain date, or it will only be available for a certain period of time. There are two ways in which you can use time-based caching--sliding and absolute expiration.
SQL cache dependency: SQL cache dependency is the ability to invalidate a database cache if the data in a table is changed.
To illustrate how caching works in ASP.NET, let's consider an example using output
caching. Assuming that you have an ASP.NET web form, add a new
directive to the ASP.NET form:
<%@ OutputCache Duration="15" VaryByParam="*" %> <%@ Page Language="vb" AutoEventWireup="false" Codebehind="WebForm1.aspx.vb" Inherits="Caching.WebForm1"%>
OutputCache directive specifies the various criteria for caching the page. In this
example, the output of the page will be cached for 15 seconds. This means that if
the page is loaded again within the next 15 seconds, it is refreshed; the Web server will
serve the same content without needing to dynamically regenerate the page (and
thus avoiding access the database, if part of the content of the page is retrieved from
VaryByParam attribute specifies how the caching should be performed, based
on the query string supplied to the page. For example, if I used the following URL:
The query string passed to the page is
name=John&newsid=12. Now, suppose I
VaryByParam attribute to:
<%@ OutputCache Duration="15" VaryByParam="Name" %>
The page will then be cached according to the
Name key. This means that if I issue
requests using the following two URLs, the second request will still be from the cache,
as the cache will only be refreshed if the value of
The following URLs will cause the second request to be refreshed:
If you want to force the page to be regenerated if more than one key changes (such
NewsID), you simply add the
NewsID key into the
<%@ OutputCache Duration="15" VaryByParam="Name;NewsID" %>
In this case, this is equivalent to using a
*, which means all keys will cause the
page to be regenerated:
<%@ OutputCache Duration="15" VaryByParam="*" %>
If you want to cache the page regardless of query string, you can use the value
<%@ OutputCache Duration="15" VaryByParam="none" %>
Refer to my articles on ONDotnet.com for more information on caching:
ASP.NET uses external configuration files to store detailed information about the application. For example, the web.config file stores information such as:
One of the best practices in ASP.NET is to save your database connection strings in the web.config file instead of hard-coding it into your code. This allows you to change database servers easily, without needing to modify your code. As an additional protection, it is always better to use integrated Windows security to access your database, rather than using SQL Server authentication and thus including your SQL server credentials in the connection string.
The following code segment shows part of web.config, containing a database connection string:
<configuration xmlns="http://schemas.microsoft.com/ .NetConfiguration/v2.0"> <connectionStrings> <add name="pubsConnectionString" connectionString="Data Source="(local)"; Initial Catalog=pubs;Integrated Security=True" providerName="System.Data.SqlClient" /> </connectionStrings> <system.web> ...
However, it's not such a good idea to save your connection strings as plain text in web.config; you should ideally encrypt the connection strings so that it leaves no chance for a potential hacker to easily get more information about your database server.
In ASP.NET 2.0, Microsoft has taken this further by allowing you to encrypt the connection strings in web.config, all without much plumbing on your part. Two Protection Configuration Providers are available in .NET 2.0 to allow you to encrypt your connection strings (as well as other sections in web.config):
To learn how to encrypt your database connection string in ASP.NET 2.0, check out www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html.
ASP.NET 2.0 represents a huge leap over ASP.NET 1.x. The new features in ASP.NET 2.0 can be grouped into three broad categories: new controls and control functionality, improvements to the Page framework, and new services and APIs (see Table 1).
ASP.NET 2.0 ships with several new controls to make the life of a web application developer easier. In ASP.NET 2.0, there are now new controls that help you to perform data access, site navigation, login, and personalization using Web Parts.
Earlier you had a glimpse of some of the controls (TextBox, Label, and Button) shipped in ASP.NET. Figure 10 shows the controls shipped with ASP.NET 2.0. They are categorized based on their functionalities.
Figure 10. The various controls in ASP.NET 2.0
ASP.NET 2.0 supports some useful additions to its Page framework, such as visual inheritance, technically known as Master Pages. Besides Master Pages, ASP.NET 2.0 also supports "theming" through themes and skins, allowing you to maintain a consistent look and feel for your websites. Another noteworthy feature in ASP.NET is the improved support for localization, which reduces the amount of work you need to do to internationalize your web applications.
Behind the various new controls in ASP.NET 2.0 lie the foundation services and APIs that do the heavy lifting needed to enable the controls to do their work. For example, behind the new Login controls you'll find the new collection of Membership APIs, which perform such tasks such as user authentication, registration of new users, and so on. Besides using the new controls, you can directly make use of these APIs in code.
|Controls||Page Framework||Services and APIs|
Includes controls that simplify the connection to data sources as well as the new GridView and DetailsView controls.
Visual page inheritance for Web Forms.
The core service for user management, such as user creation, deletion, authentication, retrieval of passwords, etc.
Contains controls that makes website user management and user authentication easy and efficient.
|Themes and Skins
Maintain consistent look and feel for the entire site by using Skins definitions grouped by themes.
Manages the assigning of roles to users, such as add user to role, delete user from role, inquire if user's in role, etc.
Provides the infrastructure for creating Web Parts.
Simplify the steps needed to globalize and localize your web applications.
Supports the retrieval of site information, as well as the display of site maps.
Contains controls that display site information and menus.
Supports dynamic compilation of business logic without the need for explicit recompilation when the code is changed. Also supports automatic generation of web services proxy class using WSDL.
Supports the personalization of websites through the
|Additional Standard Controls
Contains controls such as ImageMap, FileUpload, MultiView, and TreeView.
For a detailed discussion of the new features in ASP.NET 2.0, refer to ASP.NET 2.0: A Developer's Notebook.
In this article, you have seen some of the most important features of ASP.NET. If you have never developed a web application before, I strongly encourage you to take ASP.NET 2.0 for a spin today. You will be amazed at how easy it is to start building compelling applications with so little effort. Of course, one of the easiest ways is to grab a copy of my book and spend a few good afternoon trying out all the features. Have fun!
To try out ASP.NET 2.0, download Microsoft Visual Web Developer 2005 Express Edition Beta 2, or, if you are a MSDN subscriber, download Visual Studio 2005 Beta 2.
Wei-Meng Lee (Microsoft MVP) http://weimenglee.blogspot.com is a technologist and founder of Developer Learning Solutions http://www.developerlearningsolutions.com, a technology company specializing in hands-on training on the latest Microsoft technologies.
Return to ONDotnet.com.
Copyright © 2009 O'Reilly Media, Inc.