The Visual Studio 2005 Team System enables Web Testing which makes it easy for testing your website without writing any code. When we say web testing, the Visual Studio 2005 Team System Web testing does not do any user interface testing; instead the tests are done against the data that is flowing through the HTTP. This data is examined and validated with various rules in place.
Testing a web page for the validity of the JavaScript of that page is not done with Visual Studio 2005 Team System or the compatibility of the page for every browser is not tested. There is a step by step approach that can be used to test the website without writing any code. However it is also possible to test the website by writing your customized code as well. The built-in web testing support can also be extended in the Visual Studio 2005 Team System.
Activity recording is supported in Visual Studio 2005 Team System. With this feature in Visual Studio 2005 Team System you can do automated tests against a website by just browsing through the website and filling the forms if present. This automated testing feature is more useful to test a website. So for using the Web Testing feature of Visual Studio 2005 Team System you have to set up a website and a test project.
Create a personal website using the New Web Site option in the File menu. Then select the Personal Web Site Starter Kit and choose the programming language in which you want to create the website. Once the website is created, you have to create a new account so that you can test the website using that account automatically. Open up the website administration tool by clicking the Website and then the ASP.Net Configuration. Use the Security link and then the Create User link to create the user. Let the role of the user be Administrators. Then close down the website.
You should know that IIS is not used to host the website instead Visual Studio 2005 starts an ASP.Net Development Server. This server chooses a port randomly for hosting the website. If you test a website and then restart the Visual Studio 2005 then the port used changes and hence the tests recorded earlier would become invalid. It is possible to configure Visual Studio 2005 to use a particular port all the time. Press F4 and go to the Properties window. Here you can see that the ‘Use Dynamic Ports’ value is set to True. Change this to False and select a port number to use.
The next step is to create a Test project. Add a project using the ‘Add Project’ option by right clicking the Solution. After selecting the language of your choice, select the node ‘Test’. Name your test project with an extension .Test. Now we are ready to record the activity against the website that we have already with us. Now right click the project you have and click Add. Next click ‘Web Test’. After you click ‘Web Test’ a new window opens up. This new window has an explorer bar which is a Web Test Recorder.
Type the URL of the site to be tested in the address bar. Don't forget to enter the port number of the URL. Now use the user name and password that you have created earlier to enter the site. You activities like browsing to the website URL and submitting the form information will be recorded by the Web Test Recorder. This recorded information is used automatically when you run the Web test against this website. The coordinates at which you clicked the login button is also recorded.
You can also add other steps that can be used for testing, like logging out of the site, entering the site with incorrect login information etc. once you have recorded your activity you can close the window and then save the test. Now if you look at your project, it will have a Web test case file in it which has the information that was recorded while you used that website earlier.
If you want to modify the data that was recorded while you browsed your website, you have to use the Web Test tree and selecting the appropriate node and then use the Properties window. It is also possible to group a set of requests to make them as a single unit of transaction. For your reference you can add comments to each of the request made. Just right click the request and use ‘Insert Comment’. The comments that you enter are used to document the data that is submitted.
After a test is recorded you are ready to run execute a test against a website. To do this, just run the project and this will open up a Test window that will display the test that are being run and the ones that are pending. Remarks such as Passed / Failed are also displayed depending on the condition. You can also use the Test Manager and Test View window to select a Test and execute it individually.
You can also run the individual web test files. For this, all you have to do is to open that web test file and click the ‘Run’ button. This will run the web test case. The result of each request in a test is recorded. You can view the details of the results by selecting the request. With this you can also view the html of the resulting page. While a test is executed all hyperlinks in a page are tested for their validity. These hyperlinks appear as child nodes of the request. The child nodes have the status of the request made to that URL.
For proper testing just checking the hyperlinks is not sufficient. Extraction Rules and Validation Rules are also use to check the website URLs. There is a need to check whether the user has entered the correct login information. If there is any mistake in that then the request should return an Error page. If the login is successful then the user should be directed to their account page. For this kind of testing you need the extraction rules and the validation rules.
The extraction rules are used to capture the response value. They focus on a particular value in the response got. This information might be used in the other post backs made. Option like ExtractHiddenFields, ExtractAttributeValue, ExtractRegularExpression, ExtractText and ExtractHttpHeader are available for this purpose. The validation rules are used to examine the response and see whether that response is correct for the information posted. For any failed request you can check the details using the Details tab. Some of the validation rules that are used include ValidationRuleRequiredAttibuteValue, ValidationRuleFindText, ValidationRuleRequiredTag, and ValidationRuleRequestTime.
The property window of the request rules have the feature to modify the value that is used for testing the website. One of the powerful features of Visual Studio 2005 Team System is the ability to use data that is available from a database to be used for the web test requests made. The toolbar on the Web test has feature called Add Data Source which can be used to add a data source that can be used to pull in data for testing a website. It is also possible to extend the Visual Studio 2005 Team System to write custom code for Web test and to extend its functionality. For more details on these features you can always check the MSDN documentation available in the Microsoft website.
XML INTERVIEW QUESTIONS
Question :Parse an XML file or XML file validation ?
Answer: We can parse an xml FILE with an xsd FILE. It message us that our file is not well-formed and then if it is not valid it lists out the specific reason ,it is quite helpful to find an error in a large XML file it also returns line number which contain error also the tag name. That is done in Visual Studio .NET so to get it to work you will have to change the code around to whatever you want to do. One thing is that we must have namespace in the root element of the XML file.
Question:-Is it possible that XML accept UNICODE characters ?
Answer: Yes XML documents can contain foreign characters, like Norwegian æ ø å , or French ê è é.But XML document can not under stand this to understand this we have to take XML as UNICODE.There are some encoding techniques.
.
Question:-What is DOM?
Answer: Document Object Model (DOM) is a W3C specification that defines a standard (abstract) programming API to build, navigate and update XML documents. It is a "tree-structure-based" interface. As per the DOM specification, the XML parsers (such as MSXML or Xerces), load the entire XML document into memory, before it can be processed. XPath is used to navigate randomly in the document, and various DOM methods are used to create and update (add elements, delete elements, add/remove attributes, etc.) the XML documents.
Question: What is XMLA define it ?
Answer: First of we take a full form of XMLA (XML Analysis Services). Analysis Service was designed to draw reports from data contained in a Data Warehouses and doesnot have any relation with data structure.From XMLA we can expose the Analysis service data to external world in XML.
Question:-What is XML ?
Answer: XML is the Extensible Markup Language. It improves the functionality of the Web by letting you identify your information in a more accurate, flexible, and adaptable way. It is extensible because it is not a fixed format like HTML (which is a single, predefined markup language). Instead, XML is actually a metalanguage—a language for describing other languages—which lets you design your own markup languages for limitless different types of documents. XML can do this because it's written in SGML, the international standard metalanguage for text document markup (ISO 8879).
Question:-What is XPath?
Answer: XML Path Language (XPath) is a W3C specification that defines syntax for addressing parts of XML document. XML document is considered as a logical tree structure, and syntax based on this consideration is used to address elements and attributes at any level in the XML document. For example, considering the XML document described above in answer to question 2, /abc:Employees/abc:Emp/@EmpID XPath expression can be used to access the EmpID attribute under the (first) Emp element under the Employees document element. XPath is used in various other specifications such as XSLT.
Question:-What is XHTML?
Answer: Is simple words, XHTML, or Extensible HTML, is HTML 4 with XML rules applied to it (each begin tag must have an end tag, attribute values in single/double quotes, etc.). However, the overall vision of XHTML is much more than that. In addition to using XML syntax for HTML, XHTML also encloses specifications such as XHTML Basic (minimal set of modules for devices such as PDAs), XForms (represents the next generation of forms for the Web, and separates presentation, logic, and data), XML Events (provides XML languages with the ability to uniformly integrate event listeners and associated event handlers), etc.
Question:-What is XML Parser ?
Answer: Microsoft's XML parser is a COM component that comes with Internet Explorer 5 and higher. Once you have installed Internet Explorer, the parser is available to scripts.
Microsoft's XML parser supports all the necessary functions to traverse the node tree, access the nodes and their attribute values, insert and delete nodes, and convert the node tree back to XML.
To create an instance of Microsoft's XML parser with JavaScript, use the following code:
var xmlDoc=new ActiveXObject("Microsoft.XMLDOM")
To create an instance of Microsoft's XML parser with VBScript, use the following code:
set xmlDoc=CreateObject("Microsoft.XMLDOM")
To create an instance of Microsoft's XML parser in an ASP page (using VBScript), use the following code:
set xmlDoc=Server.CreateObject("Microsoft.XMLDOM")
The following code loads an existing XML document ("note.xml") into Microsoft's XML parser:
Question:- Some Limitation or Disadvantage of XML?
Answer: XML markup has a few disadvantages:
It can be verbose unless element and attribute names are chosen with care. In large documents the markup overhead need not be large, but in short messages it can be significantly more than the actual data, especially when the element or attribute names are concocted by machine.
Overlapping markup is not permitted (an element cannot start inside one element and end inside another): element markup must nest hierarchically.
Some of the software is truly mediocre.
Question:- How to add in XML document through XSL ?
Answer: XSL (the eXtensible Stylesheet Language) is far more sophisticated than CSS. One way to use XSL is to transform XML into HTML before it is displayed by the browser as demonstrated in these examples:
Below is a fraction of the XML file. The second line,
, links the XML file to the XSL file:
Question:- How do I convert my existing HTML documents into XML?
Answer: Tidy is a command-line utility which runs on a wide variety of operating systems; it uses various command-line switches (parameters) to control its processing. At a minimum, it simply cleans up your HTML by ensuring that elements are properly nested and so on; it also warns you if your HTML uses non-standard code that's likely to cause cross-browser compatibility problems. One of the most useful command-line options is -asxml ("as XML," see?), which does what you seem to be asking. It will properly balance elements, per usual, but it also adds some extra information to the document. For instance, it tacks on an XML declaration, , and a statement, which unambiguously mark this as an XML document. To the root html element it also adds a namespace-declaring attribute that identifies all elements in the document as conforming to the specific XML vocabulary known as XHTML. It even forces all element names to lowercase, since the XHTML standard requires it.
If you're asking about converting HTML to a less generic form of XML than XHTML, your task may turn out to be quite complex. For example, if you've been using HTML to mark up customer invoices, not only the customer's name but also their number, item(s) ordered, quantity, and price are probably all wrapped up inside
Question:- What is a schema? What are the limitations of a DTD?
Answer: SCHEMA is nothing but METADATA. The schema holds all the information of the xml file that is to be deployed in the project. Metatdata is nothing about data about data since we know that xml is used for data representation language we will be able to understand what metadata is. Metadata includes the tags that is going to be exchanged to and fro from another xml file. DTD (DATA TYPE DEFINITION ) which supervises two conditions namely well formedness and closeness of the xml file. So the user should be aware of what tags he was put into use of this xml file 'A' should be intimated to another application's XML file 'B', by then our xml file will interact with the another xml file, this is the major limitation and mandatory issue that the developers should follow.
Answer: We can parse an xml FILE with an xsd FILE. It message us that our file is not well-formed and then if it is not valid it lists out the specific reason ,it is quite helpful to find an error in a large XML file it also returns line number which contain error also the tag name. That is done in Visual Studio .NET so to get it to work you will have to change the code around to whatever you want to do. One thing is that we must have namespace in the root element of the XML file.
Question:-Is it possible that XML accept UNICODE characters ?
Answer: Yes XML documents can contain foreign characters, like Norwegian æ ø å , or French ê è é.But XML document can not under stand this to understand this we have to take XML as UNICODE.There are some encoding techniques.
.
Question:-What is DOM?
Answer: Document Object Model (DOM) is a W3C specification that defines a standard (abstract) programming API to build, navigate and update XML documents. It is a "tree-structure-based" interface. As per the DOM specification, the XML parsers (such as MSXML or Xerces), load the entire XML document into memory, before it can be processed. XPath is used to navigate randomly in the document, and various DOM methods are used to create and update (add elements, delete elements, add/remove attributes, etc.) the XML documents.
Question: What is XMLA define it ?
Answer: First of we take a full form of XMLA (XML Analysis Services). Analysis Service was designed to draw reports from data contained in a Data Warehouses and doesnot have any relation with data structure.From XMLA we can expose the Analysis service data to external world in XML.
Question:-What is XML ?
Answer: XML is the Extensible Markup Language. It improves the functionality of the Web by letting you identify your information in a more accurate, flexible, and adaptable way. It is extensible because it is not a fixed format like HTML (which is a single, predefined markup language). Instead, XML is actually a metalanguage—a language for describing other languages—which lets you design your own markup languages for limitless different types of documents. XML can do this because it's written in SGML, the international standard metalanguage for text document markup (ISO 8879).
Question:-What is XPath?
Answer: XML Path Language (XPath) is a W3C specification that defines syntax for addressing parts of XML document. XML document is considered as a logical tree structure, and syntax based on this consideration is used to address elements and attributes at any level in the XML document. For example, considering the XML document described above in answer to question 2, /abc:Employees/abc:Emp/@EmpID XPath expression can be used to access the EmpID attribute under the (first) Emp element under the Employees document element. XPath is used in various other specifications such as XSLT.
Question:-What is XHTML?
Answer: Is simple words, XHTML, or Extensible HTML, is HTML 4 with XML rules applied to it (each begin tag must have an end tag, attribute values in single/double quotes, etc.). However, the overall vision of XHTML is much more than that. In addition to using XML syntax for HTML, XHTML also encloses specifications such as XHTML Basic (minimal set of modules for devices such as PDAs), XForms (represents the next generation of forms for the Web, and separates presentation, logic, and data), XML Events (provides XML languages with the ability to uniformly integrate event listeners and associated event handlers), etc.
Question:-What is XML Parser ?
Answer: Microsoft's XML parser is a COM component that comes with Internet Explorer 5 and higher. Once you have installed Internet Explorer, the parser is available to scripts.
Microsoft's XML parser supports all the necessary functions to traverse the node tree, access the nodes and their attribute values, insert and delete nodes, and convert the node tree back to XML.
To create an instance of Microsoft's XML parser with JavaScript, use the following code:
var xmlDoc=new ActiveXObject("Microsoft.XMLDOM")
To create an instance of Microsoft's XML parser with VBScript, use the following code:
set xmlDoc=CreateObject("Microsoft.XMLDOM")
To create an instance of Microsoft's XML parser in an ASP page (using VBScript), use the following code:
set xmlDoc=Server.CreateObject("Microsoft.XMLDOM")
The following code loads an existing XML document ("note.xml") into Microsoft's XML parser:
Question:- Some Limitation or Disadvantage of XML?
Answer: XML markup has a few disadvantages:
It can be verbose unless element and attribute names are chosen with care. In large documents the markup overhead need not be large, but in short messages it can be significantly more than the actual data, especially when the element or attribute names are concocted by machine.
Overlapping markup is not permitted (an element cannot start inside one element and end inside another): element markup must nest hierarchically.
Some of the software is truly mediocre.
Question:- How to add in XML document through XSL ?
Answer: XSL (the eXtensible Stylesheet Language) is far more sophisticated than CSS. One way to use XSL is to transform XML into HTML before it is displayed by the browser as demonstrated in these examples:
Below is a fraction of the XML file. The second line,
, links the XML file to the XSL file:
Question:- How do I convert my existing HTML documents into XML?
Answer: Tidy is a command-line utility which runs on a wide variety of operating systems; it uses various command-line switches (parameters) to control its processing. At a minimum, it simply cleans up your HTML by ensuring that elements are properly nested and so on; it also warns you if your HTML uses non-standard code that's likely to cause cross-browser compatibility problems. One of the most useful command-line options is -asxml ("as XML," see?), which does what you seem to be asking. It will properly balance elements, per usual, but it also adds some extra information to the document. For instance, it tacks on an XML declaration, , and a statement, which unambiguously mark this as an XML document. To the root html element it also adds a namespace-declaring attribute that identifies all elements in the document as conforming to the specific XML vocabulary known as XHTML. It even forces all element names to lowercase, since the XHTML standard requires it.
If you're asking about converting HTML to a less generic form of XML than XHTML, your task may turn out to be quite complex. For example, if you've been using HTML to mark up customer invoices, not only the customer's name but also their number, item(s) ordered, quantity, and price are probably all wrapped up inside
and
tags. How do you know which "kind of paragraph" contains a given kind of information, so you can turn one instance of the p element into a custname element, another into custnumber, another into price, and so on? If you've been using CSS for styling your HTML, you may have supplied the different p elements with class="custname" (etc.) attributes and so on; if that's the case, you may be able to generate meaningful XML using an XSLT stylesheet. There may also be customized software to do the sort of conversion you want. Otherwise you're probably looking down the barrel of an ugly gun.Question:- What is a schema? What are the limitations of a DTD?
Answer: SCHEMA is nothing but METADATA. The schema holds all the information of the xml file that is to be deployed in the project. Metatdata is nothing about data about data since we know that xml is used for data representation language we will be able to understand what metadata is. Metadata includes the tags that is going to be exchanged to and fro from another xml file. DTD (DATA TYPE DEFINITION ) which supervises two conditions namely well formedness and closeness of the xml file. So the user should be aware of what tags he was put into use of this xml file 'A' should be intimated to another application's XML file 'B', by then our xml file will interact with the another xml file, this is the major limitation and mandatory issue that the developers should follow.
COM - DCOM
Question:-Can it is possible to use COM objects from a .NET Framework program ?
Answer: :- I think yes COM component which we have deployed today can be used from managed code, and in common cases the its adopt automatic. To access com component from the .NET Framework we use runtime callable wrapper (RCW). This wrapper turns the COM interfaces exposed by the COM component into .NET Framework-compatible interfaces. For OLE automation interfaces, the RCW can be generated automatically from a type library. But for non-OLE automation interfaces, a developer may have to write a custom RCW and then manually map types that is exposed by the COM interface to .NET Framework-compatible types.
Question:-What is Monikers when using COM ?
Answer: Clients always require a easy way to reconnect the same process where he is on last time or we can say that exact same state at a later point in time. This support is provided via "monikers". A moniker is a COM object that helps in this task because its knows how to create and initialize the content of a single COM object instance. A moniker can be asked to bind to the COM object it showing, so a COM object on specific machine on the network, or a group of cells inside a spreadsheet.
Question:-Explain Transaction with COM+ Components?
Answer: Transaction consists of group of task bind in a single execution unit .When a transaction starts with specific task it is completed when all the statement in units are completed if any one produce error it will Rollback.So transaction have only two result Success and failure.
On the other hand COM+ components need code to transaction.Because it will automatically participate in transaction.Its not require any explicit code to specify the start and end of transaction.when we create an object of COM+ it is activated with BeginTransaction with COM+ services provides.And this object is deactivated using CommitTransaction or AbortTransaction method.
Question:-How COM+ Component adopt security?
Answer: To reduce complexity COM+ used or provides role-based security service that's helps in middle-tier components.There are two types of role-based security.
(1)Declaractive
(2)Programmatic
When we applied and configure security without using an explicit programming interface is known as declartive security settings. On the other hand there are some situation when work load is heavy and secuirty is must and exchange of data accross the network and security measure should be taken with programming interface and it is known as programmactic secrity.
Question:-What are the COM Component in .Net?
Answer: .Net not helps in creation of COM components and provides a different solution for making reusable components through Assemblies.There are many COM components present which our .Net application might need to use..Net provides an extremely simple approach to achieve this.
We use com by ‘Wrapper Classes’ and ‘Proxy Components’. .Net wraps the COM component into .Net assembly technically called ‘Runtime Callable Wrapper’ or RCW. Then u can call and use your COM component just as a .Net (or C#, if u are using C#) Assembly.
Question:-Whats the relation between COM/DCOM ?
Answer: DCOM is an extended to COM that allows network-based component interaction. Because COM only ability that processes can run on the same machine but in different address spaces, the DCOM extension allows across a network. DCOM components can helpfull on variety of platforms . we can also say that COM and DCOM is single technology that provides a many services for component interaction, some specific tasks are component integration on a single platform,component interaction across heterogeneous networks.COM and its DCOM extensions are merged into a single runtime.
Question:-Which namespace do the classes, allowing you to support COM functionality, are located?
Answer: System.EnterpriseServices
Question:- How do you make a NET component talk to a COM component?
Answer: To enable the communication between COM and .NET components, the .NET Framework generates a COM Callable Wrapper (CCW). The CCW enables communication between the calling COM code and the managed code. It also handles conversion between the data types, as well as other messages between the COM types and the .NET types.
Question:-How do you generate an RCW from a COM object?
Answer: Use the Type Library Import utility shipped with SDK. tlbimp COMobject.dll /out:.NETobject.dll or reference the COM library from Visual Studio in your project.
Question:-I can’t import the COM object that I have on my machine. Did you write that object?
Answer:You can only import your own objects. If you need to use a COM component from another developer, you should obtain a Primary Interop Assembly (PIA) from whoever authored the original object.
Question:-How do you call unmanaged methods from your .NET code through PInvoke?
Answer: Supply a DllImport attribute. Declare the methods in your .NET code as static extern. Do not implement the methods as they are implemented in your unmanaged code, you’re just providing declarations for method signatures.
Question:- Can you retrieve complex data types like structs from the PInvoke calls?
Answer: Yes, just make sure you re-declare that struct, so that managed code knows what to do with it.
Question:- I want to expose my .NET objects to COM objects. Is that possible?
Answer: Yes, but few things should be considered first. Classes should implement interfaces explicitly. Managed types must be public. Methods, properties, fields, and events that are exposed to COM must be public. Types must have a public default constructor with no arguments to be activated from COM. Types cannot be abstract.
Question:-Can you inherit a COM class in a .NET application?
Answer: The .NET Framework extends the COM model for reusability by adding implementation inheritance. Managed types can derive directly or indirectly from a COM coclass; more specifically, they can derive from the runtime callable wrapper generated by the runtime. The derived type can expose all the method and properties of the COM object as well as methods and properties implemented in managed code. The resulting object is partly implemented in managed code and partly implemented in unmanaged code.
Answer: :- I think yes COM component which we have deployed today can be used from managed code, and in common cases the its adopt automatic. To access com component from the .NET Framework we use runtime callable wrapper (RCW). This wrapper turns the COM interfaces exposed by the COM component into .NET Framework-compatible interfaces. For OLE automation interfaces, the RCW can be generated automatically from a type library. But for non-OLE automation interfaces, a developer may have to write a custom RCW and then manually map types that is exposed by the COM interface to .NET Framework-compatible types.
Question:-What is Monikers when using COM ?
Answer: Clients always require a easy way to reconnect the same process where he is on last time or we can say that exact same state at a later point in time. This support is provided via "monikers". A moniker is a COM object that helps in this task because its knows how to create and initialize the content of a single COM object instance. A moniker can be asked to bind to the COM object it showing, so a COM object on specific machine on the network, or a group of cells inside a spreadsheet.
Question:-Explain Transaction with COM+ Components?
Answer: Transaction consists of group of task bind in a single execution unit .When a transaction starts with specific task it is completed when all the statement in units are completed if any one produce error it will Rollback.So transaction have only two result Success and failure.
On the other hand COM+ components need code to transaction.Because it will automatically participate in transaction.Its not require any explicit code to specify the start and end of transaction.when we create an object of COM+ it is activated with BeginTransaction with COM+ services provides.And this object is deactivated using CommitTransaction or AbortTransaction method.
Question:-How COM+ Component adopt security?
Answer: To reduce complexity COM+ used or provides role-based security service that's helps in middle-tier components.There are two types of role-based security.
(1)Declaractive
(2)Programmatic
When we applied and configure security without using an explicit programming interface is known as declartive security settings. On the other hand there are some situation when work load is heavy and secuirty is must and exchange of data accross the network and security measure should be taken with programming interface and it is known as programmactic secrity.
Question:-What are the COM Component in .Net?
Answer: .Net not helps in creation of COM components and provides a different solution for making reusable components through Assemblies.There are many COM components present which our .Net application might need to use..Net provides an extremely simple approach to achieve this.
We use com by ‘Wrapper Classes’ and ‘Proxy Components’. .Net wraps the COM component into .Net assembly technically called ‘Runtime Callable Wrapper’ or RCW. Then u can call and use your COM component just as a .Net (or C#, if u are using C#) Assembly.
Question:-Whats the relation between COM/DCOM ?
Answer: DCOM is an extended to COM that allows network-based component interaction. Because COM only ability that processes can run on the same machine but in different address spaces, the DCOM extension allows across a network. DCOM components can helpfull on variety of platforms . we can also say that COM and DCOM is single technology that provides a many services for component interaction, some specific tasks are component integration on a single platform,component interaction across heterogeneous networks.COM and its DCOM extensions are merged into a single runtime.
Question:-Which namespace do the classes, allowing you to support COM functionality, are located?
Answer: System.EnterpriseServices
Question:- How do you make a NET component talk to a COM component?
Answer: To enable the communication between COM and .NET components, the .NET Framework generates a COM Callable Wrapper (CCW). The CCW enables communication between the calling COM code and the managed code. It also handles conversion between the data types, as well as other messages between the COM types and the .NET types.
Question:-How do you generate an RCW from a COM object?
Answer: Use the Type Library Import utility shipped with SDK. tlbimp COMobject.dll /out:.NETobject.dll or reference the COM library from Visual Studio in your project.
Question:-I can’t import the COM object that I have on my machine. Did you write that object?
Answer:You can only import your own objects. If you need to use a COM component from another developer, you should obtain a Primary Interop Assembly (PIA) from whoever authored the original object.
Question:-How do you call unmanaged methods from your .NET code through PInvoke?
Answer: Supply a DllImport attribute. Declare the methods in your .NET code as static extern. Do not implement the methods as they are implemented in your unmanaged code, you’re just providing declarations for method signatures.
Question:- Can you retrieve complex data types like structs from the PInvoke calls?
Answer: Yes, just make sure you re-declare that struct, so that managed code knows what to do with it.
Question:- I want to expose my .NET objects to COM objects. Is that possible?
Answer: Yes, but few things should be considered first. Classes should implement interfaces explicitly. Managed types must be public. Methods, properties, fields, and events that are exposed to COM must be public. Types must have a public default constructor with no arguments to be activated from COM. Types cannot be abstract.
Question:-Can you inherit a COM class in a .NET application?
Answer: The .NET Framework extends the COM model for reusability by adding implementation inheritance. Managed types can derive directly or indirectly from a COM coclass; more specifically, they can derive from the runtime callable wrapper generated by the runtime. The derived type can expose all the method and properties of the COM object as well as methods and properties implemented in managed code. The resulting object is partly implemented in managed code and partly implemented in unmanaged code.
DOT NET FRAME WORK
DOT NET FRAME WORK
(IL)Intermediate Language is also known as MSIL (Microsoft Intermediate Language) or CIL
(Common Intermediate Language). All .NET source code is compiled to IL. This IL is then converted to machine code at the point where the software is installed, or at run-time by a Just-In-Time (JIT) compiler.
What is a CLR?
Full form of CLR is Common Language Runtime and it forms the heart of the .NET framework.
All Languages have runtime and its the responsibility of the runtime to take care of the code execution of the program. For example VC++ has MSCRT40.DLL,VB6 has MSVBVM60.DLL,
Java has Java Virtual Machine etc. Similarly .NET has CLR. Following are the responsibilities of
CLR.
√ Garbage Collection :- CLR automatically manages memory thus eliminating memory leaks. When objects are not referred GC automatically releases those memories thus providing efficient memory management.
√ Code Access Security :- CAS grants rights to program depending on the security
configuration of the machine. Example the program has rights to edit or create
a new file but the security configuration of machine does not allow the program
to delete a file. CAS will take care that the code runs under the environment of
machines security configuration.
√ Code Verification :- This ensures proper code execution and type safety while
the code runs. It prevents the source code to perform illegal operation such as
accessing invalid memory locations etc.
IL( Intermediate language )-to-native translators and optimizer’s :- CLR uses
JIT and compiles the IL code to machine code and then executes. CLR also
determines depending on platform what is optimized way of running the IL
code.
What is a CTS?
In order that two language communicate smoothly CLR has CTS (Common Type System).
Example
in VB you have “Integer” and in C++ you have “long” these datatypes are not compatible so the
interfacing between them is very complicated. In order to able that two different languages can communicate Microsoft introduced Common Type System. So “Integer” datatype in VB6 and
“int” datatype in C++ will convert it to System.int32 which is datatype of CTS. CLS which is
covered in the coming question is subset of CTS.
Note: If you have undergone COM programming period interfacing VB6 application with VC++ application was a real pain as the datatype of both languages did not have a common ground where they can come and interface, by having CTS interfacing is smooth.
What is a CLS(Common Language Specification)?
This is a subset of the CTS which all .NET languages are expected to support. It was always a dream of Microsoft to unite all different languages in to one umbrella and CLS is one step towards that. Microsoft has defined CLS which are nothing but guidelines that language to follow
so that it can communicate with other .NET languages in a seamless manner.
What is a Managed Code?
Managed code runs inside the environment of CLR i.e. .NET runtime. In short all IL are managed code. But if you are using some third party software example VB6 or VC++ component they are unmanaged code as .NET runtime (CLR) does not have control over the source code execution of the language.
(IL)Intermediate Language is also known as MSIL (Microsoft Intermediate Language) or CIL
(Common Intermediate Language). All .NET source code is compiled to IL. This IL is then converted to machine code at the point where the software is installed, or at run-time by a Just-In-Time (JIT) compiler.
What is a CLR?
Full form of CLR is Common Language Runtime and it forms the heart of the .NET framework.
All Languages have runtime and its the responsibility of the runtime to take care of the code execution of the program. For example VC++ has MSCRT40.DLL,VB6 has MSVBVM60.DLL,
Java has Java Virtual Machine etc. Similarly .NET has CLR. Following are the responsibilities of
CLR.
√ Garbage Collection :- CLR automatically manages memory thus eliminating memory leaks. When objects are not referred GC automatically releases those memories thus providing efficient memory management.
√ Code Access Security :- CAS grants rights to program depending on the security
configuration of the machine. Example the program has rights to edit or create
a new file but the security configuration of machine does not allow the program
to delete a file. CAS will take care that the code runs under the environment of
machines security configuration.
√ Code Verification :- This ensures proper code execution and type safety while
the code runs. It prevents the source code to perform illegal operation such as
accessing invalid memory locations etc.
IL( Intermediate language )-to-native translators and optimizer’s :- CLR uses
JIT and compiles the IL code to machine code and then executes. CLR also
determines depending on platform what is optimized way of running the IL
code.
What is a CTS?
In order that two language communicate smoothly CLR has CTS (Common Type System).
Example
in VB you have “Integer” and in C++ you have “long” these datatypes are not compatible so the
interfacing between them is very complicated. In order to able that two different languages can communicate Microsoft introduced Common Type System. So “Integer” datatype in VB6 and
“int” datatype in C++ will convert it to System.int32 which is datatype of CTS. CLS which is
covered in the coming question is subset of CTS.
Note: If you have undergone COM programming period interfacing VB6 application with VC++ application was a real pain as the datatype of both languages did not have a common ground where they can come and interface, by having CTS interfacing is smooth.
What is a CLS(Common Language Specification)?
This is a subset of the CTS which all .NET languages are expected to support. It was always a dream of Microsoft to unite all different languages in to one umbrella and CLS is one step towards that. Microsoft has defined CLS which are nothing but guidelines that language to follow
so that it can communicate with other .NET languages in a seamless manner.
What is a Managed Code?
Managed code runs inside the environment of CLR i.e. .NET runtime. In short all IL are managed code. But if you are using some third party software example VB6 or VC++ component they are unmanaged code as .NET runtime (CLR) does not have control over the source code execution of the language.
Software Company Hirachy
Software Company Hirachy
Following are the number of years of experience according to position.
√ Junior engineers are specially fresher and work under software engineers.
√ Software engineers have around 1 to 2 years of experience. Interviewer expects software engineers to be technically at a medium level.
√ Senior Software Engineers have around 2 to 4 years of experience. Interviewer expects them to technically be very strong.
√ Project leads should handle majority technical aspect of project and should have around 4 to 8 years of experience. They are also indirect architect of the project. Interviewer expects them to be technically strong and in terms of architecture to be decent. Interviewer also expects them to have people management skills.
√ Project Manager are expected to be around 40% technically strong and should have experience above 10 years plus. But they are more interviewed from aspect of project management, client interaction, people management, proposal preparation etc.
Following are the number of years of experience according to position.
√ Junior engineers are specially fresher and work under software engineers.
√ Software engineers have around 1 to 2 years of experience. Interviewer expects software engineers to be technically at a medium level.
√ Senior Software Engineers have around 2 to 4 years of experience. Interviewer expects them to technically be very strong.
√ Project leads should handle majority technical aspect of project and should have around 4 to 8 years of experience. They are also indirect architect of the project. Interviewer expects them to be technically strong and in terms of architecture to be decent. Interviewer also expects them to have people management skills.
√ Project Manager are expected to be around 40% technically strong and should have experience above 10 years plus. But they are more interviewed from aspect of project management, client interaction, people management, proposal preparation etc.
SQL Server with ASP.NET
SQL Server with ASP.NET
Visual Studio .NET provides Web Forms controls, such as the DataGrid control that you can use to access data from various data sources, such as a SQL server or a Jet database. This chapter introduces you to the Structured Query Language (SQL), which is used to access data stored on a SQL server through Web Forms. You'll also learn how to use ADO Extensions to create and manage different schema objects, such as databases and tables.
Server-side data access is critical to all real-world applications. Therefore, these applications must address server-side data access to implement business solutions. This section introduces you to the SQL server data access through Web Forms.
Microsoft SQL Server is a Relational Database Management System (RDBMS) that is used to store and organize related data — the collection of related data is called a database. Microsoft SQL Server is based on the client/server architecture, in which data is stored on a centralized computer called a server. Other computers, called clients, can access the data stored on the server through a network. The client/server architecture prevents data inconsistency.
You can access data stored on a SQL server through Web Forms. To do so, you can create Web applications that have data access controls. These data access Web controls present the data in a consistent manner irrespective of the actual source, such as Microsoft SQL Server or MS Access. Therefore, while creating a Web application, you do not need to worry about the format of the data. However, before you can access or manipulate data from a SQL server, you need to perform the following steps in the specified sequence:
1. Establish a connection with the SQL Server.
2. Write the actual command to access or manipulate data.
3. Create a result set of the data from the data source with which the application can work. This result set is called the data set and is disconnected from the actual source. The application accesses and updates data in the data set, which is later reconciled with the actual data
source.
To achieve this functionality, you first need to import two namespaces, System.Data and System.Data.SqlClient, into your Web Forms page.
The two namespaces are described as follows:
System.Data: A collection of classes that are based on the ADO.NET architecture. The ADO.NET architecture allows for efficient data management and manipulation from multiple data sources. ADO.NET provides tools to request and update data in a data set, and reconcile data in the actual data source. Some of the classes included in this namespace
are described as follows:
DataSet: Represents the data set cached in memory with which applications work.
DataTable: Represents a table of data in a data set.
DataRow: Represents a row of data in a data table.
DataColumn: Represents a column of data in a data table.
System.Data.SqlClient: A collection of classes that are used to access SQL server data sources. Some of the classes are listed as follows:
SqlConnection: Represents a connection with a SQL server data source. The first step to access data from a SQL server database is to create an object of this class.
SqlDataAdapter: Represents a set of data commands and a database connection that are used to access or manipulate data. After creating a SqlConnection object, you need to create an object of the SqlDataAdapter class to populate the data set and update the data source.
SqlCommand: Represents the SQL command to perform data operations in a SQL server data source.
A SQL database stores data in tables, which consist of rows and columns. A column stores the information regarding properties of an item, while a row stores the complete information of an item. For example, consider a Products table. The columns store information, such as product identification number, product name, and quantity available. The rows store information about different products. Each column stores data of a specific type. Therefore, each column has a specific data type.
Retrieving data from a SQL database
You can retrieve information stored in tables by using the Select statement. The syntax is as follows:
Select Column1, Column2,..., ColumnN From Table
In this statement:
ColumnN: Represents the name of a column in the table from which the information needs to be retrieved. A comma separates the different column names.
Table: Represents the name of the table.
You can also retrieve information from all the columns of a table by using the following statement:
Select * From Table In the preceding statement, * represents all the columns of the table.
If you want to retrieve only specific rows from a table, you need to specify a condition in
the Select statement. You can specify a condition by using the Where clause, as follows:
Select * From Table Where ColumnN="Value"
In this statement, only those rows will be retrieved where the column has a specific value. For example, to retrieve the information from the Products table for a product called "cinnamon," use the following statement:
Select * From Products Where ProductName = "cinnamon"
Inserting, updating, and deleting data in a SQL database
You might need to add a new row to a table in a SQL database. For example, suppose you need to add to the Products table a new row for a new product. To add a row to a table, use the following statement:
Insert Into Table
Values (Column1_Value, Column2_Value, ..., ColumnN_Value)
In this syntax:
Table: Represents the table in which the row needs to be inserted.
Values: Takes the column values for the new row as parameters.
ColumnN_Value: Represents the value to be inserted in the column with name ColumnN.
The values must be supplied in the same order as the columns in the table. Also, if the data type of a column is Char, VarChar, or DateTime, you need to specify values in quotes.
Visual Studio .NET provides Web Forms controls, such as the DataGrid control that you can use to access data from various data sources, such as a SQL server or a Jet database. This chapter introduces you to the Structured Query Language (SQL), which is used to access data stored on a SQL server through Web Forms. You'll also learn how to use ADO Extensions to create and manage different schema objects, such as databases and tables.
Server-side data access is critical to all real-world applications. Therefore, these applications must address server-side data access to implement business solutions. This section introduces you to the SQL server data access through Web Forms.
Microsoft SQL Server is a Relational Database Management System (RDBMS) that is used to store and organize related data — the collection of related data is called a database. Microsoft SQL Server is based on the client/server architecture, in which data is stored on a centralized computer called a server. Other computers, called clients, can access the data stored on the server through a network. The client/server architecture prevents data inconsistency.
You can access data stored on a SQL server through Web Forms. To do so, you can create Web applications that have data access controls. These data access Web controls present the data in a consistent manner irrespective of the actual source, such as Microsoft SQL Server or MS Access. Therefore, while creating a Web application, you do not need to worry about the format of the data. However, before you can access or manipulate data from a SQL server, you need to perform the following steps in the specified sequence:
1. Establish a connection with the SQL Server.
2. Write the actual command to access or manipulate data.
3. Create a result set of the data from the data source with which the application can work. This result set is called the data set and is disconnected from the actual source. The application accesses and updates data in the data set, which is later reconciled with the actual data
source.
To achieve this functionality, you first need to import two namespaces, System.Data and System.Data.SqlClient, into your Web Forms page.
The two namespaces are described as follows:
System.Data: A collection of classes that are based on the ADO.NET architecture. The ADO.NET architecture allows for efficient data management and manipulation from multiple data sources. ADO.NET provides tools to request and update data in a data set, and reconcile data in the actual data source. Some of the classes included in this namespace
are described as follows:
DataSet: Represents the data set cached in memory with which applications work.
DataTable: Represents a table of data in a data set.
DataRow: Represents a row of data in a data table.
DataColumn: Represents a column of data in a data table.
System.Data.SqlClient: A collection of classes that are used to access SQL server data sources. Some of the classes are listed as follows:
SqlConnection: Represents a connection with a SQL server data source. The first step to access data from a SQL server database is to create an object of this class.
SqlDataAdapter: Represents a set of data commands and a database connection that are used to access or manipulate data. After creating a SqlConnection object, you need to create an object of the SqlDataAdapter class to populate the data set and update the data source.
SqlCommand: Represents the SQL command to perform data operations in a SQL server data source.
A SQL database stores data in tables, which consist of rows and columns. A column stores the information regarding properties of an item, while a row stores the complete information of an item. For example, consider a Products table. The columns store information, such as product identification number, product name, and quantity available. The rows store information about different products. Each column stores data of a specific type. Therefore, each column has a specific data type.
Retrieving data from a SQL database
You can retrieve information stored in tables by using the Select statement. The syntax is as follows:
Select Column1, Column2,..., ColumnN From Table
In this statement:
ColumnN: Represents the name of a column in the table from which the information needs to be retrieved. A comma separates the different column names.
Table: Represents the name of the table.
You can also retrieve information from all the columns of a table by using the following statement:
Select * From Table In the preceding statement, * represents all the columns of the table.
If you want to retrieve only specific rows from a table, you need to specify a condition in
the Select statement. You can specify a condition by using the Where clause, as follows:
Select * From Table Where ColumnN="Value"
In this statement, only those rows will be retrieved where the column has a specific value. For example, to retrieve the information from the Products table for a product called "cinnamon," use the following statement:
Select * From Products Where ProductName = "cinnamon"
Inserting, updating, and deleting data in a SQL database
You might need to add a new row to a table in a SQL database. For example, suppose you need to add to the Products table a new row for a new product. To add a row to a table, use the following statement:
Insert Into Table
Values (Column1_Value, Column2_Value, ..., ColumnN_Value)
In this syntax:
Table: Represents the table in which the row needs to be inserted.
Values: Takes the column values for the new row as parameters.
ColumnN_Value: Represents the value to be inserted in the column with name ColumnN.
The values must be supplied in the same order as the columns in the table. Also, if the data type of a column is Char, VarChar, or DateTime, you need to specify values in quotes.
Stored procedures in SQL SERVER
Stored procedures in SQL SERVER
A stored procedure is a set of SQL statements used to perform specific tasks. A stored procedure resides on the SQL server and can be executed by any user who has the appropriate permissions. Because the stored procedures reside on the SQL server, you do not need to transfer SQL statements to the server each time you want to perform a task on the server. This reduces the network traffic. When you want to execute a procedure, you only need to transfer the name of the procedure. However, if the procedure takes any parameters, you also need to transfer the parameters along with the procedure name.
You can create a stored procedure by using the Create Procedure statement as
follows:
Create Procedure ProcName
As
SQL statements
Return
In this statement:
ProcName: Represents the name of the stored procedure.
SQL statements: Represents the set of SQL statements in the stored procedure.
Return: Represents the end of the procedure. Each stored procedure must end with a Return statement. After the stored procedure is created, the SQL server scrutinizes it for any errors. The procedure can be executed by using the Execute or Exec keyword, as follows:
Execute ProcName
You can also pass parameters or arguments to a stored procedure to perform a specific task based on the parameter. For example, consider the following procedure that displays the price of a product whose ID is passed as a parameter:
Create Procedure ProductPrice (@id char (4))
As
Select UnitPrice
From Products Where ProductID=@id
Return
This procedure takes a parameter, @id, at the time of execution. To display the price of the product whose ID is "P001", execute this procedure using the following code:
Execute ProductPrice "P001"
Implementing T-SQL in Web Applications
Many situations require Web applications to retrieve, add, modify, and delete data stored in a database on a server. For example, consider a Web application that enables users to register as customers. When a customer fills out the Registration form and submits it, the customer registration information must be stored in a database on a server so as to maintain the registered customer's records. After the registration, the customer might need to change their customer details, such as telephone number or address. Later, the customer might want to discontinue purchasing from the same store. In such a situation, the Web application must take care of addition, modification, and deletion of data in the respective database on a server.
In this section, you'll create a Web application to retrieve, add, modify, and delete data in a table stored on a SQL server. You can choose to use either Visual Basic or C# to do so. In the following example, you'll create a Visual Basic Web application project.
Accessing data
After designing the forms, you'll add the desired functionality to them. First, you'll add the functionality to the Order form. The form should enable customers to view the complete product list by clicking the View Product List button. Also, the form should enable customers to view the details of a specific product by clicking the View Product Details button.
To implement this functionality, open the code behind file (with .vb extension) of the Order form. At the top of the Order form, import the two namespaces as follows:
Imports System.Data
Imports System.Data.SqlClient
Modifying and deleting data
The DataGrid control enables users to modify and delete records. To allow rows to be edited, the EditItemIndex property of the DataGrid control is used. By default, this property is set to -1, indicating that no rows are editable.
The DataGrid control has a property called Columns that you can use to add buttons to allow user interaction with individual data rows. To add a button column, follow these steps:
1. Open the Property Window of the DataGrid control.
2. Click the ellipsis in the Columns property to open the Properties dialog box.
The DataGrid control can have three types of button columns, described as follows:
The Select button column renders a Select link button used to access a specific row.
The Edit, Update, Cancel button column renders three link buttons: Edit, Update, and Cancel. The Edit button is used to display the row in Edit mode. After the row switches to Edit mode,
the column displays Update and Cancel buttons, which are used to update or cancel the changes made to the row.
The Delete button column renders a Delete button that enables users to delete a specific row.
To add the update functionality, add the Edit, Update, Cancel button column to your DataGrid control. When the Edit button is clicked, the EditCommand method of the DataGrid control is called. The UpdateCommand method is called when the Update button is clicked. And, when the Cancel button is clicked, the CancelCommand method is called. Therefore, you need to write appropriate code in these methods to implement the desired functionality.
In the EditCommand method of the DataGrid control, set the EditItemIndex property as follows:
Public Sub MyDataGrid_EditCommand(ByVal source As Object,
ByVale As System.Web.UI.WebControls.DataGridCommandEventArgs)
Handles MyDataGrid.EditCommand
'Setting the EditItemIndex property of the DataGrid
control to indicate the row to be edited
MyDataGrid.EditItemIndex = e.Item.ItemIndex
A stored procedure is a set of SQL statements used to perform specific tasks. A stored procedure resides on the SQL server and can be executed by any user who has the appropriate permissions. Because the stored procedures reside on the SQL server, you do not need to transfer SQL statements to the server each time you want to perform a task on the server. This reduces the network traffic. When you want to execute a procedure, you only need to transfer the name of the procedure. However, if the procedure takes any parameters, you also need to transfer the parameters along with the procedure name.
You can create a stored procedure by using the Create Procedure statement as
follows:
Create Procedure ProcName
As
SQL statements
Return
In this statement:
ProcName: Represents the name of the stored procedure.
SQL statements: Represents the set of SQL statements in the stored procedure.
Return: Represents the end of the procedure. Each stored procedure must end with a Return statement. After the stored procedure is created, the SQL server scrutinizes it for any errors. The procedure can be executed by using the Execute or Exec keyword, as follows:
Execute ProcName
You can also pass parameters or arguments to a stored procedure to perform a specific task based on the parameter. For example, consider the following procedure that displays the price of a product whose ID is passed as a parameter:
Create Procedure ProductPrice (@id char (4))
As
Select UnitPrice
From Products Where ProductID=@id
Return
This procedure takes a parameter, @id, at the time of execution. To display the price of the product whose ID is "P001", execute this procedure using the following code:
Execute ProductPrice "P001"
Implementing T-SQL in Web Applications
Many situations require Web applications to retrieve, add, modify, and delete data stored in a database on a server. For example, consider a Web application that enables users to register as customers. When a customer fills out the Registration form and submits it, the customer registration information must be stored in a database on a server so as to maintain the registered customer's records. After the registration, the customer might need to change their customer details, such as telephone number or address. Later, the customer might want to discontinue purchasing from the same store. In such a situation, the Web application must take care of addition, modification, and deletion of data in the respective database on a server.
In this section, you'll create a Web application to retrieve, add, modify, and delete data in a table stored on a SQL server. You can choose to use either Visual Basic or C# to do so. In the following example, you'll create a Visual Basic Web application project.
Accessing data
After designing the forms, you'll add the desired functionality to them. First, you'll add the functionality to the Order form. The form should enable customers to view the complete product list by clicking the View Product List button. Also, the form should enable customers to view the details of a specific product by clicking the View Product Details button.
To implement this functionality, open the code behind file (with .vb extension) of the Order form. At the top of the Order form, import the two namespaces as follows:
Imports System.Data
Imports System.Data.SqlClient
Modifying and deleting data
The DataGrid control enables users to modify and delete records. To allow rows to be edited, the EditItemIndex property of the DataGrid control is used. By default, this property is set to -1, indicating that no rows are editable.
The DataGrid control has a property called Columns that you can use to add buttons to allow user interaction with individual data rows. To add a button column, follow these steps:
1. Open the Property Window of the DataGrid control.
2. Click the ellipsis in the Columns property to open the Properties dialog box.
The DataGrid control can have three types of button columns, described as follows:
The Select button column renders a Select link button used to access a specific row.
The Edit, Update, Cancel button column renders three link buttons: Edit, Update, and Cancel. The Edit button is used to display the row in Edit mode. After the row switches to Edit mode,
the column displays Update and Cancel buttons, which are used to update or cancel the changes made to the row.
The Delete button column renders a Delete button that enables users to delete a specific row.
To add the update functionality, add the Edit, Update, Cancel button column to your DataGrid control. When the Edit button is clicked, the EditCommand method of the DataGrid control is called. The UpdateCommand method is called when the Update button is clicked. And, when the Cancel button is clicked, the CancelCommand method is called. Therefore, you need to write appropriate code in these methods to implement the desired functionality.
In the EditCommand method of the DataGrid control, set the EditItemIndex property as follows:
Public Sub MyDataGrid_EditCommand(ByVal source As Object,
ByVale As System.Web.UI.WebControls.DataGridCommandEventArgs)
Handles MyDataGrid.EditCommand
'Setting the EditItemIndex property of the DataGrid
control to indicate the row to be edited
MyDataGrid.EditItemIndex = e.Item.ItemIndex
ASP.NET Security
ASP.NET Security
The reasons to secure a Web site are well known and thus do not require a detailed discussion. A few of the reasons for securing a Web site include transfer of sensitive data over the Internet, exchange of sensitive data between Web applications, and risks of hack attacks.
Security is a critical issue for both Web application developers and administrators alike. It is undoubtedly one of the most confusing areas, and hence requires careful planning and designing. Web site developers and administrators must have a clear understanding of the various options, such as authentication, for securing their sites.
Security, in the context of an ASP.NET application, involves three fundamental operations. These operations are carried out during the lifetime of each secure ASP.NET Web application and are described as follows:
Authentication:
This is the process of validating the identity of a user, to allow or deny a request. Typically, authentication is a process of accepting the username and password from a user, and validating the username/password combination in a security database. In addition to this typical case, the authentication process can be more sophisticated. After the identity is verified and validated, the user is considered to be legitimate, and the resource request is fulfilled. Future requests from the same user, ideally, are not subject to the authentication process, until the user logs out
of the Web application.
Authorization:
This is the process of ensuring that users with valid identity are allowed to access only those resources for which they have been assigned access rights. In other words, authorization is a check that is performed at every stage of the request-processing cycle on the Web server. This check ensures that access is given only to the allowed resources.
Impersonation: This process enables an application to assume the identity of the caller, and in turn make requests to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. If the identity being impersonated has permissions to a resource, the application that impersonates the identity will also have the access permission to that resource.
Before delving deeper into the security system that is available with ASP.NET, let us review the security system that is made available to the Web sites by the underlying Web server. For the ASP.NET applications, the underlying Web server is Microsoft Internet Information Services (IIS). Therefore, every ASP.NET Web application can continue to leverage the security options provided by the IIS server. Let us now look at the security provided by the IIS server.
IIS security
Securing a Web application involves different aspects. The best place to start securing a Web application is by looking at the security methods provided by the Web server that hosts the Web application. The IIS server has built-in support for authentication and authorization of user requests.
Authentication
The IIS server has built-in support for authenticating clients who request the Web content stored in an IIS Web site. Three different types of authentication can be implemented by using the IIS server:
Anonymous Authentication: Allows all users to browse the Web site without prompting for a username and password. The access to the Web site resources is impersonated by the IIS server by using the IUSR_machinename account.
Basic Authentication: Requires the users to enter a username/password combination for accessing the Web site. The major downside to this method of authentication is that the password is sent over the network in an unencrypted form, making it possible for unauthorized users to snoop the network packets and retrieve the password information easily.
Integrated Windows Authentication: Requires the users to be valid Windows users in addition to fulfilling the basic authentication. In this mode, IIS will verify the username and password with a Windows Domain Controller. The access to the Web site is allowed only if the domain controller validates the username and password.
Digest Authentication: Is similar to the basic authentication.
However, this authentication uses a different way of transmitting the authentication credentials. This authentication sends a hash value over the network rather than the password. The hash value cannot be decrypted and hence the original text cannot be deciphered.
Authorization
The IIS server can be configured to control the resources that can be accessed by users. You can control the access permissions on an IIS Web site by marking the allowed operations on the Web site. The different permission levels include the following:
Read: Allows users to retrieve and read the content stored in the virtual directory. This permission is assigned to most virtual directories.
Write: Allows users to retrieve and modify the content stored in the virtual directory. If a Web site is open to receiving content over the HTTP protocol, the virtual directory used to store the received files must have the write permission. A typical example of this would be a virtual directory that stores the files that are uploaded as attachments to e-mail messages.
Script source access: Allows users to view the source code of any server-side program.
Directory browsing: Allows users to view the contents of the entire virtual directory. This is similar to viewing an FTP folder.
Log visits: Keeps track of the number of users who visit the site, and records information about various details, such as the IP address of the client and the resources that are requested for.
Index: Uses Microsoft Index Server to index the virtual directory. The contents of the directory can be retrieved in a search result using the Index Server.
The reasons to secure a Web site are well known and thus do not require a detailed discussion. A few of the reasons for securing a Web site include transfer of sensitive data over the Internet, exchange of sensitive data between Web applications, and risks of hack attacks.
Security is a critical issue for both Web application developers and administrators alike. It is undoubtedly one of the most confusing areas, and hence requires careful planning and designing. Web site developers and administrators must have a clear understanding of the various options, such as authentication, for securing their sites.
Security, in the context of an ASP.NET application, involves three fundamental operations. These operations are carried out during the lifetime of each secure ASP.NET Web application and are described as follows:
Authentication:
This is the process of validating the identity of a user, to allow or deny a request. Typically, authentication is a process of accepting the username and password from a user, and validating the username/password combination in a security database. In addition to this typical case, the authentication process can be more sophisticated. After the identity is verified and validated, the user is considered to be legitimate, and the resource request is fulfilled. Future requests from the same user, ideally, are not subject to the authentication process, until the user logs out
of the Web application.
Authorization:
This is the process of ensuring that users with valid identity are allowed to access only those resources for which they have been assigned access rights. In other words, authorization is a check that is performed at every stage of the request-processing cycle on the Web server. This check ensures that access is given only to the allowed resources.
Impersonation: This process enables an application to assume the identity of the caller, and in turn make requests to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. If the identity being impersonated has permissions to a resource, the application that impersonates the identity will also have the access permission to that resource.
Before delving deeper into the security system that is available with ASP.NET, let us review the security system that is made available to the Web sites by the underlying Web server. For the ASP.NET applications, the underlying Web server is Microsoft Internet Information Services (IIS). Therefore, every ASP.NET Web application can continue to leverage the security options provided by the IIS server. Let us now look at the security provided by the IIS server.
IIS security
Securing a Web application involves different aspects. The best place to start securing a Web application is by looking at the security methods provided by the Web server that hosts the Web application. The IIS server has built-in support for authentication and authorization of user requests.
Authentication
The IIS server has built-in support for authenticating clients who request the Web content stored in an IIS Web site. Three different types of authentication can be implemented by using the IIS server:
Anonymous Authentication: Allows all users to browse the Web site without prompting for a username and password. The access to the Web site resources is impersonated by the IIS server by using the IUSR_machinename account.
Basic Authentication: Requires the users to enter a username/password combination for accessing the Web site. The major downside to this method of authentication is that the password is sent over the network in an unencrypted form, making it possible for unauthorized users to snoop the network packets and retrieve the password information easily.
Integrated Windows Authentication: Requires the users to be valid Windows users in addition to fulfilling the basic authentication. In this mode, IIS will verify the username and password with a Windows Domain Controller. The access to the Web site is allowed only if the domain controller validates the username and password.
Digest Authentication: Is similar to the basic authentication.
However, this authentication uses a different way of transmitting the authentication credentials. This authentication sends a hash value over the network rather than the password. The hash value cannot be decrypted and hence the original text cannot be deciphered.
Authorization
The IIS server can be configured to control the resources that can be accessed by users. You can control the access permissions on an IIS Web site by marking the allowed operations on the Web site. The different permission levels include the following:
Read: Allows users to retrieve and read the content stored in the virtual directory. This permission is assigned to most virtual directories.
Write: Allows users to retrieve and modify the content stored in the virtual directory. If a Web site is open to receiving content over the HTTP protocol, the virtual directory used to store the received files must have the write permission. A typical example of this would be a virtual directory that stores the files that are uploaded as attachments to e-mail messages.
Script source access: Allows users to view the source code of any server-side program.
Directory browsing: Allows users to view the contents of the entire virtual directory. This is similar to viewing an FTP folder.
Log visits: Keeps track of the number of users who visit the site, and records information about various details, such as the IP address of the client and the resources that are requested for.
Index: Uses Microsoft Index Server to index the virtual directory. The contents of the directory can be retrieved in a search result using the Index Server.
ASP.NET Security
ASP.NET Security part two
In addition to the IIS permission levels, NTFS permissions can also be used to secure the files and directories on a Web server. The following are the different access permissions that can be assigned to users and groups for the files and directories on the server:
Full Control: Allows users to have complete control on files and/or directories.
Modify: Allows users to modify the contents of files and/or directories. However, users will not be able to delete files and/or directories.
Read & Execute: Allows users to read the contents of the existing files and/or directories and execute any application stored in that folder. However, users will not be able to modify the contents of the files and/or directories.
List Folder Contents: Allows users to view the contents of the folder. However, users will neither be able to read the contents of any file in the folder nor modify any contents.
Write: Allows users to make changes to files and/or directories.
No Access: Does not allow any access to files and/or directories. Authentication in Web applications Various ways exist to authenticate user access to Web applications. In intranet
applications, it is possible to use Integrated Windows Authentication to authenticate user access and implement access control. But, in most of the Internet applications, it is not possible to use Windows authentication as it puts various restrictions. The following are two of these restrictions:
Number of user accounts: Although Windows Active Directory can scale up to a large number of user accounts, managing all the user accounts for Internet applications (that involve millions of user accounts) can be a big management challenge, if not a nightmare. Therefore, most Web administrators and developers prefer an authentication mechanism that is based on databases, such as SQL databases.
Licensing issues: If millions of users were to be authenticated against an Active Directory database, the Web site would need to procure user licenses for all the users. Thus, to say the least, it can prove to be an expensive proposition.
In classic ASP, authentication issues were addressed by security implementations that relied on cookies or client IP. This approach, typically, meant writing a lot of code and proved to be an unnecessary overhead for developers. The approach is very different from implementing security in Windows applications. In Windows, applications are developed in a way that maximizes the leverage on the services provided by the operating system. With ASP.NET, however, the days of writing tedious user validation code are gone. Developers can rely on the underlying Microsoft .NET Framework to provide security. They just need to focus on solving business problems and implementing the functionality in the Web site. Let us now explore the various authentication models that are supported by ASP.NET.
ASP.NET authentication options
The security section of the Web.config file contains the information related to the level and type of authentication services that would be provided for a Web application. The Web.config file is an XML file and is located in the root directory of a Web application.Various configuration options for an ASP.NET Web application can be controlled and configured from this XML file.
The system.web section of the Web.config file is used to control the various aspects of security that are provided to the Web application. An ASP.NET Web application can be provided with one of the following types of security:
Windows: The application is secured by using Integrated Windows Authentication. In this method, access to a Web application is allowed only to those users who are able to verify their Windows credentials.
Credentials can be verified against the Windows authentication database (SAM) or against Active Directory.
Passport: The application is secured by using Microsoft Passport authentication. Passport is a single-sign-on technology developed by Microsoft for use on the Web.
Forms: The application is secured by using a custom authentication model with cookie support.
None: The application is not secured; access to the application does not require authentication.
Forms-based Authentication
ASP.NET includes a built-in feature, called forms-based authentication, which can be used to implement customized logic for authenticating users and authentication handlers without having to worry about session management using cookies. In forms-based authentication, when a user is determined to be unauthenticated, the user is automatically redirected to the login page. Some of the benefits of the forms-based authentication are the following:
Developers can configure forms-based authentication for various parts of the Web site differently, because the Web.config file is a hierarchical XML document.
Administrators and developers can change the authentication scheme quickly and easily in the Web.config file.
Administration is centralized because all the authentication entries are in one place — the Web.config file. You can enable forms-based authentication for a Web application by setting the
Authentication mode property to "Forms" in the Web.config file.
In addition to the IIS permission levels, NTFS permissions can also be used to secure the files and directories on a Web server. The following are the different access permissions that can be assigned to users and groups for the files and directories on the server:
Full Control: Allows users to have complete control on files and/or directories.
Modify: Allows users to modify the contents of files and/or directories. However, users will not be able to delete files and/or directories.
Read & Execute: Allows users to read the contents of the existing files and/or directories and execute any application stored in that folder. However, users will not be able to modify the contents of the files and/or directories.
List Folder Contents: Allows users to view the contents of the folder. However, users will neither be able to read the contents of any file in the folder nor modify any contents.
Write: Allows users to make changes to files and/or directories.
No Access: Does not allow any access to files and/or directories. Authentication in Web applications Various ways exist to authenticate user access to Web applications. In intranet
applications, it is possible to use Integrated Windows Authentication to authenticate user access and implement access control. But, in most of the Internet applications, it is not possible to use Windows authentication as it puts various restrictions. The following are two of these restrictions:
Number of user accounts: Although Windows Active Directory can scale up to a large number of user accounts, managing all the user accounts for Internet applications (that involve millions of user accounts) can be a big management challenge, if not a nightmare. Therefore, most Web administrators and developers prefer an authentication mechanism that is based on databases, such as SQL databases.
Licensing issues: If millions of users were to be authenticated against an Active Directory database, the Web site would need to procure user licenses for all the users. Thus, to say the least, it can prove to be an expensive proposition.
In classic ASP, authentication issues were addressed by security implementations that relied on cookies or client IP. This approach, typically, meant writing a lot of code and proved to be an unnecessary overhead for developers. The approach is very different from implementing security in Windows applications. In Windows, applications are developed in a way that maximizes the leverage on the services provided by the operating system. With ASP.NET, however, the days of writing tedious user validation code are gone. Developers can rely on the underlying Microsoft .NET Framework to provide security. They just need to focus on solving business problems and implementing the functionality in the Web site. Let us now explore the various authentication models that are supported by ASP.NET.
ASP.NET authentication options
The security section of the Web.config file contains the information related to the level and type of authentication services that would be provided for a Web application. The Web.config file is an XML file and is located in the root directory of a Web application.Various configuration options for an ASP.NET Web application can be controlled and configured from this XML file.
The system.web section of the Web.config file is used to control the various aspects of security that are provided to the Web application. An ASP.NET Web application can be provided with one of the following types of security:
Windows: The application is secured by using Integrated Windows Authentication. In this method, access to a Web application is allowed only to those users who are able to verify their Windows credentials.
Credentials can be verified against the Windows authentication database (SAM) or against Active Directory.
Passport: The application is secured by using Microsoft Passport authentication. Passport is a single-sign-on technology developed by Microsoft for use on the Web.
Forms: The application is secured by using a custom authentication model with cookie support.
None: The application is not secured; access to the application does not require authentication.
Forms-based Authentication
ASP.NET includes a built-in feature, called forms-based authentication, which can be used to implement customized logic for authenticating users and authentication handlers without having to worry about session management using cookies. In forms-based authentication, when a user is determined to be unauthenticated, the user is automatically redirected to the login page. Some of the benefits of the forms-based authentication are the following:
Developers can configure forms-based authentication for various parts of the Web site differently, because the Web.config file is a hierarchical XML document.
Administrators and developers can change the authentication scheme quickly and easily in the Web.config file.
Administration is centralized because all the authentication entries are in one place — the Web.config file. You can enable forms-based authentication for a Web application by setting the
Authentication mode property to "Forms" in the Web.config file.
Resume preparation for software jobs
Resume preparation for software jobs
Use plain text when you are sending resumes through email.
√ Attach a covering letter it really impresses and makes you look traditionally formal.
Yes, even if you are sending your CV through email send a covering letter.
Check list
Start with an objective or summary, for instance, “Working as a Senior Database administrator for more than 4 years. Implemented quality web based application.
Follow the industry’s best practices and adhered and implemented processes, which enhanced the quality of technical delivery. Pledge to deliver the best technical solutions to the industry.”
√ Specify your Core strengths at the start of the resume by which the interviewer can make a quick decision are you eligible for the position.
This is also a good position to specify your objective or position which makes it clear to the interviewer that should he call you for an interview. For instance, if you are looking for senior position specify it explicitly ‘looking for this job profile’. Any kind of certification like MCP, MCSD etc you can make it visible in this section.
Once you have specified briefly your goals and what you have done its time to specify what type of technology you have worked with. For instance RDBMS, TOOLS, Languages, Web servers, process (Six sigma, CMMI).
√ After that you can make a run through of your experience company wise that is what company you have worked with, year / month joining and year / month left.
This will give an overview to the interviewer what type of companies you have associated your self.
PROJECT DETAILS:
Project Name / Client name
√ Number of team members.
√ Time span of the project.
√ Tools, language, RDBMS and technology used to complete the project.
√ Brief summary of the project.
SUMMARY:
Finally comes your education and personal details.
√ Trying for onsite, do not forget to mention your passport number.
√ Some guys tend to make there CV large and huge. I think an optimal size should be not more than 4 to 5 pages.
√ Do not mention your salary in CV. You can talk about it during interview with HR or the interviewer.
√ When you are writing your summary for project make it effective by using verbs like managed a team of 5 members, architected the project from start to finish etc. It brings huge weight.
This is essential very essential take 4 to 5 Xerox copies of your resume you will need it now and then.
√ Just in case take at least 2 passport photos with you. You can escape it but many times you will need it.
√ Carry all your current office documents specially your salary slips and joining letter.
Use plain text when you are sending resumes through email.
√ Attach a covering letter it really impresses and makes you look traditionally formal.
Yes, even if you are sending your CV through email send a covering letter.
Check list
Start with an objective or summary, for instance, “Working as a Senior Database administrator for more than 4 years. Implemented quality web based application.
Follow the industry’s best practices and adhered and implemented processes, which enhanced the quality of technical delivery. Pledge to deliver the best technical solutions to the industry.”
√ Specify your Core strengths at the start of the resume by which the interviewer can make a quick decision are you eligible for the position.
This is also a good position to specify your objective or position which makes it clear to the interviewer that should he call you for an interview. For instance, if you are looking for senior position specify it explicitly ‘looking for this job profile’. Any kind of certification like MCP, MCSD etc you can make it visible in this section.
Once you have specified briefly your goals and what you have done its time to specify what type of technology you have worked with. For instance RDBMS, TOOLS, Languages, Web servers, process (Six sigma, CMMI).
√ After that you can make a run through of your experience company wise that is what company you have worked with, year / month joining and year / month left.
This will give an overview to the interviewer what type of companies you have associated your self.
PROJECT DETAILS:
Project Name / Client name
√ Number of team members.
√ Time span of the project.
√ Tools, language, RDBMS and technology used to complete the project.
√ Brief summary of the project.
SUMMARY:
Finally comes your education and personal details.
√ Trying for onsite, do not forget to mention your passport number.
√ Some guys tend to make there CV large and huge. I think an optimal size should be not more than 4 to 5 pages.
√ Do not mention your salary in CV. You can talk about it during interview with HR or the interviewer.
√ When you are writing your summary for project make it effective by using verbs like managed a team of 5 members, architected the project from start to finish etc. It brings huge weight.
This is essential very essential take 4 to 5 Xerox copies of your resume you will need it now and then.
√ Just in case take at least 2 passport photos with you. You can escape it but many times you will need it.
√ Carry all your current office documents specially your salary slips and joining letter.
ADO.NET introduction
ADO.NET introduction
Most applications require some kind of data access. Desktop applications need to integrate with central databases, Extensible Markup Language (XML) data stores, or local desktop databases. ADO.NET data access technology allows simple, powerful data access while maximizing system resource usage.
Different applications have different requirements for data access. Whether your application simply displays the contents of a table or processes and updates data to a central SQL server, ADO.NET provides the tools to implement data access easily and efficiently.
Disconnected Database Access
Previous versions of data access technologies have provided continuously connected data access by default. In such a model, an application creates a connection to a database and keeps it open for the life of the application or at least for the amount of time that data is required. As applications become more complex and databases begin to serve more and more clients, a connected data access technology becomes impractical for a variety of reasons.
For example:
Open database connections are expensive in terms of system resources. The more open connections, the less efficient system performance becomes.
Applications with connected data access are very difficult to scale up. An application that can maintain connections with two clients might do poorly with 10, and might be completely unusable with 100.
ADO.NET addresses these issues by implementing a disconnected database access model by default. In this model, data connections are established and only left open long enough to perform the requisite action. For example, if data is being requested from a database by an application, the connection is opened just long enough to load the data into the application, and then it is closed.
Likewise, if a database is being updated, the connection is opened to execute the UPDATE command, and then closed again. By keeping connections open only for the minimum required time, ADO.NET conserves system resources and allows data access to be scaled up with a minimal impact on performance.
ADO.NET Data Architecture
Data access in ADO.NET relies on two components: the DataSet, which stores data on the local machine, and the Data Provider, which mediates interaction between the program and the database.
The DataSet
The DataSet is a disconnected, in-memory representation of data. It can be thought of as a local copy of the relevant portions of the database. Data can be loaded into a DataSet from any valid data source, such as a Microsoft SQL Server database, a Microsoft Access database, or an XML file.
The DataSet is persisted in memory, and the data therein can be manipulated and updated independent of the database. When appropriate, the DataSet can then act as a template for updating the central database.
The DataSet object contains a collection of zero or more DataTable objects, each of which is an in-memory representation of a single table. The structure of a particular DataTable is defined by the DataColumns collection, which enumerates the columns in a particular table, and the Constraint Collection, which enumerates the constraints on the table.
Together, these two collections make up the schema of the table. A DataTable also contains a DataRows collection, which contains the actual data in the DataSet.
The DataSet contains a DataRelations collection. A DataRelation object allows you to create associations between rows in one table and rows in another table. The DataRelations collection enumerates a set of DataRelation objects that defines these relationships between tables in the DataSet.
For example, consider a DataSet that contains two related tables: a Customers table and an Orders table. In the Customers table, each customer is represented only once and is identified by a CustomerID field that is unique. In the Orders table, the customer who placed the order is identified by the CustomerID field, but can appear more than once if a customer has placed multiple orders. This is an example of a one-to-many relationship, and you would use a DataRelation object to define that relationship.
Additionally, a DataSet contains an ExtendedProperties collection, which is used to store custom information about the DataSet.
The Data Provider
The link to the database is created and maintained by the Data Provider. A Data Provider is not actually a single component, but a set of related components that work together to provide data in an efficient, performance-driven manner. The Microsoft .NET Framework currently ships with two data providers: the SQL Server .NET Data Provider, which is designed specifically to work with Microsoft SQL Server 7.0 or later, and the OleDb .NET Data Provider, which connects with other types of databases. Each Data Provider consists of similar versions of the following generic component classes:
The Connection object provides the connection to the database.
The Command object is used to execute a command against a data source. It can execute either non-query commands, such as INSERT, UPDATE, or DELETE, or return a DataReader with the results of a SELECT command.
The DataReader object provides a forward-only, read-only, connected recordset.
The DataAdapter object populates a disconnected DataSet or DataTable with data and performs updates.
Data access in ADO.NET is facilitated as follows: A Connection object establishes a connection between the application and the database. This connection can be accessed directly by a Command object or by a DataAdapter object.
The Command object provides direct execution of a command to the database. If the command returns more than a single value, the Command object returns a DataReader to provide the data. This data can be directly processed by application logic. Alternatively, you can use the DataAdapter to fill a DataSet object. Updates to the database can be achieved either through the Command object or through the DataAdapter.
The generic classes that make up the Data Providers are summarized in the following sections.
The Connection Object
The Connection object represents the actual connection to the database. Microsoft Visual Studio .NET provides two types of Connection classes: the SqlConnection object, which is designed specifically to connect to Microsoft SQL Server 7.0 or later, and the OleDbConnection object, which can provide connections to a wide range of database types. The Connection object contains all of the information required to open a channel to the database in the ConnectionString property. The Connection object also provides methods that facilitate data transactions.
The Command Object
The Command object is also represented by two corresponding classes: SqlCommand and OleDbCommand. You can use the Command objects to execute commands to a database across a data connection. The Command objects can be used to execute stored procedures on the database, execute SQL commands, or return complete tables directly. Command objects provide three methods that are used to execute commands on the database:
ExecuteNonQuery.
Executes commands that have no return values, such as INSERT, UPDATE, or DELETE.
ExecuteScalar.
Returns a single value from a database query.
ExecuteReader.
Returns a result set by way of a DataReader object.
The DataReader Object
The DataReader object provides a forward-only, read-only, connected stream recordset from a database. Unlike other components of the Data Provider, DataReader objects cannot be directly instantiated. Rather, the DataReader is returned as the result of a Command object's ExecuteReader method.
The SqlCommand.ExecuteReader method returns a SqlDataReader object, and the OleDbCommand.ExecuteReader method returns an OleDbDataReader object. The DataReader can provide rows of data directly to application logic when you do not need to keep the data cached in memory. Because only one row is in memory at a time, the DataReader provides the lowest overhead in terms of system performance, but requires the exclusive use of an open Connection object for the lifetime of the DataReader.
The DataAdapter Object
The DataAdapter is the class at the core of ADO.NET's disconnected data access. It is essentially the middleman, facilitating all communication between the database and a DataSet. The DataAdapter fills a DataTable or DataSet with data from the database when the Fill method is called. After the memory-resident data has been manipulated, the DataAdapter can transmit changes to the database by calling the Update method. The DataAdapter provides four properties that represent database commands:
SelectCommand.
Contains the command text or object that selects the data from the database. This command is executed when the Fill method is called, and fills a DataTable or a DataSet.
InsertCommand.
Contains the command text or object that inserts a row into a table.
DeleteCommand.
Contains the command text or object that deletes a row from a table.
UpdateCommand.
Contains the command text or object that updates the values of a database.
When the Update method is called, changes in the DataSet are copied back to the database, and the appropriate InsertCommand, DeleteCommand, or UpdateCommand is executed.
Most applications require some kind of data access. Desktop applications need to integrate with central databases, Extensible Markup Language (XML) data stores, or local desktop databases. ADO.NET data access technology allows simple, powerful data access while maximizing system resource usage.
Different applications have different requirements for data access. Whether your application simply displays the contents of a table or processes and updates data to a central SQL server, ADO.NET provides the tools to implement data access easily and efficiently.
Disconnected Database Access
Previous versions of data access technologies have provided continuously connected data access by default. In such a model, an application creates a connection to a database and keeps it open for the life of the application or at least for the amount of time that data is required. As applications become more complex and databases begin to serve more and more clients, a connected data access technology becomes impractical for a variety of reasons.
For example:
Open database connections are expensive in terms of system resources. The more open connections, the less efficient system performance becomes.
Applications with connected data access are very difficult to scale up. An application that can maintain connections with two clients might do poorly with 10, and might be completely unusable with 100.
ADO.NET addresses these issues by implementing a disconnected database access model by default. In this model, data connections are established and only left open long enough to perform the requisite action. For example, if data is being requested from a database by an application, the connection is opened just long enough to load the data into the application, and then it is closed.
Likewise, if a database is being updated, the connection is opened to execute the UPDATE command, and then closed again. By keeping connections open only for the minimum required time, ADO.NET conserves system resources and allows data access to be scaled up with a minimal impact on performance.
ADO.NET Data Architecture
Data access in ADO.NET relies on two components: the DataSet, which stores data on the local machine, and the Data Provider, which mediates interaction between the program and the database.
The DataSet
The DataSet is a disconnected, in-memory representation of data. It can be thought of as a local copy of the relevant portions of the database. Data can be loaded into a DataSet from any valid data source, such as a Microsoft SQL Server database, a Microsoft Access database, or an XML file.
The DataSet is persisted in memory, and the data therein can be manipulated and updated independent of the database. When appropriate, the DataSet can then act as a template for updating the central database.
The DataSet object contains a collection of zero or more DataTable objects, each of which is an in-memory representation of a single table. The structure of a particular DataTable is defined by the DataColumns collection, which enumerates the columns in a particular table, and the Constraint Collection, which enumerates the constraints on the table.
Together, these two collections make up the schema of the table. A DataTable also contains a DataRows collection, which contains the actual data in the DataSet.
The DataSet contains a DataRelations collection. A DataRelation object allows you to create associations between rows in one table and rows in another table. The DataRelations collection enumerates a set of DataRelation objects that defines these relationships between tables in the DataSet.
For example, consider a DataSet that contains two related tables: a Customers table and an Orders table. In the Customers table, each customer is represented only once and is identified by a CustomerID field that is unique. In the Orders table, the customer who placed the order is identified by the CustomerID field, but can appear more than once if a customer has placed multiple orders. This is an example of a one-to-many relationship, and you would use a DataRelation object to define that relationship.
Additionally, a DataSet contains an ExtendedProperties collection, which is used to store custom information about the DataSet.
The Data Provider
The link to the database is created and maintained by the Data Provider. A Data Provider is not actually a single component, but a set of related components that work together to provide data in an efficient, performance-driven manner. The Microsoft .NET Framework currently ships with two data providers: the SQL Server .NET Data Provider, which is designed specifically to work with Microsoft SQL Server 7.0 or later, and the OleDb .NET Data Provider, which connects with other types of databases. Each Data Provider consists of similar versions of the following generic component classes:
The Connection object provides the connection to the database.
The Command object is used to execute a command against a data source. It can execute either non-query commands, such as INSERT, UPDATE, or DELETE, or return a DataReader with the results of a SELECT command.
The DataReader object provides a forward-only, read-only, connected recordset.
The DataAdapter object populates a disconnected DataSet or DataTable with data and performs updates.
Data access in ADO.NET is facilitated as follows: A Connection object establishes a connection between the application and the database. This connection can be accessed directly by a Command object or by a DataAdapter object.
The Command object provides direct execution of a command to the database. If the command returns more than a single value, the Command object returns a DataReader to provide the data. This data can be directly processed by application logic. Alternatively, you can use the DataAdapter to fill a DataSet object. Updates to the database can be achieved either through the Command object or through the DataAdapter.
The generic classes that make up the Data Providers are summarized in the following sections.
The Connection Object
The Connection object represents the actual connection to the database. Microsoft Visual Studio .NET provides two types of Connection classes: the SqlConnection object, which is designed specifically to connect to Microsoft SQL Server 7.0 or later, and the OleDbConnection object, which can provide connections to a wide range of database types. The Connection object contains all of the information required to open a channel to the database in the ConnectionString property. The Connection object also provides methods that facilitate data transactions.
The Command Object
The Command object is also represented by two corresponding classes: SqlCommand and OleDbCommand. You can use the Command objects to execute commands to a database across a data connection. The Command objects can be used to execute stored procedures on the database, execute SQL commands, or return complete tables directly. Command objects provide three methods that are used to execute commands on the database:
ExecuteNonQuery.
Executes commands that have no return values, such as INSERT, UPDATE, or DELETE.
ExecuteScalar.
Returns a single value from a database query.
ExecuteReader.
Returns a result set by way of a DataReader object.
The DataReader Object
The DataReader object provides a forward-only, read-only, connected stream recordset from a database. Unlike other components of the Data Provider, DataReader objects cannot be directly instantiated. Rather, the DataReader is returned as the result of a Command object's ExecuteReader method.
The SqlCommand.ExecuteReader method returns a SqlDataReader object, and the OleDbCommand.ExecuteReader method returns an OleDbDataReader object. The DataReader can provide rows of data directly to application logic when you do not need to keep the data cached in memory. Because only one row is in memory at a time, the DataReader provides the lowest overhead in terms of system performance, but requires the exclusive use of an open Connection object for the lifetime of the DataReader.
The DataAdapter Object
The DataAdapter is the class at the core of ADO.NET's disconnected data access. It is essentially the middleman, facilitating all communication between the database and a DataSet. The DataAdapter fills a DataTable or DataSet with data from the database when the Fill method is called. After the memory-resident data has been manipulated, the DataAdapter can transmit changes to the database by calling the Update method. The DataAdapter provides four properties that represent database commands:
SelectCommand.
Contains the command text or object that selects the data from the database. This command is executed when the Fill method is called, and fills a DataTable or a DataSet.
InsertCommand.
Contains the command text or object that inserts a row into a table.
DeleteCommand.
Contains the command text or object that deletes a row from a table.
UpdateCommand.
Contains the command text or object that updates the values of a database.
When the Update method is called, changes in the DataSet are copied back to the database, and the appropriate InsertCommand, DeleteCommand, or UpdateCommand is executed.
Filtering Data
Binding, Viewing, and Filtering Data
Viewing data is a vital part of many applications. Data binding allows you to associate records in a data source with controls on a form, allowing them to be browsed and updated. In this lesson, you will learn how to use ADO.NET to bind data to controls in your application and how to manage currency of records in your application.
Data binding refers to a relationship between a data provider and a data consumer. A data provider is a source for data and is linked to a data consumer, which receives data and processes or displays it.
A traditional example of data binding is the relationship between a data-bound control such as a TextBox and a data source. The control displays the value of the column in the data source to which it is bound at the current row. As the current row changes, the value displayed by the control changes.
Data Providers
In the .NET Framework, any object that implements the IList interface can be a data provider. This not only includes ADO.NET objects, such as DataSets, DataTables, and DataColumns, but also more mundane objects such as arrays or collections. DataViews, which are discussed later in this lesson, are a customizable view of data that can also act as a data provider.
Data providers also manage currency of data. In previous data access technologies, a cursor was used to manage data currency. As the cursor moved, the current record changed and bound controls were updated. Because data access in ADO.NET is fundamentally disconnected, there is no concept of a database cursor. Rather, each data source has an associated CurrencyManager object that keeps track of the current record. CurrencyManager objects are managed through a form's BindingContext object. Data currency is discussed in detail later in this lesson.
Data Consumers
The data consumer represents the control with bound properties. In the .NET Framework, you can bind any run-time accessible property of any control to a data source. For example, you could bind the Size property of a control to a database record, or the location, or any other run-time accessible property of the control.
Data binding has a wide variety of uses. A typical scenario that involves data binding is a data entry form. Several controls, such as TextBox, CheckBox, ListBox, and so on are bound to relevant columns of a DataSet. New records are manually entered by typing values for each column into the appropriate controls displayed on the form. When a record is complete, it is added to the DataSet, which can then be used to update the database.
There are two types of data binding: simple binding and complex binding. A simple-bound control binds one record at a time to a control. For example, a Label control can be simply bound to a column in a DataTable. In such a case, it would display the member of that column for the current record.
Complex binding, on the other hand, allows multiple records to be bound to a single control. Controls such as ListBox or ComboBox can be complex bound to a single column in a DataTable or DataView. At run time, these controls would display all members of that column rather than only the current row. Complex-bound controls are usually involved in displaying choices and allowing specific rows of data to be chosen. Controls such as the DataGrid are capable of even more complex binding and can be bound to all column and rows of a particular DataTable or DataView, or even to a DataSet.
Creating a Simple-Bound Control
You can create a simple-bound control through the DataBindings property. The DataBindings property is an instance of the ControlBindingsCollection class that keeps track of and organizes which controls are bound to what data sources. At design time, the DataBindings property is displayed as a node in the Properties window. This node expands to list the properties that are most commonly data bound.
Data Binding at Run Time
You might want to change the data source that a control is bound to at run time. Or, you might not know at design time what data source a particular control might be bound to. In a third scenario, you might want to bind your control to an array or collection that is not instantiated until run time, in which case, you must set the binding in code.
Data binding for a control is managed through the control's DataBindings property, which is an instance of a ControlBindingsCollection object. At run time, you can add, remove, or clear data binding information by setting the appropriate member of the DataBindings collection.
You can bind a property to a data source by using the DataBindings.Add method. This creates a new binding association and adds it to the DataBindings collection. The Add method takes three parameters: the property name you want to bind, as a String; the data source you want to bind to, as an object; and the data member of the data source you want to bind the property to.
The CurrencyManager
The CurrencyManager object keeps track of the current record for a particular data source. There can be multiple data sources in an application at one time, and each data source maintains its own CurrencyManager. Because there can be multiple data sources represented on a single form at any given time, each form manages the CurrencyManager objects associated with those data sources through a central object called the BindingContext.
The BindingContext organizes and exposes the CurrencyManager objects associated with each data source. Thus, you can use the BindingContext property of each form to manage the position of the current record for each data source. You access a particular currency manager by supplying the BindingContext property with the data source object whose CurrencyManager you want to retrieve.
To navigate bound data in a Windows Form
Set the Position property for the appropriate BindingContext member.
Because the .NET Framework will not allow you to set the Position property to a value less than zero or greater than the upper bound of the collection, there is no possibility of an error occurring if you attempt to move before or after the end of the records.
You might, however, want to incorporate program logic to provide visual cues to users to let them know when the end or beginning of a group of records is reached. The following example demonstrates how to use the PositionChanged event of the CurrencyManager to disable back and forward buttons when the end of the record list is reached.
Viewing data is a vital part of many applications. Data binding allows you to associate records in a data source with controls on a form, allowing them to be browsed and updated. In this lesson, you will learn how to use ADO.NET to bind data to controls in your application and how to manage currency of records in your application.
Data binding refers to a relationship between a data provider and a data consumer. A data provider is a source for data and is linked to a data consumer, which receives data and processes or displays it.
A traditional example of data binding is the relationship between a data-bound control such as a TextBox and a data source. The control displays the value of the column in the data source to which it is bound at the current row. As the current row changes, the value displayed by the control changes.
Data Providers
In the .NET Framework, any object that implements the IList interface can be a data provider. This not only includes ADO.NET objects, such as DataSets, DataTables, and DataColumns, but also more mundane objects such as arrays or collections. DataViews, which are discussed later in this lesson, are a customizable view of data that can also act as a data provider.
Data providers also manage currency of data. In previous data access technologies, a cursor was used to manage data currency. As the cursor moved, the current record changed and bound controls were updated. Because data access in ADO.NET is fundamentally disconnected, there is no concept of a database cursor. Rather, each data source has an associated CurrencyManager object that keeps track of the current record. CurrencyManager objects are managed through a form's BindingContext object. Data currency is discussed in detail later in this lesson.
Data Consumers
The data consumer represents the control with bound properties. In the .NET Framework, you can bind any run-time accessible property of any control to a data source. For example, you could bind the Size property of a control to a database record, or the location, or any other run-time accessible property of the control.
Data binding has a wide variety of uses. A typical scenario that involves data binding is a data entry form. Several controls, such as TextBox, CheckBox, ListBox, and so on are bound to relevant columns of a DataSet. New records are manually entered by typing values for each column into the appropriate controls displayed on the form. When a record is complete, it is added to the DataSet, which can then be used to update the database.
There are two types of data binding: simple binding and complex binding. A simple-bound control binds one record at a time to a control. For example, a Label control can be simply bound to a column in a DataTable. In such a case, it would display the member of that column for the current record.
Complex binding, on the other hand, allows multiple records to be bound to a single control. Controls such as ListBox or ComboBox can be complex bound to a single column in a DataTable or DataView. At run time, these controls would display all members of that column rather than only the current row. Complex-bound controls are usually involved in displaying choices and allowing specific rows of data to be chosen. Controls such as the DataGrid are capable of even more complex binding and can be bound to all column and rows of a particular DataTable or DataView, or even to a DataSet.
Creating a Simple-Bound Control
You can create a simple-bound control through the DataBindings property. The DataBindings property is an instance of the ControlBindingsCollection class that keeps track of and organizes which controls are bound to what data sources. At design time, the DataBindings property is displayed as a node in the Properties window. This node expands to list the properties that are most commonly data bound.
Data Binding at Run Time
You might want to change the data source that a control is bound to at run time. Or, you might not know at design time what data source a particular control might be bound to. In a third scenario, you might want to bind your control to an array or collection that is not instantiated until run time, in which case, you must set the binding in code.
Data binding for a control is managed through the control's DataBindings property, which is an instance of a ControlBindingsCollection object. At run time, you can add, remove, or clear data binding information by setting the appropriate member of the DataBindings collection.
You can bind a property to a data source by using the DataBindings.Add method. This creates a new binding association and adds it to the DataBindings collection. The Add method takes three parameters: the property name you want to bind, as a String; the data source you want to bind to, as an object; and the data member of the data source you want to bind the property to.
The CurrencyManager
The CurrencyManager object keeps track of the current record for a particular data source. There can be multiple data sources in an application at one time, and each data source maintains its own CurrencyManager. Because there can be multiple data sources represented on a single form at any given time, each form manages the CurrencyManager objects associated with those data sources through a central object called the BindingContext.
The BindingContext organizes and exposes the CurrencyManager objects associated with each data source. Thus, you can use the BindingContext property of each form to manage the position of the current record for each data source. You access a particular currency manager by supplying the BindingContext property with the data source object whose CurrencyManager you want to retrieve.
To navigate bound data in a Windows Form
Set the Position property for the appropriate BindingContext member.
Because the .NET Framework will not allow you to set the Position property to a value less than zero or greater than the upper bound of the collection, there is no possibility of an error occurring if you attempt to move before or after the end of the records.
You might, however, want to incorporate program logic to provide visual cues to users to let them know when the end or beginning of a group of records is reached. The following example demonstrates how to use the PositionChanged event of the CurrencyManager to disable back and forward buttons when the end of the record list is reached.
ADO.NET Object Model
ADO.NET Object Model
The .NET Framework is designed to change dramatically the developer's current style of developing applications, including the data access features. For the .NET applications, the primary data access technology to be used would be ADO.NET — the latest addition to the ADO model.
The ADO.NET Object Model is primarily divided into two levels:
Connected Layer: Consists of the classes that comprise the Managed Providers
Disconnected Layer: Is rooted in the DataSet
Managed Providers
Managed Providers are a collection of classes in the .NET Framework that provide a foundation for the ADO.NET programming model. The .NET Framework allows you to write language-neutral components, which can be called from any language, such as C++ or Visual Basic. In the .NET Framework, the OLE DB and ADO layers are merged into one layer. This results in high performance, and at the same time allows components to be called from any language. The Managed Data Providers include classes that can be used for the following:
Accessing data from SQL Server 7.0 and later
Accessing the other OLE DB providers
The Managed Provider for ADO.NET is the System.Data.OleDb namespace, which allows you to access OLE DB data sources. This namespace includes classes that are used to connect to OLE DB data sources and execute database queries to access and manipulate data.
To demonstrate how to open a connection to a SQL Server database and fill the DataSet with a database query result, consider the following code:
Dim connection As New
SqlConnection("server=localserver;uid=sa;pwd=;database=Sales")
Dim command As New SqlDataAdapter("SELECT * FROM Products Where
ProductID=@ID", connection)
Dim param1 As New SqlParameter("@ID", SqlDbType.Int)
param1.Value = 1
command.SelectCommand.Parameters.Add(param1)
Dim dataset As New DataSet()
command.Fill(dataset, "Products")
In this code:
connection is a SqlConnection class object that represents a connection to the SQL Server database.
command is a SqlDataAdapter class object that represents a set of data commands and a database connection.
param1 is a SqlParameter class object that represents the parameter to
be passed in the T-SQL command.
dataset is a DataSet class object that represents the DataSet that is
filled by the query results.
DataSet class
The DataSet comprises the Disconnected Layer of ADO.NET. The DataSet consists of a local buffer of tables and relations. the DataSet object model consists of Tables, Columns, Relations, Constraints, and Rows. A DataSet contains a collection of DataTables (the Tables collection). A DataTable represents one table of inmemory data. A DataTable consists of the following:
Unlike RecordSets, which are equivalent to tables in ADO, DataSets keep track of the relationships between tables if any. The DataSet is designed with a rich programming model. Th e following code creates a new DataTable with the name ProductInfo:
Dim dset As DataSet = New DataSet("ProductInfo")
Later, you can add columns to the DataTable. The columns are added to the DataTable by using the Add method on the Columns collection, and the column is assigned a name and a datatype. Finally, data is added to the table by calling the NewRow method on the DataTable and storing the column values in each DataRow.
The .NET Framework is designed to change dramatically the developer's current style of developing applications, including the data access features. For the .NET applications, the primary data access technology to be used would be ADO.NET — the latest addition to the ADO model.
The ADO.NET Object Model is primarily divided into two levels:
Connected Layer: Consists of the classes that comprise the Managed Providers
Disconnected Layer: Is rooted in the DataSet
Managed Providers
Managed Providers are a collection of classes in the .NET Framework that provide a foundation for the ADO.NET programming model. The .NET Framework allows you to write language-neutral components, which can be called from any language, such as C++ or Visual Basic. In the .NET Framework, the OLE DB and ADO layers are merged into one layer. This results in high performance, and at the same time allows components to be called from any language. The Managed Data Providers include classes that can be used for the following:
Accessing data from SQL Server 7.0 and later
Accessing the other OLE DB providers
The Managed Provider for ADO.NET is the System.Data.OleDb namespace, which allows you to access OLE DB data sources. This namespace includes classes that are used to connect to OLE DB data sources and execute database queries to access and manipulate data.
To demonstrate how to open a connection to a SQL Server database and fill the DataSet with a database query result, consider the following code:
Dim connection As New
SqlConnection("server=localserver;uid=sa;pwd=;database=Sales")
Dim command As New SqlDataAdapter("SELECT * FROM Products Where
ProductID=@ID", connection)
Dim param1 As New SqlParameter("@ID", SqlDbType.Int)
param1.Value = 1
command.SelectCommand.Parameters.Add(param1)
Dim dataset As New DataSet()
command.Fill(dataset, "Products")
In this code:
connection is a SqlConnection class object that represents a connection to the SQL Server database.
command is a SqlDataAdapter class object that represents a set of data commands and a database connection.
param1 is a SqlParameter class object that represents the parameter to
be passed in the T-SQL command.
dataset is a DataSet class object that represents the DataSet that is
filled by the query results.
DataSet class
The DataSet comprises the Disconnected Layer of ADO.NET. The DataSet consists of a local buffer of tables and relations. the DataSet object model consists of Tables, Columns, Relations, Constraints, and Rows. A DataSet contains a collection of DataTables (the Tables collection). A DataTable represents one table of inmemory data. A DataTable consists of the following:
Unlike RecordSets, which are equivalent to tables in ADO, DataSets keep track of the relationships between tables if any. The DataSet is designed with a rich programming model. Th e following code creates a new DataTable with the name ProductInfo:
Dim dset As DataSet = New DataSet("ProductInfo")
Later, you can add columns to the DataTable. The columns are added to the DataTable by using the Add method on the Columns collection, and the column is assigned a name and a datatype. Finally, data is added to the table by calling the NewRow method on the DataTable and storing the column values in each DataRow.
ADO.NET introduction
Introduction to ADO.NET
As more and more companies are coming up with n-tier client/server and Web-based database solutions, Microsoft with its Universal Data Access (UDA) model, offers highperformance access to diverse data and information sources on multiple platforms. Also, UDA provides an easy-to-use programming interface that works with practically any cool or language, leveraging the technical skills developers already have.
The Microsoft UDA model is a collection of Data Access Components, which are the key technologies that enable Universal Data Access. The Data Access Components include ActiveX Data Objects (ADO), Remote Data Service (RDS), formerly known as Advanced Data Connector (ADC), Object Linking and Embedding Database (OLE DB), and Open Database Connectivity (ODBC).
Microsoft is targeting many more such Data Access components that offer easy-tomaintain
solutions to organizations. Such solutions are aimed at allowing organizations use their own choice of tools, applications, and data sources on the client, middle tier, or server. One of the emerging components within the UDAs collection is ADO.NET.
Microsoft ADO.NET is the latest improvement after ADO. ADO.NET provides platform interoperability and scalable data access. In the .NET Framework, data is transmitted in the Extensible Markup Language (XML) format. Therefore, any application that can read the XML format can process data. It is not necessary for the receiving component to be an ADO.NET component at all. The receiving component might be a Microsoft Visual Studio–based solution or any application running on any other platform.
Although ADO.NET preserves some of the primary concepts from previous ADO models, it has been chiefly stretched to provide access to structured data from diverse sources. ADO.NET provides access to diverse data sources by using a consistent and standardized programming model. ADO.NET is upgraded to offer several advantages over previous versions of ADO and over other data access components. ADO.NET builds the foundation of data-aware .NET applications. ADO.NET brings together all the classes that allow data handling. Such classes represent data container objects that feature typical database capabilities — indexing, sorting, and views. While ADO.NET offers a solution for .NET database applications, it presents an overall structure that is not as database-centric as the ADO model.
The ADO model uses the concept of recordsets, which are the ADO representation of tables and views from a database. Although these recordsets are very flexible to use and allow access to data even when disconnected from data sources, they suffer from a major drawback. In the case of distributed and Web applications, data needs to be exchanged among different components at different tiers, which might be running on variety of platforms. Of course, the format of the data being exchanged should be understood by all components. This transmission of data requires the conversion of data types of values to some data types that are recognized by the receiving components.
This conversion is called COM marshalling. Thus, the interoperability is limited when using ADO recordsets. So, the concept of ADO recordsets fails when we look at the Internet interoperability.
Like ADO, ADO.NET also allows you to access data when disconnected from actual data sources.
However, unlike ADO, ADO.NET uses XML as the data format. Because XML is a universal data format being used, ADO.NET expands the boundaries of interoperability to the Internet. In addition, instead of recordsets, ADO.NET uses the DataSet and DataReader objects to access and manipulate data. You'll learn about these objects later in the chapter. Thus, ADO.NET is designed to perform better and be more flexible than ADO. However, to support ADO objects, the corresponding equivalents exist in ADO.NET.
Data container objects are the objects that contain data to be transmitted to the receiving components. To take full advantage of ADO.NET, you should put some effort into understanding the concept itself, rather than simply figuring out the fastest way to port your code. Whatever
.NET programming model you might choose — Windows Forms, Web Forms, or Web Services — ADO.NET will be there to help you with data access issues.
Interoperability
The ADO.NET model is designed to take maximum advantage of the flexibility provided by the large industry acceptance of XML. ADO.NET uses XML for transmitting datasets among components and across tiers. Any component that is capable of reading the XML format can process the data. It is not necessary for the receiving component to be an ADO.NET component. The component that is sending or transmitting the dataset can simply transmit the dataset to its destination without bothering with how the receiving component is implemented. The component asking for the dataset, the destination component, can be implemented as a Visual Studio application or any other application.
However, the important point to be considered is that the receiving component should be capable of accepting the XML file formatted as a dataset.
Maintainability
After an application is deployed, there might be a need for changes in the application. For example, the application might need substantial architectural changes to improve its performance. As the performance load on a deployed application server grows, system resources can become inadequate, resulting in higher response times. As a solution to these problems, the application might need to undergo architectural changes by adding tiers. Here, the problem is not the multitier application design, but rather the problem lies in increasing the number of tiers after an application is deployed. This transformation becomes easier if the original application is implemented in ADO.NET using datasets.
In ADO.NET, the communication between tiers is relatively easy, because the tiers can
transmit data through XML-formatted datasets.
Programmability
The ADO.NET model uses typed programming to manipulate objects. In typed programming, the programming environment or programming language itself recognizes the types of things that are important to users. To take full advantage of typed programming, you must know the things that are of interest to programmers and to end users. Consider the following code using typed programming in ADO.NET:
If TotalQty > DataSet1.ProductInfo("Baby Food").QtyAvailable
his code is equivalent to a line using non-typed programming and is easier to read by end users. An end user who has little or no programming experience can easily grasp the meaning of the condition being tested. Also, in non-typed programming, if the developer makes a spelling mistake by chance (for example, ProductInfo is spelled as ProdcutInfo), a run-time error will get generated. On the other hand, in typed datasets,errors in the syntax caused by misspellings are detected at compile time rather than at run time.
Performance
In ADO, while transmitting data across tiers using COM marshalling in the form of disconnected RecordSets, the values must be converted to data types that are recognized by COM. This results in poor performance. On the other hand, ADO.NET is designed to use disconnected data architecture, which in turn is easier to scale because it reduces the load on database (does not require any data type conversions). Thus, in the ADO.NET model, everything is handled at the client side, which in turn improves performance.
Scalability
The Web-based, data-centric applications require multiple users to access data simultaneously. This increases the demand on data to be accessed, making scalability one of the most critical features. Applications that use resources, such as database connections and database locks, cannot support more users to access data simultaneously, because eventually the user demand for the limited resources will exceed their supply. Because ADO.NET uses disconnected data access, applications do not retain database locks or active database connections for long durations. Hence, ADO.NET accommodates scalability by encouraging programmers to conserve limited resources, and allows more users to access data simultaneously.
As more and more companies are coming up with n-tier client/server and Web-based database solutions, Microsoft with its Universal Data Access (UDA) model, offers highperformance access to diverse data and information sources on multiple platforms. Also, UDA provides an easy-to-use programming interface that works with practically any cool or language, leveraging the technical skills developers already have.
The Microsoft UDA model is a collection of Data Access Components, which are the key technologies that enable Universal Data Access. The Data Access Components include ActiveX Data Objects (ADO), Remote Data Service (RDS), formerly known as Advanced Data Connector (ADC), Object Linking and Embedding Database (OLE DB), and Open Database Connectivity (ODBC).
Microsoft is targeting many more such Data Access components that offer easy-tomaintain
solutions to organizations. Such solutions are aimed at allowing organizations use their own choice of tools, applications, and data sources on the client, middle tier, or server. One of the emerging components within the UDAs collection is ADO.NET.
Microsoft ADO.NET is the latest improvement after ADO. ADO.NET provides platform interoperability and scalable data access. In the .NET Framework, data is transmitted in the Extensible Markup Language (XML) format. Therefore, any application that can read the XML format can process data. It is not necessary for the receiving component to be an ADO.NET component at all. The receiving component might be a Microsoft Visual Studio–based solution or any application running on any other platform.
Although ADO.NET preserves some of the primary concepts from previous ADO models, it has been chiefly stretched to provide access to structured data from diverse sources. ADO.NET provides access to diverse data sources by using a consistent and standardized programming model. ADO.NET is upgraded to offer several advantages over previous versions of ADO and over other data access components. ADO.NET builds the foundation of data-aware .NET applications. ADO.NET brings together all the classes that allow data handling. Such classes represent data container objects that feature typical database capabilities — indexing, sorting, and views. While ADO.NET offers a solution for .NET database applications, it presents an overall structure that is not as database-centric as the ADO model.
The ADO model uses the concept of recordsets, which are the ADO representation of tables and views from a database. Although these recordsets are very flexible to use and allow access to data even when disconnected from data sources, they suffer from a major drawback. In the case of distributed and Web applications, data needs to be exchanged among different components at different tiers, which might be running on variety of platforms. Of course, the format of the data being exchanged should be understood by all components. This transmission of data requires the conversion of data types of values to some data types that are recognized by the receiving components.
This conversion is called COM marshalling. Thus, the interoperability is limited when using ADO recordsets. So, the concept of ADO recordsets fails when we look at the Internet interoperability.
Like ADO, ADO.NET also allows you to access data when disconnected from actual data sources.
However, unlike ADO, ADO.NET uses XML as the data format. Because XML is a universal data format being used, ADO.NET expands the boundaries of interoperability to the Internet. In addition, instead of recordsets, ADO.NET uses the DataSet and DataReader objects to access and manipulate data. You'll learn about these objects later in the chapter. Thus, ADO.NET is designed to perform better and be more flexible than ADO. However, to support ADO objects, the corresponding equivalents exist in ADO.NET.
Data container objects are the objects that contain data to be transmitted to the receiving components. To take full advantage of ADO.NET, you should put some effort into understanding the concept itself, rather than simply figuring out the fastest way to port your code. Whatever
.NET programming model you might choose — Windows Forms, Web Forms, or Web Services — ADO.NET will be there to help you with data access issues.
Interoperability
The ADO.NET model is designed to take maximum advantage of the flexibility provided by the large industry acceptance of XML. ADO.NET uses XML for transmitting datasets among components and across tiers. Any component that is capable of reading the XML format can process the data. It is not necessary for the receiving component to be an ADO.NET component. The component that is sending or transmitting the dataset can simply transmit the dataset to its destination without bothering with how the receiving component is implemented. The component asking for the dataset, the destination component, can be implemented as a Visual Studio application or any other application.
However, the important point to be considered is that the receiving component should be capable of accepting the XML file formatted as a dataset.
Maintainability
After an application is deployed, there might be a need for changes in the application. For example, the application might need substantial architectural changes to improve its performance. As the performance load on a deployed application server grows, system resources can become inadequate, resulting in higher response times. As a solution to these problems, the application might need to undergo architectural changes by adding tiers. Here, the problem is not the multitier application design, but rather the problem lies in increasing the number of tiers after an application is deployed. This transformation becomes easier if the original application is implemented in ADO.NET using datasets.
In ADO.NET, the communication between tiers is relatively easy, because the tiers can
transmit data through XML-formatted datasets.
Programmability
The ADO.NET model uses typed programming to manipulate objects. In typed programming, the programming environment or programming language itself recognizes the types of things that are important to users. To take full advantage of typed programming, you must know the things that are of interest to programmers and to end users. Consider the following code using typed programming in ADO.NET:
If TotalQty > DataSet1.ProductInfo("Baby Food").QtyAvailable
his code is equivalent to a line using non-typed programming and is easier to read by end users. An end user who has little or no programming experience can easily grasp the meaning of the condition being tested. Also, in non-typed programming, if the developer makes a spelling mistake by chance (for example, ProductInfo is spelled as ProdcutInfo), a run-time error will get generated. On the other hand, in typed datasets,errors in the syntax caused by misspellings are detected at compile time rather than at run time.
Performance
In ADO, while transmitting data across tiers using COM marshalling in the form of disconnected RecordSets, the values must be converted to data types that are recognized by COM. This results in poor performance. On the other hand, ADO.NET is designed to use disconnected data architecture, which in turn is easier to scale because it reduces the load on database (does not require any data type conversions). Thus, in the ADO.NET model, everything is handled at the client side, which in turn improves performance.
Scalability
The Web-based, data-centric applications require multiple users to access data simultaneously. This increases the demand on data to be accessed, making scalability one of the most critical features. Applications that use resources, such as database connections and database locks, cannot support more users to access data simultaneously, because eventually the user demand for the limited resources will exceed their supply. Because ADO.NET uses disconnected data access, applications do not retain database locks or active database connections for long durations. Hence, ADO.NET accommodates scalability by encouraging programmers to conserve limited resources, and allows more users to access data simultaneously.
EVENTS IN DOT NET
Delegates and Events
Events are messages that indicate an interesting occurrence in another part of the application. When an event is raised, other parts of your application are given the opportunity to respond to that event by executing methods called event handlers.
Events are members of your class. An event represents a message that is sent to other parts of the application. When something noteworthy in the application occurs, your application can raise the event, which sends out the message. The event can wrap any arguments that contain information about the event and send them along with the event. Other parts of the application can handle the event, which means that a method is executed in response to the event.
Any method that handles an event must have the same signature as the event itself; that is, it must take the same kinds of arguments as the event passes. An event can be handled by more than one method, and a single method can handle more than one event.
Delegates
Central to the way in which events work are special classes called delegates. A delegate is essentially a type-safe function pointer. It allows you to pass a reference to the entry point for a method and invoke that method without making an explicit method call. When you declare a delegate, you specify the signature of the method that it can call and the return type.
In Visual C#, if you are creating a delegate to an instance method, you must initialize the delegate within a method. Delegates to static methods can be initialized outside a method.
Once declared and assigned, you can use the delegate to invoke the method in the same manner in which you would make a function call.
To create and invoke a delegate
Declare the delegate and provide a signature identical to the signature of the method(s) you want to invoke with this delegate.
Create an instance of the delegate that points to a method that has the appropriate signature.
Invoke the delegate by referencing its name.
Declaring and Raising Events
Declaring events is directly tied to delegates. In Visual C#, you must explicitly designate the delegate type that your event will use. Visual Basic .NET provides much of this functionality for you behind the scenes: you only need to supply the name of the event and the signature of the method it requires. A default delegate matching this signature is created.
To declare an event with Visual Basic .NET
Use the Event keyword to declare an event. Supply a signature that represents the signature of the type of method that you would like to handle the event. You can use any access modifiers, such as Public, Private, or Protected.
Implementing Event Handlers
Once an event is declared, it must be associated with one or more event handlers before it can be raised. An event handler is a method that is called through a delegate when an event is raised, and you must create associations between events and event handlers to achieve your desired results. If you attempt to raise an event in Visual Basic .NET that does not have any event handlers associated with it, nothing will happen. If you raise an event that has no event handlers in Visual C#, an error will result.
Like other members, there are instance events and Shared (static) events. Creating an event handler for an instance event requires that an association be made between a method and an object's event. The object must be declared in order for the event handler association to be created. Shared (static) events, however, belong to the class itself rather than any one instance of a class. To create an event handler for these events, you do not need to declare an instance of the class beforehand.
Event Handlers in Visual Basic .NET
In Visual Basic .NET, event handlers must be Subs and cannot return a value. You can associate a Sub with a given event by using the AddHandler keyword. AddHandler allows you to specify an event and designate a pointer to the method with which that event will be associated. The pointer is created using the AddressOf operator.
The AddHandler keyword cannot be used declaratively; it must be used inside a method. Thus, the association between the event and the event handler does not exist before the application's execution; it is added at run time. For event handler associations that exist for the lifetime of the object, the AddHandler keyword should be placed in the class's constructor.
Visual Basic .NET also allows you to create event handler associations at design time using the Handles clause. To use the Handles clause, the object must be declared with the WithEvents keyword. The WithEvents keyword informs the containing object that it will be receiving events from the contained object.
Event Handlers in Visual C#
Unlike in Visual Basic .NET, event handlers in Visual C# can return a value, and that value can be assigned to a variable in the same manner as a function call. You associate a method with a given method by creating a new instance of the appropriate delegate, which specifies the appropriate method and uses the += operator to make the association. You can also use the += operator to associate an event with an instance of a delegate that already exists.
Default delegates are provided for the events of the controls and classes of the .NET Framework base class library. If you want to manually add an event handler for one of these events, you do not need to declare a new delegate. Rather, you can create a new instance of the predefined default delegate. For example, the delegate class that is used for events for most of the controls in the System.Windows.Forms namespace is System.EventHandler.
To handle an event in Visual Basic .NET
Use the AddHandler keyword to create an association between an event and a method to handle that event. The AddressOf operator allows you to receive a pointer to the appropriate method. Event handlers must have the same signature as the event being handled.
Alternatively, you can use the Handles keyword to associate a method with an event at design time. The method must be a member method of an object that was declared with the WithEvents keyword.
To handle an event in Visual C#
Create an instance of the appropriate delegate for the event that specified the method that will handle the event, and use the += operator to associate the event with the delegate.
Event Handlers That Handle Multiple Events
You can create event handlers that handle multiple events. A common instance of when you might want to do this is when you have more than one instance of a class or control that raises the same events. For example, you might have a group of buttons on a form that share a similar role in the application. You might create a single method to handle the Click event for all of these buttons and distinguish between them by using the sender parameter.
Associating multiple events with a single handler is simple. You use the AddHandler or += operator in exactly the same way in which you would add a single event handler.
Events with Multiple Handlers
An event can be handled by more than one event handler. When an event is handled by more than one handler, all of the methods handling that event are executed. The order in which the methods execute is the same as the order in which the association was created. Thus, if event x is associated in code with handlers y, z, and q (in that order), when the event is raised, the order of handler execution will be y, z, and q. In Visual C#, if you are returning a value with your event, it will return the value of the last method executed.
To associate an event with multiple handlers, all you have to do is create an association between the event and each handler. In Visual Basic .NET, you can use the Handles clause to declaratively associate several methods with an event. If this method is used, the order of method execution is less predictable and should be tested if it has an effect on the dynamics of the application.
Removing Handlers at Run Time
You have already learned how to add event handlers dynamically. The AddHandler keyword in Visual Basic .NET and the += operator in Visual C# can be used to dynamically create associations between events and methods. You can also remove event handler associations at run time. For example, suppose you had a class that modeled a bank account that raised a NotSufficientFunds event every time the account's owner tried to submit a check for an amount greater than the account balance.
You might associate this event with two methods: a ChargeAccount method, which assesses a fee for writing a Not Sufficient Funds (NSF) check, and a Notify method, which notifies the owner of the account that his account is overdrawn. You would call the ChargeAccount method every time an NSF check was passed, but it would be redundant to call the Notify method more than once until the account balance became positive. In this case, you could remove the event handler for the Notify method, and reinsert it when the account balance returned to the positive side.
The method by which you remove an event handler is very similar to the method by which you add one. In Visual Basic. NET, you use the RemoveHandler method to disassociate an event from a delegate obtained with the AddressOf operator. In Visual C#, you use the -= operator to dynamically remove an association between an event and a method. This operator requires a reference to a delegate of the appropriate signature, and it must reference the method to be removed.
Events are messages that indicate an interesting occurrence in another part of the application. When an event is raised, other parts of your application are given the opportunity to respond to that event by executing methods called event handlers.
Events are members of your class. An event represents a message that is sent to other parts of the application. When something noteworthy in the application occurs, your application can raise the event, which sends out the message. The event can wrap any arguments that contain information about the event and send them along with the event. Other parts of the application can handle the event, which means that a method is executed in response to the event.
Any method that handles an event must have the same signature as the event itself; that is, it must take the same kinds of arguments as the event passes. An event can be handled by more than one method, and a single method can handle more than one event.
Delegates
Central to the way in which events work are special classes called delegates. A delegate is essentially a type-safe function pointer. It allows you to pass a reference to the entry point for a method and invoke that method without making an explicit method call. When you declare a delegate, you specify the signature of the method that it can call and the return type.
In Visual C#, if you are creating a delegate to an instance method, you must initialize the delegate within a method. Delegates to static methods can be initialized outside a method.
Once declared and assigned, you can use the delegate to invoke the method in the same manner in which you would make a function call.
To create and invoke a delegate
Declare the delegate and provide a signature identical to the signature of the method(s) you want to invoke with this delegate.
Create an instance of the delegate that points to a method that has the appropriate signature.
Invoke the delegate by referencing its name.
Declaring and Raising Events
Declaring events is directly tied to delegates. In Visual C#, you must explicitly designate the delegate type that your event will use. Visual Basic .NET provides much of this functionality for you behind the scenes: you only need to supply the name of the event and the signature of the method it requires. A default delegate matching this signature is created.
To declare an event with Visual Basic .NET
Use the Event keyword to declare an event. Supply a signature that represents the signature of the type of method that you would like to handle the event. You can use any access modifiers, such as Public, Private, or Protected.
Implementing Event Handlers
Once an event is declared, it must be associated with one or more event handlers before it can be raised. An event handler is a method that is called through a delegate when an event is raised, and you must create associations between events and event handlers to achieve your desired results. If you attempt to raise an event in Visual Basic .NET that does not have any event handlers associated with it, nothing will happen. If you raise an event that has no event handlers in Visual C#, an error will result.
Like other members, there are instance events and Shared (static) events. Creating an event handler for an instance event requires that an association be made between a method and an object's event. The object must be declared in order for the event handler association to be created. Shared (static) events, however, belong to the class itself rather than any one instance of a class. To create an event handler for these events, you do not need to declare an instance of the class beforehand.
Event Handlers in Visual Basic .NET
In Visual Basic .NET, event handlers must be Subs and cannot return a value. You can associate a Sub with a given event by using the AddHandler keyword. AddHandler allows you to specify an event and designate a pointer to the method with which that event will be associated. The pointer is created using the AddressOf operator.
The AddHandler keyword cannot be used declaratively; it must be used inside a method. Thus, the association between the event and the event handler does not exist before the application's execution; it is added at run time. For event handler associations that exist for the lifetime of the object, the AddHandler keyword should be placed in the class's constructor.
Visual Basic .NET also allows you to create event handler associations at design time using the Handles clause. To use the Handles clause, the object must be declared with the WithEvents keyword. The WithEvents keyword informs the containing object that it will be receiving events from the contained object.
Event Handlers in Visual C#
Unlike in Visual Basic .NET, event handlers in Visual C# can return a value, and that value can be assigned to a variable in the same manner as a function call. You associate a method with a given method by creating a new instance of the appropriate delegate, which specifies the appropriate method and uses the += operator to make the association. You can also use the += operator to associate an event with an instance of a delegate that already exists.
Default delegates are provided for the events of the controls and classes of the .NET Framework base class library. If you want to manually add an event handler for one of these events, you do not need to declare a new delegate. Rather, you can create a new instance of the predefined default delegate. For example, the delegate class that is used for events for most of the controls in the System.Windows.Forms namespace is System.EventHandler.
To handle an event in Visual Basic .NET
Use the AddHandler keyword to create an association between an event and a method to handle that event. The AddressOf operator allows you to receive a pointer to the appropriate method. Event handlers must have the same signature as the event being handled.
Alternatively, you can use the Handles keyword to associate a method with an event at design time. The method must be a member method of an object that was declared with the WithEvents keyword.
To handle an event in Visual C#
Create an instance of the appropriate delegate for the event that specified the method that will handle the event, and use the += operator to associate the event with the delegate.
Event Handlers That Handle Multiple Events
You can create event handlers that handle multiple events. A common instance of when you might want to do this is when you have more than one instance of a class or control that raises the same events. For example, you might have a group of buttons on a form that share a similar role in the application. You might create a single method to handle the Click event for all of these buttons and distinguish between them by using the sender parameter.
Associating multiple events with a single handler is simple. You use the AddHandler or += operator in exactly the same way in which you would add a single event handler.
Events with Multiple Handlers
An event can be handled by more than one event handler. When an event is handled by more than one handler, all of the methods handling that event are executed. The order in which the methods execute is the same as the order in which the association was created. Thus, if event x is associated in code with handlers y, z, and q (in that order), when the event is raised, the order of handler execution will be y, z, and q. In Visual C#, if you are returning a value with your event, it will return the value of the last method executed.
To associate an event with multiple handlers, all you have to do is create an association between the event and each handler. In Visual Basic .NET, you can use the Handles clause to declaratively associate several methods with an event. If this method is used, the order of method execution is less predictable and should be tested if it has an effect on the dynamics of the application.
Removing Handlers at Run Time
You have already learned how to add event handlers dynamically. The AddHandler keyword in Visual Basic .NET and the += operator in Visual C# can be used to dynamically create associations between events and methods. You can also remove event handler associations at run time. For example, suppose you had a class that modeled a bank account that raised a NotSufficientFunds event every time the account's owner tried to submit a check for an amount greater than the account balance.
You might associate this event with two methods: a ChargeAccount method, which assesses a fee for writing a Not Sufficient Funds (NSF) check, and a Notify method, which notifies the owner of the account that his account is overdrawn. You would call the ChargeAccount method every time an NSF check was passed, but it would be redundant to call the Notify method more than once until the account balance became positive. In this case, you could remove the event handler for the Notify method, and reinsert it when the account balance returned to the positive side.
The method by which you remove an event handler is very similar to the method by which you add one. In Visual Basic. NET, you use the RemoveHandler method to disassociate an event from a delegate obtained with the AddressOf operator. In Visual C#, you use the -= operator to dynamically remove an association between an event and a method. This operator requires a reference to a delegate of the appropriate signature, and it must reference the method to be removed.
General Questions on ASP.NET 2.0
Do I need IIS to run Web applications?
If you are using Visual Studio, you can use the ASP.NET Development Server built into Visual Studio to test your pages. The server functions as a local Web server, running ASP.NET Web pages in a manner virtually identical to how they run in IIS. To deploy a Web application, you need to copy it to a computer running IIS version 5 or 6.
How do I create pages for mobile devices?
ASP.NET will automatically detect the type of browser making the request. This information is used by the page and by individual controls to render appropriate markup for that browser. You therefore do not need to use a special set of pages or controls for mobile devices. (Whether you can design a single page to work with all types of browsers will depend on the page, on the browsers you want to target, and on your own goals.)
Are ASP.NET pages XHTML compatible?
Yes. Individual controls render markup that is compatible with the XHTML 1.1 standard. It is up to you, however, to include the appropriate document type declaration and other XHTML document elements. ASP.NET does not insert elements for you to ensure XHTML compatibility. For details, see ASP.NET and XHTML Compliance.
Can I hide the source code for my page?
Server-side code is processed on the server and is not sent to the browser, so users cannot see it. However, client script is not protected; any client script that you add to your page, or that is injected into the page by server processing, is visible to users. If you are concerned about protecting your source code on the server, you can precompile your site and deploy the compiled version. For details, see Publishing Web Sites.
When I run a page, I get the error "The page cannot be displayed" and an HTTP 502 Proxy Error. Why?
This error can occur if you are running ASP.NET Web pages using the Visual Web Developer Web server, because the URL includes a randomly selected port number. Proxy servers do not recognize the URL and return this error. To get around the problem, change your settings in Internet Explorer to bypass the proxy server for local addresses, so that the request is not sent to the proxy. In Internet Explorer, you can make this change in Tools > Internet Options. In the Connections tab, click LAN Settings and then select Bypass proxy server for local addresses.
Which page code model is preferable, single-file or code-behind?
Both models function the same and have the same performance. The choice of using single-file pages versus code-behind pages is one of personal preference and convenience. For details, see ASP.NET Web Page Code Model.
The QuickStart examples and examples in the API reference seem to use single-file pages frequently. Does this mean that single-file is the preferred model for pages?
No. Single-file pages are frequently used in examples because they are easier to illustrate — the writer does not have to create a separate file to show the code.
Is it better to write code in C# or Visual Basic?
You can write code for your Web application in any language supported by the .NET Framework. That includes Visual Basic, C#, J#, JScript, and others. Although the languages have different syntax, they all compile to the same object code. The languages have small differences in how they support different features. For example, C# provides access to unmanaged code, while Visual Basic supports implicit event binding via the Handles clause. However, the differences are minor, and unless your requirements involve one of these small differences, the choice of programming language is one of personal preference. Once programs are compiled, they all perform identically; that is, Visual Basic programs run just as fast as C# programs, since they both produce the same object code.
Do I have to use one programming language for all my Web pages?
No. Each page can be written in a different programming language if you want, even in the same application. If you are creating source code files and putting them in the \App_Code folder to be compiled at run time, all the code in must be in the same language. However, you can create subfolders in the \App_Code folder and use the subfolders to store components written in different programming languages.
Is the code in single-file and code-behind pages identical?
Almost. A code-behind file contains an explicit class declaration, which is not required for single-file pages.
Is the old code-behind model still supported?
Old projects will continue to run without change. In Visual Studio 2005, if you open a project created in Visual Studio .NET 2002 or 2003, by default, the project is converted to the new project layout used in Visual Studio 2005. As part of the conversion, pages that use the old code-behind model are converted to use the new code-behind model. Visual Studio 2005 Web Application Projects provide an alternative web project model that uses the same project, build and compilation semantics as the Visual Studio .NET 2003 code-behind model. For details, see Visual Studio 2005 Web Application Projects.
Questions on ASP.NET 2.0 Controls
Why is there no DataGrid control on the Toolbox?
The DataGrid control has been superseded by the GridView control, which can do everything the DataGrid control does and more. The GridView control features automatic data binding; auto-generation of buttons for selecting, editing, and deleting; automatic sorting; and automatic paging. There is full backward compatibility for the DataGrid control, and pages that use the DataGrid will continue to work as they did in version 1.0 of ASP.NET.
Can I still use the DataList and Repeater controls?
Absolutely. You can use them the way you always have. But note that the controls have been enhanced to be able to interact with data source controls and to use automatic data binding. For example, you can bind a DataList or Repeater control to a SqlDataSource control instead of writing ADO.NET code to access the database.
What's the difference between login controls and Forms authentication?
Login controls are an easy way to implement Forms authentication without having to write any code. For example, the Login control performs the same functions you would normally perform when using the FormsAuthentication class—prompt for user credentials, validate them, and issue the authentication ticket—but with all the functionality wrapped in a control that you can just drag from the Toolbox in Visual Studio. Under the covers, the login control uses the FormsAuthentication class (for example, to issue the authentication ticket) and ASP.NET membership (to validate the user credentials). Naturally, you can still use Forms authentication yourself, and applications you have that currently use it will continue to run.
Configuring ASP.NET 2.0
How is ASP.NET configuration data formatted?
ASP.NET configuration data is encoded in XML and stored as plaintext files. You can access these files programmatically by using administration tools or by using a text editor. For more information, see ASP.NET Configuration Overview.
Where are the ASP.NET configuration files stored?
System-wide configuration settings and some ASP.NET schema settings are stored in a file named Machine.config, which is located in the %SystemRoot%\Microsoft .NET\Framework\versionNumber\CONFIG directory. This directory also contains other default settings for ASP.NET Web applications in a file that is referred to as the root Web.config file. ASP.NET configuration files for individual Web sites and applications, which are also named Web.config files, can be stored in any Web site root directory, application root directory, application subdirectory, or all of these. For more information, see ASP.NET Configuration File Hierarchy.
How are the ASP.NET configuration files related to the Internet Information Services (IIS) configuration file (the IIS metabase)?
In IIS versions 6.0 and earlier, the ASP.NET configuration system redirects any IIS-specific settings that it controls. The ASP.NET configuration system then configures IIS for you by automatically editing the IIS metabase. For information about the IIS metabase, see Working with the IIS Metabase.
I used the ASP.NET configuration system to restrict access to my ASP.NET application, but anonymous users can still view some of my files. Why is that?
The features of the ASP.NET configuration system only apply to ASP.NET resources. For example, Forms Authentication only restricts access to ASP.NET files, not to static files or ASP (classic) files unless those resources are mapped to ASP.NET file name extensions. Use the configuration features of IIS to configure non-ASP.NET resources.
Since there can be multiple ASP.NET configuration files on one computer, how does ASP.NET configuration handle inheritance?
ASP.NET integrates the settings in configuration files (the Machine.config and Web.config files) into a single inheritance hierarchy. With a few exceptions, you can place a Web.config file wherever you need to override the configuration settings that are inherited from a configuration file located at a higher level in the hierarchy. For more information, see ASP.NET Configuration File Hierarchy.
How does ASP.NET consolidate the settings in all of the configuration files?
At run time, ASP.NET reads the settings in the Machine.config file and all of the Web.config files and then assembles a cache of the settings for each valid URL in each application on the server.
What happens when a configuration setting changes during run time?
ASP.NET invalidates the existing cache and assembles a new cache. Then ASP.NET automatically restarts the application to apply the changes.
Can I configure specific folders directly?
Yes. By using the location element in a configuration file that is located higher in the configuration hierarchy, you can configure the attributes of individual resources, such as the application directories under a Web site or application subdirectories. This is useful in hosting environments for specifying configuration settings in a machine-level configuration file that apply to individual Web sites. For more information, see How to: Configure Specific Folders Using Location Settings.
Can I lock a configuration setting so that a Web.config file that appears lower in the hierarchy cannot override it?
Yes. By setting the location element's Override attribute to false, you can lock a specific setting so that it does not inherit settings from below. For more information, see How to: Lock ASP.NET Configuration Settings.
How can I get programmatic access to ASP.NET configuration settings?
You can read, create, or modify configuration settings from within an ASP.NET application by using the ASP.NET management API. You can develop your own applications including Web applications, console applications, and scripts that use the management API.
How can I get programmatic access to IIS configuration settings?
You can use ADSI, WMI, or COM interfaces to configure IIS programmatically. For more information, see Using IIS Programmatic Administration.
How are ASP.NET configuration files secured against unauthorized access?
ASP.NET configures IIS to deny access to any user that requests access to the Machine.config or Web.config files.
What are the limitations when configuring ASP.NET by using the ASP.NET MMC snap-in?
The ASP.NET MMC snap-in allows you to set ASP.NET configuration at all levels, but on the local computer only. For more information, see ASP.NET MMC Snap-In.
Can I configure ASP.NET Web sites and applications remotely?
Yes. You can use the Web Site Administration Tool to configure remote Web sites and applications by using a Web browser. For more information, see Web Site Administration Tool.
Can I configure ASP.NET by directly editing the Machine.config and Web.config files?
Yes. You can use any text editor or XML editor to edit the ASP.NET configuration files directly. However, consider using one of the tools mentioned in the previous questions to edit ASP.NET configuration because those tools often ensure XML validation.
Can I configure ASP.NET by directly editing the IIS metabase file?
The IIS 6.0 metabase is stored in an XML-formatted file called Metabase.xml. You can configure IIS to allow the metabase to be edited directly, but not all of the ASP.NET configuration settings are available in the IIS metabase. It is best to configure ASP.NET features by using the ASP.NET configuration system. For more information, see Editing ASP.NET Configuration Files.
What tools can I use to edit the IIS metabase?
You can use the IIS Manager snap-in for the MMC. For information about common administrative tasks for ASP.NET developers, see ASP.NET and IIS Configuration.
Questions on Visual Web Developer
Can I run Web pages on a remote computer using ASP.NET Development Server?
Yes, you can create a file system Web application and specify a UNC pointing to another computer as the location for the files. When you run a page in Visual Web Developer, it starts up the ASP.NET Development Server locally, which in turn can read files from a remote computer.
Microsoft KnowledgeBase article 810886
When I try to run pages on a remote computer using the ASP.NET Development Server, I get an error that says the BIOS limit has been exceeded. What is the problem?
You might see this error if the remote computer is running Windows 2000 or Windows XP. If the remote computer is running Windows 2000, you can follow the instructions in Microsoft KnowledgeBase article 810886 to set the maximum number of concurrent connections to a higher number. If you are running Windows XP, you might be able to avoid this error by closing existing shared resources, including terminal server sessions, on the remote computer. (Windows XP is configured with a fixed number of maximum concurrent network requests.)
General ASP.NET Questions
What is ASP.NET?
ASP.NET is a server-side technology for creating dynamic, standards-based Web sites and services that are accessible across multiple platforms including mobile devices. It is part of the .NET-based environment; you can author applications in any .NET compatible language, including Visual Basic .NET, C#, and J#. Additionally, the entire .NET Framework class library is available to any ASP.NET application. Developers can easily access the benefits of these technologies, which include the managed common language runtime environment, type safety, inheritance, and so on.
Whats the difference between ASP and ASP.NET?
ASP (Active Server Pages) and ASP.NET are both server side technologies for building web sites and Web applications, but ASP.NET is not simply a new version of ASP. ASP.NET has been entirely re-architected to provide a highly productive programming experience based on the .NET Framework, and a robust infrastructure for building reliable and scalable web applications. For an overview of ASP.NET enhancements click here.
How do I get ASP.NET?
You can get ASP.NET by installing the Microsoft .NET Framework. The .NET Framework is available in either a redistributable or SDK format. See this overview to learn more and install the .NET Framework.
How much does ASP.NET cost?
ASP.NET is part of the Microsoft .NET Framework. The .NET Framework is a feature of Windows, and is available for download at no charge from this site. You can develop ASP.NET sites using a text editor, but if youre looking for a development tool please see Which development tools support ASP.NET?
What operating systems does ASP.NET run on?
ASP.NET runs on Windows Server 2000, Windows Server 2003, and Windows XP Professional. Windows XP Home is also supported for development only using Visual Web Developer Express Edition tool (which is available for download) or Visual Studio 2005.
Can I develop my ASP.NET pages in Notepad, or do I need to buy Visual Studio?
Yes, you can use any text editor to create ASP.NET pages. However, you may find yourself more productive if you use a dedicated tool, such as Visual Web Developer Express Edition or Visual Studio.
I've installed the .NET Framework, but ASP.NET doesn't seem to work. What can I do to fix it?
You must have IIS (Internet Information Services) installed before you install the .NET Framework. If you install IIS after you install the .NET Framework, you must also register the ASP.NET extensions with IIS. You can do this by running the aspnet_regiis executable from: %windows root directory%\Microsoft.NET\Framework\%version of the .NET Framework%\aspnet_regiis -r where %windows root directory% is the directory Windows is installed to (typically c:\windows or c:\winnt) and %version of the .NET Framework% is the version of the .NET Framework you have installed. The directory for .NET 1.0 is v1.0.3705, for 1.1 is v1.1.4322, and for 2.0 is v2.0.50727.
Where should I put the connection string to my database for my ASP.NET app?
Keep in mind that securing your connection string will prevent hackers from accessing information in your databases. For v1.x, the section titled Storing Database Connection Strings Securely from Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication outlines many good techniques for protecting this valuable resource. For v2.0, the walkthrough Encrypting Configuration Information Using Protected Configuration introduces Protected Configuration and the new connectionStrings configuration section as the preferred solution for storing connection string information in configuration files.
Which development tools support ASP.NET?
You can develop ASP.NET sites in any text editor, but Microsoft Visual Studio and Visual Web Developer Express Edition (available for download) provide rich support for the complete ASP.NET platform making development more productive and efficient. As well, Macromedia Dreamweaver MX and Borland C# Builder also offer ASP.NET development support.
Are there any pre-built applications or code samples available for ASP.NET?
The ASP.NET Visual Web Developer Starter Kits are sample applications available complete with source code to show you how to build real-world sites using ASP.NET using Visual Studio or Visual Web Developer Express Edition. You might also be interested in DotNetNuke, a free content management system built on ASP.NET. Lastly, there is CommunityServer, a platform for rapidly enabling online communities, which includes discussion forums, e-mail lists, newsgroups, blogs, file galleries, and more.
Where can I find web hosters that support ASP.NET?
Have a look at www.asp.net/hosters
General IIS Questions
This tip comes from the 11/23/2004 edition of the IISAnswers Newsletter. You can subscribe to the newsletter or find more information at http://www.iisanswers.com.
Viewing Custom Headers
Q: I have an IIS 6 Server Cluster. I'm trying to make a generic test page that will show me the cluster member I'm on. I figured a good way to do this is to assign a Custom Header Variable to IIS such as "Node:" with a value of "1" or "2" or "3," etc.
I've been on Google all morning and I can't figure out how to display the value. The value is added to the response object sent to the client and it seems to happen after the ASP script is completed so I can't do it server side. I haven't been able to find anything with client side JavaScript about viewing header information.
A: The custom http headers are meant for the client [browser], not for the ASP engine. In fact, from what I can tell, asp.dll or aspnet_isapi.dll doesn't have access to the custom header set up in IIS (except using ADSI/WMI, but that's different). It's not in the ServerVariables collection since the ServerVariables collection just contains what was received from the client.
Check out the bottom tip here: http://www.computerbooksonline.com/tips/asp6.asp
"As you may know, you can use the AddHeader method of the Response object to add custom http headers to your Web pages, but there's a "feature" you should be aware of when you do so. The ServerVariables collection returned by the Request object only contains headers sent from the browser to the server. Since your custom header was created on the server and then sent to the browser (the opposite direction), your header will never be added to the ServerVariables collection. You should be aware of this if you ever plan to interrogate the ServerVariables collection, expecting to find a custom header you created in this way. It will never be there, so such an approach simply won't work! "
Here is another good reference: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/ ref_vbom_resomah.asp
The kicker is this:
"You can retrieve the header if a special client returns it to the server on the next request"
I caught Steve Schofield by IM and he gave me this information from the IIS help:
"You can use this property to send a custom HTTP header from the Web server to the client browser. Custom headers can be used to send instructions from the Web server to the client browser that are not yet supported in the current HTTP specification, such as newer HTTP headers that IIS may not inherently support at the time of the product's release. For example, you can use a custom HTTP header to allow the client browser to cache the page but prevent proxy servers from caching the page."
Both Steve and I set up some tests and confirmed this. A network capture confirms that the header is sent back to the client.
It's a matter of order of operation. The ISAPI Filters (which asp and asp.net run as) appear to be higher on list than when IIS appends the header. Basically IIS adds the header on the way "out," not "in."
Further on this, if the client [browser] sends a custom header, it needs to be prefixed with HTTP_ to retrieve it within ASP(.NET).
It appears from the Microsoft link above that it's possible to receive the header from the client and send back to the server on the 2nd page view. I tested using a POST and GET but neither appeared to work for me. I assume that it doesn't happen automatically with IE and would require a custom client tool to handle this.
JavaScript should be able to get this because JavaScript runs after IIS added the header.
So, in summary, HTTP custom headers can't be used within ASP for any type of logic. It's something used for the Client and not the Server.
If you are using Visual Studio, you can use the ASP.NET Development Server built into Visual Studio to test your pages. The server functions as a local Web server, running ASP.NET Web pages in a manner virtually identical to how they run in IIS. To deploy a Web application, you need to copy it to a computer running IIS version 5 or 6.
How do I create pages for mobile devices?
ASP.NET will automatically detect the type of browser making the request. This information is used by the page and by individual controls to render appropriate markup for that browser. You therefore do not need to use a special set of pages or controls for mobile devices. (Whether you can design a single page to work with all types of browsers will depend on the page, on the browsers you want to target, and on your own goals.)
Are ASP.NET pages XHTML compatible?
Yes. Individual controls render markup that is compatible with the XHTML 1.1 standard. It is up to you, however, to include the appropriate document type declaration and other XHTML document elements. ASP.NET does not insert elements for you to ensure XHTML compatibility. For details, see ASP.NET and XHTML Compliance.
Can I hide the source code for my page?
Server-side code is processed on the server and is not sent to the browser, so users cannot see it. However, client script is not protected; any client script that you add to your page, or that is injected into the page by server processing, is visible to users. If you are concerned about protecting your source code on the server, you can precompile your site and deploy the compiled version. For details, see Publishing Web Sites.
When I run a page, I get the error "The page cannot be displayed" and an HTTP 502 Proxy Error. Why?
This error can occur if you are running ASP.NET Web pages using the Visual Web Developer Web server, because the URL includes a randomly selected port number. Proxy servers do not recognize the URL and return this error. To get around the problem, change your settings in Internet Explorer to bypass the proxy server for local addresses, so that the request is not sent to the proxy. In Internet Explorer, you can make this change in Tools > Internet Options. In the Connections tab, click LAN Settings and then select Bypass proxy server for local addresses.
Which page code model is preferable, single-file or code-behind?
Both models function the same and have the same performance. The choice of using single-file pages versus code-behind pages is one of personal preference and convenience. For details, see ASP.NET Web Page Code Model.
The QuickStart examples and examples in the API reference seem to use single-file pages frequently. Does this mean that single-file is the preferred model for pages?
No. Single-file pages are frequently used in examples because they are easier to illustrate — the writer does not have to create a separate file to show the code.
Is it better to write code in C# or Visual Basic?
You can write code for your Web application in any language supported by the .NET Framework. That includes Visual Basic, C#, J#, JScript, and others. Although the languages have different syntax, they all compile to the same object code. The languages have small differences in how they support different features. For example, C# provides access to unmanaged code, while Visual Basic supports implicit event binding via the Handles clause. However, the differences are minor, and unless your requirements involve one of these small differences, the choice of programming language is one of personal preference. Once programs are compiled, they all perform identically; that is, Visual Basic programs run just as fast as C# programs, since they both produce the same object code.
Do I have to use one programming language for all my Web pages?
No. Each page can be written in a different programming language if you want, even in the same application. If you are creating source code files and putting them in the \App_Code folder to be compiled at run time, all the code in must be in the same language. However, you can create subfolders in the \App_Code folder and use the subfolders to store components written in different programming languages.
Is the code in single-file and code-behind pages identical?
Almost. A code-behind file contains an explicit class declaration, which is not required for single-file pages.
Is the old code-behind model still supported?
Old projects will continue to run without change. In Visual Studio 2005, if you open a project created in Visual Studio .NET 2002 or 2003, by default, the project is converted to the new project layout used in Visual Studio 2005. As part of the conversion, pages that use the old code-behind model are converted to use the new code-behind model. Visual Studio 2005 Web Application Projects provide an alternative web project model that uses the same project, build and compilation semantics as the Visual Studio .NET 2003 code-behind model. For details, see Visual Studio 2005 Web Application Projects.
Questions on ASP.NET 2.0 Controls
Why is there no DataGrid control on the Toolbox?
The DataGrid control has been superseded by the GridView control, which can do everything the DataGrid control does and more. The GridView control features automatic data binding; auto-generation of buttons for selecting, editing, and deleting; automatic sorting; and automatic paging. There is full backward compatibility for the DataGrid control, and pages that use the DataGrid will continue to work as they did in version 1.0 of ASP.NET.
Can I still use the DataList and Repeater controls?
Absolutely. You can use them the way you always have. But note that the controls have been enhanced to be able to interact with data source controls and to use automatic data binding. For example, you can bind a DataList or Repeater control to a SqlDataSource control instead of writing ADO.NET code to access the database.
What's the difference between login controls and Forms authentication?
Login controls are an easy way to implement Forms authentication without having to write any code. For example, the Login control performs the same functions you would normally perform when using the FormsAuthentication class—prompt for user credentials, validate them, and issue the authentication ticket—but with all the functionality wrapped in a control that you can just drag from the Toolbox in Visual Studio. Under the covers, the login control uses the FormsAuthentication class (for example, to issue the authentication ticket) and ASP.NET membership (to validate the user credentials). Naturally, you can still use Forms authentication yourself, and applications you have that currently use it will continue to run.
Configuring ASP.NET 2.0
How is ASP.NET configuration data formatted?
ASP.NET configuration data is encoded in XML and stored as plaintext files. You can access these files programmatically by using administration tools or by using a text editor. For more information, see ASP.NET Configuration Overview.
Where are the ASP.NET configuration files stored?
System-wide configuration settings and some ASP.NET schema settings are stored in a file named Machine.config, which is located in the %SystemRoot%\Microsoft .NET\Framework\versionNumber\CONFIG directory. This directory also contains other default settings for ASP.NET Web applications in a file that is referred to as the root Web.config file. ASP.NET configuration files for individual Web sites and applications, which are also named Web.config files, can be stored in any Web site root directory, application root directory, application subdirectory, or all of these. For more information, see ASP.NET Configuration File Hierarchy.
How are the ASP.NET configuration files related to the Internet Information Services (IIS) configuration file (the IIS metabase)?
In IIS versions 6.0 and earlier, the ASP.NET configuration system redirects any IIS-specific settings that it controls. The ASP.NET configuration system then configures IIS for you by automatically editing the IIS metabase. For information about the IIS metabase, see Working with the IIS Metabase.
I used the ASP.NET configuration system to restrict access to my ASP.NET application, but anonymous users can still view some of my files. Why is that?
The features of the ASP.NET configuration system only apply to ASP.NET resources. For example, Forms Authentication only restricts access to ASP.NET files, not to static files or ASP (classic) files unless those resources are mapped to ASP.NET file name extensions. Use the configuration features of IIS to configure non-ASP.NET resources.
Since there can be multiple ASP.NET configuration files on one computer, how does ASP.NET configuration handle inheritance?
ASP.NET integrates the settings in configuration files (the Machine.config and Web.config files) into a single inheritance hierarchy. With a few exceptions, you can place a Web.config file wherever you need to override the configuration settings that are inherited from a configuration file located at a higher level in the hierarchy. For more information, see ASP.NET Configuration File Hierarchy.
How does ASP.NET consolidate the settings in all of the configuration files?
At run time, ASP.NET reads the settings in the Machine.config file and all of the Web.config files and then assembles a cache of the settings for each valid URL in each application on the server.
What happens when a configuration setting changes during run time?
ASP.NET invalidates the existing cache and assembles a new cache. Then ASP.NET automatically restarts the application to apply the changes.
Can I configure specific folders directly?
Yes. By using the location element in a configuration file that is located higher in the configuration hierarchy, you can configure the attributes of individual resources, such as the application directories under a Web site or application subdirectories. This is useful in hosting environments for specifying configuration settings in a machine-level configuration file that apply to individual Web sites. For more information, see How to: Configure Specific Folders Using Location Settings.
Can I lock a configuration setting so that a Web.config file that appears lower in the hierarchy cannot override it?
Yes. By setting the location element's Override attribute to false, you can lock a specific setting so that it does not inherit settings from below. For more information, see How to: Lock ASP.NET Configuration Settings.
How can I get programmatic access to ASP.NET configuration settings?
You can read, create, or modify configuration settings from within an ASP.NET application by using the ASP.NET management API. You can develop your own applications including Web applications, console applications, and scripts that use the management API.
How can I get programmatic access to IIS configuration settings?
You can use ADSI, WMI, or COM interfaces to configure IIS programmatically. For more information, see Using IIS Programmatic Administration.
How are ASP.NET configuration files secured against unauthorized access?
ASP.NET configures IIS to deny access to any user that requests access to the Machine.config or Web.config files.
What are the limitations when configuring ASP.NET by using the ASP.NET MMC snap-in?
The ASP.NET MMC snap-in allows you to set ASP.NET configuration at all levels, but on the local computer only. For more information, see ASP.NET MMC Snap-In.
Can I configure ASP.NET Web sites and applications remotely?
Yes. You can use the Web Site Administration Tool to configure remote Web sites and applications by using a Web browser. For more information, see Web Site Administration Tool.
Can I configure ASP.NET by directly editing the Machine.config and Web.config files?
Yes. You can use any text editor or XML editor to edit the ASP.NET configuration files directly. However, consider using one of the tools mentioned in the previous questions to edit ASP.NET configuration because those tools often ensure XML validation.
Can I configure ASP.NET by directly editing the IIS metabase file?
The IIS 6.0 metabase is stored in an XML-formatted file called Metabase.xml. You can configure IIS to allow the metabase to be edited directly, but not all of the ASP.NET configuration settings are available in the IIS metabase. It is best to configure ASP.NET features by using the ASP.NET configuration system. For more information, see Editing ASP.NET Configuration Files.
What tools can I use to edit the IIS metabase?
You can use the IIS Manager snap-in for the MMC. For information about common administrative tasks for ASP.NET developers, see ASP.NET and IIS Configuration.
Questions on Visual Web Developer
Can I run Web pages on a remote computer using ASP.NET Development Server?
Yes, you can create a file system Web application and specify a UNC pointing to another computer as the location for the files. When you run a page in Visual Web Developer, it starts up the ASP.NET Development Server locally, which in turn can read files from a remote computer.
Microsoft KnowledgeBase article 810886
When I try to run pages on a remote computer using the ASP.NET Development Server, I get an error that says the BIOS limit has been exceeded. What is the problem?
You might see this error if the remote computer is running Windows 2000 or Windows XP. If the remote computer is running Windows 2000, you can follow the instructions in Microsoft KnowledgeBase article 810886 to set the maximum number of concurrent connections to a higher number. If you are running Windows XP, you might be able to avoid this error by closing existing shared resources, including terminal server sessions, on the remote computer. (Windows XP is configured with a fixed number of maximum concurrent network requests.)
General ASP.NET Questions
What is ASP.NET?
ASP.NET is a server-side technology for creating dynamic, standards-based Web sites and services that are accessible across multiple platforms including mobile devices. It is part of the .NET-based environment; you can author applications in any .NET compatible language, including Visual Basic .NET, C#, and J#. Additionally, the entire .NET Framework class library is available to any ASP.NET application. Developers can easily access the benefits of these technologies, which include the managed common language runtime environment, type safety, inheritance, and so on.
Whats the difference between ASP and ASP.NET?
ASP (Active Server Pages) and ASP.NET are both server side technologies for building web sites and Web applications, but ASP.NET is not simply a new version of ASP. ASP.NET has been entirely re-architected to provide a highly productive programming experience based on the .NET Framework, and a robust infrastructure for building reliable and scalable web applications. For an overview of ASP.NET enhancements click here.
How do I get ASP.NET?
You can get ASP.NET by installing the Microsoft .NET Framework. The .NET Framework is available in either a redistributable or SDK format. See this overview to learn more and install the .NET Framework.
How much does ASP.NET cost?
ASP.NET is part of the Microsoft .NET Framework. The .NET Framework is a feature of Windows, and is available for download at no charge from this site. You can develop ASP.NET sites using a text editor, but if youre looking for a development tool please see Which development tools support ASP.NET?
What operating systems does ASP.NET run on?
ASP.NET runs on Windows Server 2000, Windows Server 2003, and Windows XP Professional. Windows XP Home is also supported for development only using Visual Web Developer Express Edition tool (which is available for download) or Visual Studio 2005.
Can I develop my ASP.NET pages in Notepad, or do I need to buy Visual Studio?
Yes, you can use any text editor to create ASP.NET pages. However, you may find yourself more productive if you use a dedicated tool, such as Visual Web Developer Express Edition or Visual Studio.
I've installed the .NET Framework, but ASP.NET doesn't seem to work. What can I do to fix it?
You must have IIS (Internet Information Services) installed before you install the .NET Framework. If you install IIS after you install the .NET Framework, you must also register the ASP.NET extensions with IIS. You can do this by running the aspnet_regiis executable from: %windows root directory%\Microsoft.NET\Framework\%version of the .NET Framework%\aspnet_regiis -r where %windows root directory% is the directory Windows is installed to (typically c:\windows or c:\winnt) and %version of the .NET Framework% is the version of the .NET Framework you have installed. The directory for .NET 1.0 is v1.0.3705, for 1.1 is v1.1.4322, and for 2.0 is v2.0.50727.
Where should I put the connection string to my database for my ASP.NET app?
Keep in mind that securing your connection string will prevent hackers from accessing information in your databases. For v1.x, the section titled Storing Database Connection Strings Securely from Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication outlines many good techniques for protecting this valuable resource. For v2.0, the walkthrough Encrypting Configuration Information Using Protected Configuration introduces Protected Configuration and the new connectionStrings configuration section as the preferred solution for storing connection string information in configuration files.
Which development tools support ASP.NET?
You can develop ASP.NET sites in any text editor, but Microsoft Visual Studio and Visual Web Developer Express Edition (available for download) provide rich support for the complete ASP.NET platform making development more productive and efficient. As well, Macromedia Dreamweaver MX and Borland C# Builder also offer ASP.NET development support.
Are there any pre-built applications or code samples available for ASP.NET?
The ASP.NET Visual Web Developer Starter Kits are sample applications available complete with source code to show you how to build real-world sites using ASP.NET using Visual Studio or Visual Web Developer Express Edition. You might also be interested in DotNetNuke, a free content management system built on ASP.NET. Lastly, there is CommunityServer, a platform for rapidly enabling online communities, which includes discussion forums, e-mail lists, newsgroups, blogs, file galleries, and more.
Where can I find web hosters that support ASP.NET?
Have a look at www.asp.net/hosters
General IIS Questions
This tip comes from the 11/23/2004 edition of the IISAnswers Newsletter. You can subscribe to the newsletter or find more information at http://www.iisanswers.com.
Viewing Custom Headers
Q: I have an IIS 6 Server Cluster. I'm trying to make a generic test page that will show me the cluster member I'm on. I figured a good way to do this is to assign a Custom Header Variable to IIS such as "Node:" with a value of "1" or "2" or "3," etc.
I've been on Google all morning and I can't figure out how to display the value. The value is added to the response object sent to the client and it seems to happen after the ASP script is completed so I can't do it server side. I haven't been able to find anything with client side JavaScript about viewing header information.
A: The custom http headers are meant for the client [browser], not for the ASP engine. In fact, from what I can tell, asp.dll or aspnet_isapi.dll doesn't have access to the custom header set up in IIS (except using ADSI/WMI, but that's different). It's not in the ServerVariables collection since the ServerVariables collection just contains what was received from the client.
Check out the bottom tip here: http://www.computerbooksonline.com/tips/asp6.asp
"As you may know, you can use the AddHeader method of the Response object to add custom http headers to your Web pages, but there's a "feature" you should be aware of when you do so. The ServerVariables collection returned by the Request object only contains headers sent from the browser to the server. Since your custom header was created on the server and then sent to the browser (the opposite direction), your header will never be added to the ServerVariables collection. You should be aware of this if you ever plan to interrogate the ServerVariables collection, expecting to find a custom header you created in this way. It will never be there, so such an approach simply won't work! "
Here is another good reference: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/ ref_vbom_resomah.asp
The kicker is this:
"You can retrieve the header if a special client returns it to the server on the next request"
I caught Steve Schofield by IM and he gave me this information from the IIS help:
"You can use this property to send a custom HTTP header from the Web server to the client browser. Custom headers can be used to send instructions from the Web server to the client browser that are not yet supported in the current HTTP specification, such as newer HTTP headers that IIS may not inherently support at the time of the product's release. For example, you can use a custom HTTP header to allow the client browser to cache the page but prevent proxy servers from caching the page."
Both Steve and I set up some tests and confirmed this. A network capture confirms that the header is sent back to the client.
It's a matter of order of operation. The ISAPI Filters (which asp and asp.net run as) appear to be higher on list than when IIS appends the header. Basically IIS adds the header on the way "out," not "in."
Further on this, if the client [browser] sends a custom header, it needs to be prefixed with HTTP_ to retrieve it within ASP(.NET).
It appears from the Microsoft link above that it's possible to receive the header from the client and send back to the server on the 2nd page view. I tested using a POST and GET but neither appeared to work for me. I assume that it doesn't happen automatically with IE and would require a custom client tool to handle this.
JavaScript should be able to get this because JavaScript runs after IIS added the header.
So, in summary, HTTP custom headers can't be used within ASP for any type of logic. It's something used for the Client and not the Server.
Subscribe to:
Posts (Atom)