ASP.NET Application Framework Sean Puffett Developer Evangelist Microsoft UK seanpuff@microsoft.com

Agenda Caching Data Binding Session State Configuration Authentication Security Deployment

Caching Full page output caching Fragment Caching Extensible Cache API Vary by params, language, user-agent Fragment Caching Enables portions of pages to be cached Extensible Cache API Developers can cache arbitrary objects Multiple expiration policies, file change invalidation

Caching - Additional Topics Page Output Caching <%@ OutputCache Duration="60" %> Page Data Caching Cache[“MyDataSet”] = SomeDataSet Like Application Variables Scavenging Expiration Dependencies

demo Simple Fragment Caching

Data Binding Provides a simple, declarative way to bind Web UI elements to data “Simple” binding to a single property Or directly into the page “List” binding to a data source DataGrid, DropDownList, etc. Huge variety of data sources supported But… One way snapshot model Requires code to update the data source

Simple Binding Syntax Step 1: Set bindings Declaratively (in HTML): <asp:Label Text=<%# custID %> … /> Step 2: Call DataBind Sub Page_Load(s As Object, e As EventArgs) Label1.DataBind() End Sub

Simple Binding Example <%@ Page language=“VB” %> <script runat=server> Sub Page_Load(s as Object, e as EventArgs) Label1.DataBind() End Sub </script> <html> <body> <asp:Label id=Label1 runat=server Text=<%# DateTime.Now %> /> </body> </html>

Binding Data To Lists DataGrid, DropDownList, etc. Supported DataSources ADO.NET Connected: DataReader ADO.NET Cached: DataSet, DataTable, DataView Also other IEnumerable types: ArrayList, Array Hashtable Result of a method

List Binding Syntax Step 1: Set bindings DataGrid1.DataSource=ds; Declaratively (in HTML): <asp:DataGrid DataSource=<%# ds %> … /> Imperatively (in code): DataGrid1.DataSource=ds; Step 2: Call DataBind Sub Page_Load(s As Object, e As EventArgs) DataGrid1.DataBind() End Sub

demo Data Binding A DataGrid Control

Session State 3 Modes of Session State In-Proc StateServer SqlServer Stores values in the memory of the ASP.NET Worker Process StateServer Uses a Microsoft Windows Service to store Session Variables SqlServer Uses one or more SQL Servers to store Session Variables

Session Variables Store state information No longer require Cookies Share between servers <sessionstate inproc="false" server=“AnotherServer" port="42424" />

Scale-Out Web Architecture Session state supports web farms Applications no longer tied to one machine Single state server supports multiple app servers Multiple Session State providers ASP.NET state server SQL Server

demo In-Proc Session State

Configuration Stored in XML file in directory with pages web.config Contains all ASP.NET settings Authentication, compile options, custom error pages, etc. Allows adding Application settings DSN, etc. Extensible Can extend with custom configuration data Overrides/Adds to settings in machine.config

IBuySpy Configuration <appSettings> <add key="DSN" value=“data source=ibs2;Trusted_Connection=yes" /> </appSettings> <location path="CheckOut.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <authentication mode="Forms"> <forms name="IBuySpyAuth" loginUrl="Login.aspx" protection="all"> </authentication> <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx"/> </configuration> <appSettings> <add key="DSN" value="data source=ibs2;Trusted_Connection=yes" /> </appSettings> <location path="CheckOut.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <authentication mode="Forms"> <forms name="IBuySpyAuth" loginUrl="Login.aspx“ protection="all“> </authentication> <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx"/>

ASP.NET Authorisation Basic, Digest and NTLM leverage IIS Credential verification against Active Directory Passport module provided Exposes passport profile API Custom, forms-based authentication Easy to use, with cookie token tracking Custom login screen (no popup dialogs) Credential checks against database, etc.

demo Introducing Forms Authentication

Deployment - with ASP DLL Locking MTS/COM+ Registry Page hit Shutdown web application Shutdown Internet information Server Edit in Visual Interdev MTS/COM+ Shutdown package Binary compatibility Registry

Deployment - with .NET “XCopy” Deployment Supports all web resources Components in .\bin No registration required for components No Locked DLLs (Server stop not required) Supports all web resources Web pages, web services Compiled components (DLL) Configuration files

Deployment - continued Update running apps Simply copy DLL on top of old ones Application gracefully migrated to new code Old application stopped when all users have closed the session Applications are Isolated Each application can have its own version Uninstall Delete

demo Replacing A Running Assembly

Summary Caching Data Binding Session State Configuration Authentication Security Deployment

Useful Resources Walkthrough: Using a DataGrid Web Control to Read and Write Data: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbwlkwalkthroughusingdatagridwebcontroltoreadwritedata.asp INFO: ASP.NET State Management Overview http://support.microsoft.com/?id=307598 Book: Essential ASP.NET by Fritz Onion (ISBN: 0-201-76039-8)

Additional Information Post Events Site All information on past events, slide decks etc http://www.microsoft.com/uk/msdn/postevents The UK MSDN Site & Flash Local news, events, webcasts http://www.microsoft.com/uk/msdn Register to received the bi-weekly MSDN Flash by email http://www.microsoft.com/uk/msdn/flash.aspx GotDotNet and ASP.NET – lots of excellent resources http://www.gotdotnet.com http://www.asp.net