ASP.

NET
ASP.NET (Active Server Pages .NET) is a web development technology from Microsoft.
Part of the .NET Framework, ASP.NET allows developers to build dynamic web
applications and web services using compiled languages like VB.NET and C#. Using
Visual Studio, the development tool from Microsoft, web developers can develop very
compelling applications using ASP.NET, with the ease of drag-and-drop server controls.
Currently in its next major release, ASP.NET 2.0 is slated to be released in November
2005.

In This Article:

1. A Brief History of ASP.NET

2. How ASP.NET Works
3. What Do You Need to Run ASP.NET?
4. Visual Studio and ASP.NET
5. ASP.NET Improvements
6. New Features in ASP.NET 2.0
7. Summary

In the early days of the Web, the contents of web pages were largely static. Pages needed to be
constantly, and manually, modified. To create websites that were dynamic and would update
automatically, a number of server-side technologies sprouted up, including Microsoft's Active
Server Pages (ASP). ASP executed on the server side, with its output sent to the user's web
browser, thus allowing the server to generate dynamic web pages based on the actions of the
user.

These server-side technologies are important contributions to the development of the Web.
Without them, web applications that we've become accustomed to today, such as Amazon.com,
eBay.com, and so on, would not be possible. In this article, I will delve into ASP.NET, with a
look at what it is, how it works, and the newest important features of 2.0.

A Brief History of ASP.NET

Microsoft Active Server Pages (ASP) started its life as a public beta (v1.0) in October 1996 as an
upgrade to Internet Information Server (IIS) 2.0. From that point on, ASP slowly evolved into
version 2.x, and then finally 3.0. In the initial three versions, ASP used a scripting language,
VBScript, as the default language. Using a scripting language has its flaws; code is interpreted
rather than compiled, and using VBScript as the default language turned some people off (though
technically you can configure ASP to use other languages such as JScript and Perl, but this was
not commonly done). This interpreted code model of ASP seriously limited performance.

In early 2000, Microsoft introduced the new .NET Framework, and together with it, introduced
the upgrade of ASP: ASP.NET 1.0 (previously known as ASP+). Over the last few years,
ASP.NET has gone through a few evolutions, from ASP.NET 1.0 to 1.1, and now to ASP.NET
2.0, due to be released at the end of this year (November 2005).
 Related Reading

In ASP.NET, you are not limited to scripting languages. You can now
use the following .NET languages:

 C#
 J#
 VB.NET

How ASP.NET Works

When a web browser requests a page from a web server, the web server
(IIS) will first check if the request is for an HTML page. If it is, the
request is fulfilled by fetching the files from the OS and then returning it
to the client (web browser). If the client is requesting an ASP.NET page,
IIS will pass the request to the ASP.NET runtime, which will then ASP.NET 2.0: A
process the application and return the output to the client. Developer's
Notebook
ASP.NET pages use the .aspx extension. This is to ensure that ASP.NET By Wei-
is able to run side by side with classic ASP on the same server, which Meng Lee
uses the extension .asp.

One of the inherent problems with the HTTP protocol is its stateless nature. Put simply, a request
made by a user is loaded into memory, fulfilled, and then unloaded. Subsequent requests by the
same user are treated just like any request; the server makes no attempt to remember what the
user has previously requested. This stateless nature makes writing web applications a challenge,
because the application developer must explicitly devise mechanisms to enable the server to
remember the previous state of the application. Several mechanisms have been devised over the
years, such as cookies and the use of query strings for passing information to and from the server
and the client.

In classic ASP, you typically need to write pages of code in order to preserve the state of the
page after the user has posted a value back to the server. In ASP.NET, all of these mundane tasks
(collectively known as state management) are accomplished by the ASP.NET runtime. You will
learn more on this in the following sections.

Pages: 1, 2, 3, 4, 5, 6, 7, 8

Print Subscribe to Windows Subscribe to Newsletters

ShareThis

What Is ASP.NET
Pages: 1, 2, 3, 4, 5, 6, 7, 8

State Management
As mentioned previously, ASP.NET automatically takes care of state management. To
understand what I mean by state management, consider the following example, shown in Figure
3.

Figure 3. A simple ASP.NET application

The example in Figure 3 prompts the user to enter a name and then click the Click Me button.
The following code is the code behind for the application. When the button is clicked, it displays
the name of the user in the Label control:

Partial Class _Default

Inherits System.Web.UI.Page

Protected Sub Button1_Click( _

ByVal sender As Object, _
ByVal e As System.EventArgs) _
Handles Button1.Click
Label1.Text = "Hello " & TextBox1.Text
End Sub
End Class

Here is how it looks like when run (see Figure 4).

Figure 4. Testing the application

Notice that after the button is clicked, the text contained within the TextBox control is still
available. If you were using classic ASP, you would need to explicitly write code in your
application to ensure that the text in the TextBox control remained visible.

To understand how ASP.NET maintains state between postbacks (when you submit a request
back to the server), examine the source of the page in Internet Explorer (do a View -> Source):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Untitled Page
</title></head>
<body>
<form method="post" action="Default.aspx" id="form1">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwUKMTU5MTA2ODYwOQ9kFgICAw9kFgICBQ8PFgIeBFRleHQFE0hlbGxvICBX
ZWktTWVuZyBMZWVkZGQVx6NLNcu0P+TBFnYu2ubB4x3vdQ==" />
</div>

<div>
Please enter your name:<br />
<input name="TextBox1" type="text" value="Wei-Meng Lee"
id="TextBox1" />
<input type="submit" name="Button1" value="Click Me"
id="Button1" />
<br />
<span id="Label1">Hello Wei-Meng Lee</span><br />
<br />

</div>
</form>
</body>
</html>

In particular, look out for the hidden input element known as _VIEWSTATE. This element contains
the state information of the page and is passed between the client and the server. By storing
information in this element, the server is able to maintain the state of the page as it gets posted
back to the server. (It does so by examining the content of the _VIEWSTATE element.)

Note that the information in the _VIEWSTATE element is only encoded, not encrypted.

Pages: 1, 2, 3, 4, 5, 6, 7, 8

Tracing and Debugging

In the previous example, I mentioned that you can view the Web Form in either Design view or
Code-Behind view. Visual Studio supports yet another view: Source view. Using Source view,
you can view the source of a page (the markup elements that make up the UI of a page). Figure 5
shows the Source view of the previous example:

Figure 5. Switching to Source view

One useful feature in ASP.NET is the enhanced support for tracing and debugging. You can
trace the flow of your application by using the Trace attribute in the <Page> directive:

<%@ Page Language="VB" Trace="true"

AutoEventWireup="false" CodeFile="Default.aspx.vb"
Inherits="_Default" %>

When you enable tracing, you will see output similar to that shown in Figure 6. You would be
able to examine detailed execution information such as the sequence in which the events are
fired, as well as the values of the environment variables, and so on.
Figure 6. Enabling tracing for your ASP.NET application

Pages: 1, 2, 3, 4, 5, 6, 7, 8 Next Page

What Is ASP.NET
Pages: 1, 2, 3, 4, 5, 6, 7, 8

You can also insert Trace statements into your application. For example, in the following code I
have inserted two Trace statements: one to display a warning when the user did not enter a string
for the TextBox control, and another to simply display the contents of the TextBox control:

Protected Sub Button1_Click( _

ByVal sender As Object, _
ByVal e As System.EventArgs) _
Handles Button1.Click
If TextBox1.Text = "" Then
Trace.Warn("Empty string for textbox1")
Else
Trace.Write(TextBox1.Text)
End If
Label1.Text = "Hello " & TextBox1.Text
End Sub
When run, notice the red warning text (see Figure 7) when the button is clicked.

Figure 7. Displaying a warning message in red

But if you type some text into the TextBox control, the trace message will be printed in black
(see Figure 8).
Figure 8. Displaying trace information

The nice feature about the Trace class is that when it comes to time to deploy the application,
you can simply turn off tracing by setting the Trace attribute to "off;" there is no need for you to
remove the trace statements.

Besides tracing, you also have the ability to step through the execution of your application code.
Figure 9 shows that you can perform debugging on an ASP.NET web application in real time.
Figure 9. Debugging an ASP.NET application using Visual Studio

Pages: 1, 2, 3, 4, 5, 6, 7, 8

Caching

Caching of web pages is an effective way of increasing performance while minimizing the use of
precious server resources. ASP.NET supports various forms of caching:

 Output caching: Output caching caches the output of a page (or portions of it) so that a
page's content need not be generated every time it is loaded.
 Caching objects in a page: While output caching is useful, a much more powerful and
flexible approach would be to cache individual objects in your web application, rather
than entire pages.
 Smart caching with dependencies: The cache would automatically invalidate itself
when some external events happen (such as the modification of a text file, and so on).
 Time-based caching: Another technique for caching is based on time. For example, the
cache can expire on a certain date, or it will only be available for a certain period of time.
There are two ways in which you can use time-based caching--sliding and absolute
expiration.
 SQL cache dependency: SQL cache dependency is the ability to invalidate a database
cache if the data in a table is changed.

To illustrate how caching works in ASP.NET, let's consider an example using output caching.
Assuming that you have an ASP.NET web form, add a new OutputCache directive to the
ASP.NET form:
<%@ OutputCache Duration="15" VaryByParam="*" %>
<%@ Page Language="vb" AutoEventWireup="false"
Codebehind="WebForm1.aspx.vb" Inherits="Caching.WebForm1"%>

The OutputCache directive specifies the various criteria for caching the page. In this example,
the output of the page will be cached for 15 seconds. This means that if the page is loaded again
within the next 15 seconds, it is refreshed; the Web server will serve the same content without
needing to dynamically regenerate the page (and thus avoiding access the database, if part of the
content of the page is retrieved from a database).

The VaryByParam attribute specifies how the caching should be performed, based on the query
string supplied to the page. For example, if I used the following URL:

http://localhost/Caching/WebForm1.aspx?name=John&newsid=12

The query string passed to the page is name=John&newsid=12. Now, suppose I change the
VaryByParam attribute to:

<%@ OutputCache Duration="15" VaryByParam="Name" %>

The page will then be cached according to the Name key. This means that if I issue requests using
the following two URLs, the second request will still be from the cache, as the cache will only be
refreshed if the value of Name changes:

http://localhost/Caching/WebForm1.aspx?name=John&newsid=12
http://localhost/Caching/WebForm1.aspx?name=John&newsid=45

The following URLs will cause the second request to be refreshed:

http://localhost/Caching/WebForm1.aspx?name=John&newsid=12
http://localhost/Caching/WebForm1.aspx?name=Michael&newsid=12

If you want to force the page to be regenerated if more than one key changes (such as Name and
NewsID), you simply add the NewsID key into the VaryByParam attribute:

<%@ OutputCache Duration="15" VaryByParam="Name;NewsID" %>

In this case, this is equivalent to using a *, which means all keys will cause the page to be
regenerated:

<%@ OutputCache Duration="15" VaryByParam="*" %>

If you want to cache the page regardless of query string, you can use the value none:

<%@ OutputCache Duration="15" VaryByParam="none" %>

Refer to my articles on ONDotnet.com for more information on caching:

 "ASP.NET Caching"
 "SQL Cache Dependency"

Pages: 1, 2, 3, 4, 5, 6, 7, 8

What Is ASP.NET
Pages: 1, 2, 3, 4, 5, 6, 7, 8

Configuration Files

ASP.NET uses external configuration files to store detailed information about the application.
For example, the web.config file stores information such as:

 Security
 Database connection string
 Caching
 Debugging
 Globalization settings

One of the best practices in ASP.NET is to save your database connection strings in the
web.config file instead of hard-coding it into your code. This allows you to change database
servers easily, without needing to modify your code. As an additional protection, it is always
better to use integrated Windows security to access your database, rather than using SQL Server
authentication and thus including your SQL server credentials in the connection string.

The following code segment shows part of web.config, containing a database connection string:

<configuration
xmlns="http://schemas.microsoft.com/
.NetConfiguration/v2.0">
<connectionStrings>
<add name="pubsConnectionString"
connectionString="Data Source="(local)";
Initial Catalog=pubs;Integrated
Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
...
However, it's not such a good idea to save your connection strings as plain text in web.config;
you should ideally encrypt the connection strings so that it leaves no chance for a potential
hacker to easily get more information about your database server.

In ASP.NET 2.0, Microsoft has taken this further by allowing you to encrypt the connection
strings in web.config, all without much plumbing on your part. Two Protection Configuration
Providers are available in .NET 2.0 to allow you to encrypt your connection strings (as well as
other sections in web.config):

 DataProtectionConfigurationProvider
 RSAProtectedConfigurationProvider

To learn how to encrypt your database connection string in ASP.NET 2.0, check out
www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html.

New Features in ASP.NET 2.0

ASP.NET 2.0 represents a huge leap over ASP.NET 1.x. The new features in ASP.NET 2.0 can
be grouped into three broad categories: new controls and control functionality, improvements to
the Page framework, and new services and APIs (see Table 1).

Controls

ASP.NET 2.0 ships with several new controls to make the life of a web application developer
easier. In ASP.NET 2.0, there are now new controls that help you to perform data access, site
navigation, login, and personalization using Web Parts.

Earlier you had a glimpse of some of the controls (TextBox, Label, and Button) shipped in
ASP.NET. Figure 10 shows the controls shipped with ASP.NET 2.0. They are categorized based
on their functionalities.
Figure 10. The various controls in ASP.NET 2.0

Page Framework

ASP.NET 2.0 supports some useful additions to its Page framework, such as visual inheritance,
technically known as Master Pages. Besides Master Pages, ASP.NET 2.0 also supports
"theming" through themes and skins, allowing you to maintain a consistent look and feel for your
websites. Another noteworthy feature in ASP.NET is the improved support for localization,
which reduces the amount of work you need to do to internationalize your web applications.

Pages: 1, 2, 3, 4, 5, 6, 7, 8
Services and APIs

Behind the various new controls in ASP.NET 2.0 lie the foundation services and APIs that do the
heavy lifting needed to enable the controls to do their work. For example, behind the new Login
controls you'll find the new collection of Membership APIs, which perform such tasks such as
user authentication, registration of new users, and so on. Besides using the new controls, you can
directly make use of these APIs in code.

Table 1. New Features in ASP.NET 2.0

Controls Page Framework Services and APIs

Data Controls Master Pages Membership
Includes controls that Visual page inheritance for Web The core service for user
simplify the connection to
data sources as well as the
new GridView and
DetailsView controls.
Login Controls
Contains controls that
makes website user
management and user
authentication easy and
efficient.
Web Parts
Provides the infrastructure
for creating Web Parts.
Navigation Controls
Contains controls that
display site information
and menus.
Additional Standard  
Controls
Contains controls such as
ImageMap, FileUpload,
MultiView, and TreeView.
For a detailed discussion of the new features in ASP.NET 2.0, refer to ASP.NET 2.0: A
Developer's Notebook.
Forms.
Themes and Skins
Maintain consistent look and feel for
the entire site by using Skins
definitions grouped by themes.
Localization
Simplify the steps needed to
globalize and localize your web
applications.
Compilation
Supports dynamic compilation of
business logic without the need for
explicit recompilation when the code
is changed. Also supports automatic
generation of web services proxy
class using WSDL.
management, such as user
creation, deletion,
authentication, retrieval of
passwords, etc.
Role Management
Manages the assigning of
roles to users, such as add
user to role, delete user
from role, inquire if user's
in role, etc.
Site Maps
Supports the retrieval of
site information, as well as
the display of site maps.
Profile
Supports the
personalization of websites
through the Profile
object.

Summary

In this article, you have seen some of the most important features of ASP.NET. If you have never
developed a web application before, I strongly encourage you to take ASP.NET 2.0 for a spin
today. You will be amazed at how easy it is to start building compelling applications with so
little effort. Of course, one of the easiest ways is to grab a copy of my book and spend a few
good afternoon trying out all the features. Have fun!

To try out ASP.NET 2.0, download Microsoft Visual Web Developer 2005 Express Edition Beta
2, or, if you are a MSDN subscriber, download Visual Studio 2005 Beta 2.

Wei-Meng Lee (Microsoft MVP) http://weimenglee.blogspot.com is a technologist and founder

of Developer Learning Solutions http://www.developerlearningsolutions.com, a technology
company specializing in hands-on training on the latest Microsoft technologies.
Return to ONDotnet.com.