Inacom: Developing Microsoft ASP.NET Web Applications using Visual Studio.NET

Day 1 - 2005-12-12

Module 1

Mono project / dotGNU - examples of .NET interoperability

ILDASM from the Visual Studio command Prompt runs a simple disassembler.

.NET reflector - http://www.aisto.com/roeder/dotnet/- pretty damn cool!

Module 2

All about the Visual Studio IDE.  Slow.

Favorite keyboard shortcuts - Gentry's

Shift+F7 - Design

F7 - Code

F4 - Properties

Alt+Shift+Enter - Full Screen

Ctrl+Space - Intellisense

Mine (running list)

Ctrl+Pg[Up or Dn] - toggle between design view and html view in designer

Task list

Tools | Options - add tags to list of tasks to show in the task list

.suo files do not check into source control

there are issues with using source control for solutions - source control on a project bby project basis makes more sense - and then let each user create their own solution.

datasource stuff - pretty easy - drag and drop from server explorer to auto-generate sqlConnection and DataAdapter objects, rightclick DataAdapter and select generate dataSet to get a dataset connected to that adapter, drag and drop dataGrid from toolbox and then use props to connect to dataSet.

Lab 2:: lame

Module 3

Language variety, advantages and disadvantages - Kinda slow

l

anguage differences and the lack thereof

imports/using

differences between dll references (allow use of methods and classes, but during debug acts as a blackbox) or a project reference (which allows debugging across projects and languages)

Lab 3

note to self: if you're going to rely on the printed matter for the code, make sure you at least enter all of it ;)

pretty basic app.

Module 4

Server controls,

interesting that the calendar creates a table - I guess I didn't really have an expectation of what it would be, and a table makes sense....

Lab 4

pretty basic again; just layout type stuff - no code behind it yet....

Day 2 - 2005-12-13

Review

What is .NET framework - CLR, MSIL code, 100000+ classes

CLS Common Language Specification - this is the minimum set of functions that a language must implement to be .NET compliant

managed environment - garbage colllection, security, threading

Solution vs Project

garbage collection - automatically reclaims memory when objects are dereffed, but not necessarily as fast as you might want - you still need to use dispose

page directive - VS asks to create the link to a codebehind page for a renamed html page

asp: defines web controls

nobody wants to talk to answer review questions.  I hate being the only one answering questions.  Grr.

ViewState::<input type="hidden" name="__VIEWSTATE" value="dDwyMTI2NjU2MjM0OztsPGNoa1Nob3J0VGVybTtjaGtMb25nVGVybTs+Pj0zHNt5PLUtBc5grMpLeNwoxVww" />

whew.

Module 5

wiring up events

client-side events vs server-side in ASP.NET.  Can use auto-postback to catch typically client side events at the server.  What a hassle....

wiring up events to components - double-clicking, selecting in the properties/events dialog, or writing code

Postback process

event order

data binding one control to another

Lab 5

Using page_load coinnected to a custom class to populate both a list of<a>s and a checkboxlist. Not bad, actually - pretty useful as long as I just read what the intended functioning was, but didn't type in the supplied code but instead did it myself.

Module 6

trace mode - turn on per page to append messages to the bottom of the page

remote debugging

• admin access to server for setup, for the debugging you need to be in the Debugger Users group
• must install the remote debug components on the server
• must set correct startup project and page
• after that the app can be debugged just like a windows app.

Lab 6

tracing

not a bad lab again.  Would have been helpful to see examples of custom tracing to your own log, but that could be because I was browing the web when we talked about that during class.  Hear hear for ADHD.

Module 7

input validation

validators execute both on the client and server - hmmm.

Lab 7

not too bad - the typography in the regular expression makes that part a little confusing.

Module 8

User Controls

Lab 8

somewhat useful excercise, but too basic.

Day 3 - 2005-12-14

Module 9

Data Access 1

Mapping connection strings to keys in config file

update/delete statements generated by VS by default check original and current database (not dataset) values of every field in the table in the where clause - actions don't occur if any have changed.  You can modify this behavior to ignore some changed values.

typed vs non-typed dataset - strongly typed is what's generated by VS when you drag/drop or right-click.  Strongy typed are often better and easier to use in VS (intellisense and the like)

DataBind()

Once you've dropped a connection, adapter, and dataset on a page, all that's required to display the data is:

• DataAdapter.Fill(DataSet)
• Control.DataBind() - props of what it's bound to are set in the control props

Very cool stuff!

Module 10

Data access through code

security - use Windows only whern possible - in .Net you can use impersonation to do this, also under IIS6 you can have apps run under specific users by using app pools

store query in DataAdapter

CommandBuilder will build commands for your dataadapter

dataadapter.fill - fills dataset and uses the optional tablename you pass.

strongly-typed dataset gives you intellisense and also gives type checking; creates an object of type [table] that contains strongly-typed members

• DataSet ds = new DataSet(); - gives you an untyped dataset

xsd.exe updates the schema for given typed dataset

RowFilter is a where clause for a disconnected dataset

DataReader - does not handle connections for you.  datareader is the return of a command's executrereader method.

instead of While Not rs.EOF you have While dr.Read

for performance, use the type-specific get methods of the datareader instead of the generic ones.

datareaders can only be bound to one control each

Lab 10

Actually pretty good - enough room to go out and hang one's self (always a learning experience).  One thing I like about these labs for the most part is that unlike some courses and books, the final code doesn't show up until after you've done all the work....

Module 11

Stored Procedures

Strengths: ease bandwidth by compiling validations into one message.  also frees the app from caring about the database structure.  Security is better, too.

ExecuteScalar returns first row/first column of the result set

@@return_value - only one value

SQL injection

ExecuteNonQuery

Lab 11

pretty good - strangely uses datareaders while our instructor seemed to indicate that those are less common in the real world.

Module 12

XML

DOM and DataSet models synchronized in VS XmlDataDocument

XQuery used heavily in 2005

query a database and write out the schema - results in xsd file which is the basis of a typed dataset

writing out xml - the structure of the xml depends on the organization of the datasets and how they are related and/or nested.

Lab 12

again, not too bad, but I'd've liked to get into this a little deeper under guidance.

Day 4 - 2005-12-15

Review of day 3

Module 10

• to filter contents of a dataset you must create a dataview 1st and the set the RowFilter
• datareader, light-weight, but needs to be instantiated every time you need the data - forward only, in ADO parlance
• datareaders have a private constructor; you only instantiate them by calling the executereader method of an existing command.  also must manually handle connection properties.
• command.executenonquery - when you're not getting a value (like an update/delete) or when you're returning output parameters
• dataview - 1 table only, so you can't use it to join tables in its dataset (though you could download a JoinView class to do this ).  A better option would be to have the database do the joining in the query for the dataset and then use the resulting table.
• dataadapter update commands do all the tracking of what's updating and what's inserting.  this is done by sql generated by the IDE, so the validation code can be manually modified.
• optimistic vs pessimistic concurrency
• datarelations are only 1 to 0/1/+ - they assume a fairly well-normalized database - i.e. that you'll have an intermediate table between 2 tables to create a many-to-many relationship.
• do not support the idea of an outer join in dataset object

Module 11

• parameters help performance by allowing SQL server to cache query execution plans.  Also good for security.  use them for queries, too!
• stored procedures.  use a command, set the command text to the sp name, set the command type to stored procedure.

Module 12

• xml schemas
• XMLDataDocument - very neat 2-way view of xml data - both hierarchical and like a dataset
• strengths of strongly typed dataset: xsd.exe, also writeXmlSchema method.
• There's a 3-day class just on ADO.Net

Module 13

Calling and Creating Web services

w3schools.com | http://www.w3schools.com/webservices/default.asp | http://www.w3.org/2002/ws/

proxy classes

asmx files have a web service description language reference at *.asmx?wsdl

www.xmethods.net - publish web services references.. also try it link

Lab 13

I've noticed that the one thing that these labs are missing is extensibility.  I'd like to see fairly wide open suggestions for next steps at the end of a lab, perhaps with solution code in an appendix, that can be done if you have time after the lab itself is complete.  Only some of the labs have "time allowed" sections, and those are pretty pitiful.

This was a good lab - stretched my understanding a little bit as I used some different methods of configuring the data access methods than those discussed in the text.  Also, typos in a stored procedure name stumped me for a bit.

Module 14

Managing State

Caching is an alternative to application variables

in-process session variable and application variable storage is fast, but not scalable because it's hard to move those variables from server to server in a web farm.

using sessionState tag in the web.config allows you to set up a state server or to use a database in a sql server.  the server needs to have a service started or there's a database that needs to be set up on the sql server.  There's a script that comes with .net framework that sets up the database.

drag and drop from explorer to cmd.exe - didn't know that; pretty cool!

cookielesssessions - seems a pretty stupid way to handle this - why not put the id string at the end of the url? that would at least allow for absolute urls

also, warning about these sessions and authentication - any user using that same id in a url withint he timeout period will be treated as that user.  probably could check something else stored with the session infomration to minimize this.

I also suspect that this could be used by testing a cookie write out and if no cookies for that user than use a session id in the url.

Lab 14

Even better than the last - some real-world-ish excercises here.

Again with the typos, though, setting Request.Cookie doesn't do much when you're retrieving Reponse.Cookie.

Module 15

Configuring, Optimizing, and Deploying

Cache object

sliding versus absolute

callback - code that runs when something goes out of cache

priority

Lab 15, ex 1-3

pretty good examples of output caching and using the cache object.  the gap between versions of VS (or oversight in the course design) caused some problems insofar as getting things to run properly (params of the cache.add method don't line up quite right).

Day 5 - 2005-12-16

Review of day 4

UDDI

Caching

Module 15 (cont)

Config

Machine.config ->

     web.config (for the app) ->

          web.config (for the subfolder)

things defined above are inherited unless overridden.  Some things can't be overridden, like auth mode.

Case sensitive

appSettings are key/value pairs that define options.

Deployment - copy files, configure target folder as application.  Only copy necessary files, no need to register dll

using the copy project selection automagically creates the app and allows you to select just the necessary files

GAC; sn.exe - need to add <AssemblyKeyFile> to AssemblyInfo.vb

Code Access Security does not require installation in the GAC.

Stopping IIS is not required for deployment, but it's probably a best practice.

Lab 15 ex 4-5

boooring

Module 16

Securing .Net ASP apps

Impersonation.

Windows authent

<location path="...">

     <system.web>

          <authorization>

               <allow/deny users="..."> or roles =""

first match found is the one used, so if you deny all first no one can get in.

Forms Authent

FormsAuthentication.RedirectFromLoginPage() - param to set persistent cookie - also handles redirects automatically.

Lab 16U

Not too bad - gives a good overview of the basic FormsAuthentication methods