6 Point comparison between Apache and IIS Web Servers

1. Open Source Apache is open source and free, but you have to pay to Microsoft for IIS (directly or indirectly by purchasing Windows). 2. Platform Support Apache can run on Linux (LAMP: Linux, Apache, MySQL, PHP) as well as on Windows (WAMP: Windows, Apache, MySQL, PHP). But, IIS runs only on Windows. Apache can run on UNIX, Mac OS X also. 3. Product Support IIS is the preferred choice for the IT companies which uses Windows for development as they are assured to get the support from giant Microsoft but Apache support is available only from open source community, thats why its little hesitating for IT organizations to use it. 4. Technology Support Apache is used with open-source technologies like PHP, Perl and Python, while IIS is specifically designed for Microsofts Active Server Pages. 5. Vulnerability to Threats IIS works with Windows. There are lot of worms, trojans, spyware, malware, viruses for Windows as compared to Linux. So Apache seems to be secure in this respect if used with Linux. 6. Free / Cheaper Web Hosting As compared to IIS, web-hosting on Apache Server is cheaper and you may get free also (with some restrictions like bandwidth, space etc.). In other words, a website created in PHP can be hosted cheaply as compared to a website created in ASP.NET.
Posted by Naresh Kumar at 02:46 4 comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET, PHP

Reactions:
THURSDAY, 17 MAY 2012

Validation Controls in ASP.NET: System.Web.UI.WebControls Class

System.Web.UI.WebControls contains all the validation controls. Here is a brief description of all the validation controls in ASP.NET: 1. RequiredFieldValidator (<asp:RequiredFieldValidator>) Checks that the validated control contains a value. It cannot be empty. <asp:RequiredFieldValidator id="validateTxtName" runat="server"

display="static" controlToValidate="txtName" errorMessage="Name </asp:RequiredFieldValidator>

must

be

entered"

>

2. RegularExpressionValidator (<asp:RegularExpressionValidator>) Checks the value against a regular expression (pattern). Checks that the value in the control matches a specified regular expression. If the validated control is empty, no validation takes place. The most important property in the RegularExpressionValidator is ValidationExpression. <asp:RegularExpressionValidator id="regvH" runat="server" display="static" controlToValidate="txtH" errorMessage="Hours must validationExpression="\d{1,3}"> </asp:RegularExpressionValidator> 3. CompareValidator (<asp:CompareValidator>) Checks if the value is acceptable compared to a given value or compared to the content of another control. In other words, it checks that the value in the validated control matches the value in another control or a specific value. The data type and comparison operation can be specified. If the validated control is empty, no validation takes place. The most important properties in the CompareValidator are ControlToCompare, Operator, and type. <asp:CompareValidator id="comvR" runat="server" display="static" controlToValidate="txtR" errorMessage="Rate ValueToCompare="txtA"> </asp:CompareValidator>

be

1-3

digits

only"

must

be

numeric"

4. RangeValidator (<asp:RangeValidator> Checks if the input controls value is within a specified range. In other words, it checks that the value in the validated control is within the specified text or numeric range. If the validated control is empty, no validation takes place. The most important properties in the RangeValidator are MaximumValue, MinimumValue, and type. <asp:RangeValidator id="ranvDependents" runat="server" display="static" controlToValidate="txtDependents" errorMessage="Must be type="Integer" minimumValue=0 maximumValue=10> </asp:RangeValidator> 5. CustomValidator (<asp:CustomValidator>)

from

to

10"

Allows you to develop custom validation. Performs user-defined validation on an input control using a specified function (client-side, server-side, or both). If the validated control is empty, no validation takes place. The most important property in the CustomValidator is ClientValidationFunction. <asp:CustomValidator id="cusvDeptNum" runat="server" display="static" controlToValidate="txtDeptNum" onServerValidate="validateDeptNum" errorMessage="Must be </asp:CustomValidator>

in

multiples

of

10"

>

6. ValidationSummary (<asp:ValidationSummary>) Displays a summary of all current validation errors. In other words, reports a summary of all errors. The most important properties in the ValidationSummary are DisplayMode, ShowHeaderText, ShowMessageBox, and ShowSummary. <asp:ValidationSummary id="valSummary" runat="server" display="static" headerText="Please showSummary= "True" />

correct

the

following

errors"

Posted by Naresh Kumar at 19:10 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
MONDAY, 14 MAY 2012

WCF: A SOA based Service Framework

WCF stands for Windows Communication Foundation (Code Name: Indigo). Windows Communication Foundation (WCF) is a framework for building service-oriented applications. It is unified programming model provided in .Net Framework 3.0. WCF is meant for designing and deploying distributed applications under Service Oriented Architecture (SOA) implementation. WCF accomodates functionalities of its older communication technologies like: 1. Web 2. Web 3. Microsoft 4. Component 5. .Net Remoting Components of WCF: 1. Service: A service is basically a class written in a .Net compliant language which contains some methods that are exposed through the WCF service. A service may have one or more endpoints an endpoint is responsible for communication from the service to the client. 2. End Points: The End Points consists Address (Where), Contract (What) and Binding (How). Service Enhancement Queuing Model (ASMX) (WSE) (MSMQ) (COM+)

Service Message Object

Address (Where): Indicates where a webservice could be found. Technically speaking, URL of the webservice. Contract (What): Contract is an agreement between two or more parties. It defines the protocol how client should communicate with your service. Technically speaking, it describes parameters and return values for a web method in a web service. Binding (How): Binding specifies what communication protocols are used to access the service, whether security mechanisms are to be used, and the like. WCF includes predefined bindings for most common communication protocols such as SOAP over HTTP, SOAP over TCP, and SOAP over Message Queues, etc. Interaction between WCF endpoint and client is done using a SOAP envelope. SOAP envelopes are in simple XML form that makes WCF platform independent. The mnemonic "ABC" can be used to remember address / binding / Contract. 3. Hosting Environment: WCF can be hosted on IIS or on other environment (Self-hosting). There are two main advantages of using IIS over self-hosting:Automatic activation: IIS provides automatic activation that means the service is not necessary to be running in advance. When any message is received by the service it then launches and fulfills the request. But in case of self hosting the service should always be running. Process recycling: If IIS finds any memory leaks etc in web service, IIS recycles the process. Features of WCF: Service Orientation: One consequence of using WS standards is that WCF enables you to create service oriented applications. Service-oriented architecture (SOA) is the reliance on Web services to send and receive data. The services have the general advantage of being loosely-coupled instead of hardcoded from one application to another. A loosely-coupled relationship implies that any client created on any platform can connect to any service as long as the essential contracts are met. Interoperability: WCF implements modern industry standards for Web service interoperability. Multiple Message Patterns: Messages are exchanged in one of several patterns. The most common pattern is the request/reply pattern, where one endpoint requests data from a second endpoint. The second endpoint replies. There are other patterns such as a one-way message in which a single endpoint sends a message without any expectation of a reply. A more complex pattern is the duplex exchange pattern where two endpoints establish a connection and send data back and forth, similar to an instant messaging program. Service Metadata: WCF supports publishing service metadata using formats specified in industry standards such as WSDL, XML Schema and WS-Policy. This metadata can be used to automatically generate and configure clients for accessing WCF services. Metadata can be published over HTTP and HTTPS or using the Web Service Metadata Exchange standard. Data Contracts: Because WCF is built using the .NET Framework, it also includes code-friendly methods of supplying the contracts you want to enforce. One of the universal types of contracts is the data contract. In essence, as you code your service using Visual C# or Visual Basic, the easiest way to handle data is by creating classes that represent a data entity with properties that belong to the data entity. WCF includes a comprehensive system for working with data in this easy manner. Once you have created the classes that represent data, your service automatically generates the metadata that allows clients to comply with the data types you have designed.

Security: Messages can be encrypted to protect privacy and you can require users to authenticate themselves before being allowed to receive messages. Security can be implemented using well-known standards such as SSL or WS-SecureConversation. Multiple Transports and Encodings: Messages can be sent on any of several built-in transport protocols and encodings. The most common protocol and encoding is to send text encoded SOAP messages using is the HyperText Transfer Protocol (HTTP) for use on the World Wide Web. Alternatively, WCF allows you to send messages over TCP, named pipes, or MSMQ. These messages can be encoded as text or using an optimized binary format. Binary data can be sent efficiently using the MTOM standard. If none of the provided transports or encodings suit your needs you can create your own custom transport or encoding. Reliable and Queued Messages: WCF supports reliable message exchange using reliable sessions implemented over WS-Reliable Messaging and using MSMQ. Durable Messages: A durable message is one that is never lost due to a disruption in the communication. The messages in a durable message pattern are always saved to a database. If a disruption occurs, the database allows you to resume the message exchange when the connection is restored. You can also create a durable message using the Windows Workflow Foundation (WF). Transactions: WCF also supports transactions using one of three transaction models: WSAtomicTtransactions, the APIs in the System.Transactions namespace, and Microsoft Distributed Transaction Coordinator. AJAX and REST Support: REST is an example of an evolving Web 2.0 technology. WCF can be configured to process "plain" XML data that is not wrapped in a SOAP envelope. WCF can also be extended to support specific XML formats, such as ATOM (a popular RSS standard), and even non-XML formats, such as JavaScript Object Notation (JSON). Extensibility: The WCF architecture has a number of extensibility points. If extra capability is required, there are a number of entry points that allow you to customize the behavior of a service. Relation between SOA and WCF 1. In SOA, a service must have End Points. WCF has all these end points: Address, Contract and Binding 2. Versioning of Services in WCF: In SOA, services can be versioned and you can host those services at new end points. For example: You have a service named 'YourService' at end point ep1. Now you make enhancements in your service and launch a new service 'YourService2'. You can use it at another end point say "ep2". So the client who is consuming the service at end ep1 continues and at the other end, you have evolved your service by adding new ends ep2. 3. In SOA, the client who is consuming the service does not need to know how the implementation of the service is done. Services use Schemas to represent data and Contracts to understand behavior. They do not use language dependent types or classes in order to understand data and behavior. XML is used to define schemas and contracts.Same strategy is followed in WCF. Advantages of WCF over older communication technologies: 1. WCF is interoperable with other services when compared to .Net Remoting, where the client and service have to be .Net. 2. WCF services provide better reliability and security in compared to ASMX web services. 3. WCF has integrated logging mechanism, changing the configuration file settings will provide this functionality. In other technology developer has to write the code.

4.

WCF

is

faster

than

previous

communication

technologies

by

microsoft.

Posted by Naresh Kumar at 08:36 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:

WPF (Windows Presentation Foundation): Features

Microsoft introduced WPF (Windows Presentation Foundation) API in .NET 3.0 framework (previously known as WinFX). WPF merged all the unrelated APIs into a single unified object model. WPF combines application UIs, 2D graphics, 3D graphics, documents and multimedia into one single framework. It provides a consistent programming model for building applications and provides a clear separation between the user interface and the business logic. So if you want to use 3D graphics or multimedia for your application, you do not use to need use different APIs. WPF provides all the functionalities you need to develop richer GUI applications. Features of WPF: 1. Separation of Appearance and Behavior: WPF separates the appearance of an user interface from its behavior. The appearance is generally specified in the Extensible Application Markup Language (XAML), the behavior is implemented in a managed programming language like C# or Visual Basic. XAML, the Extensible Application Markup Language is used to create custom controls, graphics, 3D images and animations that are not available in traditional HTML implementations. 2. Rich composition: Controls in WPF are extremely composable. You can define almost any type of controls as content of another. Although these flexibility sounds horrible to designers, its a very powerful feature if you use it appropriate. Put an image into a button to create an image button, or put a list of videos into a combobox to choose a video file. 3. Highly customizable: Because of the strict separation of appearance and behavior you can easily change the look of a control. The concept of styles let you skin controls almost like CSS in HTML. Templates let you replace the entire appearance of a control. 4. Resolution independence: All measures in WPF are logical units - not pixels. A logical unit is a 1/96 of an inch. If you increase the resolution of your screen, the user interface stays the same size - it just gets crispier. Since WPF builds on a vector based rendering engine it's incredibly easy to build scaleable user interfaces. 5. Data binding: WPF has a built-in set of data services to enable application developers to bind and manipulate data within applications. 6. Direct3D: Graphics, including desktop items like windows, are rendered using Direct3D. This allows the display of more complex graphics and custom themes, at the cost of GDI's wider range of support and uniform control theming. It allows Windows to offload some graphics tasks to the GPU. 7. Media services: The WCF provides an integrated system for building user interfaces with common media elements like vector and raster images, audio, and video. WPF also provides an animation system and a 2D/3D rendering system. 8. Templates: In WPF you can define the look of an element directly, via its properties, or indirectly with a Template or Style. 9. Animations: WPF supports time-based animations, in contrast to the frame-based approach. This decouples the speed of the animation from how the system is performing.

10. Imaging: WPF can natively access Windows Imaging Component (WIC) code and APIs allowing developers to write image codecs for their specific image file formats. 11. Documents: WPF natively supports paginated documents. It provides the DocumentViewer class, which is for reading fixed layout documents. 12. Text: WPF includes a number of typographic and text rendering features that were not available in GDI.
Posted by Naresh Kumar at 04:56 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
WEDNESDAY, 9 MAY 2012

40 Objective Type ASP.NET Interview Questions (Part 1)

1. How do you retrieve username in case of Windows Authentication? System.Environment.UserName 2. What is the control for which by default post back is true? Button 3. Where the private assembly is stored in asp.net?. application / bin directory 4. Where the public assembly is stored in asp.net?. Global Assembly Cache (GAC) 5. What events will occur when a page is loaded? 1) Page_PreInit 2) Page_Init 3) Page_InitComplete 4) Page_PreLoad 6. Where is the View state data stored? Hidden Fields 7. What are the different types of sessions in ASP.NET? InProc, StateServer, SQL Server 8. How do you design a website with multilingual support in ASP.NET? By using Globalization and Localization 9. What are the different ways of caching in ASP.NET?

There are three ways of caching in ASP.NET: 1) Output Caching - Caches the whole page. 2) Fragment Caching - Caches a part of the page 3) Data Caching - Caches the data 10. How Automatic Memory Management is done is ASP.NET? By using Garbage Collector 11. How many web.config files can be there in an ASP.NET application? Atleast one 12. How many navigation controls are there in ASP.NET 4.0? There are three navigation controls in ASP.NET 4.0: 1) SiteMapPath 2) Menu 3) TreeView 13. List various event which occur throughout the life cycle of a page. 1)Page_PreInit 2)Page_Init 3)Page_InitComplete 4)Page_PreLoad 5)Page_Load 6)Control Events 7)Page_LoadComplete 8)Page_PreRender 9)SaveViewState 10)Page_Render 11)Page_Unload 14. What is boxing and unboxing? Boxing is what happens when a value-type variable is assigned to a reference-type variable. Unboxing is what happens when a reference-type variable is assigned to a value-type variable. 15. What are the uses of Reflection? Reflection is a concept using which we can 1) Load assemblies dynamically 2) Invoke methods at runtime 3) Retriving type information at runtime. 16. What is the lifespan for items stored in ViewState? The items stored in ViewState live until the lifetime of the current page expires. 17. How can we identify that the Page is Post Back? By using "IsPostBack" property.

18. In which event of page life cycle are the controls fully loaded? Page load 19. What is the basic difference between ASP and ASP.NET? ASP is interpreted whereas ASP.NET is compiled 20. Which is the parent class of the Web server control? The System.Web.Ul.Control 21. How information about the user's locale can be accessed? Using System.Web.UI.Page.Culture property 22. How do you sign out from forms authentication? Using FormsAuthentication.Signout() method 23. What is AutoPostBack? If you want a control to postback automatically when an event is raised, you need to set the AutoPostBack property of the control to True. 24. Define a Multilingual Website. A multilingual Web site serves content in a number of languages. It contains multiple copies for its content and other resources, such as date and time, in different languages. 25. What is actually returned from server to the browser when a browser requests an .aspx file and the file is displayed? When a browser requests an .aspx file then the server returns a RESPONSE, which is rendered into a HTML string. 26. How can you display all validation messages in one control? The ValidationSummary control displays all validation messages in one control. 27. Which two new properties are added in ASP.NET 4.0 Page class? The two new properties added in the Page class are MetaKeyword and MetaDescription. 28. How can you register a custom server control to a Web page? You can register a custom server control to a Web page using the @Register directive. 29. Which ASP.NET objects encapsulate the state of the client and the browser? The Session object encapsulates the state of the client and browser. 30. Which method is used to force all the validation controls to run? The Page.Validate() method is used to force all the validation controls to run and to perform validation.

31. Which method has been introduced in ASP.NET 4.0 to redirect a page permanently? The RedirectPermanent() method added in ASP.NET 4.0 to redirect a page permanently. 32. How can you send an email message from an ASP.NET Web page? You can use the System.Net.Mail.MailMessage and the System.Net.Mail.SmtpMail classes to send an email in your Web pages. In order to send an email through your mail server, you need to create an object of the SmtpClient class and set the server name, port, and credentials. 33. What is the difference between the Response.Write() and Response.Output.Write() methods? The Response.Write() method allows you to write the normal output; whereas, the Response.Output.Write() method allows you to write the formatted output. 34. What does the Orientation property do in a Menu control? Orientation property of the Menu control sets the horizontal or vertical display of a menu on a Web page. By default, the orientation is vertical. 35. Can we validate a DropDownList by RequiredFieldValidator? Yes, we can validate a DropDownList by RequiredFieldValidator. To perform this validation, we have to set the InitialValue property of RequiredFieldValidator control. 36. What are the various ways of authentication techniques in ASP.NET? There are three ways of authentication in ASP.NET: Windows Authentication Forms Authentication Passport 37. What is the difference between a HyperLink control and a LinkButton control? A HyperLink control does not have the Click and Command events; whereas, the LinkButton control has these events, which can be handled in the code-behind file of the Web page. 38. How will your write server-side comments? <%--This is an example of server-side comments --%> 39. How do you prevent a validation control from validating data at the client end? You can prohibit a validation control to validate data at the client side by setting the EnableClientScript property to False. 40. What do you mean by a neutral culture? When you specify a language but do not specify the associated country through a culture, the culture is called as a neutral culture.
Posted by Naresh Kumar at 08:34 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
TUESDAY, 8 MAY 2012

11 Methods to implement 301 Redirect URLs

Need to 301 Redirect URLs: 1. Retains Search Engine Ranking: 301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. It preserves your search engine rankings and indexing for that particular page. 2. Retains your visitors / traffic: If you move your popular page to which a lot of visitors have already linked, you may lose them if you don't used redirect method. This provides a great way to provide your visitors with the information they were looking for and prevent you from losing your traffic. Methods to 301 Redirect URLs: 1. HTML Redirect / Meta Refresh Place the following HTML redirect code between the <HEAD> and </HEAD> tags of your HTML code. <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com"> The above HTML redirect code will redirect your visitors to another web page instantly. The content="0; may be changed to the number of seconds you want the browser to wait before redirecting. 2. PHP Redirect <? Header( "HTTP/1.1 301 Moved Permanently" ); Header( "Location: http://www.new-url.com" ); ?> 3. ASP Redirect <%@ Language=VBScript %> <% Response.Status="301 Moved Permanently" Response.AddHeader "Location","http://www.new-url.com/" %> 4. ASP .NET Redirect <script runat="server"> private void Page_Load(object sender, System.EventArgs e) { Response.Status = "301 Moved Permanently"; Response.AddHeader("Location","http://www.new-url.com"); } </script> 5. JSP Redirect <% response.setStatus(301);

response.setHeader( "Location", "http://www.new-url.com/" ); response.setHeader( "Connection", "close" ); %> 6. CGI PERL Redirect $q = new CGI; print $q->redirect("http://www.new-url.com/"); 7. Ruby on Rails Redirect def old_action headers["Status"] = "301 Moved Permanently" redirect_to "http://www.new-url.com/" end 8. ColdFusion Redirect <.cfheader statuscode="301" statustext="Moved permanently"> <.cfheader name="Location" value="http://www.new-url.com"> 9. Javascript URL Redirect <head> <script type="text/javascript"> window.location.href='http://www.newdomain.com/'; </script> </head> 10. IIS Redirect In internet services manager, right click on the file or folder you wish to redirect Select the radio titled "a redirection to a URL". Enter the redirection page Check "The exact url entered above" and the "A permanent redirection for this resource" Click on 'Apply' 11. Redirect to www using htaccess redirect Create a .htaccess file with the below code, it will ensure that all requests coming in to domain.com will get redirected to www.domain.com. The .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed) Options +FollowSymlinks RewriteEngine on rewritecond %{http_host} ^domain.com [nc] rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc] Note: This .htaccess method of redirection works ONLY on Linux servers having the Apache ModRewrite moduled enabled.
Posted by Naresh Kumar at 18:42 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
MONDAY, 7 MAY 2012

ItemDataBound in ASP.NET
The ItemDataBound event is raised after an item or row is data bound to the DataGrid control. This event provides you with the last opportunity to access the data item before it is displayed on the client. After this event is raised, the data item is nulled out and no longer available. Within the method, we check if the current row is a header or a footer row.To do this we use ListItemType enumeration. ListItemType enumeration contains different types of items(header, footer, item, alternating item etc.) To identify Header: if (e.Item.ItemType == ListItemType.Header) To identify Footer: if (e.Item.ItemType == ListItemType.Footer) To identify Item: if (e.Item.ItemType == ListItemType.Item) To identify AlternatingItem: if (e.Item.ItemType == ListItemType.AlternatingItem) ItemDataBound Function can be used for various functionalities: How to hide any column of a particular row of a DataGrid? procedure TClassName.dgrDataGrid_ItemDataBound(sender: System.Object; e: System.Web.UI.WebControls.DataGridItemEventArgs); begin e.Item.Cells[ColumnName].Attributes.Add('style','display:none'); end; How to change contents of any column of a particular row of a DataGrid? procedure TClassName.dgrDataGrid_ItemDataBound(sender: System.Object; e: System.Web.UI.WebControls.DataGridItemEventArgs); begin if (e.item.ItemType = listItemType.Item) or (e.item.ItemType = listItemType.AlternatingItem) then begin if (e.Item.Cells[ColumnName].Text = 'ABC') then e.Item.Cells[ColumnName].Text := 'XYZ'; end; end; How to change background color a particular row of a DataGrid? procedure TClassName.dgrDataGrid_ItemDataBound(sender: System.Object; e: System.Web.UI.WebControls.DataGridItemEventArgs); begin if (e.item.ItemType = listItemType.Item) or (e.item.ItemType = listItemType.AlternatingItem) then begin e.Item.Style['background'] := 'AliceBlue'; e.Item.Attributes.Item['OrigBackColor'] := 'AliceBlue'; //To retain the previous background color of the row //e.Item.BackColor := System.Drawing.Color.AliceBlue; This is the other way to color the background of the row. end; end; How to add javascript functions on each row of a DataGrid? procedure TClassName.dgrDataGrid_ItemDataBound(sender: System.Object; e: System.Web.UI.WebControls.DataGridItemEventArgs);

begin if (e.item.ItemType = listItemType.Item) or (e.item.ItemType = listItemType.AlternatingItem) then begin e.Item.Attributes.Add('onselectstart', 'return OnSelectStartFunction();'); e.Item.Attributes.Add('onclick',' return OnClickFunction();'); e.Item.Attributes.Add('ondblclick',' return OnDoubleClickFunction();'); e.Item.Attributes.Add('onmouseover','changeStyle();'); end; end; In this way, you can use itemdatabound function to perform a lot of functionalities.
Posted by Naresh Kumar at 07:16 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
MONDAY, 23 APRIL 2012

How the ASP.NET authentication process works?

ASP.NET does not run by itself, it runs inside the process of IIS. Therefore, there are two authentication layers, which exist in ASP.NET system. First authentication happens at the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file. Below is how the whole process of authentication in ASP.NET works? 1. IIS first checks to make sure the incoming request comes from an IP address that is allowed access to the domain. If not it denies the request. 2. Next IIS performs its own user authentication if it is configured to do so. By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per application basis with in IIS. 3. If the request is passed to ASP.NET with an authenticated user, ASP.NET checks to see whether impersonation is enabled. If impersonation is enabled, ASP.NET acts as though it were the authenticated user. If not ASP.NET acts with its own configured account. *Impersonation: Impersonation is when ASP.NET executes code in the context of an authenticated and authorized client. By default, ASP.NET does not use impersonation and instead executes all code using the same user account as the ASP.NET process, which is typically the ASPNET account. 4. Finally, the identity from step 3 is used to request resources from the operating system. If ASP.NET authentication can obtain all the necessary resources, it grants the users request otherwise it is denied. Resources can include much more than just the ASP.NET page itself you can also use .NETs code access security features to extend this authorization step to disk files, Registry keys and other resources.
Posted by Naresh Kumar at 17:49 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:

Response.Redirect vs Server.Transfer: What to use when? An 11 point comparision

1. Response.Redirect simply sends a message to the browser, directing it to move to another page.

Example: Response.Redirect("default.aspx"); or Response.Redirect("http://www.dzone.com"); On the other hand, Server.Transfer does not initiate another request to the server, but the original request is simply rewritten and transfered to some other page on the same server. Example: Sever.Transfer("default.aspx"); 2. Server.Transfer changes the "focus" on the Webserver and transfers the request. This means you don't get quite as many HTTP requests coming through, which therefore eases the pressure on your Web server and makes your applications run faster. On the other hand, Response.Redirect will instruct browser to call a particular webpage.This will increase one request and one response between the client and server. This extra round-trip is often inefficient and unnecessary. 3. Server.Transfer maintains the original URL in the browser but Response.Redirect changes the URL. 4. The Server.Transfer method also has a second parameter"preserveForm". If you set this to True, using a statement such as Server.Transfer("default.aspx", True), the existing query string and any form variables will still be available to the page you are transferring to. By default, this variable is always true. For example, if your default.aspx has a TextBox control called "TextBox1" and you transferred to default2.aspx with the preserveForm parameter set to True, you would be able to retrieve value of the "TextBox1" of default.aspx by using "PreviousPage.FindControl" method. But in case of Respons.Redirect, by the time default2.aspx is requested, default.aspx is flushed from the servers memory and no information can be retrieved about it unless the developer explicitly saved the information using some technique like session, cookie, application, cache etc. 5. By Response.Redirect, we can navigate to another page in same site as well as different site, but by Server.Transfer we can only navigate the page that exists in same website. 6. Server .Transfer will also cause confusion when user refreshes the page. If user is on Page1 and by using Server.Transfer, user sees the Page2. The url on browser is still of Page1. So, if user refreshes the page, Page1 will be refreshed instead of Page2. This problem will never appear in case of Response.Redirect. 7. Server.Transfer may cause confusion while debugging as the URL does not change unlike Response.Redirect. 8. Response.Redirect is used like GET method in which we can see all information or address where we will be go. Server.Transfer is used like POST method in which one cannot see full address. 9. Resonse.redirect can be used both for aspx and html pages. But server.transfer is only used for aspx pages it will not work for html pages. 10. In case of Server.Transfer the browser's history is not updated but in Response.Redirect the browser's history is updated. 11. Bookmarking is ambiguous in case of Server.Transfer while in Response.Redirect, user can clearly bookmark a page. Summary: What should be used where?

Response.Redirect should be used when: 1. We want to redirect the request to some plain HTML pages on our server or to some other web server. 2. We don't care about causing additional roundtrips to the server on each request. 3. We do not need to preserve Query String and Form Variables from the original request. 4. We want our users to be able to see the new redirected URL where he is redirected in his browser (and be able to bookmark it if its necessary) Server.Transfer should be used when: 1. We want to transfer current page request to another .aspx page on the same server. 2. We want to preserve server resources and avoid the unnecessary roundtrips to the server. 3. We want to preserve Query String and Form Variables. 4. We don't need to show the real URL where we redirected the request in the users Web Browser
Posted by Naresh Kumar at 08:52 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
SUNDAY, 22 APRIL 2012

GET vs POST: Which one is better? A 10 point comparision

1. Data Size Restriction in GET: There is a character restriction of 255 in the URL. This is mostly the old browsers restriction and new ones can handle more than that. But we can't be sure that all our visitors are using new browsers. So when we show a text area or a text box asking users to enter some data, then there will be a problem if more data is entered. This restriction is not there in POST method. We can transfer unlimited data using POST. In PHP by default 8MB of data can be transferred. (can be changed by setting the post_max_size in the php.ini file) 2. Data Type Restriction in GET: As the data transfers through address bar ( URL ) there are some restrictions in using space, some characters like ampersand ( & ) etc in the GET method of posting data. We have to take special care for encoding (while sending) and decoding (while receiving) data if such special characters are present. 3. Security: In GET method data gets transferred to the processing page in name value pairs as a query string in URL, so it is exposed and can be easily traced by visiting history pages of the browser. Data is always submitted in the form of text. So any login details with password should never be posted by using GET method. On the other hand, POST is much more secure. In case of POST, all the name value pairs are submitted in the Message Body of the request. 4. Speed: GET is faster than POST. 5. Bookmarking: There are some special cases where advantage of using GET method is, one can store the name value pairs as bookmark and directly use them by bypassing the form. But you cannot bookmark using POST method. 6. If POST method is used and if the page is refreshed it would prompt before the request is resubmitted but it would not prompt if GET method is used. 7. Uploading files through input type file is possible in POST but not with GET method. 8. There are chances for data lost after server encoding in GET method but no data loss occurs in case of POST method.

9. GET uses STACK method for passing form variables while POST method uses HEAP method for passing form variables. 10. GET can store up to 18 form variables but there is no limit in case of POST method.
Posted by Naresh Kumar at 21:03 5 comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:

HTTP vs HTTPS: Similarities and Differences

What is HTTPS? HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol developed by Netscape. One can say: HTTPS = HTTP + SSL HTTPS uses Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering. Need of HTTPS: Hypertext Transfer Protocol (HTTP) is a protocol for transmitting and receiving information across the Internet. HTTP serves as a request and response procedure that all agents on the Internet follow so that information can be rapidly, easily, and accurately disseminated between servers, which hold information, and clients, who are trying to access it. You normally use HTTP when you are browsing the web, its not secure, so someone can eavesdrop on the conversation between your computer and the web server. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, https, or secure http, was developed by Netscape corporation to allow authorization and secured transactions. Similarity between HTTP and HTTPS: In many ways, https is identical to http, because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. When a server receives a request, it returns a status and a message, which may contain the requested information or indicate an error if part of the process malfunctioned. Both systems use the same Uniform Resource Identifier (URI) scheme, so that resources can be universally identified. Use of https in a URI scheme rather than http indicates that an encrypted connection is desired. Difference between HTTP and HTTPS: 1. URL begins with http://" in case of HTTP while the URL begins with https:// in case of HTTPS. 2. HTTP is unsecured while HTTPS is secured. 3. HTTP uses port 80 for communication while HTTPS uses port 443 for communication. 4. HTTP operates at Application Layer while HTTPS operates at Transport Layer. 5. No encryption is there in HTTP while HTTPS uses encryption. 6. No certificates required in HTTP while certificates required in HTTPS. How HTTPS works? For HTTPS connection, public key and signed certificates are required for the server. When using an https connection, the server responds to the initial connection by offering a list of encryption methods it supports. In response, the client selects a connection method, and the client and

server exchange certificates to authenticate their identities. After this is done, both parties exchange the encrypted information after ensuring that both are using the same key, and the connection is closed. In order to host https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner's identity. Most certificates are verified by a third party so that clients are assured that the key is secure. In other words, we can say, HTTPS works similar to HTTP but SSL adds some spice in it. HTTP includes the following actions: 1. The browser opens a TCP connection. 2. The browser sends a HTTP request to the server 3. The server sends a HTTP response to the browser. 4. The TCP connection is closed. SSL will include the following actions: 1. Authenticate the server to the client. 2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support. 3. Optionally authenticate the client to the server. 4. Use public-key encryption techniques to generate shared secrets. 5. Establish an encrypted SSL connection. 6. Once the SSL connection is established the usual transfer of HTTP requests will continue. Where should https be used? HTTPS should be used in Banking Websites, Payment Gateway, Shopping Websites, Login Pages, Emails (Gmail offers HTTPS by default in Chrome browser) and Corporate Sector Websites. For example: PayPal: https://www.paypal.com Google AdSense: https://www.google.com/adsense/ Beware of using Credit Card Numbers on Internet: If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number! Browser integration Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid certificate, would present the user with a dialog box asking if they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site's security information in the address bar. Extended validation certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site that contains a mixture of encrypted and unencrypted content.
Posted by Naresh Kumar at 20:23 1 comment: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
FRIDAY, 20 APRIL 2012

How IIS processes ASP.NET request?

Before understanding the full flow, we have to go through following concepts:

IIS: IIS (Internet Information Server) is one of the most powerful web servers from Microsoft that is used to host your ASP.NET Web application. IIS has its own ASP.NET Process Engine to handle the ASP.NET request. So, when a request comes from client to server, IIS takes that request and process it and send response back to clients. Worker Porcess (w3wp.exe): Worker Process (w3wp.exe) runs the ASP.Net application in IIS. This process is responsible to manage all the request and response that are coming from client system. In short, Worker process is the heart of ASP.NET Web Application which runs on IIS. Application Pool: Application pool is the container of worker process. Application pools is used to separate the sets of IIS worker processes that share the same configuration. This makes sure that a particular web application doesnt not impact other web application. Note: One Application Pool can have one or many Worker Processes. An application pool with more than one worker process is called 'Web Garden'. HTTP.SYS Process: HTTP.SYS resides in Kernel Layer of IIS. HTTP.SYS is responsible for pass the request to particular Application pool. It contains the ID of each Application Pool. (Whenever we creates a new Application Pool, the ID of the Application Pool is being generated and its registered with the HTTP.SYS). WAS (Web Admin Services): WAS resides in User Layer of IIS. It takes the request from HTTP.SYS and pass it to the respective application pool. ISAPI extensions: ISAPI extensions are the IIS way to handle requests for different resources. Once ASP.NET is installed, it installs its own ISAPI extension (aspnet_isapi.dll) and adds the mapping into IIS. Note: Sometimes if we install IIS after installing asp.net, we need to register the extension with IIS using aspnet_regiis command. Flow of ASP.NET Request: 1. Client Request hits the web server. Internally this request comes to Kernel Layer of IIS means at HTTP.SYS. 2. HTTP.SYS indentifies the name and ID of Application Pool for that ASP.NET Request. 3. Now Request comes to user level of IIS. WAS (Web Admin Service) puts the request from HTTP.SYS to Application Pool. 4. When Application pool receive the request, it simply pass the request to worker process (w3wp.exe). 5. The worker process w3wp.exe looks up the URL of the request in order to load the correct ISAPI extension (aspnet_isapi.dll). 6. ISAPI creates an HTTPRuntime Object to Process the request via HTTPModule and HTTPHanlder.HTTPRuntime is an entry point of the application. Note: After these steps, After that the ASP.NET Page LifeCycle events starts. Conclusion: HTTP.SYS (Kernel Layer) --> WAS (Web Admin Services) (User Layer) --> Application Pool --> Worker Process (w3wp.exe) --> ISAPI Process (aspnet_isapi.dll) --> HTTPRuntime Process
Posted by Naresh Kumar at 09:08 3 comments: Email ThisBlogThis!Share to TwitterShare to Facebook

Labels: DOTNET

Reactions:

AutoEventWireup in ASP.NET: Why my ASP.NET events fire twice?

Here is a brief description of AutoEventWireup attribute in ASP.NET. 1. AutoEventWireup is an attribute in Page directive. <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> We can specify the default value of the AutoEventWireup attribute in the following locations: 1. The 2. The 3. Individual 4. Web User Controls (.ascx files) Machine.config Web.config Forms file. file. files).

Web

(.aspx

If you make these changes in the Machine.config file, the changes affect all ASP.NET Web Forms on the computer. If you make these changes in the Web.config file, the changes affect only the application that the file belongs to. However, to make changes in the individual Web Form Only, we have to add the AutoEventWireup attribute to the @ Page directive, as shown above. 2. AutoEventWireup is a Boolean attribute that indicates whether the ASP.NET pages events are autowired. 3. AutoEventWireup will have a value true or false. By default it is true in C# and false in VB.NET. VB.NET has a mechanism for defining an event handler and subscribing to an event with the'Handles' keyword. Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load End Sub There is no equivalent to the Handles keyword in C#. Thats why AutoEventWireup is by default true in C#. protected { } void Page_Load(object sender, EventArgs e)

AutoEvenWireup = "TRUE" The ASP.NET page framework supports an automatic way to associate page events and methods. If you do set AutoEventWireup to true, Visual Studio will generate code to bind the events and the page framework will automatically call events based on their names. In that case, no explicit Handles clause or delegate is needed. AutoEventWireup = "FALSE" If you do set AutoEventWireup to false, Visual Studio will not be able to generate code to bind the events. In this case, you must define explicit Handles clause or delegate. public { partial class _Default : Page

public Load PreInit } protected void Page_Load(object += += new new

_Default() { EventHandler(Page_Load); EventHandler(Page_PreInit); sender, EventArgs e) {

} protected void Page_PreInit(object sender, EventArgs e) { } } Why my ASP.NET events fire twice? A very common question asked. The simple answer to this question is: If you have AutoEventWiureUp="TRUE" as well as you also have defined delegates for the event handling in your code, .NET Framework will automatically call methods based on their names and also the methods you defined explicitly. Disadvantage of AutoEventWireup = "TRUE" 1. The disadvantage of the AutoEventWireup attribute is that it requires that the page event handlers have specific, predictable names. This limits your flexibility in how you name your event handlers. 2. If you do set AutoEventWireup to true and also defined event handlers, Visual Studio will generate code to bind the events and the page framework will automatically call events based on their names. This can result in the same event code being called twice when the page runs. As a consequence, you should always leave AutoEventWireup set to false when working in Visual Studio. 3. Performance Issue: Another disadvantage is that performance is adversely affected, because ASP.NET searches for methods at run-time. For a Web site with high traffic volumes, the impact on performance could be significant.
Posted by Naresh Kumar at 08:50 No comments: Email ThisBlogThis!Share to TwitterShare to Facebook Labels: DOTNET

Reactions:
THURSDAY, 19 APRIL 2012

Web Farms in ASP.NET: Advantages and Issues

Web Farm: When we host a web application over multiple web server to distribute the load among them is called Web Farm. Web Farms are Load Balanced. Need of Web Farm: After developing our asp.net web application, we host it on web server. Now one standalone server is sufficient to process ASP.NET Request and response for small web sites but when the site comes for big organization where there an millions of daily user hits then we need to host the sites on multiple Server. This arises the need of web farms. You can increase the number of servers in web farms as your traffic increases.

Role of Load Balancer in Web Farms: Load Balancer IP is exposed to external worlds to access. So whenever some request will come to server from clients, it will first hit the Load Balancer, then based on the traffic on each server Load Balancer distribute the request to corresponding web server. These web servers may share same database server or may be they can use replicated server in the back end. Advantages of Web Farm 1. It provides high availability. If any of the servers in the farm goes down, Load balancer can redirects the requests to other servers. 2. Provides high performance response for client requests. 3. Provides Better scalability of the web application and reduce the failure of application. 4. Session and other resource can be stored in a centralized location to access by the all server. Issues with Web Farms: There are many issues with web farms: 1.State 2.Caching 3.Database 4.Application 5.Deployment 6.Monitoring management loading pool (Cookies, ViewState, and Cache (managing round-trips, partitioning, management (WSRM, pool etc) invalidation disk subsystem, etc) resets, partitioning) Sessions

How to manage Session in Web Farm Mode? Lets take an example: When a user selects an item from a DropDownList and then clicks a submit button, the Click event on the button redirects them to the value of the selected item. This works fine if you are on Webserver1 and the button click PostBacks to Webserver1. If you are on Webserver1 and the load balance submits back to Webserver2, the page reloads and the Button click event never fires. Solution: While using session, requests are distributed among different servers. By default session mode is set to In Proc where session data stored inside worker process memory. But, In Web farm mode we can share the session among the entire server using a single session store location my making it Out proc (State Server or SQL Server Mode). So, if some of the server goes down and request transferred to the other server by the Load balancer session data should be available for that request. How to solve caching issues? Centralized Cache location One Cache-application is to be created, which will take care of the caching and returning the cached items. And that is to be placed in centralized location. All applications should send the data to be cached, to that cache-application. The Cache-application will store the data. When any application requests the cached data, it will be retrieved from the Cache-application. (The centralized Cache-application can be called with credentials.) SQL server caching SQL Server caching is easy to implement by using ADO.NET and the .NET Framework, and it provides a common development model to use with existing data access components. It provides a robust security model that can easily be configured to work across a Web farm using SQL Server replication. If the application requires cached data to persist across process recycles, reboots, and power failures, inmemory cache is not an option. In such cases, Caching mechanism based on a persistent data store,

such as SQL Server or the NTFS file system. It also makes sense to use SQL Server to cache smaller data items to gain persistency. Because the cache service needs to access SQL Server over a network and the data is retrieved using database queries, the data access is relatively slow. We need to carefully compare the cost of recreating the data versus retrieving it from the database. Monitoring: To detect problems that affect a single server or the whole site, you must monitor both the external URL for the site and the URLs for each of the Web servers. Synchronize Configuration and Content: You need to ensure that the config files are present in the right path on all the servers, and that their contents are continuously in sync.