CYAN MAGENTA
YELLOW BLACK PANTONE 123 C
BOOKS FOR PROFESSIONALS BY PROFESSIONALS ®
THE EXPERT’S VOICE ® IN .NET Companion eBook Available
Pro ASP.NET Extensibility This book is intended for advanced web developers interested in learning about the internal workings of ASP.NET. I assume that you already have some experience writing web applications, that you’ve actively created some web projects, and you want to take your skills a step further. What if your next customer wishes to run a large server cluster, a site with thousands of pages, complex navigation, and heavy database access? ASP.NET can handle this, but its out-of-the-box features won’t be adequate. This book covers situations like these in detail and shows you what to do when ASP.NET reaches its limits. You’ll learn how to extend, customize, and enhance this platform to get what you want. “No more compromise” is my motto. Throughout my years of experience programming ASP.NET, I’ve noticed that developers often complain about incorrect behavior, supposed bugs, incomplete implementations, or missing features. In most of these situations I don’t agree that ASP.NET is deficient or faulty. I’ll demonstrate that the key to success with ASP.NET is a deep understanding of the platform that goes beyond the basics. ASP.NET is not perfect—it has its rough edges, like any other piece of software. However, Version 3.5 is top of the line, providing almost everything you need in order to get your professional projects functioning well. Really, really well. This is what I’d like to tell you: learn, explore, understand, and you will be the professional developer you want to be. Jörg Krause ASP.NET MCP
THE APRESS ROADMAP
Companion eBook
Pro ASP.NET 3.5 in C# 2008
Pro ASP.NET Extensibility
Practical ASP.NET 3.5
Ultra-fast ASP.NET
Pro ASP.NET Extensibility
Dear Reader,
Pro
ASP.NET Extensibility Explore how to break through ASP.NET’s boundaries and extend, customize, and enhance the platform
Beginning ASP.NET 3.5 in C# 2008
See last page for details on $10 eBook version
ISBN 978-1-4302-1983-5 90000
www.apress.com
Krause
SOURCE CODE ONLINE
Jörg Krause
Shelve in .NET User level: Intermediate–Advanced
9 781430 219835
this print for content only—size & color not accurate
spine = 0.829" 432 page count
Download at WoweBook.Com
Pro ASP.NET Extensibility
Jörg Krause
Download at WoweBook.Com
Pro ASP.NET Extensibility Copyright © 2009 by Jörg Krause All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-1983-5 ISBN-13 (electronic): 978-1-4302-1984-2 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Jonathan Hassell Technical Reviewer: Stefan Turalski Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Kylie Johnston Copy Editor: Katie Stence Associate Production Director: Kari Brooks-Copony Production Editor: Laura Esterman Compositor: Diana Van Winkle Proofreader: Dan Shaw Indexer: BIM Indexing & Proofreading Services Artist: April Milne Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail kn`ano)ju
Download at WoweBook.Com
Contents at a Glance
About the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
CHAPTER 1
Understanding ASP.NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
CHAPTER 2
Worker and Threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
CHAPTER 3
Modules and Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
CHAPTER 4
Providers and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
CHAPTER 5
Extending the Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
CHAPTER 6
Page and Session Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
CHAPTER 7
Security and User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
CHAPTER 8
Site Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
CHAPTER 9
Control Extensibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395
iii Download at WoweBook.Com
Download at WoweBook.Com
Contents
About the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
CHAPTER 1
Understanding ASP.NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 A Promise in Advance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 The Low-Level Architecture of Request Handling . . . . . . . . . . . . . . . . . . . . . . . . . . .1 What Is ASP.NET? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 The Lifetime of a Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Request Comes In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Getting into the .NET Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 HttpContext and HttpApplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Flowing Through the ASP.NET Pipeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Modules and Handlers Using HttpModule and HttpHandler . . . . . . . . . . . . .19 The Life Cycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 IIS7 Integrated Pipeline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 The Application’s Pipeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 The Request Arrives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 The Page’s Life Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Page Request Stages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Events Fired Within the Life Cycle’s Stages . . . . . . . . . . . . . . . . . . . . . . . . . .27 Additional Page Life Cycle Considerations . . . . . . . . . . . . . . . . . . . . . . . . . .29 Dynamic Controls and Data Binding Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Dynamic Control Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Data Binding Events for Data-Bound Controls . . . . . . . . . . . . . . . . . . . . . . .30 Login Control Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 View State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Why Understanding View State Is Important . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 A Word Regarding Control State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 The Page Cycle from the View State Perspective . . . . . . . . . . . . . . . . . . . . . . . . . .33 Step One—Instantiation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Step Two—Initializing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Step Three—Loading the View State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Step Four—Loading Postback Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Step Five—Loading Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 v Download at WoweBook.Com
vi
NCO NTENT S
Step Six—Raising Postback Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Step Seven—Storing the View State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Step Eight—Rendering the Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 The True Role of View State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 View State Anti-Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Forcing a Default. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Persisting Constant Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Persisting Cheap Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Initializing Child Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Attaching Dynamic Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Initializing Dynamically Created Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
CHAPTER 2
Worker and Threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Managing the Worker Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Managing Worker Processes and AppDomains in IIS7 . . . . . . . . . . . . . . . .53 Understanding and Using Threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70 ASP.NET Thread Usage on IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70 Tune the Threading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73 Threading and Asynchronous Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
CHAPTER 3
Modules and Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107 Module, Handlers, and IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 IIS7 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 The IIS7 Managed Module Starter Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113 Building a Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 Interaction Between Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Configuration and Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Built-In Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Extending ASP.NET Using Http Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Building a Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124 Advanced Usage of Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136 Asynchronous Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Prepare Pages for Asynchronous Operation. . . . . . . . . . . . . . . . . . . . . . . . .138 Using a Public Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 Configuration and Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Download at WoweBook.Com
NC O N T E N T S
Testing and Debugging Modules and Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Debug Using IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Set Up Tracing for Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
CHAPTER 4
Providers and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 The Provider Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Goals of the Provider Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Default Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Built-In Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 Extending Built-In Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 The Anatomy of a Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157 Making the Provider Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158 Configuring the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158 General Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Initialization Procedure of a Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Thread Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Creating a Custom Provider-Based Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Limitations of the Code Samples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Creating a Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164 Creating the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165 Configuring Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170 Using the Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 Extending the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174 How to Scaffold a Configuration Section . . . . . . . . . . . . . . . . . . . . . . . . . . .174 Anatomy of a Configuration Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174 The Class Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175 Attributes to Control Elements’ Behaviors . . . . . . . . . . . . . . . . . . . . . . . . . .176 Definition of a Simple Configuration Section . . . . . . . . . . . . . . . . . . . . . . . .176 Usage of a Custom Configuration Section . . . . . . . . . . . . . . . . . . . . . . . . . .180 Accessing the Configuration Declaratively . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181 Extending the Expression Binding Syntax . . . . . . . . . . . . . . . . . . . . . . . . . .181 Introduction to Expression Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181 Creating an Expression Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183 Accessing Settings for Non-Compiled Pages . . . . . . . . . . . . . . . . . . . . . . . .187 Beyond Simple Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188 Design-Time Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Implementing an Expression Builder with Design-Time Support . . . . . . .190 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Download at WoweBook.Com
vii
viii
NCO NTENT S
CHAPTER 5
Extending the Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 Principles of Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 The Fallback Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 Using Global Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Limitations of the Existing Provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Programming a Custom Resource Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Extending the Provider Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 Implementing the Custom Provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Configure the Resource Provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Using the Custom Resource Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Implementing Design-Time Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209 Register the Design-Time Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209 Edit Resources at Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219 Creating an Online Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
CHAPTER 6
Page and Session Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 The Page State Persister . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 A Look Back. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 The Default Page State Persister . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 State Storage in ASP.NET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Persisting Page State Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 View State Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Control State Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 The Default Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249 Changing the Default Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Developing a Custom Page State Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Choosing the Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Analyzing a Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Implementing the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Extending the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Maintaining the Storage by Using the Health Monitor. . . . . . . . . . . . . . . . .254 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256 Session State Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256 The Session State Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256 Identifying the Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258 The Internal State Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 Improving the Session State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263 Implementing the Session State Store Provider . . . . . . . . . . . . . . . . . . . . . . . . . .264 The Session State Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264 Download at WoweBook.Com
NC O N T E N T S
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266 Implementation of a File-Based Session State Persister . . . . . . . . . . . . . .267 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
CHAPTER 7
Security and User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273 Built-In Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273 Authentication Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276 Authorization Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276 The User Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277 Extending Membership and Role Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281 Why Create a Membership Provider? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281 Solution Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282 Developing Membership and Role Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282 Create Web Service–Driven Membership Provider . . . . . . . . . . . . . . . . . . .282 Create Web Service–Driven Role Provider . . . . . . . . . . . . . . . . . . . . . . . . . .282 Configuring the Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298 Implementing the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Configuring the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308 Testing the Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308 Extending Profile Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310 The Profile Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310 Understanding the Profile Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310 Configuring Custom Profile Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314 Implementing a Custom Profile Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314 Preparation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314 Implementing the Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319 A Client Side–Driven Profile Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Extending Web Parts Personalization Providers. . . . . . . . . . . . . . . . . . . . . . . . . . .329 Understanding the Web Parts Personalization Provider . . . . . . . . . . . . . . .329 Implementing a Custom Personalization Provider . . . . . . . . . . . . . . . . . . . .331 Testing the Custom Web Part Personalization Provider . . . . . . . . . . . . . . .339 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
CHAPTER 8
Site Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Site Map Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Internal Site Map Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Localization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343 Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343 Reasons to Write a Custom Sitemap Provider . . . . . . . . . . . . . . . . . . . . . . .343 Writing a Custom Sitemap Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Learning About the Base Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Download at WoweBook.Com
ix
x
NCO NTENT S
Implementing a SQL Server–Based Navigation . . . . . . . . . . . . . . . . . . . . . .348 Suggestions for Extending the Example . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 Extending the VirtualPathProvider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 Using the VirtualPathProvider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 Register the VirtualPathProvider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355 Prerequisites for a VirtualPathProvider . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356 Helpful Classes for Path and File Operations . . . . . . . . . . . . . . . . . . . . . . . .357 Creating a Virtual Path Provider to Get Themes from Database . . . . . . . .358 Limitations of the VirtualPathProvider Approach . . . . . . . . . . . . . . . . . . . . .371 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
CHAPTER 9
Control Extensibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 Adaptive Control Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 The Default Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374 Using Control Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376 Using Page Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379 Device-Specific Filter for Adaptive Behavior . . . . . . . . . . . . . . . . . . . . . . . .381 Using Control Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Device Friendly Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 CSS Friendly Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Other Adapter Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Writing a Custom Control Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Steps for Creating the Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 The Example Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386 Why Use HtmlTextWriter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390 Configure the Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390 Writing a Custom Page Adapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391 Steps for Creating the Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391 Configure the Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395
Download at WoweBook.Com
About the Author
NJÖRG KRAUSE has been working with software and software technology since the early 1980s, beginning with a ZX 81 and taking his first steps as a programmer in BASIC and assembly language. He studied information technology at Humboldt University, Berlin, but in the 1990s he left early to start his own company. He has worked with Internet technology and software development since the early days when CompuServe and FidoNet dominated. He’s been with Microsoft Technologies and Software since Windows 95. In 1998, he worked on one of the first commercial e-commerce solutions, and wrote his first book in Germany, E-Commerce and Online Marketing, published by Carl Hanser Verlag, Munich. Due to its wide success, he started working as a freelance consultant and author in order to share his experience and knowledge with others. He has written several books for Hanser, Addison-Wesley, and other major publishers in Germany—a total of more than 40 titles. He also publishes articles in magazines and speaks at conferences in Germany, including BASTA. Currently, Jörg works as a senior consultant for Microsoft Technologies at Computacenter AG & Co. oHG in Berlin. In his occasional spare time, Jörg enjoys reading thrillers and science fiction, as well as playing badminton in the winter and golf in the summer.
xi Download at WoweBook.Com
Download at WoweBook.Com
About the Technical Reviewer
NSTEFAN TURALSKI is a nice chap who is capable of performing both magical and trivial things with a little help from code, libraries, tools, APIs, and servers. Wearing many hats, he has experience in almost all aspects of the software life cycle, and is especially skilled in business analysis, design, implementation, testing, and QA, as well as team management. His main areas of interest are quite wide but include emerging technologies with recent focus on RIA (Silverlight and AIR), cloud computing, functional programming, and software engineering at large. Before he realized that he enjoys criticizing other people’s work more, Stefan published several technical articles mainly about .NET technology, SOA, software engineering, and mobile development. For the last 10-plus years, he has been building solutions ranging from Perl scripts, integrations of SQLite, and Web sites, to highly scalable .NET and COM+ enterprise-class systems. Feel free to contact him at opab]j*pqn]hoge
xiii Download at WoweBook.Com
Download at WoweBook.Com
Acknowledgments
I
’d like to mention the people who helped me create this book and make it what it is. First, I’d like to thank David White and his daughter, Rebekah, for their amazing work smoothing my style and cajoling it into readable English. I know you had a challenging task. I can’t forget the support from Jonathan Hassell for my first steps into the Apress world, as well as the continuing help from Kylie Johnston. Thanks for your frequent reminders about the deadline, Kylie. They really motivate lazy writers back to the keyboard. Thanks to our technical reviewer, Stefan, who opened my mind with his remarks and code style ideas, and pointed out the mistakes that I made in haste. His work greatly improved the quality of this book. Last, but not least, I’d like to thank my family and friends for understanding when I went back to the computer to continue writing or fighting with Visual Studio, while they sat on the terrace for a barbeque. Believe me, it was much harder for me than for you.
xv Download at WoweBook.Com
Download at WoweBook.Com
Introduction
What Does This Book Cover? ASP.NET is an established and well-known web application framework, and there are several books on the market with different emphases and at different levels. However, ASP.NET is becoming more and more a foundation technology upon which larger and larger projects are being built. Developers are facing increasing complexity and greater demands to fulfill in their daily tasks. This book examines in-depth the technology beyond the basic ASP.NET topics available elsewhere. It’s full of practical tips and tricks from an experienced developer. You’ll learn not only how things work, but also why. By adopting this knowledge, you will succeed in extending and adapting highly useful functionality in your own projects. Extensibility is covered in great depth. Developers have a tendency to use a framework, language, or piece of software “as is.” Even in the age of open source software, most developers don’t look inside existing code or attempt to adapt it to fit their needs. Instead, they write their own code. For years, I’ve been asking developers why they avoid third-party code and go to such lengths in order to write essentially the same software. It’s usually because if they’ve created it, they know that they can control, understand, and master it. With .NET 2.0, Microsoft shifted the ASP.NET framework towards a new paradigm—the paradigm of extensibility. This allows developers to extend Microsoft’s software and adapt the parts to behave exactly as you would have designed. Microsoft encourages you to change existing behaviors, add features, modify settings, and basically do whatever you want in order to get the most out of their framework. However, never ignore infrastructure parts of the framework or replace them completely with your own code. Almost every ASP.NET book explains ASP.NET from the ground up—some are in-depth and some provide clear details, but ASP.NET is always treated “as is.” Their failing is in treating ASP.NET like concrete—when, in fact, it’s like Lego™. My underlying motivation for writing this book was to educate developers about this overlooked aspect of ASP.NET: the many ways it can be extended.
Conventions Used in This Book We understand that you’re eager to start reading and learning, but it is worth taking a few seconds to look over this section—it will help you to get the most out of this book. Several icons and font conventions are used throughout:
s 3CREEN MESSAGES CODE LISTINGS AND COMMAND SAMPLES APPEAR IN ikjkol]_apula.
s 4HE SAME ikjkol]_abkjp is used for HTML, ASP.NET controls (declarative listings), and XML snippets.
s )MPORTANT PARTS OF A LISTING ARE HIGHLIGHTED IN ^kh`ikjkol]_a.
s #ODE RELATED TEXT INCLUDES MANY REFERENCES TO CODE SUCH AS METHOD NAMES CLASS NAMES namespaces, members, and so on. This is a mixture of common framework names and the ones I’ve used in examples. To distinguish between them, all framework names (from the Microsoft world) are set in ikjkol]_a, while all private names are set in italics.
s 4O EMPHASIZE OR QUOTE THINGS hQUOTESv ARE OCCASIONALLY USED xvii Download at WoweBook.Com
xviii
NINT ROD UC TION
Several icons highlight important definitions, cautions, and conclusions.
NTip
This is a tip.
NNote
A note that explains a topic further but is not required for understanding the main topic.
NCaution
A warning to keep you from common pitfalls.
Who This Book Is For This book is intended for advanced web developers interested in learning about the internal workings of ASP.NET. I assume that you already have some experience writing small web applications, that you’ve actively created some web projects, and you want to take your skills a step further. What if your next customer wishes to run a large server cluster, a site with thousands of pages, complex navigation, and heavy database access? ASP.NET can handle this, but its out-of-the-box features won’t be adequate. This book covers situations such as these in detail and shows you what to do when ASP.NET reaches its limits. You’ll learn how to extend, customize, and enhance this platform to get what you want. “No more compromise” is my motto. Throughout my years of experience programming ASP.NET, I’ve noticed that developers often complain about incorrect behavior, supposed bugs, incomplete implementations, or missing features. In most of these situations, I don’t agree that ASP.NET is deficient or faulty. I’ll demonstrate that the key to success with ASP.NET is a deep understanding of the platform that goes beyond the basics. ASP.NET is not perfect—it has its rough edges, like any other piece of software. However, Version 3.5 is top-of-the-line, providing almost everything you need in order to get your professional projects functioning well. Really, really well. This is what I’d like to tell you: learn, explore, understand, and you will be the professional developer you want to be. I also assume that you already have some basic knowledge of skills and technologies often required as a web developer:
s (4-, #33 AND *AVA3CRIPT
s 6ISUAL 3TUDIO BASICS SUCH AS CREATING A PROJECT RUNNING AND DEBUGGING IT
s !30.%4 BASICS SUCH AS PUTTING A CONTROL ONTO THE PAGE CUSTOMIZING IT CREATING A USER OR custom control, and so on
s "ASIC KNOWLEDGE OF HOW TO OBTAIN DATABASE ACCESS AS WELL AS USING ,).1 TO QUERY IT AND write data back
s 5SING 8-, AS EITHER A DATA SOURCE OR STORAGE
There is no information specific to the topics in this book, but I use all of these techniques with the example code.
Download at WoweBook.Com
NI N T R O D U C T I O N
Prerequisites This book is based on ASP.NET 3.5. As a basic platform, I use Visual Studio 2008, running on Windows Server 2008 with IIS7. When a client is involved, I use Windows Vista SP1. A similar platform is helpful for getting samples running. Because the last radical change in IIS took place between IIS5 and IIS6, it’s not possible to transform anything to IIS5 level. However, much of the information pertaining to IIS7 may also be true for IIS6—a bit of backward compatibility! Nevertheless, I’d encourage you to look to the future and work with the most current tools and platforms you can obtain.
How This Book Is Organized There are many ways of structuring a book. From my long-term experience in writing and publishing books, I know that people read books very differently. Some read from beginning to end, just like a novel, while others start where they find an interesting topic. There is no book that can cover all reading styles! However, this book follows the same successful strategy I’ve used many times before. I start with the basics: low-level concepts and background information necessary to really understand a theme. Then I proceed systematically through all sections in an independent order. This allows you to read from beginning to end—or to dip into an interesting chapter and skip the others. The many references in the book, pointing to sections where related parts are described in more detail, will help you get the information you need. This book is full of code and examples, which are all available for download at sss*]lnaoo* _ki in the Downloads section of this book’s home page. Included with the package are subfolders named after each chapter: “chapter01,” “chapter02,” etc. These folders contain several sample solutions or Web sites in separate folders. Almost all examples are fully functional. Smaller code snippets that can’t run on their own aren’t included to avoid confusion.
Download at WoweBook.Com
xix
Download at WoweBook.Com
CHAPTER
1
Understanding ASP.NET
T
his chapter looks under the covers of ASP.NET. Many fundamentals of ASP.NET just scratch the surface, but to get the most out of the framework it is a good idea to look much deeper. This chapter includes:
s (OW !30.%4 WORKS INTERNALLY AND THE RELEVANT FEATURES NEEDED FOR YOUR EVERYDAY TASKS
s 4HE BEHIND THE SCENES CONCEPTS THE APPLICATION LIFE CYCLE THE PAGE LIFE CYCLE AND THE CON trol creation process
s 4HE STEPS TAKEN TO TRANSLATE YOUR &*]olt and &*_o files into compiled code
s 4HE COMMON !30.%4 FEATURES SUCH AS FORM STICKINESS AND VIEW STATE AND BEYOND
A Promise in Advance !30.%4 IS A POWERFUL AND FLEXIBLE ARCHITECTURE FOR BUILDING WEB APPLICATIONS 4HE HIGH LEVEL PARTS 7EB&ORMS