17. Pieces (emails)

1-23-14 Email Mess




Email … FW: ASP.NET authentication and authorization



Email … FW:  MVC Action Filters

Action Filters – Authentication





Global Action Filters- Authorization

A global filter is a filter that is going to run for every single action on every single controller.




Email … FW:   Theory Tips for Writing High-Performance Asp.Net Application




Several things:

  1. Minimize your javascript and CSS files.Google has a nice minimizer for JS.
  2. Cache images, js files and css files. Info on how to do this from IIS,here.
  3. Disable ViewStateif you can or at least enable it only on the controls that need it.
  4. Use compression on IIS
  5. Use a content delivery network (CDN) to deliver javascript libraries such as jQuery, etc.
  6. Optimize your images usingit
  7. Put javascript code at the bottom of the page so that the page starts rendering faster
  8. If you use JSON for data interchange between the UI and the backend, make sure you compress it, too.
  9. Usesprite me to create sprites for your image icons, backgrounds, etc.


Email … FW:  Theory Where to Use Abstract class



Email … FW:  Theory  IQueryable<T> and IEnumerable<T> interface

IEnumerable<T> is best suitable for working with in-memory collection.
IEnumerable<T> doesn’t move between items, it is forward only collection.

IQueryable<T> best suits for remote data source, like a database or web service.
IQueryable<T> is a very powerful feature that enables a variety of interesting deferred execution scenarios (like paging and composition based queries).

So when you have to simply iterate through the in-memory collection, use IEnumerable<T>, if you need to do any manipulation with the collection like Dataset and other data sources, use IQueryable<T>.


Email … FW:   Theory- State management

Difference between session and cache?

state management

The web is stateless. A web page is recreated every time it is posted back to the server. In traditional web programming, all the information within a page and controls get wiped off on every postback. To overcome this problem, the ASP.NET framework provides various ways to preserve the states at various stages, like controlstate, viewstate, cookies, session, etc. These can be defined at the client side and server side state management.


When ASP.NET receives the first request, the application manager creates an application domain for it. Application domains are very important because they provide the isolation among various applications on a web server, and every application domain is loaded and unloaded separately, and in an application domain an instance of the class HostingEnvironment is created which provides access to information about all the application resources. Here is a pictorial view:


The AppDomain is responsible for all the server side side management, which means all the data session (InProc mode), application objects/variable cache, all resides in the AppDomain itself. If the AppDomain goes down, all the data in the webserver will be wiped off. Let’s have a view:

All server side state management data resides in the AppDomain



ViewState and ControlState are both mechanisms used in ASP.NET for maintaining data across postbacks. Both are preserved in a hidden field known as _VIEWSTATE.

The differences are:

1)ViewState can be disabled while the Control State cannot be disabled.

2)ViewState is implemented by using EnableViewState property of a control to true.

Control State works even when EnableViewState is off.


To use Control State (for example in a custom control) we have to override OnInit method,call RegisterRequiresControlState method in OnInit method and then override the SaveControlState and LoadControlState methods.


Custom Controls code is written in classes derived from WebControl.


3)Control State is used for small data only.

eg: maintain clicked page number in a GridView even when EnableViewState is off

State Management


View State

Understanding the state management techniques play a major role in creating efficient web applications. ASP.NET is very rich in state management techniques. The following are the commonly used state management techniques.

Hyper Text Transfer Protocol (HTTP) is a communication protocol which is implemented in the “World Wide Web(WWW)”. It is a request/response style protocol. Clients (browsers, spider, etc) will request to a server (web server) and the server responds to these requests. HTTP uses TCP protocol for communication. It connects to a specific port (default is 80) to the server and communicates via that port. Once the response is received completely, client programs will be disconnected from the server. For each request, client programs have to acquire a connection with servers and do all the request cycles again.

ASP.NET files are just text files which will be placed in the server and served upon the request. When a request comes for a page, the server will locate the requested file and ask the ASP.NET engine to serve the request. The ASP.NET engine will process the server tags and generate HTML for it and return back to the client. HTTP is a stateless protocol and the server will abandon the connection once the request is served.

  • QueryString
  • Cookies
  • Cache
  • ViewState
  • Session state
  • Application state
  • Static variables
  • Profiles



This is the most simple and efficient way of maintaining information across requests. The information you want to maintain will be sent along with the URL. A typical URL with a query string looks like


The URL part which comes after the ? symbol is called a QueryString. QueryString has two parts, a key and a value. In the above example, query is the key and foo is its value. You can send multiple values through querystring, separated by the & symbol.


Pros and Cons

Query string is lightweight and will not consume any server resources. It is very easy to use and it is the most efficient state management technique. However, it has many disadvantages.

  • You can pass information only as a string. If you need to pass objects in any case through QueryString, methods explained in this excellent article [^] will work. But it involves more effort.
  • URL length has limitations. So you can’t send much information through URL.
  • Information passed is clearly visible to everyone and can be easily altered.


A cookie is a small file which is stored in the visitor’s hard disk drive. This is helpful for storing small and trivial information. According to the RFC [^] , a cookie can have a maximum size of 4KB. The location where the cookie is stored is completly controlled by the browser. Sometimes it may keep the cookie in its memory instead of creating a file.

a cookie added like the above method will be cleared by the browser immediately when it is closed. If you would like to keep the cookie for a long time, you have to use the HttpCookie.Expiresproperty set with an expiration date.

Multi-valued Cookies

RFC states that a browser should not store more than 20 cookies from a domain. Multi-Valued cookie is very handy when you have more items to keep in cookie.

A Practical Example

You might have noticed the “Remember me next” time option in most of the websites. This is done using cookies. The following steps will be involved when you choose this option.

  • When the user checks the “Remember me next time” option, create a cookie with a value to identify the user (eg: user id).
  • When the page loads, check for cookie existence. If it exists, read the cookie value.
  • Authenticate the value and create a session.

Pros and Cons

A cookie is a very handy and easily usable state management technique. It is useful when you want to keep small information that is needed for long periods of time. The processing overhead of cookies is much less compared to sessions. However, it has the following disadvantages:

  • Cookies have a size limitation of 4KB. Storing huge information is not possible.
  • Cookies can be easily tampered as they are kept in the client’s machine. So additional security checking has to be done when using them.
  • The user can disable cookies.

Session State

A cookie is very simple and is not suitable for sophisticated storage requirements. Session state is a workaround for this problem and it gives a method to keep more complex objects securely. ASP.NET allows programmers to keep any type of objects in session. Data stored in session will be kept in server memory and it is protected as it will never get transmitted to a client. Every client that uses the application will have separate sessions. Session state is ideal for storing user specific information.

Session Timing out Frequently

I have seen many questions on discussion forums which state, “My session timeout is 60 minutes and it is timing out before that.” Well, ASP.NET will clear session when any of the following happens

  • ASP.NET worker process recycles frequently. When this happens, it will clear all active sessions.
  • When files like web.config or application assemblies are modified, ASP.NET will recyle the worker process.

Application State

ASP.NET implements application state using the System.Web.HttpApplicationState class. It provides methods for storing information which can be accessed globally. Information stored on application state will be available for all the users using the website. Usage of application state is the same as sessions.

FW: Theory -Understand Asp.Net page Life Cycle

Please refer the following link, if you are unable to view the diagram in your email




A good and crisp explanation of Asp.net page Life cycle -> http://www.dotnetuncle.com/aspnet/71_page_life_cycle.aspx


The following diagram shows some of the most important methods of the System.Web.UI.Pageclass that you can override in order to add code that executes at specific points in the page life cycle.  It also shows how these methods relate to page events and control events.







Facebook Comments