ASP.NET

ASP.NET is a web application framework developed and marketed by Microsoft to allow programmers to build dynamic web sites, web applications and web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language.

History
After the release of Internet Information Services 4.0 in 1997, Microsoft began researching possibilities for a new web application model that would solve common complaints about ASP, especially with regard to separation of presentation and content and being able to write "clean" code. Mark Anders, a manager on the IIS team, and Scott Guthrie, who had joined Microsoft in 1997 after graduating from Duke University, were tasked with determining what that model would look like. The initial design was developed over the course of two months by Anders and Guthrie, and Guthrie coded the initial prototypes during the Christmas holidays in 1997. The initial prototype was called "XSP"; Guthrie explained in a 2007 interview that, "People would always ask what the X stood for. At the time it really didn't stand for anything. XML started with that; XSLT started with that. Everything cool seemed to start with an X, so that's what we originally named it." The initial prototype of XSP was done using Java, but it was soon decided to build the new platform on top of the Common Language Runtime (CLR), as it offered an object-oriented programming environment, garbage collection and other features that were seen as desirable features that Microsoft's Component Object Model platform didn't support. Guthrie described this decision as a "huge risk", as the success of their new web development platform would be tied to the success of the CLR, which, like XSP, was still in the early stages of development, so much so that the XSP team was the first team at Microsoft to target the CLR.

With the move to the Common Language Runtime, XSP was re-implemented in C# (known internally as "Project Cool" but kept secret from the public), and renamed to ASP+, as by this point the new platform was seen as being the successor to Active Server Pages, and the intention was to provide an easy migration path for ASP developers.

Mark Anders first demonstrated ASP+ at the ASP Connections conference in Phoenix, Arizona on May 2, 2000. Demonstrations to the wide public and initial beta release of ASP+ (and the rest of the .NET Framework) came at the 2000 Professional Developers Conference on July 11, 2000 in Orlando, Florida. During Bill Gates's keynote presentation, Fujitsu demonstrated ASP+ being used in conjunction with COBOL, and support for a variety of other languages was announced, including Microsoft's new Visual Basic .NET and C# languages, as well as Python and Perl support by way of interoperability tools created by ActiveState.

Once the ".NET" branding was decided on in the second half of 2000, it was decided to rename ASP+ to ASP.NET. Mark Anders explained on an appearance on The MSDN Show that year that, "The .NET initiative is really about a number of factors, it’s about delivering software as a service, it's about XML and web services and really enhancing the Internet in terms of what it can do .... we really wanted to bring its name more in line with the rest of the platform pieces that make up the .NET framework."

After four years of development, and a series of beta releases in 2000 and 2001, ASP.NET 1.0 was released on January 5, 2002 as part of version 1.0 of the .NET Framework. Even prior to the release, dozens of books had been written about ASP.NET, and Microsoft promoted it heavily as part of their platform for web services. Guthrie became the product unit manager for ASP.NET, and development continued apace, with version 1.1 being released on April 24, 2003 as a part of Windows Server 2003. This release focused on improving ASP.NET's support for mobile devices.

Pages
.NET pages, known officially as "web forms", are the main building block for application development. Web forms are contained in files with an ".aspx" extension; in programming jargon, these files typically contain static (X)HTML markup, as well as markup defining server-side Web Controls and User Controls where the developers place all the required static and dynamic content for the web page. Additionally, dynamic code which runs on the server can be placed in a page within a block which is similar to other web development technologies such as PHP, JSP, and ASP, but this practice is generally discouraged except for the purposes of data binding since it requires more calls when rendering the page.

Note that this sample uses code "inline", as opposed to code-behind.

Code-behind model
It is recommended by Microsoft for dealing with dynamic program code to use the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb (same filename as the ASPX file, with the final extension denoting the page language). This practice is automatic in Microsoft Visual Studio and other IDEs. When using this style of programming, the developer writes code to respond to different events, like the page being loaded, or a control being clicked, rather than a procedural walk through the document.

ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model-view-controller frameworks.

Example
The above tag is placed at the beginning of the ASPX file. The CodeFile property of the @ Page directive specifies the file (.cs or .vb) acting as the code-behind while the Inherits property specifies the Class the Page derives from. In this example, the @ Page directive is included in SampleCodeBehind.aspx, then SampleCodeBehind.aspx.cs acts as the code-behind for this page:

In this case, the Page_Load method is called every time the ASPX page is requested. The programmer can implement event handlers at several stages of the page execution process to perform processing.

User controls
ASP.NET supports creating reusable components through the creation of User controls. A user control follows the same structure as a Web form, except that such controls are derived from the  class, and are stored in ASCX files. Like ASPX files, an ASCX file contains static HTML or XHTML markup, as well as markup defining web control and other user controls. The code-behind model can be used.

Programmers can add their own properties, methods, and event handlers. An event bubbling mechanism provides the ability to pass an event fired by a user control up to its containing page.

Programmers can also build custom controls for ASP.NET applications. Such custom controls can be in compiled into a DLL file. And by using a Register directive, the control from the DLL can be used.

Rendering technique
ASP.NET uses a visited composites rendering technique. During compilation, the template (.aspx) file is compiled into initialization code which builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.

Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.

After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is usually a source of confusion among novice ASP.NET programmers that rely on class instance members that are lost with every page request/response cycle.

State management
ASP.NET applications are hosted in a web server and are accessed over the stateless HTTP protocol. As such, if the application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functionality for state management in ASP.NET applications. Conceptually, Microsoft treats "state" as mostly GUI state; big problems may arise when an application needs to keep track of "data state" such as a finite state machine that may be in a transient state between requests (lazy evaluation) or just takes long to initialize.

Application state
Application state is a collection of user-defined variables that are shared by an ASP.NET application. These are set and initialized when the  event fires on the loading of the first instance of the applications and are available till the last instance exits. Application state variables are accessed using the  collection, which provides a wrapper for the application state variables. Application state variables are identified by names.

Session state
Session state is a collection of user-defined session variables, which are persisted during a user session. These variables are unique to different instances of a user session, and are accessed using the  collection. Session variables can be set to be automatically destroyed after a defined time of inactivity, even if the session does not end. At the client end, a user session is identified either by a cookie or by encoding the session ID in the URL itself.

ASP.NET supports three modes of persistence for session variables: Session is an object which store an data and we can retrive it again and again.
 * In Process Mode: The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down. Since the application is recycled from time to time this mode is not recommended for critical applications, rather in practice this mode is not recommended for any applications.
 * ASPState Mode: In this mode, ASP.NET runs a separate Windows service that maintains the state variables. Because the state management happens outside the ASP.NET process and .NET Remoting must be utilized by the ASP.NET engine to access the data, this mode has a negative impact on performance in comparison to the In Process mode, although this mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. However, since the state management service runs independent of ASP.NET, the session variables can persist across ASP.NET process shutdowns. The same problem arises though - since session state server runs as a single instance it is a single point of failure as far as session state is concerned. This service can not be load balanced and also imposes restrictions on types that can be stored in a session variable.
 * SqlServer Mode: In this mode, the state variables are stored in a database server, accessible using SQL. Session variables can be persisted across ASP.NET process shutdowns in this mode as well. The main advantage of this mode is it would allow the application to balance load on a server cluster while sharing sessions between servers. This is the slowest method of session state management in ASP.NET.

View state
View state refers to the page-level state management mechanism, which is utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as. The server sends back the variable so that when the page is re-rendered, the controls render at their last state. At the server side, the application might change the viewstate, if the processing results in updating the state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the  collection.

The main use for this is to preserve form information across postbacks. So if a user fills out a form but enters a wrong value, the form is automatically filled back in when the page is sent back to the user for correction. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should be) modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.

Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the base64 string containing the View state data can easily be de-serialized, either by one of many tools available on the web, or any generic base64 decoder. By default, View state does not encrypt the __VIEWSTATE value; however, encryption can be enabled on a server-wide (and server-specific) basis allowing for a certain level of security to be maintained.

Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.

Template engine
When first released, ASP.NET lacked a template engine. Because the .NET framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "System.Web.UI.Page", write methods here that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application - not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.

ASP.NET 2.0 introduced the concept of "master pages", which allow for template-based page development. A web application can have one or more master pages, which, beginning with ASP.NET 3.5, can be nested. Master templates have place-holder controls, called ContentPlaceHolders to denote where the dynamic content goes, as well as HTML and JavaScript shared across child pages.

Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.

When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.

The master page remains fully accessible to the content page. This means that the content page may still manipulate headers, change title, configure caching etc. If the master page exposes public properties or methods (e.g. for setting copyright notices) the content page can use these as well.

Other files
Other file extensions associated with different versions of ASP.NET include:

Directory structure
In general, the ASP.NET directory structure can be determined by the developer's preferences. Apart from a few reserved directory names, the site can span any number of directories. The structure is typically reflected directly in the urls. Although ASP.NET provides means for intercepting the request at any point during processing, the developer is not forced to funnel requests through a central application or front controller.

The special directory names (from ASP.NET 2.0 on) are :
 * App_Browsers : holds site-specific browser definition files.
 * App_Code : This is the "raw code" directory. The ASP.NET server automatically compiles files (and subdirectories) in this folder into an assembly which is accessible in the code of every page of the site. App_Code will typically be used for data access abstraction code, model code and business code. Also any site-specific http handlers and modules and web service implementation go in this directory. As an alternative to using App_Code the developer may opt to provide a separate assembly with precompiled code.
 * App_Data : default directory for databases, such as Access mdb files and SQL Server mdf files. This directory is usually the only one with write access for the application.
 * App_LocalResources : Contains localized resource files for individual pages of the site. E.g. a file called CheckOut.aspx.fr-FR.resx holds localized resources for the French version of the CheckOut.aspx page. When the UI culture is set to french, ASP.NET will automatically find and use this file for localization.
 * App_GlobalResources : Holds resx files with localized resources available to every page of the site. This is where the ASP.NET developer will typically store localized messages etc. which are used on more than one page.
 * App_Themes : holds alternative themes of the site.
 * App_WebReferences : holds discovery files and WSDL files for references to web services to be consumed in the site.
 * Bin : Contains compiled code (.dll files) for controls, components, or other code that you want to reference in your application. Any classes represented by code in the Bin folder are automatically referenced in your application.

Performance
ASP.NET aims for performance benefits over other script-based technologies (including Classic ASP) by compiling the server-side code to one or more DLL files on the web server. This compilation happens automatically the first time a page is requested (which means the developer need not perform a separate compilation step for pages). This feature provides the ease of development offered by scripting languages with the performance benefits of a compiled binary. However, the compilation might cause a noticeable but short delay to the web user when the newly-edited page is first requested from the web server, but won't again unless the page requested is updated further.

The ASPX and other resource files are placed in a virtual host on an Internet Information Services server (or other compatible ASP.NET servers; see Other Implementations, below). The first time a client requests a page, the .NET framework parses and compiles the file(s) into a .NET assembly and sends the response; subsequent requests are served from the DLL files. By default ASP.NET will compile the entire site in batches of 1000 files upon first request. If the compilation delay is causing problems, the batch size or the compilation strategy may be tweaked.

Developers can also choose to pre-compile their code before deployment, eliminating the need for just-in-time compilation in a production environment. This also eliminates the need of having the source code on the web server.

Extension
Microsoft has released some extension frameworks that plug into ASP.NET and extend its functionality. Some of them are:
 * ASP.NET AJAX: An extension with both client-side as well as server-side components for writing ASP.NET pages that incorporate AJAX functionality.
 * ASP.NET MVC Framework: An extension to author ASP.NET pages using the MVC architecture.

ASP.NET compared with ASP classic
ASP.NET attempts to simplify developers' transition from Windows application development to web development by offering the ability to build pages composed of controls similar to a Windows user interface. A web control, such as a button or label, functions in very much the same way as its Windows counterpart: code can assign its properties and respond to its events. Controls know how to render themselves: whereas Windows controls draw themselves to the screen, web controls produce segments of HTML and JavaScript which form part of the resulting page sent to the end-user's browser.

ASP.NET encourages the programmer to develop applications using an event-driven GUI model, rather than in conventional web-scripting environments like ASP and PHP. The framework attempts to combine existing technologies such as JavaScript with internal components like "ViewState" to bring persistent (inter-request) state to the inherently stateless web environment.

Other differences compared to ASP classic are:
 * Compiled code means applications run faster with more design-time errors trapped at the development stage.
 * Significantly improved run-time error handling, making use of exception handling using try-catch blocks.
 * Similar metaphors to Microsoft Windows applications such as controls and events.
 * An extensive set of controls and class libraries allows the rapid building of applications, plus user-defined controls allow commonly-used web template, such as menus. Layout of these controls on a page is easier because most of it can be done visually in most editors.
 * ASP.NET leverages the multi-language capabilities of the .NET Common Language Runtime, allowing web pages to be coded in VB.NET, C#, J#, Delphi.NET, Chrome etc.
 * Ability to cache the whole page or just parts of it to improve performance.
 * Ability to use the code-behind development model to separate business logic from presentation.
 * If an ASP.NET application leaks memory, the ASP.NET runtime unloads the AppDomain hosting the erring application and reloads the application in a new AppDomain.
 * Session state in ASP.NET can be saved in a Microsoft SQL Server database or in a separate process running on the same machine as the web server or on a different machine. That way session values are not lost when the web server is reset or the ASP.NET worker process is recycled.
 * Versions of ASP.NET prior to 2.0 were criticized for their lack of standards compliance. The generated HTML and JavaScript sent to the client browser would not always validate against W3C/ECMA standards. In addition, the framework's browser detection feature sometimes incorrectly identified web browsers other than Microsoft's own Internet Explorer as "downlevel" and returned HTML/JavaScript to these clients with some of the features removed, or sometimes crippled or broken. However, in version 2.0, all controls generate valid HTML 4.0, XHTML 1.0 (the default) or XHTML 1.1 output, depending on the site configuration. Detection of standards-compliant web browsers is more robust and support for Cascading Style Sheets is more extensive.
 * Web Server Controls: these are controls introduced by ASP.NET for providing the UI for the web form. These controls are state managed controls and are WYSIWYG controls.

Criticism
On IIS 6.0 and lower, pages written using different versions of the ASP framework cannot share Session State without the use of third-party libraries. This criticism does not apply to ASP.NET and ASP applications running side by side on IIS 7. With IIS 7, modules may be run in an integrated pipeline that allows modules written in any language to be executed for any request.

ASP.NET 2.0 Web Forms produces markup that passes W3C validation, but it is debatable as to whether this increases accessibility, one of the benefits of a semantic XHTML page + CSS representation. Several controls, such as the Login controls and the Wizard control, use HTML tables for layout by default. Microsoft has solved this problem by releasing the ASP.NET 2.0 CSS Control Adapters, a free add-on that produces compliant accessible XHTML+CSS markup.

A few of the ASP.NET Web Forms features, such as repositioning of pages and alter browser history, are available only in Internet Explorer.

Microsoft positions Web Services and consequently IIS/ASP.NET as their primary application server solution. Big conceptual shortcomings become apparent when implementing complex business applications that use "out-of-the-box" Microsoft approach: ASP.NET lacks solid state management, developers need to hand code custom state-handling modules that must store state in some external process because ASP.NET worker process restarts automatically. This can be illustrated on a simple example: imagine an ASP.NET website that relies on a server component that must preserve its state and that state was achieved as the result of complex algorithms - e.g. over-imposing route geometry over a map. A route took many CPU cycles to compute and multiple subsequent client request shall "see" the result while rendering map tiles. Another example: when state is encapsulated in a legacy COM object that can not be marshaled between web/session state servers - the only possible mode is "in-proc" which is unreliable because of application restarts.

Development tools
Several available software packages exist for developing ASP.NET applications:

Frameworks
It is not essential to use the standard webforms development model when developing with ASP.NET. Noteworthy frameworks designed for the platform include:
 * Base One Foundation Component Library (BFC) is a RAD framework for building .NET database and distributed computing applications.
 * DotNetNuke is an open source solution which is comprised of both a web application framework and a content management system which allows for advanced extensibility through modules, skins, and providers.
 * Castle Monorail, an open-source MVC framework with an execution model similar to Ruby on Rails. The framework is commonly used with Castle ActiveRecord, an ORM layer built on NHibernate.
 * Spring.NET, a port of the Spring framework for Java.
 * Skaffold.NET, A simple framework for .NET applications, used in enterprise applications..'''