comp3241 e-business technologies
DESCRIPTION
COMP3241 E-Business Technologies. Richard Henson University of Worcester October 2012. Week 2 – Early Web Applications, ActiveX controls, and .net. Objectives: Compare and contrast embedded code for client-only applications & server scripting - PowerPoint PPT PresentationTRANSCRIPT
COMP3241COMP3241E-Business TechnologiesE-Business Technologies
Richard HensonRichard Henson
University of WorcesterUniversity of Worcester
OctoberOctober 20122012
Week 2 – Early Web Applications, Week 2 – Early Web Applications, ActiveX controls, and .netActiveX controls, and .net
Objectives:Objectives:Compare and contrast embedded code for Compare and contrast embedded code for
client-only applications & server scriptingclient-only applications & server scriptingExplain how client-side VBScript evolved into Explain how client-side VBScript evolved into
run-time ActiveX, which itself evolved into run-time ActiveX, which itself evolved into secure server-scriptsecure server-script
Use a client-server .net development Use a client-server .net development environment for development and testing environment for development and testing of .net master pages and code behindof .net master pages and code behind
Interpreted and Compiled Interpreted and Compiled LanguagesLanguages
Programming (source) code must be Programming (source) code must be converted into “machine code” before it can converted into “machine code” before it can be understood and acted on by the CPUbe understood and acted on by the CPU
This can be done in two ways:This can be done in two ways: convert whole program (using a compiler) and convert whole program (using a compiler) and
save it in a filesave it in a file leave program as it is, and convert it (using an leave program as it is, and convert it (using an
interpreter) one line at a time when it is neededinterpreter) one line at a time when it is needed Compiled code generally occupies much more Compiled code generally occupies much more
space than source codespace than source code so of more limited use on the Internet (esp. early so of more limited use on the Internet (esp. early
days)...days)...
How do Browsers cope with How do Browsers cope with source code?source code?
Designed to use interpretation on HTML Designed to use interpretation on HTML codecode reads one line of HTML key words and their reads one line of HTML key words and their
parameters and uses HTML interpreter to convert parameters and uses HTML interpreter to convert (or interpret) that line into CPU instructions(or interpret) that line into CPU instructions
reads & interprets next line… and so on…reads & interprets next line… and so on… CPU does further processing and sends CPU does further processing and sends
commands to the video card which creates the commands to the video card which creates the visual displayvisual display
Embedded programming code Embedded programming code
in HTML Filesin HTML Files Still .html and executed on the Browser
Browser needs to have interpreter for that programming language e.g.
» VB Script» Java Script
For the Browser to call the right interpreter, an appropriate declaration statement needs to be included in the <HTML> start line
Request and responsesRequest and responses Organisation of application processing
across a client-server network… Client:
requests services or information from another computer (e.g. the server)
Server: responds to the client's request by sending
the results of the request back to the client computer
Request and responsesRequest and responses
client requests information
server processes the request, sends a response back to the client
CLIENT SERVER
RESPONSE
Send RequestRead Results
Process RequestSend Back Results
ClientProgram
REQUEST
ServerProgram
Internet CommunicationsInternet Communications
Based on principles of client/server Based on principles of client/server networkingnetworkingEITHER Internet computer can EITHER Internet computer can ““playplay”” the the
role of client or role of client or the role of the role of serverservere.g.(1) A user in one university sends an e.g.(1) A user in one university sends an
email to a user in another university:email to a user in another university:» ““A” client sends email to “B” serverA” client sends email to “B” server
(2) When a reply comes back…(2) When a reply comes back…» ““B” client sends email to “A” serverB” client sends email to “A” server
Client-Server web applications & Server Scripts
Client-server web applications usually require:1. a web server, for interpreting or compiling then
processing the scripts 2.a server-end database to provide and store data3. physical & logical connections between server-
scripts, client-end input forms and server-end database
4. clearly defined locations for gathering input data at client-end, for server scripts, and for database(s)
Writing Server Scripts NOT saved as .html! Server code can be embedded directly into
HTML code…Command is needed to inform the web server
» (1) that non-HTML code is about to be used» (2) when next code reverts to HTML
With .asp scripts… (no longer used) the command to start the script was <% to end the script… %>
With .php scripts…<?php starts the script ?> ends the script ends the script
Server Scripts and “Localhost”Server Scripts and “Localhost”
No matter which scripting type is used, the No matter which scripting type is used, the code can be tested locally on a computer code can be tested locally on a computer running a web server that can understand that running a web server that can understand that type of scripttype of script how? use “localhost” in the URL at the Browser endhow? use “localhost” in the URL at the Browser end
(localhost = path to the server scripting root folder)(localhost = path to the server scripting root folder)
A typical URL for testing such a script locally A typical URL for testing such a script locally could then be (depending on script type):could then be (depending on script type):http://localhost/scriptname.aspxhttp://localhost/scriptname.php
Web Dynamic Web Dynamic Client-Server Model (1)Client-Server Model (1)
Server-Side Processing in Server-Side Processing in a typical web-based a typical web-based client-server application:client-server application:
1.1. HTML form on web browser HTML form on web browser collects data at the client collects data at the client end end
2.2. HTTP enables the form data HTTP enables the form data to be sent to a web serverto be sent to a web server
Web Dynamic Web Dynamic Client-Server Model (2)Client-Server Model (2)
3. web server 3. web server processes the form processes the form data according to data according to instructions on a instructions on a server script called server script called at the client endat the client end
4. output from 4. output from processing stored processing stored temporarily on web temporarily on web serverserver
Web Dynamic Web Dynamic Client-Server model (3)Client-Server model (3)
5. server script sends 5. server script sends output back to browser output back to browser with HTML code to create with HTML code to create a structure to display the a structure to display the data (e.g. HTML table)data (e.g. HTML table)
6. This gets even more 6. This gets even more complex when a database, complex when a database, and database and database programming, are also programming, are also involved at the server involved at the server end…end…
Introduction to Server-scriptingIntroduction to Server-scripting
The following apply to ALL types of The following apply to ALL types of scripting…scripting…real programming code is essentialreal programming code is essential
» note: HTML is a FORMATTING language, NOT a note: HTML is a FORMATTING language, NOT a programming languageprogramming language
both client and server ends need to have both client and server ends need to have links to programming code:links to programming code:
» client end…embedded within a HTML pageclient end…embedded within a HTML page» server end… could be embedded or separateserver end… could be embedded or separate
Languages used for Languages used for Server ScriptingServer Scripting
Much has been tried since HTML became interactive Much has been tried since HTML became interactive in the early 1990s:in the early 1990s: Can use an existing language in a completely separate file, Can use an existing language in a completely separate file,
which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured
Can use an existing language embedded in a HTML fileCan use an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source
Can utilise/invent a scripting language that is “HTML-like” Can utilise/invent a scripting language that is “HTML-like” and easily embeds with HTMLand easily embeds with HTML
» PERLPERL» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php
Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…
In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successfulhugely successful soon became more popular than .cgisoon became more popular than .cgi
However, in spite of the great success of asp, big However, in spite of the great success of asp, big problems were emerging…problems were emerging… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and
finding many security holes in IISfinding many security holes in IIS» Microsoft only coped by offering hotfixesMicrosoft only coped by offering hotfixes
further problem: used VB source codefurther problem: used VB source code» if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised» Scripts could not be truly “object oriented”Scripts could not be truly “object oriented”
ASP becomes ASP.NETASP becomes ASP.NET Microsoft’s new approach to server scripting Microsoft’s new approach to server scripting
for the new millennium…for the new millennium… building on asp principlesbuilding on asp principles new system that used “intermediate language”, new system that used “intermediate language”,
rather than source code on the serverrather than source code on the server much more difficult to hackmuch more difficult to hack
Security problems with VB…Security problems with VB… out with the old (asp)out with the old (asp) in with the new (asp.net)in with the new (asp.net)
New environment known as the .net New environment known as the .net frameworkframework many developers accustomed to VB/.aspmany developers accustomed to VB/.asp took awhile to catch on!took awhile to catch on!
Development of .NET framework for Server Scripting BASIC and VB very much a part of Microsoft’s strategy, until
circa 1999/2000… use of raw source code became a security issue Gates realised that e-business and e-commerce would never be
reliable without using secure (and therefore compiled) code Microsoft rejected their previous strategy which used source VB
code and an interpreter program within IIS What to replace VB source code with?
applied source VB -> ActiveX run-time principles server-side Server equivalent of ActiveX controls could now be used/developed
Result: .net Framework & ASP.NET: VB evolved into the more object oriented (and complied) VB.NET .net framework provided the basis for
» .net server-side controls» the ubiquitous use of compiled languages
Advantages of ASP.NET scripts Advantages of ASP.NET scripts compared to ASPcompared to ASP
Compiled, not interpreted
Web Controls use xml-type tags
Can be written using a variety of programming languages language declared at beginning of file fully object-oriented and many controls written to respond to
on-screen “events”
Which Source Code Language? Source code for .net development can be
written in any language that can be translated into IL
VB.NET builds on existing practice from asp
But… C# has proved to be most popular with developers, many of whom had previously used “C” and C++
» why use VB.net, when you can use a more powerful, compiled, and object-oriented language like C?
Components of the evolving Components of the evolving .net framework.net framework
Common Language Infrastructure (CLI) at the Common Language Infrastructure (CLI) at the server end (i.e. IIS)server end (i.e. IIS) ““managed execution” framework for scriptsmanaged execution” framework for scripts runs Intel x86 IL coderuns Intel x86 IL code
» common Language run-time (CLR) for executing controlscommon Language run-time (CLR) for executing controls» ready to run; development language irrelevantready to run; development language irrelevant
/app_code folder for deployed “assemblies” or “controls” containing executable code, and databases
web.configweb.config file file» store of configuration info store of configuration info e.g. a path to database filee.g. a path to database file
from v2 onwards the following additional folders:from v2 onwards the following additional folders:» app_browsers, app_themes, app_localresources, app_globalresources, app_browsers, app_themes, app_localresources, app_globalresources,
app_webreferencesapp_webreferences
How the .net environment How the .net environment manages an applicationmanages an application
““Assemblies” from .aspx files added to Assemblies” from .aspx files added to /App_Code (usually .dll files created by /App_Code (usually .dll files created by compiling the assembly components)compiling the assembly components)
CLI executes IL assemblies as CLR (runtime)CLI executes IL assemblies as CLR (runtime) makes sure script execution is “controlled” and makes sure script execution is “controlled” and
kept within boundarieskept within boundaries» an earlier version of IIS used to “leak” memory until the an earlier version of IIS used to “leak” memory until the
system needed rebootingsystem needed rebooting usually loaded implicitly when a .net application is usually loaded implicitly when a .net application is
runrun
Mechanism of Loading Mechanism of Loading Assemblies for processingAssemblies for processing
““AppDomain” sets up a security AppDomain” sets up a security boundary in memory for each boundary in memory for each applicationapplication
Code (.exe, or .dll) loaded into process Code (.exe, or .dll) loaded into process “spaceperfo”“spaceperfo”
JIT compilation ensures “flat out JIT compilation ensures “flat out performance”performance”cf Wallace & Grommit – latter lays out the cf Wallace & Grommit – latter lays out the
track as the train is about to pass along ittrack as the train is about to pass along it
HTTP processingHTTP processing .net architecture designed “with failure in mind”.net architecture designed “with failure in mind”
overall control with http.sysoverall control with http.sys if memory usage gets too large, .net pulled down and if memory usage gets too large, .net pulled down and
restarted…restarted… Each AppDomain uses a pipeline of objects to handle Each AppDomain uses a pipeline of objects to handle
requestsrequests Httpapplication – oversees flowHttpapplication – oversees flow Httpcontext – tracks “per request” stateHttpcontext – tracks “per request” state Modules – generic “pluggable servicesModules – generic “pluggable services Handlers – http requestsHandlers – http requests
Covers most (all?) eventualities and makes sure Covers most (all?) eventualities and makes sure requests are correctly dealt with – no muddling of requests are correctly dealt with – no muddling of threads (!)threads (!)
Very Useful ASP.net components: Very Useful ASP.net components:
1. Web Controls1. Web Controls Reusable classes used to render parts Reusable classes used to render parts
of a pageof a pageSimilar to Windows “forms”Similar to Windows “forms”
New control created for each requestNew control created for each request» view state/Event tracking handled automaticallyview state/Event tracking handled automatically
A typical web page may have a A typical web page may have a hierarchical structure of web controls to hierarchical structure of web controls to makes them easily manageablemakes them easily manageable
Very Useful ASP.net components: Very Useful ASP.net components:
2. Event Handlers2. Event Handlers HTTP is stateless (no data retention)HTTP is stateless (no data retention)
no multi-step processes possibleno multi-step processes possible e.g. HTML form contents disappear once form e.g. HTML form contents disappear once form
submittedsubmitted
Web Controls provide scope for handling Web Controls provide scope for handling events, when triggered (or raised)events, when triggered (or raised) e.g. Page_Load, OnClicke.g. Page_Load, OnClick ““PostBack architecture”PostBack architecture”
» allows web forms data to reappear on the screen allows web forms data to reappear on the screen
Very Useful ASP.net components: Very Useful ASP.net components:
3. Master Pages3. Master Pages Master PageMaster Page
Created as a .master fileCreated as a .master file defines template for other pagesdefines template for other pages
» cf PowerPoint slide mastercf PowerPoint slide master
Contains top <html>, <body>, <form> tagsContains top <html>, <body>, <form> tags ““Page” command (top of page) utilises master:Page” command (top of page) utilises master:
» either “static” or “dynamic”either “static” or “dynamic”
““Page_init” process renders componentsPage_init” process renders components
Very Useful ASP.net Very Useful ASP.net components: 4. Themescomponents: 4. Themes
Allow common styles to be applied across a Allow common styles to be applied across a series of pagesseries of pages
Developers can still use .CSS filesDevelopers can still use .CSS files fully supported by the master file and page fully supported by the master file and page
“themes” concepts“themes” concepts
.net Development and RAD tools.net Development and RAD tools
By now, you may be thinking…By now, you may be thinking… ““Help! I can’t program in “C”!”Help! I can’t program in “C”!”
DON’T BE SCARED!DON’T BE SCARED! the syntax of object-oriented C# is similar to Javathe syntax of object-oriented C# is similar to Java RAD tools such as Dreamweaver (earlier versions) and RAD tools such as Dreamweaver (earlier versions) and
Visual Web Developer (VWD) provide a range of web Visual Web Developer (VWD) provide a range of web controls already written in C#controls already written in C#
Extension Managers enable other controls to be added to Extension Managers enable other controls to be added to the RAD environmentthe RAD environment
VWD also help with general file/folder management VWD also help with general file/folder management such as putting controls/assemblies into the right such as putting controls/assemblies into the right folderfolder i.e. /app_codei.e. /app_code
Managing C# Code, HTML Managing C# Code, HTML code, and web controlscode, and web controls
Each has its own syntax!earlier versions of .net had all three types
together!More recently “code behind” files
encouraged» Standard HTML & web control file saved as .aspx
» associated C# code saved as a .cs file declared through “Page” command
Running .aspx, .cs, etc. pages toghether
All managed within the .net run-time environmentnormally at server-end using IISVisual Studio allows use of a cut-down
version of IIS at client end for testingdeveloper doesn’t need to do anything
more, provided that files all in the right folders…
Running controls & C# with ASP.NET
Semi-compiled into “intermediate language” (MSIL) for .net framework and saved together as an “assembly” intermediate code executes very quickly when
required…