ASP.Net and C# with .Net Framework 4

ASP .Net

Start Here:
http://www.asp.net/
http://www.asp.net/get-started

If you only have Visual Studio 2010, make sure that SP1 is installed:
Visual Studio .Net SP1 Download

Problems with framework for app pool (Unrecognized attribute targetFramework).
http://stackoverflow.com/questions/7530725/unrecognized-attribute-target...

To install .Net 4 Framework into IIS (paths for .Net Framework aspnet_regiis.exe utility etc)
http://stackoverflow.com/questions/4890245/how-to-add-asp-net-4-0-as-app...

About AppPool Identities
http://www.iis.net/learn/manage/configuring-security/application-pool-id...

The name for this 'user' is IIS APPPOOL\DefaultAppPool
This may not be the user you want to add... e.g. It is probably IIS AppPool\ASP.NET v4.0
Note that these users don't show up in the list due to the quirky behaviour of the magic IIS prefix.

Microsoft guide to passing information on page redirects (Transfer etc.)

Microsoft guide on redirecting users to another page

HttpServerUtility.Transfer method documentation

If you aren't in regular page code, you can still get the current Page object with
Page page = HttpContext.Current.Handler as Page;
Otherwise, your object is a child class of Page and access it directly.

HttpContext.Request, HttpContext.Session and HttpContext.Server are also of interest.

If you are a Page subclass you can get the above directly as Request, Session and Server.

HttpRequest contains such obvious gems as Url, RawUrl, Form, QueryString, UserAgent and Cookies.

How to determine how a page was invoked

Introduction to data binding:
http://support.microsoft.com/kb/307860?wa=wsignin1.0

Custom controls for data binding
http://stackoverflow.com/questions/6617994/asp-net-webforms-textbox-data...

The Repeater object used for databinding needs its display setting up with
<ItemTemplate></ItemTemplate>
However, HeaderTemplate and FooterTemplate are also useful and AlternatingItemTemplate and SeparatorTemplate are also very useful.

Obtaining the MVC3 installer:
http://www.asp.net/mvc/mvc3
http://www.microsoft.com/en-us/download/details.aspx?id=1491

Obtaining the MVC4 installer:
http://www.asp.net/mvc
http://www.microsoft.com/en-us/download/details.aspx?id=30683

SQL Server Compact 4.0 Download
http://www.microsoft.com/en-us/download/details.aspx?id=17876

SQL Connection strings for ASP.Net Web Applications
http://msdn.microsoft.com/en-us/library/jj653752.aspx

What is LocalDB? LocalDB is (sort of) an update for SQL Server Express that works with SQL Server 2012 Native Client
It will not work with Visual Studio 2010, so if you are using Visual Studio 2010, stick with SQL Server Compact.
There is more information here: http://www.sqlcoffee.com/SQLServer2012_0004.htm

If using Visual Studio 2010 and you see example code that uses LocalDB, it's probably not going to work for you. You need to change connection strings in such samples to use SQL Express...
To quote Microsoft:

Project templates for Visual Studio 2012 and Visual Studio Express 2012 for Web create connection strings that specify LocalDB databases. To convert one of these connection strings to SQL Server Express, make the following changes:
Change "Data Source=(LocalDB)\v11.0" to "Data Source=.\SQLEXPRESS".
This change assumes that you installed SQL Server Express with the default instance name. For more information, see Data Source later in this topic.
If the connection string contains AttachDBFileName, add at the end ";User Instance=True". Omit the semicolon (;) if the connection string already ends with one.

Connection Strings Web Site:
http://www.connectionstrings.com/

If you get something like the following:
CREATE FILE encountered operating system error 5(failed to retrieve text for this error. Reason: 15105) while attempting to open or create the physical file
It's because your IIS_IUSRS don't have permission to create either the data directory or the files within it - given the way default permissions tend to fall out, they probably lack both.
Giving IIS_IUSRS the required modify and write permissions is one way to fix it.

Working with databases and the EFS
http://imar.spaanjaars.com/563/using-entity-framework-code-first-and-asp...

WCF

WCF is a framework for providing web services via IIS with AppFabric.

AppFabric: http://msdn.microsoft.com/appfabric
IIS Manager for Remove Administration: http://www.iis.net/downloads/microsoft/iis-manager

The SvcUtil, svcConfigEditor and SvcTraceViewer executables can typically be found somewhere like: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin"

WCF Application Development

Like jax-ws, WCF allows services to be created 'code first' via annotation.
Here are links to the .Net 4 attribute documentation pages for the important service annotations:

  • ServiceContract Indicates that an interface or a class defines a service contract.
  • OperationContract Indicates that a method defines an operation that is part of a service contract.
  • DataContract Specifies that the type defines or implements a data contract and is serializable by a serializer, such as the DataContractSerializer.
  • DataMember Specifies that the member is part of a data contract and is serializable by the DataContractSerializer.

It's also possible to develop WSDL first: http://blogs.msdn.com/b/dotnetinterop/archive/2008/09/24/wsdl-first-deve...
The above article also addresses the interesting issue of who provides the WSDL and points out (very sensibly) that if you are creating versions or variations on a service description, it can make a lot of sense for the caller to provide the WSDL and the server to support the different versions.
This is an especially useful approach when the users of a platform pick up changes at their own pace and might want to continue using an old version of a service.

The signature of a service operation dictates an underlying Message Exchange Pattern that supports the data transfer features required.
There are three patterns in WCF:

  • request/reply (this is the default)
  • one-way
  • duplex

Features of each MEP

Request/Reply

This is the default behaviour and requires no additional parameters in the OperationContract attribute. Even if the operation method returns void, it still follows this pattern (and can process SOAP faults etc) by default.

One-way

If the client of a WCF service application should does not need to wait for the operation to complete and does not need to process SOAP faults, the operation can specify a one-way message pattern.
The client invokes an operation and continues its execution flow after WCF writes the message to the network without waiting for a response.
Set the named IsOneWay parameter to true in the OperationContract attribute for the operation method.

[OperationContract(IsOneWay=true)]
void Hello(string greeting);

Duplex

The duplex pattern allows both the service and the client to send messages to each other independently using one-way or request/reply.
This form of two-way communication is appropriate for services that communicate directly to the client or for providing an asynchronous behaviour on either side of the service boundary.

To design a duplex contract, you design a callback contract and assign the type of that callback contract to the CallbackContract property of the ServiceContractAttribute attribute that marks your service contract.
To implement the contract, you create a second interface that contains the method declarations that are called on the client.

Microsoft have a write up on how to create a Duplex Contract here: http://msdn.microsoft.com/en-us/library/ms731184.aspx
With information on how to call them here: http://msdn.microsoft.com/en-us/library/ms731935.aspx

Too much study of duplex contracts is probably a waste of time as they are an unnecessary and complex model that fit poorly with principles such as REST.
There would need to be some very special reason to justify implementing such a service though the obvious incentive would be to fix up a broken REST design. e.g. wanting duplex messages probably indicates a design failure elsewhere.

Possibly, a case for using duplex message exchange pattern is when you want to return a Stream?

Using ref or out parameters

Using a C# parameter tagged ref or out implies that data is being returned to the caller and that a reply/request pattern is required.
If an operation is tagged one-way but needs to return data, an InvalidOperationException exception is thrown at runtime.

Message Security and Protection

You may specify the Message Protection Level on the Contract

If message security is applied to the binding in a contract's endpoint, then when designing the contract, you must decide the message protection level of services that implement it.

This data is only needed if message security is applied to the binding in the contract's endpoint.

If the binding has security turned off then the assumption is that there is no security on the operation.
The obvious way for the binding to turn of security is if the system-provided binding sets the System.ServiceModel.SecurityMode to System.ServiceModel.SecurityMode.None.

Typically, system-provided bindings with message-level security applied provide a sufficient protection level and you do not have to consider the protection level on a per operation or message resolution.

The protection level specifies whether the messages (or message parts) that support the service are:

  • signed
  • signed and encrypted
  • sent without signatures or encryption

The protection level can be set at various scopes:

  • service level
  • per operation
  • per message within an operation
  • per message part

Values set for a scope become the default value for enclosed scopes unless overridden.
If a binding configuration cannot provide the required minimum protection level for the contract, an exception is thrown.

When no protection level values are explicitly set on the contract, but the binding has message security, then the binding configuration provides the protection level for all messages (this is the default behaviour).

A service implementation endpoint with a default WSHttpBinding, the default System.ServiceModel.SecurityMode is Message, all messages are encrypted and signed because this is the default protection level.
However, if the same service contract was used for a service with a default BasicHttpBinding where the default SecurityMode is None, all messages are sent as text because there is no security for this binding.
In the latter case the protection level (what protection level does this refer to?) is ignored (the messages are not encrypted or signed).
If the SecurityMode was changed to Message, then these messages would be encrypted and signed (because that would then be the binding's default protection level).

What Microsoft is trying to say here is unclear, do they really mean that a protection level you've set is ignored, or are they simply trying to explain defaults? The example seems to contradict the blanket statement about
how the binding only provides the level when no values are set on the contract. This is clarified in the section on Understanding Protection Levels http://msdn.microsoft.com/en-us/library/aa347692.aspx - it seems that
if the binding can't meet the request (annotated) security level, then an exception is thrown.

Example from Microsoft - here, if the default WSHttpBinding is used so the default System.ServiceModel.SecurityMode would be Message (encrypted and signed at the message level)

[ServiceContract]
public interface IExplicitProtectionLevelSampleService
{
[OperationContractAttribute]
public string GetString(); // Will use the default (encrypted and signed)
[OperationContractAttribute(ProtectionLevel=ProtectionLevel.None)]
public int GetInt(); // Default security turned off
[OperationContractAttribute(ProtectionLevel=ProtectionLevel.EncryptAndSign)]
public int GetGuid(); // encrypted and signed
}

More information about Protection Levels: http://msdn.microsoft.com/en-us/library/aa347692.aspx
More information about Securing Services http://msdn.microsoft.com/en-us/library/ms734769.aspx (this page is full of fundamental stuff, is probably the best place to start reading and has links to lots more detail).

Issues with Names and Obfuscation

The names and namespaces of the .NET types in the definition of contracts and operations are obviously significant when contracts are converted into WSDL and when contract messages are created and sent and it would be troublesome for obfuscation to mangle them.

If service contract names and namespaces are explicitly set using the Name and Namespace properties of all supporting contract attributes
such as the ServiceContract, OperationContract, DataContract, DataMember, and other contract attributes, then they will not be mangled by (properly implemented) obfuscation.

An alternative is to use the Obfuscation and ObfuscateAssembly attributes to prevent the modification of the contract type names and namespaces.