10 Features why Asp.Net 4 is better for public website

Updated [09/10/19] Thanks for all the retweets and trackback. I think it started rolling from ScottGu’s tweet mentioning this post. Please don’t forget to follow me at Twitter @ronaldwidha.

I’m excited about Asp.Net 4 and just finished reading the Asp.Net 4.0 Beta 2 Overview. On this post, I want to highlight a few enhancement on this framework which makes it better for implementing a public website.

The overall approach seem to be ‘trusting the developer more’. Microsoft have built a few crucial extensibility points which allow us to extend further from the Asp.net in-built implementations.

1. Accessibility: Control over Url

Those of us who have played with Asp.Net MVC must appreciate the degree of control we have over how URL is handled. We don’t have to care anymore about writing our own HttpModule to handle internal and external Url.

This feature has been available on Asp.Net 3.5, but Asp.Net 4 introduce a couple of features to make it easier for us to use it, this includes:

• setting up routing specific to Asp.Net requirement (mapping to a physical aspx file)
• Reading routing information in a Web Form page is now almost as easy as reading from query string

  Page.RouteData.Values["blogtitle"] as string;

• Accessing routing Information in Markup: no more hard-coding Url into our markup

   NavigateUrl="<%$RouteUrl:Search=ronaldwidha%>"

2. Accessibility: Permanently Redirecting a Page

As you might already know there are numerous redirection headers; 301 is one of them. 301 signifies that a page has been moved permanently to a new location. Prior to Asp.Net 4.0, we have to construct the response header manually by doing:

Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://new-location");

Now we can simply use the helper class available in Asp.Net 4:

RedirectPermanent("http://new-location");

3. Accessibility: Extensible Browser Capabilities

Browser Definition is a feature Asp.Net uses to determine the capability of a browser. This feature have been introduced in the Asp.Net 3.5 SP1, however it requires change XML files and some command prompt action.

Side Note: Scott Hanselman spoke to Chris Woods, a program manager at Microsoft on the Mobile Browse Platform Team about a database of mobile device capabilities which uses the same mechanism.

On Asp.net 4, Microsoft include quite an extensive browser definition files which includes browsers like iphone, chrome, safari and opera.

 
taken from http://www.geeky-gadgets.com

Adding to that, this feature is extensible by the usual Provider model.

4. Performance: Extensible Output and Object Caching

No great site can survive without a good caching strategy. Asp.Net does always have a caching mechanism built in, but it lacks native support to external distributed caching engines.

On Asp.Net 4, output and object caching are implemented using the Provider model, which means you can use the normal cache object to interact with your own custom cache engine!

Or even better, implement your own custom caching strategy based usage patterns, time of day, etc.

5. Performance: Control over Client ID

With the prior versions of Asp.net, we lost control over what Html ID gets generated to the clients. This introduce 2 problems: performance (size of download gets bigger) and it becomes so darn hard to write client side script without a reliable client ID.

Side Note: QA team also often finds it difficult to write consistent Automated UAT Script (using WatiN or Selenium) having the client ID automatically generated by Asp.Net.

Asp.Net 4 introduce ClientIDMode which lets you set AutoID, Static, Predictable and Inherit.

Static – specifies the ClientID to use the value as the ID of the web user control without the parent naming containers.

Predictable – specifies the Client ID with a specified row suffix. This is generally used for controls with repeating templates.

6. Performance: More Granular View State Control

In prior Asp.Net versions, ViewState is enabled by default and can’t be disabled sitewide. In Asp.Net 4 this is now possible. Possible values include Enabled, Disabled and Inherit.

Remember, View State aren’t evil but it has to be utilized carefully.

7. Performance: Session State Compression

Handling massive amount of session state can be quiet expensive on a large website. Asp.Net 4 introduce a simple switch to turn Gzip compression on out-of-process session state providers. Very cool!

8. Performance: Auto-Start Web Applications

Some sites have extensive Application_Start procedure, for e.g eager cache static content, or let the load balancer know that the server is ready to start serving requests. However in previous Asp.net versions, Application_Start happens upon the first user visit the site causing terrible experience for this unlucky person.

Side Note: hence often we have an automated ping to fake the first request to kick off the application

Asp.Net 4 with IIS 7.5 introduce an always on mode which start the web site automatically.

9. Security: Extensible HTML, URL and HTTP Header Encoding

Have you ever had problems of not being able to escape special characters by using HttpUtility.Encode ? In the previous Asp.Net versions the encoding technique doesn’t seem to be aggressive enough. In Asp.Net 4, Microsoft again introduce an extensibility point to built our own and have it configured from the web.config file.

<httpRuntime encoderType="Samples.MyCustomEncoder, Samples" /> 

10. Security : Extensible Http Request Validation

Asp.Net 4 introduce a few things that improves security when it comes to handling http requests:

• Url character check configuration.
  
  afraid of script injection/XSS (cross side scripting) attacks from the url? fear no more, now we can specify a list of invalid chars. If it failed the test, http 400 will be returned back
• Request Validation
  
  This is an attempt to validate all HTTP request data. We have to see how effective it really is.
• As you might start to recognize a pattern from the previous points, guess what? Request Validation feature is also extensible, so if Microsoft isn’t doing a good enough job, you could implement it yourself.

The Bad news is there seem to be  not much improvement over the rendering of the web controls. Render=Flow still generate a bunch of span-s instead of div-s which I personally found limiting.