Transcript ITY276 presentation 3 - University of Worcester

COMP3241
E-Business Technologies
Richard Henson
University of Worcester
October 2012
Week 2 – Early Web Applications,
ActiveX controls, and .net

Objectives:
Compare and contrast embedded code for
client-only applications & server scripting
Explain how client-side VBScript evolved into
run-time ActiveX, which itself evolved into
secure server-script
Use a client-server .net development
environment for development and testing of
.net master pages and code behind
Interpreted and Compiled
Languages


Programming (source) code must be
converted into “machine code” before it can
be understood and acted on by the CPU
This can be done in two ways:
 convert whole program (using a compiler) and
save it in a file
 leave program as it is, and convert it (using an
interpreter) one line at a time when it is needed

Compiled code generally occupies much more
space than source code
 so of more limited use on the Internet (esp. early
days)...
How do Browsers cope with
source code?

Designed to use interpretation on HTML
code
 reads one line of HTML key words and their
parameters and uses HTML interpreter to convert
(or interpret) that line into CPU instructions
 reads & interprets next line… and so on…
 CPU does further processing and sends
commands to the video card which creates the
visual display
Embedded programming code
in HTML Files

Still .html and executed on the Browser
Browser needs to have interpreter for that
programming language e.g.
» VB Script
» Java Script

For the Browser to call the right
interpreter, an appropriate declaration
statement needs to be included in the
<HTML> start line
Request and responses
Organisation of application processing
across a client-server network…
 Client:

requests services or information from
another computer (e.g. the server)

Server:
responds to the client's request by sending
the results of the request back to the client
computer
Request and responses
client requests information
server processes the request, sends a response back to
the client
CLIENT
Client
Program
SERVER
REQUEST
RESPONSE
Send Request
Read Results
Server
Program
Process Request
Send Back Results
Internet Communications

Based on principles of client/server
networking
EITHER Internet computer can “play” the
role of client or the role of server
e.g.(1) A user in one university sends an
email to a user in another university:
» “A” client sends email to “B” server
(2) When a reply comes back…
» “B” client sends email to “A” server
Client-Server web applications
& Server Scripts
 Client-server web applications usually
require:
1. a web server, for interpreting or compiling then
processing the scripts
2. a server-end database to provide and store data
3. physical & logical connections between serverscripts, client-end input forms and server-end
database
4. clearly defined locations for gathering input data
at client-end, for server scripts, and for
database(s)
Writing Server Scripts


NOT saved as .html!
Server code can be embedded directly into
HTML code…
 Command is needed to inform the web server
» (1) that non-HTML code is about to be used
» (2) when next code reverts to HTML

With .asp scripts… (no longer used)
 the command to start the script was <%
 to end the script… %>

With .php scripts…
 <?php starts the script
 ?> ends the script
Server Scripts and “Localhost”

No matter which scripting type is used, the
code can be tested locally on a computer
running a web server that can understand that
type of script
 how? use “localhost” in the URL at the Browser end
(localhost = path to the server scripting root folder)

A typical URL for testing such a script locally
could then be (depending on script type):
 http://localhost/scriptname.aspx
 http://localhost/scriptname.php
Web Dynamic
Client-Server Model (1)
Server-Side Processing
in a typical web-based
client-server application:
1. HTML form on web
browser collects data at
the client end
2. HTTP enables the form
data to be sent to a web
server
Web Dynamic
Client-Server Model (2)
 3. web server
processes the form
data according to
instructions on a
server script called
at the client end
 4. output from
processing stored
temporarily on web
server
Web Dynamic
Client-Server model (3)
 5. server script sends
output back to browser
with HTML code to create
a structure to display the
data (e.g. HTML table)
 6. This gets even more
complex when a database,
and database
programming, are also
involved at the server
end…
Introduction to Server-scripting

The following apply to ALL types of
scripting…
real programming code is essential
» note: HTML is a FORMATTING language, NOT a
programming language
both client and server ends need to have
links to programming code:
» client end…embedded within a HTML page
» server end… could be embedded or separate
Languages used for
Server Scripting

Much has been tried since HTML became interactive
in the early 1990s:
 Can use an existing language in a completely separate file,
which is already compiled and ready to go:
» the original approach: .cgi
» any language could in theory be used
» in practice “C” was usually favoured
 Can use an existing language embedded in a HTML file
» The Microsoft .asp approach, using embedded VB source code
» The Sun .jsp approach, using embedded Java (Script) source
 Can utilise/invent a scripting language that is “HTML-like”
and easily embeds with HTML
» PERL
» Cold Fusion .cf
» Preprocessor Hypertext processing .php
Microsoft’s first attempt
at server scripting…

In 1996, Microsoft introduced active server pages
(asp)
 hugely successful
 soon became more popular than .cgi

However, in spite of the great success of asp, big
problems were emerging…
 by 2000, hackers were attacking Microsoft servers and
finding many security holes in IIS
» Microsoft only coped by offering hotfixes
 further problem: used VB source code
» if server not secure, code could be copied or compromised
» Scripts could not be truly “object oriented”
ASP becomes ASP.NET

Microsoft’s new approach to server scripting
for the new millennium…
 building on asp principles
 new system that used “intermediate language”,
rather than source code on the server
 much more difficult to hack

Security problems with VB…
 out with the old (asp)
 in with the new (asp.net)

New environment known as the .net
framework
 many developers accustomed to VB/.asp
 took awhile to catch on!
Development of .NET
framework for Server Scripting

BASIC and VB very much a part of Microsoft’s strategy, until
circa 1999/2000…
 use of raw source code became a security issue
 Gates realised that e-business and e-commerce would never be
reliable without using secure (and therefore compiled) code
 Microsoft rejected their previous strategy which used source VB
code and an interpreter program within IIS

What to replace VB source code with?
 applied source VB -> ActiveX run-time principles server-side
 Server equivalent of ActiveX controls could now be used/developed

Result: .net Framework & ASP.NET:
 VB evolved into the more object oriented (and complied) VB.NET
 .net framework provided the basis for
» .net server-side controls
» the ubiquitous use of compiled languages
Advantages of ASP.NET scripts
compared to ASP

Compiled, not interpreted

Web Controls use xml-type tags

Can be written using a variety of programming
languages
 language declared at beginning of file
 fully object-oriented and many controls written to respond to
on-screen “events”
Which Source Code Language?

Source code for .net development can be
written in any language that can be
translated into IL
 VB.NET builds on existing practice from asp
 But… C# has proved to be most popular with
developers, many of whom had previously used
“C” and C++
» why use VB.net, when you can use a more powerful,
compiled, and object-oriented language like C?
Components of the evolving
.net framework

Common Language Infrastructure (CLI) at
the server end (i.e. IIS)
 “managed execution” framework for scripts
 runs Intel x86 IL code
» common Language run-time (CLR) for executing controls
» ready to run; development language irrelevant
 /app_code folder for deployed “assemblies” or
“controls” containing executable code, and
databases
 web.config file
» store of configuration info e.g. a path to database file
 from v2 onwards the following additional folders:
» app_browsers, app_themes, app_localresources,
app_globalresources, app_webreferences
How the .net environment
manages an application


“Assemblies” from .aspx files added to
/App_Code (usually .dll files created by
compiling the assembly components)
CLI executes IL assemblies as CLR (runtime)
 makes sure script execution is “controlled” and
kept within boundaries
» an earlier version of IIS used to “leak” memory until the
system needed rebooting
 usually loaded implicitly when a .net application is
run
Mechanism of Loading
Assemblies for processing
“AppDomain” sets up a security
boundary in memory for each
application
 Code (.exe, or .dll) loaded into process
“spaceperfo”
 JIT compilation ensures “flat out
performance”

cf Wallace & Grommit – latter lays out the
track as the train is about to pass along it
HTTP processing

.net architecture designed “with failure in mind”
 overall control with http.sys
 if memory usage gets too large, .net pulled down and
restarted…

Each AppDomain uses a pipeline of objects to handle
requests





Httpapplication – oversees flow
Httpcontext – tracks “per request” state
Modules – generic “pluggable services
Handlers – http requests
Covers most (all?) eventualities and makes sure
requests are correctly dealt with – no muddling of
threads (!)
Very Useful ASP.net components:
1. Web Controls

Reusable classes used to render parts
of a page
Similar to Windows “forms”

New control created for each request
» view state/Event tracking handled automatically

A typical web page may have a
hierarchical structure of web controls to
makes them easily manageable
Very Useful ASP.net components:
2. Event Handlers

HTTP is stateless (no data retention)
 no multi-step processes possible
 e.g. HTML form contents disappear once form
submitted

Web Controls provide scope for handling
events, when triggered (or raised)
 e.g. Page_Load, OnClick
 “PostBack architecture”
» allows web forms data to reappear on the screen
Very Useful ASP.net components:
3. Master Pages

Master Page
 Created as a .master file
 defines template for other pages
» cf PowerPoint slide master
 Contains top <html>, <body>, <form> tags
 “Page” command (top of page) utilises master:
» either “static” or “dynamic”
 “Page_init” process renders components
Very Useful ASP.net
components: 4. Themes


Allow common styles to be applied across a
series of pages
Developers can still use .CSS files
 fully supported by the master file and page
“themes” concepts
.net Development and RAD tools

By now, you may be thinking…
 “Help! I can’t program in “C”!”

DON’T BE SCARED!
 the syntax of object-oriented C# is similar to Java
 RAD tools such as Dreamweaver (earlier versions) and
Visual Web Developer (VWD) provide a range of web
controls already written in C#
 Extension Managers enable other controls to be added to
the RAD environment

VWD also help with general file/folder management
such as putting controls/assemblies into the right
folder
 i.e. /app_code
Managing C# Code, HTML
code, and web controls

Each has its own syntax!
earlier versions of .net had all three types
together!
More recently “code behind” files
encouraged
» Standard HTML & web control file saved as .aspx
» associated C# code saved as a .cs file

declared through “Page” command
Running .aspx, .cs, etc. pages
toghether

All managed within the .net run-time
environment
normally at server-end using IIS
Visual Studio allows use of a cut-down
version of IIS at client end for testing
developer doesn’t need to do anything
more, provided that files all in the right
folders…
Running controls & C# with
ASP.NET

Semi-compiled into “intermediate language”
(MSIL) for .net framework and saved
together as an “assembly”
 intermediate code executes very quickly when
required…
Now you try it…
\