COMP3241 E-Business Technologies

COMP3241COMP3241E-Business TechnologiesE-Business Technologies

Richard HensonRichard Henson

University of WorcesterUniversity of Worcester

OctoberOctober 20122012

Week 2 – Early Web Applications, Week 2 – Early Web Applications, ActiveX controls, and .netActiveX controls, and .net

Objectives:Objectives:Compare and contrast embedded code for Compare and contrast embedded code for

client-only applications & server scriptingclient-only applications & server scriptingExplain how client-side VBScript evolved into Explain how client-side VBScript evolved into

run-time ActiveX, which itself evolved into run-time ActiveX, which itself evolved into secure server-scriptsecure server-script

Use a client-server .net development Use a client-server .net development environment for development and testing environment for development and testing of .net master pages and code behindof .net master pages and code behind

Interpreted and Compiled Interpreted and Compiled LanguagesLanguages

Programming (source) code must be Programming (source) code must be converted into “machine code” before it can converted into “machine code” before it can be understood and acted on by the CPUbe understood and acted on by the CPU

This can be done in two ways:This can be done in two ways: convert whole program (using a compiler) and convert whole program (using a compiler) and

save it in a filesave it in a file leave program as it is, and convert it (using an leave program as it is, and convert it (using an

interpreter) one line at a time when it is neededinterpreter) one line at a time when it is needed Compiled code generally occupies much more Compiled code generally occupies much more

space than source codespace than source code so of more limited use on the Internet (esp. early so of more limited use on the Internet (esp. early

days)...days)...

How do Browsers cope with How do Browsers cope with source code?source code?

Designed to use interpretation on HTML Designed to use interpretation on HTML codecode reads one line of HTML key words and their reads one line of HTML key words and their

parameters and uses HTML interpreter to convert parameters and uses HTML interpreter to convert (or interpret) that line into CPU instructions(or interpret) that line into CPU instructions

reads & interprets next line… and so on…reads & interprets next line… and so on… CPU does further processing and sends CPU does further processing and sends

commands to the video card which creates the commands to the video card which creates the visual displayvisual display

Embedded programming code Embedded programming code

in HTML Filesin HTML Files Still .html and executed on the Browser

Browser needs to have interpreter for that programming language e.g.

» VB Script» Java Script

For the Browser to call the right interpreter, an appropriate declaration statement needs to be included in the <HTML> start line

Request and responsesRequest and responses Organisation of application processing

across a client-server network… Client:

requests services or information from another computer (e.g. the server)

Server: responds to the client's request by sending

the results of the request back to the client computer

Request and responsesRequest and responses

client requests information

server processes the request, sends a response back to the client

CLIENT SERVER

RESPONSE

Send RequestRead Results

Process RequestSend Back Results

ClientProgram

REQUEST

ServerProgram

Internet CommunicationsInternet Communications

Based on principles of client/server Based on principles of client/server networkingnetworkingEITHER Internet computer can EITHER Internet computer can ““playplay”” the the

role of client or role of client or the role of the role of serverservere.g.(1) A user in one university sends an e.g.(1) A user in one university sends an

email to a user in another university:email to a user in another university:» ““A” client sends email to “B” serverA” client sends email to “B” server

(2) When a reply comes back…(2) When a reply comes back…» ““B” client sends email to “A” serverB” client sends email to “A” server

Client-Server web applications & Server Scripts

Client-server web applications usually require:1. a web server, for interpreting or compiling then

processing the scripts 2.a server-end database to provide and store data3. physical & logical connections between server-

scripts, client-end input forms and server-end database

4. clearly defined locations for gathering input data at client-end, for server scripts, and for database(s)

Writing Server Scripts NOT saved as .html! Server code can be embedded directly into

HTML code…Command is needed to inform the web server

» (1) that non-HTML code is about to be used» (2) when next code reverts to HTML

With .asp scripts… (no longer used) the command to start the script was <% to end the script… %>

With .php scripts…<?php starts the script ?> ends the script ends the script

Server Scripts and “Localhost”Server Scripts and “Localhost”

No matter which scripting type is used, the No matter which scripting type is used, the code can be tested locally on a computer code can be tested locally on a computer running a web server that can understand that running a web server that can understand that type of scripttype of script how? use “localhost” in the URL at the Browser endhow? use “localhost” in the URL at the Browser end

(localhost = path to the server scripting root folder)(localhost = path to the server scripting root folder)

A typical URL for testing such a script locally A typical URL for testing such a script locally could then be (depending on script type):could then be (depending on script type):http://localhost/scriptname.aspxhttp://localhost/scriptname.php

Web Dynamic Web Dynamic Client-Server Model (1)Client-Server Model (1)

Server-Side Processing in Server-Side Processing in a typical web-based a typical web-based client-server application:client-server application:

1.1. HTML form on web browser HTML form on web browser collects data at the client collects data at the client end end

2.2. HTTP enables the form data HTTP enables the form data to be sent to a web serverto be sent to a web server

Web Dynamic Web Dynamic Client-Server Model (2)Client-Server Model (2)

3. web server 3. web server processes the form processes the form data according to data according to instructions on a instructions on a server script called server script called at the client endat the client end

4. output from 4. output from processing stored processing stored temporarily on web temporarily on web serverserver

Web Dynamic Web Dynamic Client-Server model (3)Client-Server model (3)

5. server script sends 5. server script sends output back to browser output back to browser with HTML code to create with HTML code to create a structure to display the a structure to display the data (e.g. HTML table)data (e.g. HTML table)

6. This gets even more 6. This gets even more complex when a database, complex when a database, and database and database programming, are also programming, are also involved at the server involved at the server end…end…

Introduction to Server-scriptingIntroduction to Server-scripting

The following apply to ALL types of The following apply to ALL types of scripting…scripting…real programming code is essentialreal programming code is essential

» note: HTML is a FORMATTING language, NOT a note: HTML is a FORMATTING language, NOT a programming languageprogramming language

both client and server ends need to have both client and server ends need to have links to programming code:links to programming code:

» client end…embedded within a HTML pageclient end…embedded within a HTML page» server end… could be embedded or separateserver end… could be embedded or separate

Languages used for Languages used for Server ScriptingServer Scripting

Much has been tried since HTML became interactive Much has been tried since HTML became interactive in the early 1990s:in the early 1990s: Can use an existing language in a completely separate file, Can use an existing language in a completely separate file,

which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured

Can use an existing language embedded in a HTML fileCan use an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source

Can utilise/invent a scripting language that is “HTML-like” Can utilise/invent a scripting language that is “HTML-like” and easily embeds with HTMLand easily embeds with HTML

» PERLPERL» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php

Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…

In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successfulhugely successful soon became more popular than .cgisoon became more popular than .cgi

However, in spite of the great success of asp, big However, in spite of the great success of asp, big problems were emerging…problems were emerging… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and

finding many security holes in IISfinding many security holes in IIS» Microsoft only coped by offering hotfixesMicrosoft only coped by offering hotfixes

further problem: used VB source codefurther problem: used VB source code» if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised» Scripts could not be truly “object oriented”Scripts could not be truly “object oriented”

ASP becomes ASP.NETASP becomes ASP.NET Microsoft’s new approach to server scripting Microsoft’s new approach to server scripting

for the new millennium…for the new millennium… building on asp principlesbuilding on asp principles new system that used “intermediate language”, new system that used “intermediate language”,

rather than source code on the serverrather than source code on the server much more difficult to hackmuch more difficult to hack

Security problems with VB…Security problems with VB… out with the old (asp)out with the old (asp) in with the new (asp.net)in with the new (asp.net)

New environment known as the .net New environment known as the .net frameworkframework many developers accustomed to VB/.aspmany developers accustomed to VB/.asp took awhile to catch on!took awhile to catch on!

Development of .NET framework for Server Scripting BASIC and VB very much a part of Microsoft’s strategy, until

circa 1999/2000… use of raw source code became a security issue Gates realised that e-business and e-commerce would never be

reliable without using secure (and therefore compiled) code Microsoft rejected their previous strategy which used source VB

code and an interpreter program within IIS What to replace VB source code with?

applied source VB -> ActiveX run-time principles server-side Server equivalent of ActiveX controls could now be used/developed

Result: .net Framework & ASP.NET: VB evolved into the more object oriented (and complied) VB.NET .net framework provided the basis for

» .net server-side controls» the ubiquitous use of compiled languages

Advantages of ASP.NET scripts Advantages of ASP.NET scripts compared to ASPcompared to ASP

Compiled, not interpreted

Web Controls use xml-type tags

Can be written using a variety of programming languages language declared at beginning of file fully object-oriented and many controls written to respond to

on-screen “events”

Which Source Code Language? Source code for .net development can be

written in any language that can be translated into IL

VB.NET builds on existing practice from asp

But… C# has proved to be most popular with developers, many of whom had previously used “C” and C++

» why use VB.net, when you can use a more powerful, compiled, and object-oriented language like C?

Components of the evolving Components of the evolving .net framework.net framework

Common Language Infrastructure (CLI) at the Common Language Infrastructure (CLI) at the server end (i.e. IIS)server end (i.e. IIS) ““managed execution” framework for scriptsmanaged execution” framework for scripts runs Intel x86 IL coderuns Intel x86 IL code

» common Language run-time (CLR) for executing controlscommon Language run-time (CLR) for executing controls» ready to run; development language irrelevantready to run; development language irrelevant

/app_code folder for deployed “assemblies” or “controls” containing executable code, and databases

web.configweb.config file file» store of configuration info store of configuration info e.g. a path to database filee.g. a path to database file

from v2 onwards the following additional folders:from v2 onwards the following additional folders:» app_browsers, app_themes, app_localresources, app_globalresources, app_browsers, app_themes, app_localresources, app_globalresources,

app_webreferencesapp_webreferences

How the .net environment How the .net environment manages an applicationmanages an application

““Assemblies” from .aspx files added to Assemblies” from .aspx files added to /App_Code (usually .dll files created by /App_Code (usually .dll files created by compiling the assembly components)compiling the assembly components)

CLI executes IL assemblies as CLR (runtime)CLI executes IL assemblies as CLR (runtime) makes sure script execution is “controlled” and makes sure script execution is “controlled” and

kept within boundarieskept within boundaries» an earlier version of IIS used to “leak” memory until the an earlier version of IIS used to “leak” memory until the

system needed rebootingsystem needed rebooting usually loaded implicitly when a .net application is usually loaded implicitly when a .net application is

runrun

Mechanism of Loading Mechanism of Loading Assemblies for processingAssemblies for processing

““AppDomain” sets up a security AppDomain” sets up a security boundary in memory for each boundary in memory for each applicationapplication

Code (.exe, or .dll) loaded into process Code (.exe, or .dll) loaded into process “spaceperfo”“spaceperfo”

JIT compilation ensures “flat out JIT compilation ensures “flat out performance”performance”cf Wallace & Grommit – latter lays out the cf Wallace & Grommit – latter lays out the

track as the train is about to pass along ittrack as the train is about to pass along it

HTTP processingHTTP processing .net architecture designed “with failure in mind”.net architecture designed “with failure in mind”

overall control with http.sysoverall control with http.sys if memory usage gets too large, .net pulled down and if memory usage gets too large, .net pulled down and

restarted…restarted… Each AppDomain uses a pipeline of objects to handle Each AppDomain uses a pipeline of objects to handle

requestsrequests Httpapplication – oversees flowHttpapplication – oversees flow Httpcontext – tracks “per request” stateHttpcontext – tracks “per request” state Modules – generic “pluggable servicesModules – generic “pluggable services Handlers – http requestsHandlers – http requests

Covers most (all?) eventualities and makes sure Covers most (all?) eventualities and makes sure requests are correctly dealt with – no muddling of requests are correctly dealt with – no muddling of threads (!)threads (!)

Very Useful ASP.net components: Very Useful ASP.net components:

1. Web Controls1. Web Controls Reusable classes used to render parts Reusable classes used to render parts

of a pageof a pageSimilar to Windows “forms”Similar to Windows “forms”

New control created for each requestNew control created for each request» view state/Event tracking handled automaticallyview state/Event tracking handled automatically

A typical web page may have a A typical web page may have a hierarchical structure of web controls to hierarchical structure of web controls to makes them easily manageablemakes them easily manageable


2. Event Handlers2. Event Handlers HTTP is stateless (no data retention)HTTP is stateless (no data retention)

no multi-step processes possibleno multi-step processes possible e.g. HTML form contents disappear once form e.g. HTML form contents disappear once form

submittedsubmitted

Web Controls provide scope for handling Web Controls provide scope for handling events, when triggered (or raised)events, when triggered (or raised) e.g. Page_Load, OnClicke.g. Page_Load, OnClick ““PostBack architecture”PostBack architecture”

» allows web forms data to reappear on the screen allows web forms data to reappear on the screen


3. Master Pages3. Master Pages Master PageMaster Page

Created as a .master fileCreated as a .master file defines template for other pagesdefines template for other pages

» cf PowerPoint slide mastercf PowerPoint slide master

Contains top <html>, <body>, <form> tagsContains top <html>, <body>, <form> tags ““Page” command (top of page) utilises master:Page” command (top of page) utilises master:

» either “static” or “dynamic”either “static” or “dynamic”

““Page_init” process renders componentsPage_init” process renders components

Very Useful ASP.net Very Useful ASP.net components: 4. Themescomponents: 4. Themes

Allow common styles to be applied across a Allow common styles to be applied across a series of pagesseries of pages

Developers can still use .CSS filesDevelopers can still use .CSS files fully supported by the master file and page fully supported by the master file and page

“themes” concepts“themes” concepts

.net Development and RAD tools.net Development and RAD tools

By now, you may be thinking…By now, you may be thinking… ““Help! I can’t program in “C”!”Help! I can’t program in “C”!”

DON’T BE SCARED!DON’T BE SCARED! the syntax of object-oriented C# is similar to Javathe syntax of object-oriented C# is similar to Java RAD tools such as Dreamweaver (earlier versions) and RAD tools such as Dreamweaver (earlier versions) and

Visual Web Developer (VWD) provide a range of web Visual Web Developer (VWD) provide a range of web controls already written in C#controls already written in C#

Extension Managers enable other controls to be added to Extension Managers enable other controls to be added to the RAD environmentthe RAD environment

VWD also help with general file/folder management VWD also help with general file/folder management such as putting controls/assemblies into the right such as putting controls/assemblies into the right folderfolder i.e. /app_codei.e. /app_code

Managing C# Code, HTML Managing C# Code, HTML code, and web controlscode, and web controls

Each has its own syntax!earlier versions of .net had all three types

together!More recently “code behind” files

encouraged» Standard HTML & web control file saved as .aspx

» associated C# code saved as a .cs file declared through “Page” command

Running .aspx, .cs, etc. pages toghether

All managed within the .net run-time environmentnormally at server-end using IISVisual Studio allows use of a cut-down

version of IIS at client end for testingdeveloper doesn’t need to do anything

more, provided that files all in the right folders…

Running controls & C# with ASP.NET

Semi-compiled into “intermediate language” (MSIL) for .net framework and saved together as an “assembly” intermediate code executes very quickly when

required…

Now you try it… \

Documents

COMP3241 E-Business Technologies