Asp.net 3.5 knowledge point

16.1 built-in support for ASP. NET Ajax, JS awareness,
Microsoft Silverlight is a cross-browser and cross-platform. Net implementation technology. It is suitable for building next-generation Web applications that support various media and further support richer user interactions.
17. Access Restrictions
Internal is accessed by classes in the same assembly .. The base class member of internal can only be accessed by the derived classes in the same assembly
When protected is inherited, The subclass can have full access to the base class.
Private only allows access by members in the same class
18. abstract class, interface differences
Similar: all contain members inherited from a derived class and cannot be instantiated.
Different: A derived class can inherit only one base class (abstract class), but multiple interfaces can be used.
Abstract classes have abstract members (no code body, which must be implemented in the derived class, or must be abstracted in the derived class) protected classes at string getshoutsound ();
, Non-Abstract members (with code bodies, virtual, to be implemented in a derived class) Public Virtual double area () {return x * Y ;}
Interface, which must be implemented on the class using the interface. There is no method body,
Interface Method public, abstract class, can be private, protected, internal
19. generic definition
In the public class Stack <t >{}, replace the original type, for example, object with T.
Call Stack <int> stack = new stack <int> ();
20. Pass the value
20.1 view status (viewstate) is hashed and compressed to encode Unicode implementation. The security is higher than that of hidden fields. If it is more secure, page display and sending speed will be affected, attackers can tamper with and hide domain information by viewing the source code, resulting in potential security problems.
Hidden field (hiddenfield) is invisible. It is encoded for Unicode implementation after hash calculation and compression. The security is higher than the hidden field and can be tampered, complex data types are not supported (only string value fields are supported). The view status is serialized and complex data types can be saved,
If the data volume is too large, some proxies and firewalls will block access to pages containing the data.
Cookies, a small amount of data, stored in text files of the client file system, or stored in the memory of the client browser session. Cookies contain site-specific information, the information is sent from the server to the client along with the page output,
Cookie can be temporary (expiration time, date) and permanent
Most browsers support 4096-byte cookies, which can be disabled and tampered with. Although cookies are only sent to the region of the customer's region for access, users can operate cookies on other computers.
Query string ,? Id = xxx, additional information at the end of the URL.
The maximum length is 2083 characters. Risks: You can see
Application
Storage: application ["name"] = "zhangsan"; string strusername = application ["name"];
Also lock application. Lock (); application. Unlock ();
This variable is global only when the application is running a specific process. Each application process may have different values,
Session: each user accesses the website once and ends the self-session upon timeout.
Data persistence can withstand IIS restart or secondary process restart without losing session data because the data is stored in another process space and session process data can be maintained across multiple processes. No cookie required
Stored in Web. config.
<Sessionstate mode = "inproc" cookieless = "false" timeout = "20">
If the mode is set to inproc (default value), the session status is stored in the memory by ASP. NET, and the session ID is not transmitted by Cookie.
If a page does not need to access the session object, you can set the pre-compiled command enablesessionstate = false for this page;
Else]
2. mode = sqlserver stores session data in the database [sapstate table]
21. server. clearerror ()
22. log4net. dll Enterprise Library logging Application Block
The Enterprise Library is a set of reusable application blocks used to solve common problems faced by enterprise-level application development.
23. xml
Xmldocument. It can be read and written and loaded into memory at a time, similar to dataset.
Xmlreader read-only, similar to datareader
The xmltextreader class inherits from the xmlreader class, uses the encodeing attribute to provide encoding information, and can be used to create xpathdocument (read-only, random read). Or xmldocument. Object
24. asynchronous Processing
A large amount of data is inserted, updated, and asynchronous. You do not need to wait until all updates are completed,
System. Data. sqlclient
Other providers can implement asynchronous processing through asynchronous APIs.
Class implementation of the iasyncresult interface containing asynchronous operations
The begin prefix method is used to input parameters. The end prefix method returns the output parameters and return values.
Iasyncresult AR = command. beginexecutereader ();
// Do some thing
Sqldatareader DR = command. endexecutereader ();
25. Massive Data Operations
You can use the sqlbulkcopy class to quickly write a large amount of data.
Datarow array, datatable, datareader1
26. Transaction Processing Methods
COM + transaction (Distributed Transaction)-used for multiple databases,
Mark assembly with a strong name to ensure that the Assembly contains a unique key pair
Register the Assembly containing your class in COM + catalog
 
27. Concurrent processing [database]
Exclusive lock, does not accept operations on it by other tasks
Shared lock. Other users cannot modify it. For example, a shared lock will be applied during select.
Update lock, which can be read without being modified,
Row lock rowlock,
Pagelock
Table lock holdlock shared lock, readable, unupdatable, and deleted
Tablockx exclusive lock. Other things do not read tables, update, or delete
Nolock can ignore the lock and read uncommitted data.
Updlock is used to read the table and keep the lock until the statement or transaction ends.
28. Temporary table
Select Identity (INT, 1, 1) FID, * into # temp from table

29. Reconstruction, cleaning, expansion, maintenance, and new home
30. SOA 4 features clear boundaries, autonomous services, and message formats for interaction between services have formal XML Schema definitions, rather than class. Service compatibility is determined by policies.
SOA anti-pattern: crud interface loosey goosey
31. Advantages and Disadvantages of Web Service
Excellent: Distributed Application Development Technology with the highest cross-platform applications,
Use XML/soap as the message expression,
Use http as the channel for message exchange
The use of WSE provides a new generation of WS support
Disadvantages: Hard to write code and hard to interwork with Distributed Technology
32. AOP, ormaping MVC
AOP: In Aspect-Oriented Programming, it modularize the behavior of cross-cutting concerns or typical division of duties, and encapsulate the behavior that affects multiple classes into reusable modules.
Ormaping object relationship ing
MVC mode-View-Controller
Spring.net, nhib.pdf, Microsoft Enterprise Library LINQ, Asp.net MVC
33. Improved security
Network Defense [Spoofed packets] {port blocking, filtering, encryption}
Host Defense [buffer overflows, illicit paths] {fixes program updates, IIS hardening, ACLs, Cas, logging, lease, privilege, account, management}
Application Defense [SQL injection, XSS, input tampering.] {validation, hashing, encryption, secrets, management, Cookie, session, error, handling}
Database Defense [SQL injection, password cracking] {disable common protocols, disable services, and enhance security}
 
Application defense
Do not trust user input [verify input, avoid cross-site attacks, use htmlencode encoding]
Avoid weaknesses in Forms authentication
Use SSL/TLS //? Protect account passwords and store encrypted passwords or hashesg to increase security and hide domain tampering.
Cookies Security
Use SSL to prevent Cookie Theft, shorten the cookie life, reduce the chance of replay attacks, guess sessionid, steal sessioid cookie, and impersonate the victim's identity
Securely access the database,
No SA. The query function uses an account with only the select permission and uses SSL/TLS or IPSec to encrypt data connections.
Prevent injection attacks
Use stored procedures or parameterized commands and set to allow only execute permission on stored procedure, with or 1 = 1 attack
Asynchronous Processing
Do not expose too much information on the error message webpage. Note that mode = off and DEBUG = true. Use <customerror> to display custom error messages.