ASP development principles guide

ASP Guide

Author: J. D. Meier

Published on: February 1, December 27, 1999

Introduction

The success of an "Active Server Page (ASP)" application often depends on the architecture and design. Considering the wide range of ASP technology and the inherent complexity of the current application, this trade-off is very difficult. In this article, I will provide you with some specific guidelines to help you successfully develop ASP-based applications.

From the past successful development model experience, we have summarized the following principles.

I have organized the guidelines into a set of development principles. When evaluating solutions and technologies, you can apply the following principles to help you make decisions. The following principles are my long-term experience gained from successful development models.

Principle 1: adopt standard methods

Creating naming conventions and standardizing directory structures can greatly improve the readability and maintainability of ASP applications. Although there are no formal standards for ASP applications, many developers have established some common methods. Here, I will share some more common methods with you.

Because ASP technology relies on the script engine for work, and the script type is not strict, the naming conventions are also vague. In languages with very strict types, variables are declared according to their actual types. When using ASP technology, variables are usually declared in ASP code according to the way they are processed (rather than the actual data type. For example, when "Visual Basic (r) Scripting Edition (VBScript)" is used, although all VBScript variables are variant, you will still declare the success mark as bsuccess (B stands for boolean type), rather than vsuccess (V stands for variant ).

The following table lists common naming conventions.

Variable Prefix:

Prefix	Variables used	Variable example
B or bln	Boolean	Bsuccess
C or cur	Currency	Camount
D or DBL	Double	Dblquantity
DT or dat	Date and Time	Dtdate
F or FLT	Float	Fratio
L or LNG	Long	Lmilliseconds
I or int	Integer	Icounter
S or Str	String	Sname
A or arr	Array	Ausers ()
O or OBJ	COM Object	Opipeline

Variable prefix of the database object:

Prefix	Variables used	Variable example
CNN	Connection	Cnnpubs
RST	Recordset	Rstauthors
CMD	Command	Cmdemployee
Bytes	Field	Fldlastname

Range and prefix usage:

Prefix	Description
G _	Created on global. Asa.
M _	For ASP pages or include files, it is partial.
(No prefix)	Non-static variables. For the process, the prefix is partial.

In knowledge base (Kb), "q110264 info: Microsoft Consulting Services naming conventions for Visual Basic" provides insights on naming conventions.

Use the directory structure whenever possible to provide consistent location for your various application components. The actual directory structure of your application is of course determined by yourself. However, images, documents, include files, and components are usually placed in separate directories. The following is an example of a simple ASP application directory structure.

Directory structure example:

/SimpleAspApp /Docs /Images /Includes

A good directory structure allows you to selectively apply NTFS permissions. You can also use the relative path within the ASP application. For example, you can use the following code to reference the include file top. asp in the uplodes directory from the default. asp page in the simpleaspapp directory:

./includes/top.asp

Note that the extension of my include file is. asp, not. Inc. This is done for security considerations, and with the. asp extension (instead of. INC), you can also use color encoding in Visual InterDev (R.

For more information about structured ASP applications, see ASP conventions ).

Principle 2: designed to run under a service

ASP will run under the service. When designing ASP applications, you will immediately face security environment and thread issues that are not encountered in desktop applications. In a desktop environment, it is usually executed only in a single thread running as an interactive user and has the right to access the current desktop system. In "Internet Information Service (IIS)", simulate multiple client threads in different user environments to call your applications, and your applications are limited to "system" desktops.

What does this mean to you? Learn about the security mode of IIS. We also want to remind you that something can run normally only in Visual Basic IDE, and does not mean it can run securely in ASP technology. Visual Basic ide does not accurately simulate the runtime environment. Common design errors include: using the. ocx control that requires the user interface in ASP technology, using components that are not secure for the thread, and using components that require special user context. The simplest problem to avoid is to try to access the HKEY_CURRENT_USER (hkcu) registry key from the application (for example, do not callGetsettingAndSavesettingFunction, all of which depend on hkcu ). Similarly, Do Not Display message boxes or other dialogs that require user interaction.

The following is a good entry-level book on ASP security and verification:

• "Authentication and security for Internet developers)
• "Q172925 info: security issues with objects in ASP and ISAPI extensions)

Principle 3: encapsulate business logic

ASP provides the expression service by generating HTML output. In short, it generates a user interface. You need to separate the business logic from the ASP representation script. Even if you do not use COM components to separate the business logic from ASP code, you must at least separate the business logic into functions and include files to improve maintainability, readability, and reusability. When troubleshooting and isolation problems are required, you can also appreciate the benefits of modular design methods.

Calling functions and methods Inside the script can avoid code disorder and add structures to ASP applications. The following example shows how to separate the logic from the ASP code to the method call:

  lt;% Main()MyBizMethod()...Sub Main()GetData()DisplayData()End Sub%>

This principle can be applied when using technologies that contain ASP functions. The following example shows how to use Visual Basic webclass:

• Because webclass itself references ASP code to generate HTML, you should not place the business logic directly in webclass. Because this is your presentation layer and does not directly run webclass under MTS/COM +.
• From webclass, you can call individual business components that can run in MTS/COM +.
• You can create your own COM component that references ASP, instead of relying on the webclass Framework Structure and additional webclass runtime overhead-you can also use ASP scripts to directly automate business components.

Principle 4: Get resources as soon as possible and release resources as soon as possible

A common problem is the transition from a desktop system to a server. Many developers with a desktop background have never worried about server problems or resource sharing. In traditional desktop applications, connecting to a server is a time-consuming process. To improve the user experience, we usually use the method of obtaining resources as soon as possible and postponing the release of resources. For example, many applications always connect to the database during the entire running time.

This method works normally in traditional desktop applications because the number of users is very clear, it is easy to control, and the backend is closely connected to the front-end. However, this method is no longer feasible for current Web applications because limited server resources will face more and more users. In order for your applications to cope with the increase of users, You need to obtain resources as soon as possible and release resources as soon as possible.

Sharing helps increase the effectiveness of this method. Through sharing, multiple users can share resources with the minimum waiting time and the minimum impact on the server. For example, when processing a database, ODBC Connection Sharing and oledb resource sharing can enable you to select a connection from the shared pool to minimize the overhead of connecting to the database.

For more information about sharing ado, see "pooling in Microsoft Data Access Components ).

Principle 5: Use a database to maintain complex states

Although HTTP is stateless, ASP developers often use the built-in status persistence mechanism of ASP. For exampleApplicationObjects, the resources stored by developers can be shared by all users of the application. By using the built-in ASPSessionObject, developers only save resources for a single user.

Although it sounds like ASP TechnologySessionSaving information in an object is a very convenient way to maintain the state. However, this method is costly and may become one of the biggest constraints on scalability. The scalability of an application is essentially the ability to continue to maintain its performance as the number of users increases. For each user, before the session times out or is abandoned,SessionAll objects consume server resources. Sessions also bind you to a server, which limits your use of Web Cluster functions. Try not to use ASPSessionObject. If you do not use a session, you can disable the session Status of the Web application (see the IIS documentation ). Otherwise, you can use the following statement to disable the session status for each page:

<%@ENABLESESSIONSTATE=False %>

For some simple data, you can useQuerystringCookies or hidden form fields maintain the status between ASP requests. We recommend that you use databases for more complex information. Generally, a specific Identifier is generated, sent to each requesting client, and saved as a hidden form field. In subsequent requests, this specific Identifier is used to find the status information related to the user in the database. This method provides higher scalability and more concise and clear code.

UsageQuerystringFor more information about cookies and hidden form fields, see "q175167 HOWTO: persisting values without sessions ).

Principle 6: Use server. Createobject to create an object

When creating an ASP object, you can select <Object> tag,Server. CreateobjectAndCreateobjectThree methods. The behavior of each technology is slightly different. Although in IIS 4.0, the <Object> flag orCreateobjectRatioServer. CreateobjectIt has some performance advantages. We generally recommend this feature.Server. CreateobjectSo that ASP applications can recognize your objects. (Note that in IIS 5.0, the first twoServer. Createobject.)

<Object> the tag creates a component only when the first method is called, saving resources.Server. CreateobjectUse the built-in ASP TechnologyServerObject creation component. Essentially, it only executesCocreateinstanceBut ASP can recognize this object. At the same time, the traditionalOnstartpageAndOnendpage. (Note that it is best to use IIS 4.0 or later.Objectcontext). If you only useCreateobject, You will use the scripting engine directly beyond ASP technology.

The following is an exception: When you call a firewall, you may need to callCreateobjectInsteadServer. Createobject. For more information, see "q193230-PRB: Server. Createobject fails when object is behind firewall).

Principle 7: provide a wide range of troubleshooting information

Make sure that all your ASP applications contain the error handling process. Make sure that you provide useful diagnostic information. I have not encountered any complaints. The error message is too descriptive. Make sure that the error log contains the following information:

• User context (if you are using a component, you can callGetUserName)
• Thread ID (in the component, you can callGetcurrentthreadid) <
• Time
• Complete error message (including number, source, and description)
• Parameter Value

Because it will run in ASP, you may want to write this information to a file or NT Event Log. You can also create application event logs that record critical application events for use in diagnosing application errors.

The following articles provide detailed information about error handling techniques:

• "Bulletproofing your asp components", by Charles Alexander
• "Fitch & Mather stocks: Web Application Design)
• "Handling and avoiding web page errors, Part 1: The Basics)
• "Handling and avoiding web page errors, Part 2: Run-time errors)
• "Handling and avoiding web page errors, Part 3: An ounce of prevention)

Principle 8: test performance, scalability, and reliability

The browser is not an accurate test method. It can only show you the potential use of the application. Set specific performance targets for your applications and use load tools such as web application stress tool for stress testing. You need to determine what conditions your environment can accept. The following are general guidelines to help you start the test process:

• Test the performance by testing the number of ASP requests per second, and establish a minimum threshold value. Generally, at least 30 pages should be returned per second for simple ASP pages without database access. Call a component or access a database page and return at least 25 pages per second.
• Append users to the application continuously until the number of requests per second falls below the preset threshold. This method is used to test scalability.
• Remove machines from the Web Cluster and check errors and faults to test reliability.

Match the test environment with the actual running environment, and even the firewall is no exception. It sounds expensive, but I have heard that developers have lost their jobs because they didn't take the firewall into account.

For more information about using the web application stress tool to test ASP applications, see "I can't stress it enough -- load test your ASP application ).

Principle 9: increased isolation

Using the isolation function to protect your application processes can greatly enhance the stability of the server. When talking about Internet applications, whether or not to use the isolation function may have a huge difference: one is that the application crashes, and the other is that the server runs on the machine. Protecting the main IIS process (inetinfo.exe) is usually at a higher level in the priority list. This is especially important when you use components.

Generally, the technology used to protect the main ISS process is to enable web applications to run in their own memory space. In Internet Services Manager, you can set this option for each web. Although system resources overhead by grouping processes may have slight impact on performance, the protection of applications is worth the cost of this generation. In IIS 4.0, you can run an application in-process or out-of-process (OOP. The OOP Application runs in the new mtx.exe instance. In IIS 5.0, you can also use other isolation options. You can set the isolation level to "low" (for inetinfo.exe, This is the non-shared instance in the kernel (dllhost.exe shared between kernel cores or higher kernel (dllhost.exe) of the In-process application program ).

In addition to isolating Web applications in their own memory space, you may also want to isolate untrusted components. Untrusted components are usually components that fail to pass the test time in the actual environment. You can run these components in the server package so that they will run in the new dllhost.exe instance.

In general, if you want to take a moderate mean between performance and protection measures, run the web application in the "high" isolation state and run the components in the library package. This approach minimizes Group expenses and provides the strongest protection between processes.

For more information, see "server reliability through process isolation ).

Principle 10: do not abuse the thread sharing Group

In IIS 4.0, for each MTS-managed processor, the default ASP group is 10 threads. In IIS 5.0, the default value is 20. This means that each thread is a potentially valuable resource that can process multiple client requests. You also need to avoid blocking methods, such as making large database calls. If you want to perform this operation, it will prevent ASP applications from returning the response to the client quickly, consider using the queue function. For example, you can use MSMQ in NT 4.0. In Windows 2000, you can use Q