ASP. NET site performance improvement-optimization form

ArticleDirectory

• Create generic Handler
• Cross-Site Request Forgery
• Call generic Handler

The client verifies the ASP. NET verification control.

The verification control not only provides client verification, but also server verification. If any verification control on the page fails verification, the isvalid attribute value of the page object is false.

 
Protected void btnsave_click (Object sender, eventargs e) {If (! Page. isvalid) {return;} // process page ...}
 

Overhead

Using the ASP. NET validation control will make ASP. Net Load a lot of inline JavaScript on the. ASPX pageCodeAbout 5kb or 1kb after compression.

It also enables ASP. NET to download JavaScript files from the server, a total of 41 KB (11 kb after compression ). However, if these files are cached in the browser, they will not be loaded during the second visit.

Use jquery validator

Omitted

Asynchronous form submission

Comparison of asynchronous form submission methods

Method	Overhead	Description
Classic ASP. NET	Very high	Very easy to use. Causes full-page refresh, requiring viewstate to maintain state of each control.
Updatepanel Control	High	Very easy and quick to use. No need to write JavaScript.
Page Methods	High	Lets you call C #/VB code behind methods with a single line of JavaScript.
Web Service	Medium	Lets you call Web Services with a single line of JavaScript.
Generic Handler	Low	The JavaScript to call an ASP. NET generic handlers is a bit more involved. provices most scope for performance improvements.
WCF data services and the Entity Framework	Medium	Allows you to generate the server-side data access code using Visual Studio.

Updatepanel Control

With the updatepanel control, the scriptmanager control adds inline JavaScript to the page and loads the Javascript Library (about 90 KB ).

Page Method

First, add the scriptmanager control to the top of the page. This will generate a javascript proxy object that calls the back-end method on the page. The scriptmanager control needs to set the enablepagemethods attribute to true.

<Body> <Form ID = "form1" runat = "server"> <asp: scriptmanager id = "scriptmanager1" runat = "server" enablepagemethods = "true"/> [system. web. services. webmethod] public static string saveform (String title, string author, string price ){...}
 

The page method can access the request context, for example:

 
String useragent = httpcontext. Current. Request. useragent;
 

Call from Javascript

Pagemethods. saveform (title, author, price, onsuccess, onerror );... Function onsuccess (result ){...} Function onerror (result ){...}
 

The result parameter contains the web method return value.

Web Service

[Webmethod] Public String saveform (String title, string author, string price ){...} <body> <Form ID = "form1" runat = "server"> <asp: scriptmanager id = "scriptmanager1" runat = "server"> <services> <asp: servicereference Path = "formservice. asmx "/> </services> </ASP: scriptmanager> formservice. saveform (title, author, price, onsuccess, onerror, ontimeout );... function onsuccess (result) {} function onerror (result) {} function ontimeout (result ){}
 

Generic Handler

Generic Handler has low overhead and allows asynchronous access to the database, so that IIS working threads can be used better. If the performance is better than ease of use, generic handler is the best choice. Unlike Web Services, generic handlers only exposes one interface.

Create generic Handler

Public void processrequest (httpcontext context) {If (context. Request. httpmethod! = "Post") | // to prevent cross site request forgery attacks (context. Request. contenttype! = "Application/JSON; charset = UTF-8") {context. response. contenttype = "text/plain"; context. response. write ("Access Denied"); return;} string JSON = requestbody (context. request); javascriptserializer JS = new javascriptserializer (); formdata = Js. deserialize <formdata> (JSON); string message = business. processform (formdata. title, formdata. author, formdata. price); context. response. contenttype = "text/plain"; context. response. write (Message );}
 

Formdata class:

Private class formdata {Public String title = NULL; Public String author = NULL; Public String price = NULL ;}
 

Cross-Site Request Forgery

Why can't get requests be allowed and the content type must be application/JSON? charset = UTF-8 can prevent cross-site Request Forgery (csrf) attacks.

In csrf attacks, a visitor is spoofed to execute a small HTML segment to send an unconscious request to the site that the visitor has logged on. For example, assume that a visitor has logged on to bank.com. The logon operation uses bank.com to place a cookie on the visitor's computer. Remember that the visitor has logged on. Then, if a visitor is tempted to access the evil.com page, this page may contain an attack request to bank.com:

The visitor's browser sends a request to bank.com. This request contains the cookie indicating that the visitor has logged on. Therefore, evil.com sends a request that represents a visitor.

To prevent this attack, you can disable GET requests. Evil.com can place a form that sends a POST request on its page to solve this problem. It can then use JavaScript code to submit a form, or trick visitors into submitting a form. A Method to defend against such attacks is to allow only content types not used by forms, such as application/JSON; charset = UTF-8.

Call generic Handler

To minimize the overhead, use the jquery method instead of the proxy.

1. Load the jquery library.
2. Load the JSON plugin. You can find this plug-in at http://code.google.com/p/jquery-json.
3. Create a JSON object for form data:

   VaR formdata = {'title':..., 'author':..., 'price ':...};

4. Finally, send a JSON object to generic handler in an asynchronous request:

   $. Ajax ({type: "Post", URL: "formhandler. ashx ", data: $. tojson (formdata), contenttype: "application/JSON; charset = UTF-8", datatype: "text/plain", success: onsuccess, error: onerror });... function onsuccess (result) {} function onerror (result ){}

If you want to send a request without passing in any data, set data to an empty object "{}". In this way, the Ajax method does not set the Content-Length header in the request, and IIS will block this request.

WCF data services and Entity Framework

Omitted

More resources

Abunt ADO. NET Entity Framework:

• The ADO. NET Entity Framework Overview:
  Http://msdn.microsoft.com/en-us/library/aa697427 (vs.80). aspx
• Object-relational mapping
  Http://en.wikipedia.org/wiki/Object-relational_mapping

About WCF data services:

• WCF data services:
  Http://msdn.microsoft.com/en-us/library/cc668792.aspx
• Open Data Protocol documentation
  Http://www.odata.org/developers/protocols
• Overview: Ado. NET data services
  Http://msdn.microsoft.com/en-us/library/cc956153.aspx
• Using Microsoft ADO. NET data services
  Http://msdn.microsoft.com/en-us/library/cc907912.aspx
• Interceptors (WCF Data Services)
  Http://msdn.microsoft.com/en-us/library/dd744842.aspx