Http://www.microsoft.com/china/MSDN/library/archives/library/DNAspp/html/aspnet-jumpinto-part1.asp
Enter ASP. NET world-Part 2: Applications Program Planning and Design
Mike Amundsen
August 2003
Applicable:
Microsoft ASP. NET
Abstract:Learn how to plan and design ASP. NET applications. This article takes a knowledge base web application as an example to discuss the most common factors in the practice of creating an application. (This article contains links to English sites .)
Directory
Introduction
Plan basic ASP. NET Applications
Define the application architecture
Security Planning
Complete Design Documents
Summary and put into action
Introduction
Huan
Welcome to "Enter ASP. NET world ". In the following weeks or monthsArticleThe following describes how to use Microsoft ASP. NET and
Microsoft Visual Studio. NET to design, implement, and deploy a typical web
Application to explore the most common factors in application creation practices. We not only deploy some web forms, but also not limited to binding some data to backend databases. Data Binding and
Web form layout is very important, but there are many other problems.
For example, no matter what target platform or language is used, all well-developed
The project includes some basic planning steps, such as the target declaration, user solution documentation, and the architecture documentation that identifies the physical and logical boundaries of the solution. In addition
It is a good habit to include security planning in the early days. Together with a good database model, well-designed middleware components, and a simple user interface, this ensures that you are ultimately in the middle of production.
Deployed applications are secure, reliable, and user-friendly.
At this time, some readers may think that this article belongs to those articles with a high tone.
Calibration is implemented in some super-large enterprise solutions, which are not applicable to small factories, enthusiasts, or individual development groups. This is not the case! Even if you only create your own
A well-developed web solution from the very beginning will help ensure easy implementation and deployment of the process. Moreover, they are not senior programmers or web
Developers can use these technologies. Regardless of your technical level or your target readers, I believe you will find this series of articles very helpful to you and provide you with a wealth of information.
This is also very interesting.
We will generate a sample knowledge base Web called dotnetkb
Application. This process runs through the entire series of articles. In this article, we will introduce the design phases of typical projects, including basic planning, application architecture, and implementation solution design. Learning
After this article, you will have prepared all the documents and can't wait to start creating a solution.
The preparation is very simple. Let's skip this part and start the first step of "application planning ".
Plan basic ASP. NET Applications
Enable
The first step in creating web-based ASP. NET Applications with Visual Studio. NET is to develop basic application plans.
(AP ). Planning is not only essential for large-scale solutions built by multiple developers, but also for a complete AP even for the smallest applications. Create
AP
It helps you to carefully consider some frequently asked questions before coding. In this way, you can fully understand the challenges and solutions in the early stages of the application lifecycle, instead of discovering the Challenges and Solutions
Problem. In the software project release Val guide, author Steve McConnell pointed out that the cost of correcting errors in later stages of a software project is compared to the cost of discovering and correcting these errors in earlier stages, the former may be 50-200 times that of the latter.
I
What are the contents of a complete project plan? It can contain a lot of content, but the most basic thing is to include the target declaration and a series of user solutions. There are many other useful materials, including Requirement documents, coding standards, and delivery
Progress and test process. For the simple example solution we want to establish, we will mainly introduce simple application declarations and some user solutions. It also solves some other problems.
Application Declaration
The project (called dotnetkb) to be created in this series of articles is a simple knowledge base web site. On this site, you can ask a variety of questions and get answers from authorized "experts. In this way, visitors can search and filter the result data when looking for solutions to common ASP. NET problems.
This
Is a basic object Declaration for our dotnetkb project. Dotnetkb is a Web-based
Application, which can list a series of questions raised by visitors and display authorized experts to reply to these questions. Visitors can add new questions to the system and follow the topic, question, and/or response of the question.
Keyword in the answer to search for and filter these questions. Visitors can also sort the problem list by topic or by date added to the system.
Authorized experts can log on to the application that has configured security mechanisms, review questions, add, edit, and delete one or more answers to a question. The application administrator can also create expert logon permissions and logon configuration files, and add, edit, and delete question topics.
In addition, some basic statistics are provided, including the number of questions and answers in the system, the number of replies for each expert, and the number of pages that have been accessed so far.
Zheng
As shown in the preceding statement, this solution is very simple. When reading the target declaration, you may begin to consider many other features that can be added to the application to make the application more powerful.
This shows a major basis for project goal Declaration, that is, to avoid "function spread ". We all know that if we change the concept that the final result is originally based, a simple idea will lead to very large and distorted results. Old saying
Motto: "If you don't know where you want to go, you may stop somewhere." It originally revealed summer road trips, which can also be used in software projects.
Some project object declarations may need more information. For our use, the above object declaration meets the requirements. Now we have a clear understanding of the application to be completed. Next we need some detailed information to describe how the user interacts with the system and what tasks the user needs to perform to accomplish the goal. We need a series of user solutions.
Documented user Solution
Use
There is nothing surprising about the household solution. Generally, they only describe how users interact with applications. The key value of the user solution is to record how everyone wants the system to run and how the application should
How to respond. By completing this process, you will be able to fully understand the data points and functions required to process interactions between users and the system. In other words, writing a complete user solution will help you determine and complete the solution.
The database, middleware, and user interface elements to be implemented in the solution.
Note:Visual
Studio. NET Enterprise designer has a very good function, that is, allows you to use Microsoft Visio through
UML (Unified Modeling Language) creates user schemes and then generates the basics of these schemesCode. I am not going to go into these details here, but you can go to the msdn academic
The Alliance site found a good article on this topic, generating. Net Code Using Visio enterprise impact ect's UML, prepared by sreedhar koganti.
With the target declaration in the previous section, the following are some sample user solutions for the dotnetkb project.
Search Knowledge Base
Bytes
You can enter one or more keywords and perform a search. The search returns a list of questions and/or answers containing these keywords. You can lock the keyword search to search for only questions, only answers, or both.
All search. The returned List displays the problem and the number of replies and the number of visits by other users. Click the link to return the response (plain text) List in reverse chronological order.
Enter new questions in the Knowledge Base
Bytes
Users with names can browse the screens used to input new questions to the database for authorized experts to review and reply. You can enter the question title and content, and select to record the question under a topic in a series of topics.
Users can also enter their names and related URLs (email, web
Address ). The input will be verified to ensure that the required data is included and that all input data will not be attacked by scripts. Once the data is verified and saved to the database, the user will see a response screen.
Thank you for your support and directly connect the user to the home page. In addition, users can also choose to make the site "remember" their names and URLs for future use when visiting the site.
You know how it works, right? Each solution attempts to refine important aspects of user interaction. For example, the two schemes listed above indicate that the user is "anonymous" (anonymous user), which means that such users do not need to log on or perform other authorization methods. The second example also identifies several input values, verification steps, and optional operations.
When
However, this is only two examples; more solutions are required for the complete system. In addition, it is important to note that "users" can be not only people, but also other applications that your program needs to communicate with, or even
It can be other parts of your application. For example, a solution describes how the home page lists the content recently added to the knowledge base for anyone to view. In this example, the "user" is the home page itself. There are also some solutions
Describes how experts locate and reply to new questions and how administrators update the topic list and manage other parts of the system. I have identified more than 20 solutions for discussing this simple application. You can find the current list (and all other information related to this project) in dotnetkb ).
So far, we have the target declaration and some user solutions. Now, it's time to take a nap and learn some technologies. We need to define the application architecture, which can help us implement the solution with "vivid and effective code.
Define the application architecture
Yes
For the basic purpose and the list of user solutions for solution development, you need to start planning the overall architecture. The main goal is to identify the logical and physical aspects of the application, that is, how to split the application
Useful parts. In this section, security is also added. Security is the question you need to consider at the very beginning of the planning, rather than the "Last added" Content During the development cycle. We will
This topic is discussed in detail in this section.
Logical architecture
Slave
Logically, you need to plan a solution to identify the "boundary" between data storage, data access, business rules, and user interfaces ". Generally, Web developers select a two-phase model and use it
Web form storage is used to access all the code of an existing data storage system (such as Microsoft SQL Server. A more effective method is to create
The intermediate layer component library between the form user interface and the SQL server data storage system. This three-tier method (Web
Forms, components, databases) are usually required by most applications. However, in some cases, another layer may be required to process data transmitted between servers. This transport layer can use platform-independent
Protocol (such as XML-SOAP) to implement. However, if you use Microsoft. NET from start to end, you can use. net
Remote Protocol Binary to complete this task, and faster than using XML-SOAP.
For our example, we will define three logical boundaries: User Interface (web form), middle layer (A. NET Component Assembly), and data layer (SQL Server database ). Figure 1 shows how to represent this content.
Figure 1: Three Layers
Now
We have a simple logic model. How does it work? It helps us to consider the boundaries between logical groups. Each logic layer should be independent from other layers as much as possible. Ideally, the changes in the layers should
It has minimal impact on the whole. For example, if you change the data storage from SQL Server to XML
Data file, the only affected layer should be the middle layer. You do not need to consider changing the user interface. This will make you think: How to Implement the actual coding of the solution to achieve this principle.
In addition, the logic layer helps us to consider security issues. The boundaries between layers have potential security vulnerabilities. In addition, each layer may have its own specific security measures (SQL Server permission,. Net runtime permission, ASP. NET security, etc ). Similarly, we will discuss this issue in detail later in this section.
Physical Architecture
Indeed
It is also important to consider the physical layer after determining the logic layer. For example, you can install SQL Server, Internet Information
Server, ASP. NET, And. net. This is a physical layer. But the more reliable and scalable method is:
Deploy web forms on clusters composed of web servers, deploy. NET Component Assembly on two application servers, and deploy SQL Server in two fault recovery modes.
Deploy the database on. The resulting physical architecture includes seven Windows servers in three main groups: Web
Cluster, component cluster, and database cluster. If you know that different logical components of the system can be located on different computers, you may implement different codes.
For
In our example, we adopt an effective and powerful two-layer model: Web server hosting user interfaces and components, and database server hosting SQL Server
Data storage. If the traffic is very large, this model allows us to flexibly add more servers to the cluster and make it concise enough for processing. The following image shows the physical architecture and
The ing between defined logical architectures.
Figure 2: ing between physical architecture and L3 Architecture
As you can see, the logical and physical architectures do not have to be the same. In the planning stage, security should also be considered.
Security Planning
Microsoft
There is a song about security and software: "secure by design, secure by default, and secure
Deployment (design security, default security and deployment security )". That is, the system is designed to be secure by default, and the solution that can be successfully deployed in the security environment is created.
Case. Security is always important. Since more and more software needs to "survive" on the public Internet, it is more important to write secure software. Fortunately for us,. net
Runtime and windows
The operating system provides a wide range of security options and features that we can easily include in our applications. You do not need to pay too much attention to the identification and elimination of security vulnerabilities in online solutions.
Some of the most common vulnerabilities indicate how our application plans to handle them.
Note:For more information about available options, see Microsoft Security Developer Center.
Buffer Overflow
This
It may be the most common security vulnerability in compiled applications. Because we will use. net
It is designed to run securely in the memory, so it is unlikely that a buffer overflow will occur. In addition, we use Microsoft Visual Basic. net
Code the solution, while Microsoft Visual Basic. NET is not like C or C ++
This is vulnerable to the buffer overflow problem. However, even if we plan to use C ++ to create components, we can also use the special functions of the compiler, GS
To protect us from most buffer overflow attacks.
Database attacks
Another
A common security vulnerability may allow malicious users to access the raw data stored in the database. To prevent hackers from gaining control of data, we only use SQL Server
Stored procedures without using "inline query ". This greatly reduces the number of SQL statements that try to insert into the input stream.
Command attack. We also use input verification at multiple locations in the program to ensure that all input only contains valid characters.
Cross-Site Scripting
Pair
Common web application attacks include adding client scripts to the input stream. These attacks execute additional conversations and trick users into sending personal data to hackers.
Web site. To solve this problem, we use ASP. NET 1.1
Filters out all input of this malicious code to prevent it from being placed into the system. The display screen also contains additional code that will automatically disable any scripts or display labels that may be inserted into the data storage
Note.
So far, we have obtained the logic model and physical model of the application, as well as a list of security functions included in the implementation solution. With these and target declarations and user solutions, we can start the last part of the "Before encoding" adventure.
Complete Design Documents
In
Before entering the coding part of the project, it is very important to take a little time to actually outline the logical components of the application. In our example solution, we need to implement three logical components of the solution: Number
Data library,. NET data access component, and ASP. NET
User Interface. In the following articles, we will detail how to implement these components. But now, we just outline the outline of each component and discuss the most important aspect in the process, that is, the document component.
.
Database
For the dotnetkb application, we need to store the data in three tables: topic, question, and answer (SEE ).
Figure 3: topic, question, and answer table
Me
You need to use stored procedures so that the middle layer components can also securely access data. We will discuss the database details in the next article. Here, we just pointed out: list the table name and all column details,
The database documentation for the default index and stored procedure list should be included in a complete database design document. That is, the document should have the detailed information required to successfully implement the system data storage.
Note:If you pay attention, you may notice that we did not mention storing expert data in the database. To make the project more interesting (and give us a chance to use direct XML data storage), we store expert information in an XML data file.
Data Access Component
Quantity
The data access component design document depicts all the details of interaction with the data storage system and with the user interface. In some systems, the data access component is actually multiple assemblies that process various problems. Example
For example, a series of business rules may be displayed on the user interface completely independent of data storage and retrieval. In this case, it may be wise to separate the business components from the Data Access Components.
In our example, two independent components are actually implemented: the message component and the dataaccess component. If you plan to support XML-based data transmission services (such as soap Web Service), this message-oriented implementation solution will be particularly effective.
Message component
Cancel
The information component defines a series of classes used to transfer data between layers. These messages can be binary messages or XML messages.
Text data exists. The value of the message layer is to protect the rest of the system from the details of the data storage implementation solution, such as SQL Server, XML
Files. In addition, by implementing the message layer rather than the more complex "intelligent object" library, our solution can more easily support remote call services that cannot send data and class-Level Logic at the same time, such
XML-soap.
The following is a message class example, in which topic messages and their collections are implemented:
Public class topic
Private _ id as integer
Private _ title as string
Private _ description as string
Public property ID () as integer
Get
Return _ id
End get
Set (byval value as integer)
_ Id = Value
End set
End Property
Public property title () as string
Get
Return _ title
End get
Set (byval value as string)
_ Title = Value
End set
End Property
Public property description () as string
Get
Return _ description
End get
Set (byval value as string)
_ Description = Value
End set
End Property
End Class
Public class topics
Inherits system. Collections. collectionbase
Default public property item (byval index as integer) as topic
Get
Return ctype (List (INDEX), topic)
End get
Set (byval value as topic)
List (INDEX) = Value
End set
End Property
Public Function add (byval s as topic) as integer
Return list. Add (s)
End Function
Public sub remove (byval index as integer)
List. Remove (INDEX)
End sub
End Class
Note:If you
After trying the message-oriented design, we will understand that we want to serialize these message classes so that they can be easily sent back and forth between application layers. Fortunately,. net
The runtime knows how to perform this operation without having to do too much work. However, when we learn how to create a message article, we will discuss in detail. net
How to serialize classes during runtime, and how we operate to optimize the process in the code.
The details of this method will be described in the article when the message component and data access component are implemented later. The design document contains a list of all information, its attributes, and data types. Now, we just want to consider how to use this message method to encapsulate data transmission between layers, and how to create a common data service that works with local and remote solutions.
Data Access Component
After defining the concept of a message class, the data access component can focus on the details of direct conversations with the data storage system and return information in the correct message format. In our example, this involves ing requests from the user interface to the SQL Server Stored Procedure, and creating messages (or message sets) that can be returned to the user interface for display ).
For example, the following is a sample code of a data access component. The component retrieves a single topic record from the data storage and returns the correct message format to the user interface.
Public Function gettopicrecord (byval ID as integer) as messages. Topic
Dim t as messages. Topic = new messages. Topic
CN = new sqlconnection (secureconnectionstring)
Cd = new sqlcommand ("gettopic", CN)
CD. commandtype = commandtype. storedprocedure
CD. Parameters. Add ("@ ID", ID)
CN. open ()
Dr = CD. executereader ()
Dr. Read ()
With T
. ID = ID
. Title = DR ("title ")
. Description = DR ("Description ")
End
Return t
End Function
The design document will include a series of classes and methods used to process various requests from the user interface, and detailed information about which stored procedure is called and what message format is returned. Similarly, we will discuss the details of this process in a later article about Data Access layers.
Web user interface
Finally, the user interface design document includes all user input and display required to complete various schemes. Generally, user interface documents include the details of the interface mechanism and graphic design elements that make the user interface unique. For example, the color scheme, Font, and overall page design are as important as the input name and number of entries used to obtain the correct data for search query.
Yes
Make the document concise. Generally, a detailed description of the mechanism is outlined in a document separate from the graphic design. This is what we will do in the example. In a later article, we will create a comprehensive user interface document
And Implementation Scheme, detailed description of each screen element and related operations. In another article, we will deal with various aspects of the application's graphics, focusing on the use of Cascading Style Sheets as a visual service.
The following is a typical user interface description, which involves the "topic" editing scheme.
Topic input screen
"Master
The screen displays all the current topics (topic ID
And topic name). An "edit" link is displayed next to each topic. Click the edit link to call the associated topic records and display them in a series of input boxes. "Title"
And "Description" are editable, while "topic"
ID "is read-only. You can edit the title and description, and then press "save" to write changes to the data storage. The input is verified. Both are required. The length of the title is limited to 30.
Characters. The length of "Description" is limited to 500 characters. After the update is complete, a response message indicating that the update has been confirmed is displayed. If the update fails, a message indicating the error status is displayed.
You can also delete existing topic records by clicking the "edit" link in the list, reviewing the details of the records displayed on the screen, and clicking the "delete" link. After deletion, a response message indicating that the update has been confirmed is displayed. If the update fails, a message indicating the error status is displayed. Note that you cannot delete topics associated with existing questions or answers.
This
You can add a new topic record by clicking the "Create topic" link on the initial display screen. "Title" and "Description" are displayed (no ID is displayed)
Input) and provide a "save" button. The input is verified. Both are required input items. The title length is limited to 30 characters, and the description length is limited to 500 characters.
Characters. After the update is complete, a response message indicating that the update has been confirmed is displayed. If the update fails, a message indicating the error status is displayed.
With the above description, you can easily implement a complete functional screen. The method to determine a good design document is: it enables the reader to complete the work without asking additional questions. The final user interface design document will include such descriptions for each screen in the application.
Summary and put into action
Me
This section briefly introduces the final design documents of the database, intermediate layer, and user interface implementation solutions. Coupled with the architecture and initial planning documents, they form our complete design package. In actual situations, even the smallest
System. It takes at least a few hours to complete these documents. For large systems, it may take weeks or even months. Some people may feel a little frustrated with this, but by completing the work in advance, you
You can understand almost all the major obstacles to the solution long before entering the coding stage of the project. This reduces the time required to write the actual code and reduces the number of errors and obstacles you may encounter.
Quantity.
In the next article, we will discuss how to use Visual Studio. NET to create a data storage system in SQL Server. We will define data tables, create required stored procedures, and set correct data access to ensure a secure and reliable connection between any component and the data itself.
Now, you have seen an example of how to create an application plan. You can start to consider how to use these elements in your work to improve the overall quality and productivity of the project. For more information about Project Planning and how planning affects software quality, see Steve McConnell's software project release Val guide.
Mike Amundsen provides training, presentation, and consulting services. For more information, see http://amundsen.com /. In addition, you can also find updates and related information on the http://www.amundsen.com/DotNetKB site.