One of the important functions of Entity Framework is lazy loading. Lazy loading means delaying the loading of related data with its parent object, until you specifically request for it.
you can also turn off lazy loading for a particular property or an entire context. To turn off lazy loading for a particular property, do not make it virtual. To turn off lazy loading for all entities in the context, set its configuration property to false:
public partial class SchoolDBEntities : DbContext
{
public SchoolDBEntities(): base("name=SchoolDBEntities")
{
this.Configuration.LazyLoadingEnabled = false;
}
}
Below are the advantages of lazy loading:
The only one disadvantage is that the code becomes complicated. As we need to do checks if the loading is needed or not, there is a slight decrease in performance.
The Global.asax file, also known as the ASP.NET application file, is an optional file that contains code for responding to application-level events raised by ASP.NET or by HttpModules and session-level events.
The following are some of the important events in the Global.asax file.
The purpose of these event handlers is discussed in this section below.
Application_Init
The Application_Init event is fired when an application initializes the first time.
Application_Start
The Application_Start event is fired the first time when an application starts.
Session_Start
The Session_Start event is fired the first time when a user’s session is started. This typically contains for session initialization logic code.
Application_BeginRequest
The Application_BeginRequest event is fired each time a new request comes in.
Application_EndRequest
The Application_EndRequest event is fired when the application terminates.
Application_AuthenticateRequest
The Application_AuthenticateRequest event indicates that a request is ready to be authenticated. If you are using Forms Authentication, this event can be used to check for the user's roles and rights.
Application_Error
The Application_Error event is fired when an unhandled error occurs within the application.
Session_End
The Session_End Event is fired whenever a single user Session ends or times out.
Application_End
The Application_End event is last event of its kind that is fired when the application ends or times out. It typically contains application cleanup logic.
Application_Start/End events are called only once.
View State:
The ViewState is used in retaining values between multiple requests for the same page. Viewstate is stored on page it self in encoded form. When an ASP.NET page is processed, the current state of the page and controls is hashed into a string and saved in the page as a hidden field. If the data is too long for a single field, then ASP.NET performs view state chunking (new in ASP.NET 2.0) to split it across multiple hidden fields. The following code sample demonstrates how view state adds data as a hidden form within a Web page’s HTML:
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE” value="/wEPDwUKMTIxNDIyOTM0Mg9kFgICAw9kFgICAQ8PFgIeBFRleHQFEzQvNS8yMDA2IDE6Mzc6MTEgUE1kZGROWHn/rt75XF/pMGnqjqHlH66cdw==" />
The ViewState is stored in a hidden field with an ID __VIEWSTATE. This is nothing but a Base64 encoded string, and is not an encrypted string. So it can be easily decoded.
The main reasons for using Base64 encoding are as follows:
But, after decoding the string (viewstate data), we can see the exact data that is stored inside the ViewState.
Solution
There are two different ways in which you can prevent someone from decrypting ViewState data.
When we use EnableViewStateMac="True", during ViewState save, ASP.NET internally uses a hash code. This hash code is a cryptographically strong checksum. This is added with the ViewState content and stored in a hidden filed. During postback, the checksum data is verified again by ASP.NET. If there is a mismatch, the postback will be rejected.
ViewStateEncryptionMode has three different options that can be set:
<system.web>
<pages enableViewStateMac="true">
viewStateEncryptionMode="Always">
</pages>
</system.web>
Session
Web is stateless, which means a new instance of a web page class is re-created each time the page is posted to the server.
HTTP is a stateless protocol, it can't hold client information on a page. If the user inserts some information and move to the next page, that data will be lost and the user would not be able to retrieve that information.
What do we need here? We need to store information. Session provides a facility to store information on server memory. It can support any type of object to store along with our own custom objects. For every client, session data is stored separately, which means session data is stored on a per client basis
Advantages:
Disadvantages:
Storing and retrieving values from Session
Session["UserName"] = txtUser.Text; //Storing UserName in Session
DataSet _MyDs = (DataSet)Session["DataSet"]; //Retrieving Dataset from Session
Session ID
Session Mode and State Provider
In ASP.NET, there are the following session modes available:
When ASP.NET requests for information based on the session ID, the session state and its corresponding provider are responsible for sending the proper information
| Session State Mode | State Provider |
| InProc | In-memory object |
| StateServer | Aspnet_state.exe |
| SQLServer | Database |
| Custom | Custom provider |
Apart from that, there is another mode Off. If we select this option, the session will be disabled for the application.
<system.web>
<sessionState cookieless="UseCookies" mode="Off"
stateNetworkTimeout="10800" timeout="10"/>
</system.web>
Or from server side: Session.TimeOut=30;
InProc Session Mode
This is the default session mode in ASP.NET. This is the best session mode for web application performance. It can be very helpful for a small web site and where the number of users is very less.
Advantages:
Disadvantages:
StateServer Session Mode
This is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service (aspnet_state.exe) which is independent of IIS and can also be run on a separate server.
This server may run on the same system, but it's outside of the main application. So, if you restart your ASP.NET process, your session data will still be alive. It is useful in web farm and web garden scenarios.
You can start this service from the command prompt just by typing "net start aspnet_state".
This approach has several disadvantages due to serialization of the data before storing in StateServer session mode and de-serialization, it also increases the cost of data access.
For the StateServer setting, we need to specify the stateConnectionString. This will identify the system that is running the state server. By default, stateConnectionString used the IP 127.0.0.1 (localhost) and port 42424. And require stateNetworkTimeout.
<sessionState cookieless="UseCookies" mode="StateServer"
sqlConnectionString="data source=127.0.0.1; Trusted_Connection=yes"
stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10800"
timeout="10"/>
SQLServer Session Mode
To setup SQL Server, we need these SQL scripts:
Advantages:
Disadvantages:
Configuration for SQLServer Session Mode
Step 1: From command prompt, go to your Framework version directory. E.g.:c:\windows\microsoft.net\framework\<version>.
Step 2: Run the aspnet_regsql command with the following parameters:
| Parameters | Description |
| -ssadd | Add support for SQLServer mode session state. |
| -sstype p | P stands for Persisted. It persists the session data on the server. |
| -S | Server name. |
| -U | User name. |
| -P | Password. |
aspnet_regsql -d <SQLDATABASENAME> -S <SQLSERVERNAME> -U <USERNAME> -P <PASSWORD> -ssadd -sstype c
Step 3: Open SQL Server Management Studio, check if a new database ASPState has been created, and there should be two tables:
Custom Session Mode
Custom session gives full control to us to create everything, even the session ID. You can write your own algorithm to generate session IDs.
We can use Custom session mode in the following cases:
What configuration do we need for it?
We need to configure our web.config like this:
<sessionState mode=”Custom” customProvider=”AccessProvider”>
<providers>
<add name=”AccessProvider” type=”CustomDataType”/>
</providers>
</sessionState>
Advantages:
Disadvantages:
It is always recommended to use a third party provider rather than create your own.
Session Event
These are events in the global.asax file of your web application. When a new session initiates, the session_start event is raised, and the Session_End event raised when a session is abandoned or expires.
void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started
}
void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
}
Removing Session
| Method | Description |
| Session.Remove(strSessionName); | Removes an item from the session state collection. |
| Session.RemoveAll() | Removes all items from the session collection. |
| Session.Clear() | Remove all items from session collection. Note: There is no difference between Clear and RemoveAll. RemoveAll()callsClear() internally. |
| Session.Abandon() | Cancels the current session. |
Enabling and disabling Session
For performance optimization, we can enable or disable session. We can enable and disable session state in two ways:
Page level
We can disable session state in page level using the EnableSessionState attribute in the Page directive.
<% Page Language="C#" EnableSessionState="False"
This will disable the session activities for that particular page.
The same way, we can make it read-only also. This will permit to access session data but will not allow writing data on session.
<% Page Language="C#" EnableSessionState="ReadOnly"
Application level
Session state can be disabled for the entire web application using the EnableSessionState property inWeb.Config.
<system.web>
<pages enableSessionState="false"/>
</system.web>
Generally we use page level because some pages may not require any session data or may only read session data.
Summary
