Blog that contains articles about new technologies related or not with programming. I will describe and solves some problems that I encounter in my career. ASP .NET, AJAX, Javascript, C++, C# and SQL are some of the subjects that will appear.
03 June 2016
Url.Action vs Url.RouteUrl
If you have multiple routes with similar parameters the Action method may pick a wrong one - it works based on the order of route definitions. This may take place when your routes have optional parameters.
Lazy loading/Deferred loading in Entity frame work
One of the important functions of Entity Framework is lazy loading. Lazy loading means delaying the loading of related data with its parent object, until you specifically request for it.
you can also turn off lazy loading for a particular property or an entire context. To turn off lazy loading for a particular property, do not make it virtual. To turn off lazy loading for all entities in the context, set its configuration property to false:
public partial class SchoolDBEntities : DbContext
{
public SchoolDBEntities(): base("name=SchoolDBEntities")
{
this.Configuration.LazyLoadingEnabled = false;
}
}
Below are the advantages of lazy loading:
- Minimizes start up time of the application.
- Application consumes less memory because of on-demand loading.
- Unnecessary database SQL execution is avoided.
The only one disadvantage is that the code becomes complicated. As we need to do checks if the loading is needed or not, there is a slight decrease in performance.
Events in the Global.asax file
The Global.asax file, also known as the ASP.NET application file, is an optional file that contains code for responding to application-level events raised by ASP.NET or by HttpModules and session-level events.
The following are some of the important events in the Global.asax file.
- Application_Init
- Application_Start
- Session_Start
- Application_BeginRequest
- Application_EndRequest
- Application_AuthenticateRequest
- Application_Error
- Session_End
- Application_End
The purpose of these event handlers is discussed in this section below.
Application_Init
The Application_Init event is fired when an application initializes the first time.
Application_Start
The Application_Start event is fired the first time when an application starts.
Session_Start
The Session_Start event is fired the first time when a user’s session is started. This typically contains for session initialization logic code.
Application_BeginRequest
The Application_BeginRequest event is fired each time a new request comes in.
Application_EndRequest
The Application_EndRequest event is fired when the application terminates.
Application_AuthenticateRequest
The Application_AuthenticateRequest event indicates that a request is ready to be authenticated. If you are using Forms Authentication, this event can be used to check for the user's roles and rights.
Application_Error
The Application_Error event is fired when an unhandled error occurs within the application.
Session_End
The Session_End Event is fired whenever a single user Session ends or times out.
Application_End
The Application_End event is last event of its kind that is fired when the application ends or times out. It typically contains application cleanup logic.
Application_Start/End events are called only once.
Encrypt ViewState info
View State:
The ViewState is used in retaining values between multiple requests for the same page. Viewstate is stored on page it self in encoded form. When an ASP.NET page is processed, the current state of the page and controls is hashed into a string and saved in the page as a hidden field. If the data is too long for a single field, then ASP.NET performs view state chunking (new in ASP.NET 2.0) to split it across multiple hidden fields. The following code sample demonstrates how view state adds data as a hidden form within a Web page’s HTML:
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE” value="/wEPDwUKMTIxNDIyOTM0Mg9kFgICAw9kFgICAQ8PFgIeBFRleHQFEzQvNS8yMDA2IDE6Mzc6MTEgUE1kZGROWHn/rt75XF/pMGnqjqHlH66cdw==" />
The ViewState is stored in a hidden field with an ID __VIEWSTATE. This is nothing but a Base64 encoded string, and is not an encrypted string. So it can be easily decoded.
The main reasons for using Base64 encoding are as follows:
- Base64 makes a string suitable for HTTP transfers
- It makes it a little harder to read
But, after decoding the string (viewstate data), we can see the exact data that is stored inside the ViewState.
Solution
There are two different ways in which you can prevent someone from decrypting ViewState data.
- You can make sure that the ViewState information is tamper-proof by using "hash codes". You can do this by adding EnableViewStateMAC=true in your page directive. MAC stands for "Message Authentication Code".
When we use EnableViewStateMac="True", during ViewState save, ASP.NET internally uses a hash code. This hash code is a cryptographically strong checksum. This is added with the ViewState content and stored in a hidden filed. During postback, the checksum data is verified again by ASP.NET. If there is a mismatch, the postback will be rejected.
- The second option is to set ViewStateEncryptionMode="Always" with your page directives. This will encrypt the ViewState data.
ViewStateEncryptionMode has three different options that can be set:
- Always: encrypt the View State always.
- Auto: encrypt if a control requests for encryption. For this to happen, the control must call thePage.RegisterRequiresViewStateEncryption() method.
- Never: Never encrypt the ViewState.
<system.web>
<pages enableViewStateMac="true">
viewStateEncryptionMode="Always">
</pages>
</system.web>
Session State Modes in Asp.Net
Session
Web is stateless, which means a new instance of a web page class is re-created each time the page is posted to the server.
HTTP is a stateless protocol, it can't hold client information on a page. If the user inserts some information and move to the next page, that data will be lost and the user would not be able to retrieve that information.
What do we need here? We need to store information. Session provides a facility to store information on server memory. It can support any type of object to store along with our own custom objects. For every client, session data is stored separately, which means session data is stored on a per client basis
Advantages:
- It helps maintain user state and data all over the application.
- It is easy to implement and we can store any kind of object.
- Stores client data separately.
- Session is secure and transparent from the user.
Disadvantages:
- Performance overhead on large volumes of data/user, because session data is stored in server memory.
- Overhead involved in serializing and de-serializing session data, because in the case of StateServer and SQLServer session modes, we need to serialize the objects before storing them.
Storing and retrieving values from Session
Session["UserName"] = txtUser.Text; //Storing UserName in Session
DataSet _MyDs = (DataSet)Session["DataSet"]; //Retrieving Dataset from Session
Session ID
- Client hits the web site and information is stored in the session.
- Server creates a unique session ID for that client and stores it in the Session State Provider.
- The client requests for some information with the unique session ID from the server.
- Server looks in the Session Providers and retrieves the serialized data from the state server and type casts the object.
Session Mode and State Provider
In ASP.NET, there are the following session modes available:
- InProc
- StateServer
- SQLServer
- Custom
When ASP.NET requests for information based on the session ID, the session state and its corresponding provider are responsible for sending the proper information
Session State Mode | State Provider |
InProc | In-memory object |
StateServer | Aspnet_state.exe |
SQLServer | Database |
Custom | Custom provider |
Apart from that, there is another mode Off. If we select this option, the session will be disabled for the application.
<system.web>
<sessionState cookieless="UseCookies" mode="Off"
stateNetworkTimeout="10800" timeout="10"/>
</system.web>
Or from server side: Session.TimeOut=30;
InProc Session Mode
This is the default session mode in ASP.NET. This is the best session mode for web application performance. It can be very helpful for a small web site and where the number of users is very less.
Advantages:
- It stores session information in the current Application Domain So it is easily and quickly available.
- There is not requirement of serialization to store data in InProc session mode.
- Implementation is very easy, similar to using the ViewState.
Disadvantages:
- If the worker process or application domain/server is recycled/restarted, all session data will be lost.
- Though it is the fastest, more session data and more users can affect performance.
- We can't use it in web garden scenarios, and not suitable for web farm scenarios.
StateServer Session Mode
This is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service (aspnet_state.exe) which is independent of IIS and can also be run on a separate server.
This server may run on the same system, but it's outside of the main application. So, if you restart your ASP.NET process, your session data will still be alive. It is useful in web farm and web garden scenarios.
You can start this service from the command prompt just by typing "net start aspnet_state".
This approach has several disadvantages due to serialization of the data before storing in StateServer session mode and de-serialization, it also increases the cost of data access.
For the StateServer setting, we need to specify the stateConnectionString. This will identify the system that is running the state server. By default, stateConnectionString used the IP 127.0.0.1 (localhost) and port 42424. And require stateNetworkTimeout.
<sessionState cookieless="UseCookies" mode="StateServer"
sqlConnectionString="data source=127.0.0.1; Trusted_Connection=yes"
stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10800"
timeout="10"/>
SQLServer Session Mode
To setup SQL Server, we need these SQL scripts:
- For installing: InstallSqlState.sql
- For uninstalling: UninstallSQLState.sql
Advantages:
- This session mode provides us more secure and reliable session management in ASP.NET.
- session data is serialized and stored in A SQL Server database (centralized location), is easily accessible from other applications.
- Provides more security
- Session data not affected if we restart IIS.
- Very useful in web farms and web garden scenarios.
- We can use SQLServer session mode when we need to share session between two different applications.
Disadvantages:
- Processing is very slow in nature.
- session storage method is the overhead related with data serialization and de-serialization.
- As the session data is handled in a different server, we have to take care of SQL Server. It should be always up and running.
Configuration for SQLServer Session Mode
Step 1: From command prompt, go to your Framework version directory. E.g.:c:\windows\microsoft.net\framework\<version>.
Step 2: Run the aspnet_regsql command with the following parameters:
Parameters | Description |
-ssadd | Add support for SQLServer mode session state. |
-sstype p | P stands for Persisted. It persists the session data on the server. |
-S | Server name. |
-U | User name. |
-P | Password. |
aspnet_regsql -d <SQLDATABASENAME> -S <SQLSERVERNAME> -U <USERNAME> -P <PASSWORD> -ssadd -sstype c
Step 3: Open SQL Server Management Studio, check if a new database ASPState has been created, and there should be two tables:
- ASPStateTempApplications
- ASPStateTempSessions
Custom Session Mode
Custom session gives full control to us to create everything, even the session ID. You can write your own algorithm to generate session IDs.
We can use Custom session mode in the following cases:
- We want to store session data in a place other than SQL Server.
- When we have to use an existing table to store session data.
- When we need to create our own session ID.
What configuration do we need for it?
We need to configure our web.config like this:
<sessionState mode=”Custom” customProvider=”AccessProvider”>
<providers>
<add name=”AccessProvider” type=”CustomDataType”/>
</providers>
</sessionState>
Advantages:
- We can use an existing table for storing session data. This is useful when we have to use an existing database.
- It's not dependent on IIS, so restarting the web server does not have any effect on session data.
- We can crate our own algorithm for generating session ID.
Disadvantages:
- Processing of data is very slow.
- Creating a custom state provider is a low-level task that needs to be handled carefully to ensure security.
It is always recommended to use a third party provider rather than create your own.
Session Event
These are events in the global.asax file of your web application. When a new session initiates, the session_start event is raised, and the Session_End event raised when a session is abandoned or expires.
void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started
}
void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
}
Removing Session
Method | Description |
Session.Remove(strSessionName); | Removes an item from the session state collection. |
Session.RemoveAll() | Removes all items from the session collection. |
Session.Clear() | Remove all items from session collection. Note: There is no difference between Clear and RemoveAll. RemoveAll()callsClear() internally. |
Session.Abandon() | Cancels the current session. |
Enabling and disabling Session
For performance optimization, we can enable or disable session. We can enable and disable session state in two ways:
- Page level
- Application level
Page level
We can disable session state in page level using the EnableSessionState attribute in the Page directive.
<% Page Language="C#" EnableSessionState="False"
This will disable the session activities for that particular page.
The same way, we can make it read-only also. This will permit to access session data but will not allow writing data on session.
<% Page Language="C#" EnableSessionState="ReadOnly"
Application level
Session state can be disabled for the entire web application using the EnableSessionState property inWeb.Config.
<system.web>
<pages enableSessionState="false"/>
</system.web>
Generally we use page level because some pages may not require any session data or may only read session data.
Summary
- The in-process (InProc) session provider is the fastest because of everything being stored inside memory. Session data will be lost if we restart the web server or if the worker process is recycled. You can use this in small web applications where the number of users is less. Do not use InProc in web farms.
- In StateServersession mode, session data is maintained by exe. It keeps session data out of the web server. So any issues with the web server does not affect session data. You need to serialized an object before storing data in StateServer session. We can use this safely in web farms.
- SQLServersession modes store data in SQL Server. We need to provide the connection string. Here we also need to serialize the data before storing it to session. This is very useful in production environments with web farms.
- We can use a Customprovider for custom data sources or when we need to use an existing table to store session data. We can also create custom session IDs in Custom mode. But it is not recommended to create your own custom provider. It is recommended to use a third party provider.
28 May 2016
Types of Stored Procedures in SqlServer
Stored procedure is a precompiled set of one or more SQL statements that is stored on Sql Server. stored Procedures is that they are executed on the server side, to reduce the network traffic.
Types of Stored Procedures
- System Defined Stored Procedure
These stored procedures are already defined in Sql Server. These are physically stored in hidden Sql Server. These procedure starts with the sp_ prefix. Hence we don't use this prefix when naming user-defined procedures. Its manage SQL Server through administrative tasks. These are in master and msdb database. Here is a list of some useful system defined procedure.
System Procedure | Description |
sp_rename | It is used to rename an database object like stored procedure,views,table etc. |
sp_changeowner | It is used to change the owner of an database object. |
sp_help | It provides details on any database object. |
sp_helpdb | It provide the details of the databases defined in the Sql Server. |
sp_helptext | It provides the text of a stored procedure reside in Sql Server |
sp_depends | It provide the details of all database objects that depends on the specific database object. |
- Extended Procedure
These are Dynamic-link libraries (DLL's) that are executed outside the SQL Server environment. They are identified by the prefix xp_ Extended procedures provide an interface to external programs for various maintenance activities. These are stored in Master database
Ex. EXEC xp_logininfo 'BUILTIN\Administrators'
- User Defined Stored Procedure
These procedures are created by user for own actions and stored in the current database
- CLR Stored Procedure
CLR stored procedure are special type of procedure that are based on the CLR (Common Language Runtime) in .net framework. CLR integration of procedure was introduced with SQL Server 2008 and allow for procedure to be coded in one of .NET languages
- Temporary Stored procedures
The temporary stored procedures have names prefixed with the # symbol. Temporary stored procedures stored in the tempdb databases. These procedures are automatically dropped when the connection terminates between client and server
- Remote Stored Procedures
The remote stored procedures are procedures that are created and stored in databases on remote servers. These remote procedures can be accessed from various servers, provided the users have the appropriate permission
7. Dynamic Stored Procedures
Sp_executesql can be used to call any statement or batch, not just a stored procedure. Executing SQL statements that are built "on the fly" is referred to asdynamic SQL. You can use either sp_executesql or the EXECUTE command to execute your dynamic SQL statements.
DECLARE @string NVARCHAR(100)
SELECT @string = 'select * from authors'
EXEC sp_executesql @string --or EXEC(@string)
27 May 2016
Async call
$.ajax({
type: 'POST',
url: "webMethods.asmx/fngetuser",
data: "{'userid':'" + userid + "'}",
contentType: 'application/json; charset=utf-8',
dataType: 'json',
async: true,
success: function (msg) {
$('[id$="Label1"]').html(msg.d[0]);
$('[id*=ur_]').removeAttr('checked');
},
error: function (msg, a, b) { alert('swe'); }
});
$.getJSON("@Url.Action("GetLat", "Location")", { addr: varaddr },
function (msg) {
if (msg !== null && msg.Lat != 0) { }
else { alert('Invalid address'); }
});
18 May 2016
Variance in Delegates
When you assign a method to a delegate, covariance and contravariance provide flexibility for matching with method signature.
Covariance permits a method to have return type as more derived than that defined in the delegate.
Contravariance permits a method that has parameter types that are less derived than those in the delegate type.
26 April 2016
Allow only alphanumeric in textbox using javascript and regular expression
function validate(evt) {
var theEvent = evt || window.event;
var key = theEvent.keyCode || theEvent.which;
key = String.fromCharCode(key);
var regex = /^[0-9a-zA-Z\s\b]+$/;
if (!regex.test(key)) {
theEvent.returnValue = false;
if (theEvent.preventDefault)
theEvent.preventDefault();
}
}
<asp:TextBox ID="txtVal" runat="server" onKeyPress="validate(e);"></asp:TextBox>
var re = /^-?\d+$/;
var matches = re.test(args.Value);
function isNumberKey(evt) {
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57))
return false;
return true;
}
16 March 2016
Extending using Extension methods
static class MyExtensionMethods
{
public static int Negate(this int value)
{
return -value;
}
public static int Multiply(this int value, int multiplier)
{
return value * multiplier;
}
}
static void Main(string[] args)
{
// Passing arguments in extension methods
int i3 = 10;
Console.WriteLine(i3.Multiply(2));
}
14 March 2016
Stored Procedure vs Function
Stored Procedure | Function |
Return type is not must, Can return zero, single or multiple values or table(s) | Return type is must, and it can return one value which is mandatory. UDFs that return tables can be treated as another rowset. This can be used in JOINs with other tables. |
SP can have input/output parameters | Support only input parameters |
Allow Select as well as DML statements. | Allow Select but not DML statements. Note: In case of multi-table valued functions it can contain DML statements affecting Table Variables. |
Stored procedure can execute function. | Function cannot execute stored procedure. |
Cannot be the part of Select query as a column. | Can be the part of select query as a column |
Stored Procedures cannot be embedded in the SQL statements like WHERE/HAVING/SELECT | Functions can embedded in the SQL statements like WHERE/HAVING/SELECT |
We can use exception handling using Try....Catch block in SP. | We can’t use Try....Catch block in UDF |
We can use transactions in SP | We can’t user transaction in UDF |
Can have up-to 21000 input parameters | UDF can have up-to 1023 input parameters |
Why we can't execute stored procedure inside a function?
Answer:
- Stored Procedure may contain DML statements.
- Function can't contain DML statements.
So executing Function inside stored procedure will never break rule 1.
But executing stored procedure inside function may break rule no 2.
Functions are computed values and cannot perform permanent environmental changes to SQL Server (i.e. no INSERT or UPDATE statements allowed). It returns error like “Invalid use of a side-effecting operator 'INSERT' within a function.” So ultimately strict rule is made by Sql team: we can't execute stored procedures inside function.
18 February 2016
05 February 2016
Read XML Data for datasource
<?xml version="1.0" encoding="utf-8" ?>
<StatusTypes>
<StatusType Name ="All" value="0"/>
<StatusType Name ="Over-vote" value="1"/>
<StatusType Name ="Mixed Status" value="2"/>
<StatusType Name ="Not Received" value="3"/>
<StatusType Name ="Over Reported" value="4"/>
<StatusType Name ="Under Reported" value="5"/>
<StatusType Name ="In Balance" value="6"/>
</StatusTypes>
string fullName = HttpContext.Current.Server.MapPath(
"~/Modules/Pxy/StatusDataSource.xml");
XDocument doc = XDocument.Load(fullName);
return (from d in doc.Root.Elements("StatusType")
select new KeyValuePair<string,int>( d.Attribute("Name").Value, int.Parse( d.Attribute("value").Value))
).ToList();
statusDataSource DataSource = new statusDataSource();
if (ddlStatus.Items.Count > 0)
ddlStatus.Items.Clear();
ddlStatus.DataSource = null;
foreach (KeyValuePair<string, int> St in DataSource.Status)
ddlStatus.Items.Add(new ListItem(St.Key, St.Value.ToString()));
07 October 2015
Shadowing in C#
- In Method override both methods (base & child class methods) have the same name, same number and same type of parameter in the same order with the same return type. The overridden base method must be virtual, abstract or override
- but without these we can do using new keyword, this mechanism is called Shadowing
- In the shadowing or method hiding, the child class has its own version of the function, the same function is also available in the base class.
- Using this concept we can provide a new implementation for the base class method without overriding it.
- Showing is used to protect against subsequent base class modification, We can change the access modifier
- There is no control of a base class on shadowing
- We can also use shadowing and method overriding together using the virtual and new keywords
public class BaseClass
{
public string GetMethodOwnerName()
{
return "Base Class";
}
}
public class ChildClass : BaseClass
{
public new virtual string GetMethodOwnerName()
{
return "ChildClass";
}
}
public class SecondChild : ChildClass
{
public override string GetMethodOwnerName()
{
return "Second level Child";
}
}
static void Main(string[] args)
{
ChildClass c = new ChildClass();
Console.WriteLine(c.GetMethodOwnerName());
}
Output: ChildClass
We can't use the new and override keywords together. If you do then the compiler throws a compilation error
Shadowing Example (using new keyword in child class method)
static void Main(string[] args)
{
BaseClass c = new ChildClass();
Console.WriteLine(c.GetMethodOwnerName());
}
Output: Base Class
10 September 2015
ref vs out in C#
While writing a code, we often come across situations where we need to return multiple values from a single function/method. But a method can only return a single value.The question is how do we overcome such situation.Answer is simple, use reference types.
Parameters are always passed by value to a method by default.If we want to pass them by reference then we can use either out or ref keyword.
Ref
The ref keyword is used to pass an argument as a reference. This means that when value of that parameter is changed in the method, it gets reflected in the calling method. An argument that is passed using a ref keyword must be initialized in the calling method before it is passed to the called method.
Ref keyword will pass parameter as a reference this means when the value of parameter is changed in called method it get reflected in calling method also. There is no "boxing" when a value type is passed by reference
Out
The out keyword is also used to pass an argument like ref keyword, but the argument can be passed without assigning any value to it. An argument that is passed using an out keyword must be initialized in the called method before it returns back to calling method.
Out keyword also will pass parameter as a reference but here out parameter must be initialized in called method before it return value to calling method
public ActionResult Index()
{
int val1 = 0; //must be initialized for ref
int val2 = 0; //optional for out
Example1(ref val1);
ViewBag.Message += val1 + "\n"; // val1=0
Example2(out val2);
ViewBag.Message += val2 + "\n"; // val1=2
return View();
}
static void Example1(ref int value) //called method
{
//value = 1; // optional
}
static void Example2(out int value) //called method
{
value = 2; //must to assign value
}
These ref and out parameters are useful whenever your method wants to return more than one value.
Both the method definition and the calling method must explicitly use the ref / out keyword
Several inbuilt methods as "TryParse" (one of my favourite) use out and not ref, may be the internal implementation of library mainly uses ref.
Properties/Indexers/Dynamic member access cannot be passed to ref or out parameters since internally they are functions/methods and not members/variables
ref tells the compiler that the object is initialized before entering the function, while out tells the compiler that the object will be initialized inside the function.
Ref and out in method overloading
Both ref and out cannot be used in method overloading simultaneously. However, ref and out are treated differently at run-time but they are treated same at compile time (CLR doesn't differentiates between the two while it created IL for ref and out). Hence methods cannot be overloaded when one method takes a ref parameter and other method takes an out parameter. The following two methods are identical in terms of compilation.
class MyClass
{
public void Method(out int a) // compiler error “cannot define overloaded”
{
// method that differ only on ref and out"
}
public void Method(ref int a)
{
// method that differ only on ref and out"
}
}
However, method overloading can be done, if one method takes a ref or out argument and the other method takes simple argument. The following example is perfectly valid to be overloaded.
class MyClass
{
public void Method(int a)
{
}
public void Method(out int a)
{
// method differ in signature.
}
}
Ex:
public static void Foo()
{
int val = 0;
Example1(val);
Console.WriteLine(val); // Still 0!
Example2(ref val);
Console.WriteLine(val); // Now 2!
Example3(out val);
Console.WriteLine(val); // Now 3!
}
static void Example1(int value)
{
value = 1;
}
static void Example2(ref int value)
{
value = 2;
}
static void Example3(out int value)
{
value = 3;
}
Ref | Out |
The parameter or argument must be initialized first before it is passed to ref. | It is not compulsory to initialize a parameter or argument before it is passed to an out. |
It is not required to assign or initialize the value of a parameter (which is passed by ref) before returning to the calling method. | A called method is required to assign or initialize a value of a parameter (which is passed to an out) before returning to the calling method. |
Passing a parameter value by Ref is useful when the called method is also needed to modify the pass parameter. | Declaring a parameter to an out method is useful when multiple values need to be returned from a function or method. |
It is not compulsory to assign a parameter value before leaving calling method. | A parameter value must be assigned within the calling method before its use. |
When we use REF, data can be passed bi-directionally. | When we use OUT data is passed only in a unidirectional way (from the called method to the caller method). |
Both ref and out are treated differently at run time and they are treated the same at compile time. | |
Properties are not variables, therefore it cannot be passed as an out or ref parameter. |
The out and ref keywords are useful when we want to return a value in the same variables as are passed as an argument