ASP guide
Author:. J.D Meier
Published Date: December 27, 1999
Introduction
The success of the Active Server Page (ASP) app often depends on the two pairs of the architecture and design. This level is very difficult in taking into account the scope of the ASP technology and the inherent complexity of the current application. In this article, I will provide you with some specific guidelines to help you successfully develop ASP-based applications.
From the experience of successful development model, we summarize the following principles.
I have organized the guidelines into a set of development principles. When evaluating solutions and technologies, you can apply the following principles to help you make decisions. The following principle is that I have long been accumulated from the experience of successful development model.
Principle 1: standard method
Establish a naming agreement and standardize the directory structure to greatly improve the readability and maintainability of the ASP application. Although there is currently no formal standards for ASP applications, many developers have established some general ways. Here, I will share some more common ways to you.
Because the ASP technology works on the script engine, and the script has a non-tightness, naming conventions are also very vague. In a very tight language type, the variable will declare according to its actual type. When using ASP technology, variables are typically declared in the ASP code in the way in which the variables (rather than their actual data type) are used. For example, when using "Visual Basic (R) Scripting Edition (VBScript), although all VBScript variables are variant, you will also declare the success flag as Bsuccess (b represents Boolean), not vsuccess (V represents Variant ).
The table below is some of the passive naming conventions.
Variable prefix:
Variables prefix sample b or bln Boolean bSuccess c or cur Currency cAmount d or dbl Double dblQuantity dt or dat Date and Time dtDate f or flt Float fRatio l or lng Long lMilliseconds i or int Integer iCounter s or str String sName a or Arr Array Ausers () o Or Obj Com Object Opipeline
Database object variable prefix:
Prefix use Variable Variable Sample CNN Connection CNNPUBS RST Recordset Rstauthors CMD Command Cmdemployee Fld FldLastname
Range and prefix usage:
Prefix explanation G_ is created in Global.asa. m_ is partial in an ASP page or in the include file. (No prefix) non-static variable, prefix is partial in the process
An article in Knowledge Base (KB) "Q110264 Info: Microsoft Consulting Services Naming Conventions for Visual Basic" (English) provides a real shot of naming conventions.
Use the directory structure to provide a location for your respective application components. The actual directory structure of your application is of course determined by yourself, but it is usually placed in separate directories, respectively. The following is an example of a Simple ASP application directory.
Directory Structure Example:
/ SimpleASPAPP
/ DOCS
/ Images
/ Incrude
A good directory structure allows you to choose NTFS permissions. You can also use relative paths from the ASP application. For example, you can use the following code, from the exclude file in the IncludeSPAPPAPP directory, reference files on the incrudes directory Top.asp: ./ incrudes / Top.ASP
Note that my extension of my include file is .asp, not .inc. This is for security considerations and uses the .asp extension (instead of .inc), it is also possible to use color code in Visual InterDev (R).
For additional tips and techniques for the structured ASP application, see the article "ASP Conventions".
Principle 2: Designed to run under service
The ASP will run under the service. When you design an ASP application, you will immediately face the security environment and thread problems that are not encountered in desktop applications. In a desktop environment, only single-threaded executions running as an interactive user are processed, and the current desktop system is accessible. In the Internet Information Service (IIS), multiple client threads in different user environments call your application, and your application is limited to the "System" desktop.
What does this mean for you? Please learn the security model of IIS. Also remind you: only because some things can run normally under Visual Basic IDE, do not mean that it can run safely in ASP technology. Visual Basic IDE does not accurately simulate the runtime environment. Common design errors include: Using the .ocx control requiring user interface in ASP technology, using components that are unsafe to threads, and components that require special user contexts. One of the simplest issues to be avoided is to try to access the HKEY_CURRENT_USER (HKCU) registry key from the application (for example, do not call Visual Basic's getSetting and Savesetting functions, they depend on HKCU). Similarly, do not appear messages or other dialogs that require users to manage human-computer interaction.
The following article is a quite good entry reading of security and verification issues in ASP technology:
"Authentication and security for Internet development" Q172925 INFO: SECURITY ISSUES with OBJECTS in Asp and isapi extensions "(English)
Principle 3: Package business logic
ASP technology provides a service by generating HTML output. In short, it generates a user interface. You need to separate business logic from ASP to the script. Even if you don't use the COM component to separate the business logic from the ASP code, it is also necessary to separate the business logic to the function and the Include file to increase maintainability, readability, and reusability. You can also experience the benefits of modular design methods when you need to troubleshoot and isolate problems.
Call the script internal calling functions and methods to avoid code chaos and can add structures in the ASP application. The following is an example in which the logic is separated into method calls from the ASP code:
LT;% main ()
Mybizmethod ()
...
Sub main ()
GetData ()
DisplayData ()
End Sub
%>
This principle can be applied when using technology that contains the ASP function. Let's take an example when using Visual Basic WebClass, explaining how to use this principle:
Because the WebClass itself refers to the ASP code to generate HTML, you don't put your business logic directly in WebClass. Because this is your representation, it is not running WebClass directly under MTS / COM . From WebClass, you can call separate business components that run in MTS / COM . You can decide to create your own, have a COM component that is referenced to the ASP, rather than relying on the WebClass framework structure and additional WebClass runtime overhead - you can also use the ASP script to automate business components directly.
Principle 4: Get the resource as soon as possible, release resources as soon as possible
A common problem is to transition from the desktop system to the server. Many developers with desktop system background have never enjoyed some problems and resources of the server. In a conventional desktop application, it is a time-consuming process that is connected to the server. In order to improve the user's experience, it is usually used to obtain resources and postpone the release resource as soon as possible. For example, many applications always connect to a database over its entire runtime.
This method can work normally in a conventional desktop application, the reason is that the number of users is very clear, easy to control, and the rear end is tightly connected to the front end. However, for current web applications, this approach is not feasible, why limited server resources will face more and more users. In order to enable your application to access users, you need to get resources at all times and release resources as soon as possible.
Sharing helps to increase the effectiveness of this manner. By sharing, multiple users can share resources, and the latency is the least, the impact on the server is minimal. For example, when processing a database, ODBC connection sharing and OLEDB resource sharing can implement the selection of connections from the shared pool to minimize the overhead of the connection database.
For more information on shared ADO, see "Pooling in Microsoft Data Access Components".
Principle 5: Using database maintenance complex state
Although the HTTP protocol is stateless, ASP developers still use ASP functions to use ASP functions. For example, using an ASP technology built-in Application object, the resource saved by the developer can share all users of the application. By using the ASP built-in session object, the developer only saves resources for a single user.
Although it sounds in the SESSION object in the SESSION object in ASP technology, it is a very convenient way to hold the situation, however, the cost of paying is too large, and it may also become one of the largest restrictions on scalability. The scalability of the application is essentially capable of continuing its performance as the number of users can continue to maintain its performance. For each user, the session object will consume the resources of the server during the session timeout or abandoned. The session also bundles you on a server to limit your use of the web cluster. Please do not use the ASP Session object as much as possible. If you don't use a session at all, you can disable the SESSION status of the web application (see the IIS document). Otherwise, you can use the following statement to disable the Session status for each page:
<% @ EnablesessionState = false%>
For some simple data, you can keep the ASP request between the QueryString cookie or hidden form field. Then, for more complex information, you usually recommend you to use the database. The general mode is to generate a unique identifier, and then send to each request client and save to a hidden form field. In subsequent requests, this unique identifier is used to find status information related to the user in the database. This model provides higher scalability and more concise code. For more information on using QueryString cookie and hidden form fields, see "Q175167 HOWTO: PERSISTING VALUES WITHOUT sessions".
Principle 6: Create an object using Server.createObject
When you create an object of ASP technology, you can select
The
The following is a possible exception: When you call via a firewall, you may need to call CreateObject instead of Server.createObject. For more information, see "Q193230 - PRB: Server.createObject Fails when Object is behind firewall".
Principle 7: Provide a wealth of troubleshooting information
Make sure that the error handling process is included in all your ASP applications. Moreover, make sure you provide useful diagnostic information. I haven't touched which person complained that the error message was too explanatory. Make sure the following information is included in the error log:
User context (if you are using the component, you can call the getUserName) thread ID (in the component, you can call getCurrentThreadID)