ASP Development Principles Guide

zhaozj2021-02-08  272

ASP guide

Author:. J.D Meier

Published Date: December 27, 1999

Introduction

The success of the Active Server Page (ASP) app often depends on the two pairs of the architecture and design. This level is very difficult in taking into account the scope of the ASP technology and the inherent complexity of the current application. In this article, I will provide you with some specific guidelines to help you successfully develop ASP-based applications.

From the experience of successful development model, we summarize the following principles.

I have organized the guidelines into a set of development principles. When evaluating solutions and technologies, you can apply the following principles to help you make decisions. The following principle is that I have long been accumulated from the experience of successful development model.

Principle 1: standard method

Establish a naming agreement and standardize the directory structure to greatly improve the readability and maintainability of the ASP application. Although there is currently no formal standards for ASP applications, many developers have established some general ways. Here, I will share some more common ways to you.

Because the ASP technology works on the script engine, and the script has a non-tightness, naming conventions are also very vague. In a very tight language type, the variable will declare according to its actual type. When using ASP technology, variables are typically declared in the ASP code in the way in which the variables (rather than their actual data type) are used. For example, when using "Visual Basic (R) Scripting Edition (VBScript), although all VBScript variables are variant, you will also declare the success flag as Bsuccess (b represents Boolean), not vsuccess (V represents Variant ).

The table below is some of the passive naming conventions.

Variable prefix:

Variables prefix sample b or bln Boolean bSuccess c or cur Currency cAmount d or dbl Double dblQuantity dt or dat Date and Time dtDate f or flt Float fRatio l or lng Long lMilliseconds i or int Integer iCounter s or str String sName a or Arr Array Ausers () o Or Obj Com Object Opipeline

Database object variable prefix:

Prefix use Variable Variable Sample CNN Connection CNNPUBS RST Recordset Rstauthors CMD Command Cmdemployee Fld FldLastname

Range and prefix usage:

Prefix explanation G_ is created in Global.asa. m_ is partial in an ASP page or in the include file. (No prefix) non-static variable, prefix is ​​partial in the process

An article in Knowledge Base (KB) "Q110264 Info: Microsoft Consulting Services Naming Conventions for Visual Basic" (English) provides a real shot of naming conventions.

Use the directory structure to provide a location for your respective application components. The actual directory structure of your application is of course determined by yourself, but it is usually placed in separate directories, respectively. The following is an example of a Simple ASP application directory.

Directory Structure Example:

/ SimpleASPAPP

/ DOCS

/ Images

/ Incrude

A good directory structure allows you to choose NTFS permissions. You can also use relative paths from the ASP application. For example, you can use the following code, from the exclude file in the IncludeSPAPPAPP directory, reference files on the incrudes directory Top.asp: ./ incrudes / Top.ASP

Note that my extension of my include file is .asp, not .inc. This is for security considerations and uses the .asp extension (instead of .inc), it is also possible to use color code in Visual InterDev (R).

For additional tips and techniques for the structured ASP application, see the article "ASP Conventions".

Principle 2: Designed to run under service

The ASP will run under the service. When you design an ASP application, you will immediately face the security environment and thread problems that are not encountered in desktop applications. In a desktop environment, only single-threaded executions running as an interactive user are processed, and the current desktop system is accessible. In the Internet Information Service (IIS), multiple client threads in different user environments call your application, and your application is limited to the "System" desktop.

What does this mean for you? Please learn the security model of IIS. Also remind you: only because some things can run normally under Visual Basic IDE, do not mean that it can run safely in ASP technology. Visual Basic IDE does not accurately simulate the runtime environment. Common design errors include: Using the .ocx control requiring user interface in ASP technology, using components that are unsafe to threads, and components that require special user contexts. One of the simplest issues to be avoided is to try to access the HKEY_CURRENT_USER (HKCU) registry key from the application (for example, do not call Visual Basic's getSetting and Savesetting functions, they depend on HKCU). Similarly, do not appear messages or other dialogs that require users to manage human-computer interaction.

The following article is a quite good entry reading of security and verification issues in ASP technology:

"Authentication and security for Internet development" Q172925 INFO: SECURITY ISSUES with OBJECTS in Asp and isapi extensions "(English)

Principle 3: Package business logic

ASP technology provides a service by generating HTML output. In short, it generates a user interface. You need to separate business logic from ASP to the script. Even if you don't use the COM component to separate the business logic from the ASP code, it is also necessary to separate the business logic to the function and the Include file to increase maintainability, readability, and reusability. You can also experience the benefits of modular design methods when you need to troubleshoot and isolate problems.

Call the script internal calling functions and methods to avoid code chaos and can add structures in the ASP application. The following is an example in which the logic is separated into method calls from the ASP code:

LT;% main ()

Mybizmethod ()

...

Sub main ()

GetData ()

DisplayData ()

End Sub

%>

This principle can be applied when using technology that contains the ASP function. Let's take an example when using Visual Basic WebClass, explaining how to use this principle:

Because the WebClass itself refers to the ASP code to generate HTML, you don't put your business logic directly in WebClass. Because this is your representation, it is not running WebClass directly under MTS / COM . From WebClass, you can call separate business components that run in MTS / COM . You can decide to create your own, have a COM component that is referenced to the ASP, rather than relying on the WebClass framework structure and additional WebClass runtime overhead - you can also use the ASP script to automate business components directly.

Principle 4: Get the resource as soon as possible, release resources as soon as possible

A common problem is to transition from the desktop system to the server. Many developers with desktop system background have never enjoyed some problems and resources of the server. In a conventional desktop application, it is a time-consuming process that is connected to the server. In order to improve the user's experience, it is usually used to obtain resources and postpone the release resource as soon as possible. For example, many applications always connect to a database over its entire runtime.

This method can work normally in a conventional desktop application, the reason is that the number of users is very clear, easy to control, and the rear end is tightly connected to the front end. However, for current web applications, this approach is not feasible, why limited server resources will face more and more users. In order to enable your application to access users, you need to get resources at all times and release resources as soon as possible.

Sharing helps to increase the effectiveness of this manner. By sharing, multiple users can share resources, and the latency is the least, the impact on the server is minimal. For example, when processing a database, ODBC connection sharing and OLEDB resource sharing can implement the selection of connections from the shared pool to minimize the overhead of the connection database.

For more information on shared ADO, see "Pooling in Microsoft Data Access Components".

Principle 5: Using database maintenance complex state

Although the HTTP protocol is stateless, ASP developers still use ASP functions to use ASP functions. For example, using an ASP technology built-in Application object, the resource saved by the developer can share all users of the application. By using the ASP built-in session object, the developer only saves resources for a single user.

Although it sounds in the SESSION object in the SESSION object in ASP technology, it is a very convenient way to hold the situation, however, the cost of paying is too large, and it may also become one of the largest restrictions on scalability. The scalability of the application is essentially capable of continuing its performance as the number of users can continue to maintain its performance. For each user, the session object will consume the resources of the server during the session timeout or abandoned. The session also bundles you on a server to limit your use of the web cluster. Please do not use the ASP Session object as much as possible. If you don't use a session at all, you can disable the SESSION status of the web application (see the IIS document). Otherwise, you can use the following statement to disable the Session status for each page:

<% @ EnablesessionState = false%>

For some simple data, you can keep the ASP request between the QueryString cookie or hidden form field. Then, for more complex information, you usually recommend you to use the database. The general mode is to generate a unique identifier, and then send to each request client and save to a hidden form field. In subsequent requests, this unique identifier is used to find status information related to the user in the database. This model provides higher scalability and more concise code. For more information on using QueryString cookie and hidden form fields, see "Q175167 HOWTO: PERSISTING VALUES WITHOUT sessions".

Principle 6: Create an object using Server.createObject

When you create an object of ASP technology, you can select tag, server.createObject, and createObject. The behavior of each technology is slightly different. Although in IIS 4.0, use the tag or createObject than server.createObject spare performance advantages, we generally recommend using Server.createObject to allow ASP applications to cognition your object. (Note In IIS 5.0, there is no performance advantage than server.createObject compared to Server.CreateObject.)

The tag can only create a component only when calling the first method, thus saving resources. Server.createObject creates components using the SERVER object built-in ASP technology. In essence, it just performs CocreateInstance, but ASP can recognize this object. At the same time, the traditional OnStartPage and OneundPage of ASP technology will also be called. (Note It is best to use ObjectContext in IIS 4.0 or later). If you just use createObject, you will use the Scripting engine directly through the ASP technology.

The following is a possible exception: When you call via a firewall, you may need to call CreateObject instead of Server.createObject. For more information, see "Q193230 - PRB: Server.createObject Fails when Object is behind firewall".

Principle 7: Provide a wealth of troubleshooting information

Make sure that the error handling process is included in all your ASP applications. Moreover, make sure you provide useful diagnostic information. I haven't touched which person complained that the error message was too explanatory. Make sure the following information is included in the error log:

User context (if you are using the component, you can call the getUserName) thread ID (in the component, you can call getCurrentThreadID)

Because you will run under the ASP, you may want to write this information to the file or NT event log. You can also create an application event log for the record key application event to use it when you diagnose the application error.

The following article provides more information about error handling technology:

"Bulletproofing Your ASP Components" (English), Charles Alexander a "Fitch & Mather Stocks: Web Application Design" (English) "Handling and Avoiding Web Page Errors, Part 1: The Basics" (English) "Handling and Avoiding Web Page Errors , Part 2: Run-Time Errors "(English)" HANDLING AND AVOIDING Web Page ErrorS, Part 3: An OUNCE OF Prevention "(English) Principle 8: Test performance, scalability and reliability

The browser is not an accurate test method, which can only display the possible use of the application. Please set a specific performance goal for your application and use load tools such as Web Application Stress Tool for pressure testing. You need to determine the conditions you can accept yourself. Here are some general guidelines that help you start the test process:

Test the performance through the number of requests per second to test the performance, and create a minimum threshold. In general, the simple ASP page that does not perform database access should return at least 30 pages per second. The page calling the component or access the database at least 25 pages per second. Add users to the application until the number of requests per second is lower than the preset threshold, and the scalability is tested in this way. Remove the machine from the web cluster and check the errors and faults to test reliability.

Match the test environment with the actual operation, even the firewall is no exception. This sounds high cost, but I have heard that the developers have lost their work because they did not take into account the firewall.

For more information on using the Web Application Stress Tool test ASP application, see "i can't stress it enough - loading test your asp application".

Principle 9: Increase Isolation

Use isolation function to protect your application process to greatly enhance the stability of the server. Talking about the Internet app, whether the consequences of using isolation can have a huge difference: one is the application crash, one is the server. Protective Main IIS Process (inetinfo.exe) usually ranks a higher position of the priority list. This is especially prominent when you use the components.

The technique of the protected master ISS process usually used is to make the web application in their respective memory spaces. In Internet Services Manager, you can set this option for each web. Although system resources overhead due to grouping of processes have some slight effects on performance, the protection of applications is worthy of this price. Under IS 4.0, you can run applications in two ways in -1-process, OUT-OF-Process, OOP. The OOP application runs in a new MTX.exe instance. Under IIS 5.0, you can use other isolation options. The isolation level can be set to "low" in the process within the process), "DLLHOST.EXE sharing instance) or" DLLHost.exe's non-shared instance).

In addition to isolating web applications in their own memory space, you may also want to isolate untrusted components. Untrusted components are usually a component that does not pass test time in the actual environment. You can run these components in the Server package so they run in the new DLLHOST.EXE instance. In general, if the mode is taken between performance and protection, the way is as follows: Run the web application in the "high" isolation state, run the component in the library package. This approach minimizes the group expenditure while providing the strongest protection between the processes.

For more information, see the article "Server Reliability THROUGH Process Isolation".

Principle 10: Do not abuse thread sharing group

Under IS 4.0, the ASP's default shared group is 10 threads for each processor managed by MTS. In IIS 5.0, the default value is 20. This means that each thread is a potential valuable resource that can handle multiple client requests. You also need to avoid calling how to block, such as making large database calls. If you have the work to perform this operation, it will prevent the ASP application from returning to the client in response, consider using the queue function. For example, in NT 4.0, MSMQ can be used. In Windows 2000, q

转载请注明原文地址:https://www.9cbs.com/read-1170.html

New Post(0)
CopyRight © 2020 All Rights Reserved
Processed: 0.030, SQL: 9