Chapter 9

Web Applications
Yingcai Xiao

Enterprise Application
Architectures

Main Issues for Developing Enterprise Applications

User Interface, Data Storage, Security, Business Logic,
Networking.
To deal with those issues effectively, modern enterprise
applications are usually designed as multi-tier applications.

Multi-tier Applications
Multi-tier Application: an application consists of multiple
programs each may reside on a different system.
Client

Interconnection Network

Server

A Two-tier Application
(Client-Server)

Multi-tier Applications
A Three-tier Application

Client

Application Server

Interconnection Network

Database Server

In a three-tier application, a Database Server is an independent

program deployed as a part of the application to store data.

Multi-tier Applications
A Four-tier Application

Client

Web Server
Internet
Application Server

Database Server

A Web Server is added.

It uses the standard protocols (HTML/HTTP) to communicate
with the client.
The client is thin: a standard web browser.

Multi-tier Applications
Client: interface to the user. It should be as thin as possible.
Thin-client: no software to install on the client site except a
standard web browser. Thin-client makes applications easy to
deploy, easy to maintain and easy to upgrade.
Web Server: communicates with the user interface.
Application Server: business logic implemented here with
tools from ASP.NET, J2EE, WebLogic (BEAS), WebSphere
(IBM). Most application servers have separate modules to
dynamically generate user interfaces to be sent to the client by the
web server.
Database Server: persistent data stored for the application.
All three server could reside in the same server hardware.

J2EE
Java 2 Enterprise Edition (http://java.sun.com/j2ee)
a platform for developing multi-tier enterprise
applications with standardized modular Java
components
provides a complete set of services to handle
many details automatically
takes advantage of many features of the Java 2
Platform, Standard Edition (J2SE)

J2EE Application Architecture

Application Server (UI)

Application Server (BL)

DB Server

Thin
Client

Client

J2EE-Enabled
Web Server

.NET Web Applications

.NET Web Applications are applications built for the Web using
the .NET framework. The applications use Web forms to provide
user interface, per-user data stores to hold shopping carts,
caching services to boost performance, and security services to
identify users and prevent unauthorized accesses.
.NET Web Applications are actually Application Servers in the
four-tier architecture. Other programs (client, web server, database
server) need to be there to make the applications work. The those
programs can be shared with other applications.

Architecture of a Four-Tier Application

Supporting Software

App User Interface

User Interface
Application Logic
Database Engine
Database
DBMS / Database Server

Database API
Application Server

Architecture of a Four-Tier Application

WEB

WEB

S
E
R
V
E
R

C
L
I
E
N
T

Architecture of a Three-Tier Application

Supporting Software

App User Interface

User Interface
Application Logic
Database Engine
Database
DBMS / Database Server

Database API
Application Server

Architecture of a Three-Tier Application

C
L
I
E
N
T

ASP.NET Web Application

Structures

Structure of an ASP.NET Web Application

An ASP.NET application.
The Web.config File
To support XCOPY installs to install applications by
copying them to a directory and uninstall them by
deleting the files and directories.

Structure of an ASP.NET Web Application

An ASP.NET (web) application (server) consists of all the files in a
virtual directory and its subdirectories on the HW server.

ASPX files containing Web forms (unlimited)

ASCX files containing user controls (unlimited)
Web.config files containing configuration settings (one per
directory)
A Global.asax file containing global application elements (only
one for the entire application)
DLLs containing custom types employed by the application
(unlimited, must be in the bin directory under the root of
the virtual directory)

Create a Web Application in IIS

winserv1 -> Sites -> Default Web Site
Right-click->Add Application (not Virtual Directory)
Alias: xiaotestLander
Application pool: defualtAppPool
Physical path: C:\inetpub\wwwroot\xiaotest\Lander
http://winserv1.cs.uakron.edu/xiaotestLander/Lander.aspx
Existing directories can be converted to Web Applications
winserv1 -> Sites -> Default Web Site->xiaotest
Right-click on Lander
Convert to Application
Application pool: defualtAppPool
http://winserv1.cs.uakron.edu/xiaotest/Lander/Lander
.aspx
* You need to be an administrator to use IIS

XML

Extensible Markup Language

A markup language for documents containing structured

information.

The XML specification defines a standard way to add

markups to documents to identify structures in a document.

Both the tag semantics and the tag set are user definable.

A meta-language for describing (defining) markup languages.

Commonly used to describe data transmitted over the

Internet.

http://www.xml.com/

Web.config
Web.config is the XML file in which ASP.NET applications store
configuration data.

Not in the registry anymore.

Case sensitive.

Inherited, can be overridden by subdirectories.

Machine.config is at the root. Under

Windows\Microsoft.NET\Framework\vn.n.nnnn\Config

Web.config

Use system.web in .config to set system-wide configurations.

<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<!-- To allow debug info displayed at the client -->
<customErrors mode="Off"/>
<trace enabled="true" />
</system.web>
</configuration>
customErrors mode="Off means systemErrors mode on.

Debugging

Each web application needs its own application directory.

For a web form application, the application directory
containing the web form is treated as the root of the web
application.
e.g.
Copy files from Examples/c9/Debug to a A.D.
Edit calc.aspx in it.
Change op1 in OnAdd to op11
Better view it with I.E.

http://winserv1.cs.uakron.edu/Examples/c9/Debug/calc.aspx
Show Detailed Compiler Output

Debugging

Web.config
<configuration>
<system.web>
<customErrors mode=On
defaultRedirect=errorMessage.html />
</system.web>
</configuration>
Three custom errors modes
1. On: displays custom errorMessage.html locally and remotely
2. Off (default): displays debugging information locally and
remotely. (Dangerous!)
3. RemoteOnly: displays debugging information locally and
errorMessage.html remotely

Debugging
http://winserv1.cs.uakron.edu/Examples/c9/Debug/calc.aspx
Custom error mode On, but no defaultRedirect

Web.config
<configuration>
</configuration>

Default custom error mode is Off: very Dangerous!

Displays (code) debugging information locally and remotely.

Web.config
Strings defined in the .config file can be retrieved in the program at
run time:
string conn = ConfigurationSettings.AppSettings ["MyConnectionString"];
<!-- Web.Config Configuration File -->
<configuration>
<appSettings>
<add key="MyConnectionString"
value="server=db1; database=pubs; uid=sa; pwd=" />
<add key="connectString"
value="Integrated Security=true;Initial Catalog=pubs;
Data Source=XIAO-T23-01" />
</appSettings>
</configuration>

The Global.asax File

text file
application-level
only one for each application
directives
event handlers
declarations

Global Directives:
<%@ Application Description="My First ASP.NET Application" %>
<%@ Import Namespace="System.Data" %>
<%@ Assembly Name="System.DirectoryServices" %>

 Global Event Handlers For events that arent specific to a

particular page but that apply to the application as a whole:
Application_Start, Application_End, Session_Start, Session_End,
Application_Error.
An application consists of multiple pages (static structure).
An application can support multiple sessions at runtime, one
for each client (dynamic structure).
Global Object Tags
Session["MyShoppingCart"]=newShoppingCart();
To use in an application:
<objectid="MyShoppingCart"
class="ShoppingCart"
scope="session"runat="server"/>

Application State & Application Cache

to improve application performance

data stored in memory
as dictionaries of key/value pairs
string keys
available to all parts of an application (global)
Application Cache is replacing Application State.

The Application Cache

A per-application, in-memory data store.

System.Web.Caching.Cache
Pages: Page.Cache
Global.asax: HttpApplication.Context.Cache

Insert
Cache.Insert ("AMZN", 12.00);// or
Cache["AMZN"] = 10.00; // replace existing entry

Remove
Cache.Remove ("AMZN");

Usage
decimal amzn = (decimal) Cache["AMZN"];

The Application Cache

Locking
System.Threading.ReaderWriterLock
rwlock.AcquireWriterLock (Timeout.Infinite);

Expiration (new)
Absolute:
Context.Cache.Insert ("Stocks", stocks, null,
DateTime.Now.AddMinutes(5),
Cache.NoSlidingExpiration();
Sliding (expires only if not accessed):
Cache.NoAbsoluteExpiration ();

Cleaning Callbacks
Context.Cache.Insert ( ,
new CacheItemRemovedCallback (RefreshDataSet));

When Calc.aspx is accessed by a client

Session State: per-user store to support shopping cart (equivalent
to global variables)
Challenge: the Web is stateless.
Client side store: cookies (users may disable cookies)
Server side store - in memory (down with IIS, no Web farms
(clusters of Web servers act as one))
ASP.NET session store:
Cookies: client side store
Cookieless: server side store in memory, in another
process, on another machine, in a database

Session State Process Models

Model
In-proc

Description

State Server

Stores session state in an external

state server process on the Web
server or on a remote machine (slower)

SQL Server

Stores session state in a Microsoft

SQL Server database on the Web
server or on a remote machine
(slowest, scalable and reliable, for ecommerce)

Stores session state in-process to

ASP.NET (that is, in Aspnet_wp.exe)
(default)

Change session state type in Web.config

<sessionState mode="InProc" />
<sessionState mode="StateServer"
stateConnectionString="tcpip=192.168.1.2:42424" />
<sessionState mode="SQLServer"
sqlConnectionString="server=localhost;uid=sa;pwd=" />
<sessionState mode="Off" />

Using Session State

Page access: System.Web.UI.Page.Session property

Global.asax access: System.Web.HttpApplication.Session
property

Both map to an instance of

System.Web.SessionState.HttpSessionState

Add an item:
Session.Add ("10012552", "Quantity=1");
Session["10012552"] = "Quantity=1";

Retrieving an item:
string value = Session["10012552"];

Using Session State

Retrieving all items:

NameObjectCollectionBase.KeysCollectionkeys
=Session.Keys;
foreach(stringkeyinkeys){}
Remove, RemoveAt, and RemoveAll.
Session timeout: <SessionState timeout="60" />
Close session: Session.Abandon ();
Session Identification:
using GUIDs (globally unique identifiers)
Automatic lock and unlock

Using Session State

http://winserv1.cs.uakron.edu/examples/c9/sessionSpy/sessionSpy.aspx

<%@ Page Language="C#" %>

<html> <body> <%
if (Session.IsNewSession || Session["Count"] == null)
{ Session["Count"] = 1;
Response.Write ("Welcome! Because this is your first visit to this
site, a new session has been created for you. Your session ID is " +
Session.SessionID + ".");
}
else { Session["Count"] = (int) Session["Count"] + 1;
Response.Write ("You have visited this site " +
Session["Count"] + " times. Your session ID is still " +
Session.SessionID + ".");
}
%> </body> </html>

Using Session State

A session is created for each client process and stored on the server.
NS and IE are on different processes.
Browser

Ctrl N

Start->Programs

IE

New Thread
Old Session

New Process
New Session (old IE)
Old Session (newer IE)

NS

New Thread
Old Session

New Thread
Old Session

To make your program work deterministically, your

application needs to identify the user through the login
authentication and respond accordingly (next chapter).

State Server or SQL Server session state models require types

stored in session state to be serializable.
[Serializable]
public class ShoppingCart
{ ... }
ShoppingCart cart = new ShoppingCart ();
Session["MyShoppingCart"] = cart;

A mini enterprise application

Congo (C9)
Congo: A virtual storefront for an online bookseller.
Related to: database => data grid => shopping cart
Forms: Database supported, web based security.
Deployment:
http://www.cs.uakron.edu/~xiao/windows/Web-App-Deployment.html
T:\Xiao\Windows Programming\Examples\C9\Congo-MySQL
http://winserv1.cs.uakron.edu//xiaotest/Congo-MySQL/Congo.aspx
Output format in C#
http://blog.stevex.net/string-formatting-in-csharp/