Small logo of
Site map
Sunday, April 18 2021 Navigation -> guides -> ASP.NET 4.0 C#
HTML Document IconPrinter friendly version
Click here to view this guide as HTML file without side & top menus.

Asp.Net 4.0 C# and beyond

Study guide contents:

Section 1: Introduction to OOP
Section 2: Browser and Web Server communication basics
Section 3: Simple types
Section 4: Simple type conversions
Section 5: Using Master Pages
Section 6: Using Themes
Section 7: Caching in Asp.Net
Section 8: Handling Asp.Net events
Section 9: Client side state management
Section 10: Server side state management
Section 11: Basic Server Controls
Section 12: Basics C# language constructs
Section 13: Delegates & their use with events and lambdas
Section 14: Exception handling
Section 15: Validation
Section 16: Advanced web controls
Section 17: Intro to data access
Section 18: Data binding
Section 19: Files, streams and object serialization
Section 20: Working with XML
Section 21: Website Security
Section 22: Component management
Section 23: LINQ (Language Integrated Query) and Entity Framework
Section 24: Introduction to .Net AJAX
Section 25: Object Lifetime
Section 26: In depth look at interfaces
Section 27: Generics
Section 28: Advanced C#
Section 29: Detailed look at assemblies and processes
Section 30: Reflection and dynamic types
Section 31: Introduction to parallel programming
Section 32: Windows Communication Foundation (WCF)
Section 33: Introduction to Model View Controller (MVC) framework version 3
Section 34: Other topics


I have written this short guide for myself in order to help me with study of C# programming language and ASP.NET platform. I provide this guide as is, without any guarantees, explicit or implied, as to accuracy of its contents. You may use the information contained herein in your computer career, however I take no responsibility for any damages you may incur as a result of following this guide. You may use this document freely and share it with anybody as long as you provide the whole document in one piece and do not charge any money for it. If you find any mistakes, please feel free to inform me about them via email at Tom Kitta. Legal stuff aside, let us start.

I created this division of developer skills needed for different roles in a mid size development shop.

Guide version 0.11 last updated on 1/10/2012

Introduction to OOP

The three main postulates of OOP programming are: Encapsulation, Inheritance and Polymorphism.

Class is a file made of C# code that is used as a blueprint from which any number of object instances can be created using the new keyword. Objects interact with outside world via methods, properties and events. Internal structures of an object are hidden from the outside world and thus anyone using an object only needs to worry about object's public interface. You get a default constructor (one without any arguments) with every class you create that makes sure all of your fields are initialized to default values. You can override the default constructor in your class (but not in a structure). When you define a custom constructor the default constructor you automatically got is removed. The this keyword refers to the current object. You need to assign memory to an object and construct it using the new keyword before you can use it. You can nest class definitions - define a class inside another class. To use nested class outside of its container class you need to make it public. When objects are created from a class using the new keyword you get a reference to a memory location back, stored on a stack. The actual object is stored on a heap to which stack based memory reference points.

Static members of a class can be accessed without an object being created first. Instance members of a class have no meaning without an object (instance of a class) being created 1st. Note that you cannot mix static and non-static code, i.e. cannot for example create an instance method and call it from a static method in the same class. Static methods only work on static data. An example of a static class is System.Math. In static context there is no this keyword, as there is no object. Static methods are common in utility libraries. Static properties are common across all instances of the class they are in, changing one, changes all. Static members work on the class level, non-static members work on the object level.

Constructors are class member methods that automatically run when object is created and have the same name as class name. You can chain constructors with the use of one master constructor that other constructors call first. You do constructor chaining with the help of this keyword. Alternatively you can use optional arguments. You can create static constructors, but they cannot take any parameters and are run only once regardless of the number of objects initiated. Constructors don't have a return type. Constructors are not inherited. Constructors can run base class constructors with the help of base keyword.

Delegates are types that define function pointers. They define a custom signature of a function. Multiple functions can be defined to be of delegate type. Delegates are used extensively with events.

Events are used for notifications. First create a delegate signature. Then Define your event. To use it 1st check whatever there are any listeners present - check whatever event is not null. For example: public delegate void MyEventHandler(); public event MyEventHandler Bobo; if (Bobo != null){ Bobo(); } To add an event handler, just add event handler method to event, such as: Bobo+=SomeHandler;

Interfaces are contracts to which a class that implements them must adhere. All exposed methods and properties in an interface are implicitly public.

Namespaces are used to organize all .Net types (mostly classes) and avoid name collisions among 1000's of types. They are a logical organization while assemblies are physical organization inside DLL (not stand alone) or EXE (stand alone) files. If you are using non-standard assembly in your application you will need to add a reference to it in order for your application to compile.

During inheritance class constructors are never inherited. Multiple inheritance, inheriting from multiple base classes, is not supported in C#. You need to use base keyword to call the right constructor of the parent class to initiate child class as in: NewClass(int bob):base(bob). Inheritance is best used to extend functionality of built in .Net libraries. By specifying class as sealed using sealed keyword you can prevent it from being inherited.

Object type can be changed via casting which changes how the application sees an object. An object can be cast to a parent class which it inherited, an interface it supports or itself. You need to use brackets with new type (explicit cast) only if casting can fail - same as with simple types. You can check if cast will work with is keyword as in: if (theMamal is Human) Human theHuman = (Human)theMamal; You may avoid runtime error and use as keyword. If the cast fails a null is returned, for example: Human theHuman = theMamal as Human;

Partial classes are used to split code into more then one physical class such as: public partial class Example; Both files need partial keyword to be present.

Generics allow classes to have a type as an input parameter, for example a List<T> class can create a list of objects of any type, such as List<string> for a list of string objects.

Struct is a value based class-like construct. It is defined with struct keyword instead of class keyword. It can contain data, properties and methods. It is passed as a value type and thus doesn't support any OOP functionality that classes do. Since its a value type it is passed by value to other methods. Passing by value is generally slower then passing object reference. They are used when stored inside an array or for communication with C\C++\COM. Struct could, for example store 3D coordinates of a 3D shape in shape array. Struct, like any other value types, is allocated on a stack and thus it can be created and destroyed very quickly.

As most modern OOL C# supports method overloading. You can override methods originally defined in parent class by these in child class. To do this you need to define methods in parent class with virtual keyword (by default methods are non-virtual) and corresponding methods in child class with override keyword. You can still access parent method in child class using base keyword. To stop overriding of a method by child method it needs to be modified by sealed keyword. Virtual methods cannot be private.

If you don't have access to a parent class (say you bought third party software) and you want to hide implementation of one of its non-virtual methods you can specify in your child class that your method is new, using new keyword. This will ensure that your child class method ignores parent class method. The "new" method in your child class shadows the method in the parent class and the "new" method implementation is only available in your child class.

Shadowing (hiding) method implementation in a child class vs. overriding parent virtual method in child class, when you cast child object back to parent object you get:

Abstract classes are ones from which objects cannot be directly initiated. They are meant to be used as base classes for children classes which can be created via inheritance. To create abstract class you prefix its declaration with abstract keyword. Following are other properties of an abstract class:

Polymorphic interface is created when a member of a class is defined as abstract. This means that this member doesn't supply default implementation but needs to be implemented by classes that inherit it. Abstract members can only be defined in abstract classes. Abstract members are different then virtual members because the later can be defined in child classes while the former have to be overridden in child classes.

Accessibility modifiers:

Public and Internal are only two access modifiers a class can have, since its not nested inside of anything else. All other access modifiers can be applied to nested type.

Always access class properties through accessors methods such as in this automatic property example: public int Age { get; set; }. In a "set" method the variable value is the one that is being set.

GET and SET property accessor methods are preferred method of accessing class field data. They are internally called get_[property name] and set_[property name]. Automatic get and set can only be used together and are a shorthand for creating private fields and simple accessor methods. To create read only fields you need to fully implement GET method. For write only fields you need to fully implement SET method. With automatic accessor methods you can have private GET and/or SET methods as in: BankAccount {get; private set;}

Read only fields created with readonly keyword can only be assigned inside a constructor. Constant fields created with const keyword can be assigned outside a constructor. Constants are values that are assigned at compile time, never change during the runtime and are static. Read only fields are used to have read only data that is assigned at run time and can be different for each object.

Design patterns are divided into three main groups. Here is a quick overview:

Inversion of Control and Dependency Injection are two related ways to break apart dependencies. Objects do not create other objects on which they rely. StructureMap is an IOC framework.

Two objects are identical if they refer to the same actual object (references are the same), two objects are equal if they contain same value.

Browser and Web Server communication basics

HTTP protocol is commonly setup on port 80, with HTTPS setup on 443. Common HTTP methods:

When you enclose your JavaScript in CDATA section the page is protected from errors on browsers that don't support JavaScript - your JS code is treated by these browsers as a comment.

Web application is a collection of files and related components residing in a virtual directory. Single IIS installation can handle multiple applications. Asp.Net web development server was introduced in .Net 2.0.

Communication from web browser is called a request and is available as an object. Communication from the server to the browser is wrapped in the response object. Sending data back to the server is called a postback. Use isPostBack() method to determine whatever page was submitted as part of a form.

Status codes:

Website project = single developer, similar to classic ASP, no project files, site treated as a bunch of files each having its own backend DLL, intro VS2005. Can just copy files over to web server without worrying about extra project files. Designer files are in memory generated and hidden from developer's view. Website application = multiple developers, only one .Net language, project files, can compile to single DLL and automate compilations. Solution file is still created for both Website project and Website application. Choice is more a matter of personal taste. Useful for migrating older projects. Can contain multiple projects under one solution. This was the only option available in original release of .Net. Code-behind method with two web pages is more common and more accepted because it's cleaner then single file.

Runat="server" will create controls that can be accessed through code on server side.

You should always add doctype to your webpage after page directive - it helps avoid some problems associated with cross browser display issues. Asp.Net renders its controls as XHTML by default.

String escaped characters are \" (quotation mark) \n (new line) \r (return) \t (tab) \\ (back slash) \a (beep). To turn off escaping proceed quotes by @ (at) symbol - this creates verbatim strings. Don't forget strings are of immutable type.

The root of a website is represented by a ~ (tilde) character in a url, such as ~/index.aspx is the index file in the root of a website.

Websites can be dynamically compiled or pre-compiled. You can pre-compile your website with the help of aspnet_compiler.exe.

Configuration file hierarchy:

Important elements found within web.config:

Any conflicting settings are overwritten from what is found downwards in the hierarchy... unless such an action is forbidden. .Net 4.0 added settings into Machine.config which were previously added to default Web.config.

Configuration files in Asp.Net are never locked - you can update them even when application is running, new requests will get newer settings.

The web.config under your .Net installation already defines a number of default namespaces, such as System, that are available to a webpage. This frees the developer from having to issue to many <%@Import%> directives at the beginning of a web page.

You can use WAT - Website Administration Tool to change web.config settings inside a browser while in website development mode.

IIS Virtual directories are what you see on the browser end - these are mapped to physical directories on the actual web server. Most website settings are on virtual directory level (top most VD is the website).

Application pools have two important settings, version of .Net used and Windows account used to run the website.

To test SSL you can create a test security certificate and start your requests for pages with https prefix. Only full web server such as IIS supports this, not build into VS web server. To check whatever a page was requested with https just inspect Request.IsSecureConnection variable.

By default a freshly deployed site is not compiled - it is compiled on 1st request. You can deploy pre-compiled sites with aspnet_compiler.exe command line utility, or you can publish a website. Copying a website is deploying it without compiling it and is intended for few files on a test server.

Website reserved folders:

Simple types

Everything in .Net is a type. Some types are simple data types such as an int.

All types in .Net are objects and include ToString() method, since they all eventually inherit from object object. A number of keywords exist to define data types. These are merely shortcuts for types defined in the System namespace. You can initialize variables of any type using a new keyword, for example a new bool() will get by default a value of false.

You can define things of type Object using the object keyword. Since everything inherits from Object type, even if not explicitly specified, you can in any of your classes override methods such as ToString() or Equals(object obj).

Most numeric types inherit from System.ValueType which means that they are allocated on a stack. All types that are not inheriting from System.ValueType are allocated on garbage collected heap.

Arrays have fixed lower bound of 0 and cannot be re-sized. Declaration example: int[] myIntArray = new int[5]; or int[,] my2darray = new int[5,2]; or string[] strArray = {"a","b","c"}; Access element in array by index: myIntArray[2] - 3rd element. Arrays are instances of System.Array type. If you declare an array but don't fill it with your data it will contain default data for the data type - for example, an array of bool is by default initialized to all 'false' while array of int is by default all zeros. An array of objects can store mixed type of data types. Multidimensional arrays are defined as in this example: int[][] = new int[1][1];

ArrayList is a simple collection class that allows array re-sizing, for example: ArrayList myList = new ArrayList(); myList.Add("Tom"); You can store any object inside ArrayList, all stored objects are treated as instances of System.Object, thus on retrieving them you need to cast them to appropriate type. ArrayList is under covers Object[].

Enumerations are groups of related constants, for example: enum CompterType {Desktop, Laptop}; ComputerType.Desktop -- internally stored as integer 0. Enumerations can start at any number. Enumeration can contain non-sequential mappings to int. You can use a different numeric type then int32. System.Enum is the class to look at. To get the 'name' of enum just call its ToString() method. To get its 'value' - cast it to its storage type. Fine tuned display control is provided by Enum.Format() method.

Simple types are value types, classes are reference types. Simple types contain actual value while reference types contain a pointer to memory location with a value. You can pass simple types by reference not by value as in MyMethod(ref int input). Simple types are all numeric types together with struct, char, bool, byte, DateTime and TimeSpan. All others, including a String are reference types.

Value types are allocated on a stack, reference types on garbage collected heap. When you assign values and copy value types you are dealing with the actual value of the variable. When you deal with reference types, you are dealing with memory references. So when you make two reference type variables equal to each other, they in fact point to the same memory location and changing value of one of them changes the value of the other. In value types, values are compared, not memory references. Notable exception is String class where operators were overloaded to make it act more like a value type.

Dynamic memory allocation is based on a allocation of data from a pool of available memory called the heap. Usually DMA is implemented as a tree that contains locations of blocks of free memory. Stack based memory management is almost always faster then DMA process as it is based on LIFO stack.

By default a shallow copy operation is done on reference types, i.e. when you copy variable X to Y both X and Y point at the same thing. You have to explicitly perform a deep copy to have effect similar to value type copy. When value type contains reference type, shallow copy is performed by default on reference type contained inside value type.

When you pass reference types to a method you can modify passed in object data and modified object is returned. However, what you cannot do is change the memory location, i.e. return a brand new object. To do that, change memory location, you need to pass your reference object by reference using the ref keyword. Without the ref keyword a value of the memory location is passed, which cannot be modified.

Strings are class based objects for efficiency reasons - variable size. However, they have comparisons operators overloaded in order to act like value types. Strings are immutable type, which means that the value never changes - what you get back from a string modifying method is a brand new string object.

Immutable type is a type whose state cannot be modified after it is created. Its properties cannot be changed once set, i.e. they are read-only properties.

Structures are a value type that are similar to classes - all simple types are structures. See Introduction to OOP for more info.

In console application the class that defines Main() (by default its called Program, but it can be renamed to a different name) is the application object. If more then one Main() exist you need to tell the compiler which one to use. Main() is implicitly defined as private, so other applications cannot directly invoke it. By default Main() has return type of void, through Windows always will allow a return value of 0. You can set int return type - your returned value is stored in %errorlevel% in system environment. System.Environment class is useful.

System.Text.StringBuilder class takes two inputs when constructed - initial string contents and buffer size. Its is much more efficient object to deal with character data that expands (or contracts) then String since string is an immutable type and thus a new object needs to be created after each string character change.

Nullable types are value types with added ability to hold a value of null. To create a nullable type proceed numeric type such as int by a question mark as in int?. Nullable types are instances of System.Nullable<T> type which is a struct. They are very useful when working with databases. Nullable types are value types.

You can use ?? operator with nullable types. For example: bool myFlag = DB.GetFlag() ?? 100; When value returned from database is null, myFlag get a value of 100.

.Net 4.0 introduced namespace System.Numerics which among other things has BigInteger immutable type.

Simple type conversions

Since every type inside .Net derives from an Object you can always store anything inside an Object type variable. When two class types are related by "is-a" relationship it is always safe to store derived type inside the parent type.

When you are storing a derived type inside parent type, you don't need to cast - an implicit cast takes place. If however, you want to convert from parent type into derived type, you need an explicit cast as in: (IWantThis)ThisIsWhatIHave. For example, you can store everything in an Object but you need a cast to take it out. Explicit casting is done at runtime.

The as keyword is used to test casting compatibility. If a cast fails into desired type, a null value is returned. It is a shorthand for exception catching. For example: Circle circle = rectangle as Circle; if(circle==null) Throw an error.

The is keyword is similar to "as" keyword, but instead of a null it returns bool type. For example: if(rectangle is Circle) { }.

No special code is needed to do widening conversions - i.e. move data from small int to a larger int. Narrowing conversions may fail and need to be explicit, for example m = (short)n; Note that C# doesn't throw an error when conversion fails as VB does. To throw an error on failed conversion, place code in checked { } block. Best practice is to simply check whatever conversion will be OK. The checked {} throws OverFlowException on error. The C# supports a /checked flag to set automatic checking for overflow condition. Just in case you want opposite behavior there is unchecked {}.

You cannot cast strings to numbers or vice versa since you need to translate them first. Use many Convert class members such as Conver.ToInt32 to do a type translation.

String modification methods never actually modify the string the operate on, they just return modified copy of it as strings are immutable type.

DateTime and TimeSpan value types are used for dealing with all sorts of date and time related tasks.

You can set variable type implicitly using the var keyword for local variables in method or property scope. An initial value has to be assigned to the variable and it cannot be a null.

Using Master Pages

Master pages are used to define a common layout for all pages on your website. They centralize the location of code responsible for look and feel of the website. Master pages have file extension ".master". To be able to insert content into master pages content pages include ContentPlaceHolder control(s). On content pages you have a Content tag into which you place page's content. I.e. ContentPlaceHolder tags match Content tags. Master pages were introduced in Asp.Net 2.0 and serve as a replacement for an army of user controls.

Master pages can contain default content inside of ContentPlaceHolder tags.

For large websites all master pages should be placed in separate directory. Relative paths to resources should start with ~/ which is the root of the website.

To reference master page public properties you simply prefix them with Master.[property] in content pages (properties have to be exposed by Master page; first add @ MasterType declaration to content page). You can also directly find controls on master pages using Master.FindControl method. Try to minimize amount of dependency through.

Master pages can be nested, child master page has properties of both content page (linking to place holders on parent) and of master page, defining place holders.

Master pages can be programmatically switched inside of Page_PreInit method. You need to set new value of variable MasterPageFile. To reload page use Server.Transfer(Request.Path);

Using Themes

A theme is a collection of styles, property settings and graphics that define the way page controls look like. They are made of .skin files, .css files and image files.

Themes are created inside App_Themes folder under application root. Each theme gets its own subfolder with theme name. Only one theme can be active on a page at a time.

Themes can be applied to individual pages via @ Page directive (Theme attribute) or to the whole site via web.config.

Global themes are themes that can be used by any web application on the server.

Typically you create a skin file for each control type, but this is not necessary as you can place multiple control skins in one file.

There are two types of skins, default and named. Default skins are matched exactly to a control type and apply to all controls on a page, they don't have SkinID. Named skins have a SkinID and you have to explicitly set control's SkinID to that particular skin. So default skin can be made into named skin by adding SkinID.

Themes can include images. Set a SkinID in the theme and then in an Asp.Net image tag use the same SkinID.

StyleSheetTheme settings are applied before page control property set and are not for control attributes - thus they can be overridden, while theme settings are set afterwords and connot be overwritten.

Themes can be changed programmatically in Page_PreInit method via Page.Theme or Page.StyleSheetTheme property. Same applies to individual controls whose theme can be changed via SkinID property in the same method.

You can disable use of a theme on any control by setting EnableTheming attribute to false.

Caching in Asp.Net

There are two types of caches in .Net, Application caching and Page output caching. Caching is self-limiting, you are not guaranteed to find things in cache all the time, things get removed as needed.

Application Caching - can store any object in memory and automatically remove it as needed. Similar to application state but with build in self-cleanup feature.

Page output caching - store whole pages or portions of pages in memory. This way expensive pages run just once.

Output caching is best used when the whole page is generated from server data. If user based information is displayed or page changes with response to user input try partial caching.

Version 4 of ASP.NET added output cache providers. You can define one or more custom providers that can use any custom mechanism of storing cached HTML content. To create your provider you create a new type that inherits from System.Web.Caching.OutputCacheProvider and is registered in web.config using providers section of outputCache element.

Page.Cache property is used to access application cache object. Cache[name] = value is used for simple insertions of data using name - value pair system.

Cache.Insert(name, value, dependency or aggregate dependency (more then one), expiration time value) can be used for more fine tuned control. System.Web.Cache contains all definitions.

Note that through you can store any object in server memory based cache, you need to cast it once you retrieve it.

To cache a page you need to use a directive <%@ OutputCache %> Parameter Duration specifies time in seconds. Parameter VaryByParam can take query string variables or names of the controls (actual HTML names) separated by a semi-colon whose change will invalidate the cache. To access cache programmatically use Response.Cache object.

You can cache part of the page by caching only user controls. Alternatively you can use Response.WriteSubstitution method to overwrite placeholders with dynamic content.

To control cache validity programmatically you need to implement ValidateCacheOutput event handler.

Caching for the whole website can be implemented using web.config. Caching settings can be applied to a group of pages using outputCacheProfiles section of web.config.

SQL Server 2005+ support database server dependencies. SQL Server will notify Asp.Net automatically if changes have occurred that invalidate results from a tested query. You need to enable service broker on each SQL server database you want to use. Then you need to start SqlDependancy service once for each web application. SqlCacheDependancy object needs to be alerted in code to the SQL in needs to watch.

Handling Asp.Net events

Pages and controls on them go through a life cycle process that causes different events to be raised.

An HTTP handler is the process that runs in response to a request made to an ASP.NET Web application. The most common handler is an ASP.NET page handler that processes .aspx files. Other handlers: Web service handler (*.asmx), Generic Web handler (*.ashx) and Trace handler (trace.axd). Custom handlers are written for tasks such as an image server or RSS feed server. Custom handlers are created by implementing either IHttpHandler or IHttpAsyncHandler interfaces. Asynchronous handlers spawn a new thread to perform potentially time-intensive operation. All custom handlers need to be registered in web.config file. All custom extensions need to be registered in IIS so that it knows they will be processed by ASP.NET with its custom handler. Handlers dealing with requests are sandwiched between HTTP modules.

An HTTP module is an assembly that is called on every request that is made to your application and has full access to request life cycle events. You can examine incoming requests and take action based on the request. You can also examine the outgoing response and modify it. HTTP modules are like ISAPI filters because they are invoked for all requests. Some of HTTP module functionality can be implemented inside Global.asax file. HTTP modules offer encapsulation and promote code reuse. Custom modules are created by implementing IHttpModule interface. All custom modules need to be registered inside web.config file. You can have multiple HTTP modules.

HTTP handlers are used to work with files with different extensions or a particular URL via configuration file directive. HTTP modules are more general and are used on every request, regardless of file extension.

IIS Integrated mode - ASP.NET and Web Servers request pipelines are integrated (default for IIS 7+). Classic mode, non-integrated (IIS6 and under). The benefit of integrated mode is it allows ASP.NET to receive pipeline notifications for all requests, even if the requests are not for ASP.NET resources. For example, a request for an HTML page still invokes ASP.NET modules in integrated mode and allows for implementation of ASP.NET authentication.

List of events and processes started from the moment user requests a new page on a website running ASP.NET:

Global.asax file is used to handle application level events raised by HttpApplication class. For example: Application_Start(), Application_End(), Application_Error(). Global.asax file only applies to requests that are mapped to an ASP.NET handler.

Global.asax generates a class derived from System.Web.HttpApplication base class.

You can read/write application level data using Application collection. Use Lock() and UnLock() methods to lock scope.

List of events fired by Page HTTP handler ProcessRequest() method. Note that default handlers for a page level events start with "Page_". Web Control events fire together with page level events of the same name. If control was added programmatically its events will fire sequentially till they catch up to the page events. Based on MSDN And this detailed overview.

The general rule for how events are raised is that the initialization events are raised from the innermost control to the outermost one, and all other events are raised from the outermost control to the innermost one. Master page is merged into the content page and treated as a control in the content page.

The need for PreInit, Init and InitComplete sequence as well as PreLoad, Load and LoadComplete sequence is caused by presence of controls on a page which fire their own events. Controls can fire non-standard events that outside of "Control Events" section, such as Data-Bound Control events or Login control events.

By default attribute AutoEventWireup of Page directive is true. This means that all standard page level events are automatically caught. If set to false, no page events are automatically caught - you need to manually assign a method that will handle each event, if you still want to handle it.

Both page and all controls go through above sequence of events. As page calls Init so does every control on that page and every control within it. If a control was added at run time, its events fire until they caught up with the parent. You add control at runtime by creating it in PreInit (no Master page) or Init (if using Master page) event. Add your new control to its parent Controls collection.

Setting AutoPostBack=true on a control causes it to automatically post back when its default event is fired. Some controls have that property set to true by default.

Client side state management

Client state management is achieved using the following technologies:

Client session management has the advantage of being easily scalable for multiple web servers. Also it frees resources on the server. However, it can be less secure and increases the amount of data that travels between the client and server.

View state can be accessed via Page.ViewState and its a dictionary of type StateBag. The hidden field used for transport is called __ViewState. View state can be tampered with by the client. By default view state is only hashed (can be disabled - tamperproof only, not read proof), not encrypted, but you can encrypt it with ViewStateEncryptionMode property of the Page object. ViewState is only for current page. View state is 64bit encoded string. View state is read by page's Init event.

Writing and reading from ViewState collection is same as with any other dictionary. Make sure to not store too much data as it is sent back and forth through browser. Large ViewState can be broken into small chunks. View State is set at Page.Render event. Make sure not to forget to cast boxed contents of ViewState on retrieval.

You can store non-simple types inside ViewState. However, since view state is stored on a page as text objects need to be serializable to text form. To do so you need to add [Serializable] attribute to the top of the class declaration of the object that you want to store in ViewState. Behind the scenes ViewState property provides access to System.Web.UI.StateBag type.

Cookies are instances of HttpCookie class. Cookies are stored in Request.Cookies collection for retrieval. To set cookie, use Response.Cookies.Add(cookie);

Query String is accessed with following construct: var myData = Request.QueryString["myString"];. Form data is accessed with: var myData = Request.Form["myString"];

You can encode and decode data in Query string and cookies with Server.HtmlEncode and Server.HtmlDecode.

Cross-page postback is facilitated by PostBackUrl property of a IButtonControl interface on the 1st page. On 2nd page data from the 1st page is accessed by Page.PreviousPage property. In order to get information from 1st page that is not part of Page class one needs to create accessor methods for data on 1st page and cast instance of Page.PreviousPage to the type of the 1st page in order to access data exposed by accessor methods.

Server side state management

Server side state management is based on Session and Application collections. Session collection by default uses a cookie to keep track of the client its attached to, less common is URL tracking. Values stored must be serializable.

Session raises two events in Global.asax, Session_Start and Session_End. Application raises similar events to session scope. Session data can be stored in server memory (InProc), state server - special process that can be used to store session across multiple servers and SQLServer. Session_End event is only raised in InProc mode.

Note that each session has timeout value assigned to it. This value can be modified with HttpSessionState.Timeout property, in minutes programmatically or via web.config.

Application state is maintained by an instance of HttpApplicationState type, while session state is maintained by an instance of HttpSessionState type.

You should lock application scope before accessing it, for example: Application.Lock(); Application["myWorld"] = "bobo"; Application.UnLock();

Session State Modes: InProc - server ram, default. StateServer - session stored by State Service (aspnet_state.exe), good for farms. SQLServer - DB storage, similar to StateServer but a touch slower. You can compress session state data.

You can disable or configure cookie-less session in web.config. Main limitation of cookie-less session is that you cannot use absolute URLs as for relative URLs .Net will automatically append session ID. You interact with session through System.Web.SessionState.HttpSessionState class.

You can store objects in Session and Application collections, but they are boxed and thus need casting on retrieval. Application collection can be used to store application wide constants, however it is better to store these settings in web.config or object cache.

Profiles can be used to store information about users similar to session state, but users need to be authenticated first. User profiles are defined in <profiles> section of web.config. Profile data can be accessed through Profile property of the Page type.

Basic Server Controls

Most web server controls inherit from the System.Web.UI.WebControls.WebControl type (which itself derives from System.Web.UI.Control type, which is direct descendant of Object type). HTML controls live in System.Web.UI.HtmlControls namespace and all of their classes start with "Html". If a control doesn't have a dedicated class (for example DIV and P tags) then it is handled by HtmlGenericControl. They inherit System.UI.Web.Control and System.UI.Web.HtmlControl classes. HTML controls provide little more functionality above standard HTML they are named after.

All properties inside web control that use measurements take as unit either a percentage or px (pixels). Thus, you would have for example: height="50px" or height="50%".

To specify a color for web control in code behind file you can either use ARGB value as in Color.FromArgb(alpha, red, green, blue) or by .Net name as in Color.Red or HTML color name as in ColorTranslator.FromHtml("red"). Front end works same way as in standard HTML form element, i.e. by name or by #RRGGBB value.

Web controls provide a consistent object model that automatically renders output depending on client browser rich user interface capabilities. Inside the code page each web control starts with <asp:[web control class name] with ID and runat=server as required attributes. Attributes are not case sensitive to make them feel as standard HTML.

You can specify on the form web control default button that is pressed when user clicks enter button as well as default focus element.

All list controls from code end look very similar and on front end they are rendered differently. Elements are stored in ControlName.Items[index]

Only click event by default causes a postback of a web control. For other events you can either wait with execution of a handler till page posts back or force post back on a given event. This is default behavior without usage of AJAX. JavaScript is used to do postback.

HTML Controls are standard html controls that can be manipulated on the backend if they include runat="server" and a unique ID as a property/value pair. You would use these controls only for upgrade purposes or if you need to integrate with a lot of JavaScript. Their properties closely match HTML tag attributes.

HTML Controls generate their own interface from code set properties, they retain state and fire server side events.

Web page events don't have a tag in which a method can be defined, thus specific method names, such as Page_Load(), are executed as event handlers. This is called automatic even wireup.

Every web page inherits from the Page class. Some of the more useful properties are IsPostBack, Request and Response.

You access control CSS styles using ControlName.Style["StyleName"] = "StyleValue";

You can manually wire-up events with handlers in code behind page. Just add a handler method name to the event name on the object you are wiring up and place the code in the Page_Load() method. See delegates and event handling.

Table web control contains properties Rows and Cells which are collections of type TableRow and TableCell, respectively. TableCell can contain other web controls or HTML.

Response.Redirect - when encountered immediately stops processing of current page & goes to the new page in user's browser. Server.Transfer - no message is sent to the browser, re-direct is done behind the scenes. With Server.Transfer you cannot send user to a non-asp page and page outside of current application.

Most useful members of System.Web.UI.Control base class (all controls inherit from it & and thus support these):

Basics C# language constructs

Switch statement only works on simple types such as int, string, bool or a char. Don't forget to end each case with the break keyword. C# doesn't support case fall-through, break statement is mandatory unless you use goto keyword. You use goto case keyword to jump between cases. With default keyword you can create default case. Goto keyword can be used outside of a switch statement to create dreadful spaghetti code by allowing jumping between labeled code blocks.

In a foreach loop the enumerator variable is read only and cannot be modified.

Don't forget you can exit any loop with a break statement and skip a loop with a continue statement.

Method names by convention start with upper case and by default are private. .Net 4.0 added optional parameters to a method that can have a default value, such as public int MyMethod(int age, bool isMarried = false).

If multiple parameters are optional, you can use named parameters such as MyMethod(22, isMarried:false).

Methods accept three types of parameter passing, by value (default), by reference and output. To pass by reference a value type use MyMethod(ref int myNumber). To create output parameter use MyMethod(out int myReturnNum). You can also pass variable number of parameters using params modifier.

Output parameters don't need to be initialized before they are passed to a method since the method must assign them a value.

C# supports only single params modifier at the end of method parameter list. You use it by calling MyMethod(params int[] myNumbers);

To use optional parameters in a method call, just assign them default value in method definition, such as MyMethod(int myNumber = 3). Optional parameters have to be always at the end of the method parameter list and their default values must be known at compile time (constants). Named parameters allow the programmer to pass to a method, at call time values of parameters together with the names of parameters. Such as MyMethod(myNumber: 3) - notice the colon between parameter name and value. Optional and named parameters work hand in hand.

The if statement in C# operates only on boolean values, thus passing a numeric value such as 0 or 1 to indicate true/ false will not work.

Delegates & their use with events and lambdas

Delegates are defined as type safe function pointers. You can pass them as parameters to other functions. Delegates can hold one or more function references (multicast mode). Delegates can point to static or instance methods. Methods with parameters modified by ref, out and params keywords are all allowed. Multicasting occurs when more then one method pointer is attached to a delegate type. You can add and remove methods to be notified using simple overloaded += and -= operators.

To better understand what a delegate is, think of a definition of a custom type - delegate is a type which other objects can have. You then proceed to create a variable of delegate type which can hold method(s) or event(s). The delegate type variable can only hold references to methods/events that work with delegate signature - type safety. A multicast delegate type variable points to multiple events/ methods. A non-type safe function pointer would be one where you could assign to a variable any method, regardless of that method's signature.

A delegate class inherits from System.Delegate (if it has return type) or System.MulticastDelegate (if return type is void). System.MulticastDelegate inherits from System.Delegate.

When delegate is created, behind the scenes a sealed class is created with three methods, BeginInvoke, EndInvoke and Invoke. The first two allow for asynchronous calling of a delegate.

Sample signature of a delegate, same as interface, purpose is type safety, for example: public delegate void MyHandler(string msg); Delegates can only point to functions that match their signatures exactly.

After delegate signature is defined, just assign to it a function name (without brackets) such as public MyHandler FunctionRef = SomeFunctionName; Since a delegate is a sealed class behind the curtain, this will also work MyHandler myHandler = new MyHandler(someFunctionNameToCall);

Now instead of calling someFunctionNameToCall(‘some string’); we can say myHandler(‘some string’);

Delegates are able to work not only on the exact return type defined in their signature but also on any type that inherits from the type defined in the signature. This is called delegate covariance and decreases the number of delegates that need to be defined.

You can define generic delegates. For older versions of .Net you can create delegates that have Object object in their signature.

To implement communication between two objects A and B using delegates you need to do the following steps:

Events are created using the event keyword. Event is a message sent by an object to signal the occurrence of an action. Under covers events are represented by delegates. The syntax is used to save on typing and doing communication by hand. The event keyword saves you from creating registration and un-registration methods as well as from creating private member variables of delegate type.

Event Sender is the object that raises the event. Event receiver is the object that captures the event.

Since event sender type does not know which object or method will receive (handle) the events it raises intermediary is needed. There role of intermediary between sender and receiver is handled by function pointer functionality of a delegate.

Working with events is simple, define a delegate type followed by any events that will use it, as in public event MyDelegate MyEvent; Then simply call the event to fire it up. In the receiving end just add event handler.

MS specifies to be followed format for event signatures, made up of System.Object and System.EventArgs. The first one has reference to the sending object while the second any arguments passed. You would want to replace EventArgs with your own class that derives from System.EventArgs to send any custom messages.

Since handling methods for an event are usually used just once, during event handling, one is tempted to just define anonymous method instead. Anonymous methods are a bit special as they are able to reference some internal variables of the method they are defined inside, with exception of ref and out parameters. To define anonymous method use delegate keyword instead of a method name as in: MyDelegateType MyDelegateTypeInstance = delegate(argument list) { statements }; Note that without use of anonymous method the right hand side of previous code block would be a method name whose body is defined else where.

Anonymous methods are used for both code simplification and performance gain. They improve performance by avoiding speed bump caused by method declaration.

Even greater simplification exists to the use of anonymous methods, called lambda expression. In this expression you are creating an anonymous method behind the scenes without as many keystrokes. Syntax is () => action for no arguments; argument => action for one argument and (arguments) => action for multiple inputs. In short, arguments => work on arguments.

Uses for delegates:

Exception handling

Exceptions are a basic part of .Net platform. An exception thrown by one component written in one language can be caught by another component written in another language.

All exception classes derive from System.Exception class, for example: IOException. One of the more useful properties is the InnerException. To find out what exceptions method throws just see its help file for a list.

Exceptions thrown by the .Net system are derived from System.Exception class. This way, you can easily check whatever a cough exception is of System.Exception type using the is keyword. Your own exceptions should extend ApplicationExceptin class, for the same identification purpose.

Anatomy of exception handling is based on try {} catch () {} and finally {} code blocks. Finally code block always executes regardless of an error, this is used so that you can free resources used inside error catching block. Catch block can take different type of an exception and you can have multiple catch blocks. Having catch(Exception ex) is universal since all exceptions derive from Exception class. Always catch only exceptions you can deal with - its better to throw an error then to hide it.

You can throw your own exceptions. They are either already build in exception objects or your own exception objects that inherit from ApplicationException class. You use throw keyword followed by the exception object you are throwing (object has to be created first).

Your own custom exception classes must contain three different constructors (in keeping with standards): one without any arguments, one with message argument and one with both message and inner exception as arguments. Your own exception classes should always be public so that they are always accessible. Your exception class should be serializable, in which case you also need a constructor to handle that. Remember that your own exceptions should derive from ApplicationException class rather then directly from Exception class.

Some properties inside the Exception class:

It is a bad practice to catch exceptions you cannot handle, you should not hide things, you should pass them on. Thus catching generic Exception is not recommended.

To re-throw an exception just use the throw keyword by itself inside a catch block.

You can nest exceptions handling code inside another exception handling code - just make sure to update InnerException property for tracing purposes.

As of .Net 4.0 you are no longer capable of catching OS-level errors with simple try/catch block. Each method that requires such catching of low level errors needs to be marked with [HandleProcessCorruptedStateExceptions] attribute before generic exception try and catch block is issued. You cannot recover from OS-level errors but you may do something before your program terminates.

You write to Windows event log using the EventLog class. You need to run the code as Administrator or an account that has permissions to add entries to an event log.

Tracing is enabled either in page directive or via static Trace class. By default tracing is only for local request. Remote tracing is available through a change in web.config file. Use Trace.Write to write your own trace messages.

Note that tracing is the process of getting information during program's execution. Debugging is the process used to find errors in your code.

You can turn on application wide tracing by modifying web.config. Site wide tracing can then be viewed by accessing trace.axd file from website root directory.


Asp.Net provides five validation controls, including custom validator. You can apply multiple validation controls to single input control, but validation controls cannot apply to more then one input control.

Asp.Net first performs client side validation (if browser supported) and then server side validation. You can turn off client side validation using EnableClientScript property of a validation control.

You can turn off validation controls using CausesValidation property present on any web control that implements IButtonControl interface.

To manually validate your page you can simply not use any build in functionality, turn off client side validation or set CausesValidation to false but still run Page.Validate() method and examine Page.IsValid property to decide appropriate action.

All Asp.Net validation controls are present in a collection called Page.Validators.

Custom validator causes ServerValidate event which is handled in the back end. Custom validation is server side only, unless you add your own custom JavaScript method to the front end.

Validation groups are used to organize set of controls on a page to be validated as a single unit - used for large input forms, with multiple tabs or panels.

Advanced web controls

Rich controls, such as a calendar can be auto-formatted in order to quickly select a color scheme. You do this from design view of VS.

You can restrict dates selectable in a calendar control by manipulating the DayRender even handler. Two other useful events are SelectionChanged and VisibleMonthChanged.

Panel control is used to show only certain parts of a webpage at a time, however, you can still interact with controls that are hidden from the end user.

MultiView control is a type of specialized panel control. It ensures that only one view, chosen by ActiveViewIndex property, is displayed at a time. Also, button controls with specific reserved names get special functionality such as next & previous.

AdRotator control is simply a random image display tool that uses XML data file.

Wizard control is a specialized type of MultiView control that includes its own navigation. You can commit changes as you go from step to step or at the end of the wizard. Wizard supports templates to customize it look & feel.

User controls are a way of re-using HTML markup. They inherit from System.Web.UI.UserControl class, end with aspx file extension, have <%@ Control> directive and cannot be directly requested by the end user. Other then that, they are same as regular web pages.

In order to use a user control on a web page you need to add <%@ Register> directive to the top of the web page.

To add a user control dynamically use LoadControl() method of Page class to create control object and then add it to appropriate Controls collection at PreInit or Init events.

Simple user controls act like include files, they are independent of the page they are placed in. If a control wants to interact with the page its in, it can receive information from that page through exposed properties. If a user control wants to send information to calling page, it can do so through events. Usually default EventArgs object is not enough and a custom object is needed to tell the calling page more about raised event.

Intro to data access

Most of ADO.NET is present in System.Data.dll where most data related namespaces live. This assembly is referenced by default in all new .Net projects. ADO.NET can be used in three different modes, as connected, disconnected and through the Entity Framework.

You connect to databases using types contained in a data provider which is different for each database engine. For SQL server, these types start with 'sql'. Data is returned as an instance of DataSet type. Each data provider resides inside a separate assembly that provides similar types and similar members implementing common interfaces. MS provides four data providers, OLE DB, MS SQL Server, SQL Server Mobile and ODBC. Oracle data provider is provided directly from Oracle. Other third party providers exist, for DBs such MySql. Simplified model of connecting to the database and accessing data using provider specific types is:

Since .Net 2.0 MS supplied data provider factory which provide a layer of abstraction over different data providers. You can keep both the name of data provider and connection string in your App.config file. These settings are later accessed with the help of ConfigurationManager.AppSettings type. Your DbProviderFactory type is constructed given the knowledge of the data provider stored in config file. This setup ensures that .Net code is no longer tied to a single database as it was the case when accessing data provider methods directly. New simplified process of accessing data that is not hard bonded to a specific database looks identical as above example with the difference in type names:

The main drawback of using provider factory model is that all of its types derive from System.Data.Common space and thus utilize functionality common to all databases. This prevents one from using some special RDBS methods. You can sacrifice some flexibility by doing explicit cast of factory model types into corresponding data provider types.

Main difference between executing a stored procedure vs. ad hoc SQL is the new CommandType of StoredProcedure and construction of SqlCommand now takes just the name of stored procedure vs. actual SQL code.

Connection string builder objects such as SqlConnectionStringBuilder can be used to programmatically build a connection string from each short strings that make it up.

In order to improve security all user supplied parameters inside SQL statements should be parameterized. Simply replace the user supplied text with @ParameterName. Then add parameter objects to parameters collection of command object. SqlParameter type has all MS specific properties while DbParameter type is the common denominator type.

By definition a nonquery is an SQL statement that doesn't return any data rows. Thus ExecuteNonQuery() returns an int representing number of rows effected.

Remember that data readers represent a read only and forward only stream of data returned one record at a time. They are used when you need to iterate over large amount of data that doesn't need to be kept in memory. Data readers can handle multiple result sets to be iterated over, go to the next result set using NextResult() method.

A transaction is a set of database operations that must either all work or all fail as a single atomic unit. A term ACID describes transactions, i.e. Atomic, Consistent, Isolated and Durable. Transactions are well supported in .Net. For sql SqlTransaction type is used. You used transactions by simply creating a transaction object and then assigning it to each command Transaction property.

DataSet class instances are used to keep a copy of a database retrieved data inside memory. This disconnected data model is useful in following circumstances:

The most basic steps needed to iterate over data using a DataSet type:

A DataSet object is a true in memory representation of data that contains tables collection, relation collection and property collection. Under the hood DataSet has DataTables that have DataColumn(s) and actual data is stored in DataRow(s). DataColumn can be set to be auto incrementing. To add new DataRow you need to get it on the table level as DataRow type doesn't have a default constructor. You can identify rows that have been modified by examining their RowState property.

DataTable class supports a method called CreateDataReader() that allows data reader like access to data with the use of a while loop and Read() method.

Both DataSet and DataTable types support WriteXml() and ReadXml() methods for XML serialization of data. It is also possible to persist these objects in binary format.

If you made changes to data stored inside of a DataSet you need to commit these changes using AcceptChanges() method of DataTable object.

If you are making changes to DataSet object and persisting them into a database using a data adapter object make sure you define UpdateCommand, InsertCommand and DeleteCommand properties. To make your work easier you can make use of SqlCommandBuilder type in order to auto generate update, insert and delete commands based on select command for your data adapter. Note that you can only use this shortcut if your SQL select command interact with a single table that has a primary key and that primary key column is part of select statement.

DataView type allows you to programmatically create a data view that extracts subset of data from a DataTable object.

To use DataSet, you need to fill it with data using SqlDataAdapter. Create both DataSet instance, then SqlDataAdapter instance and then fill DataSet using Fill() method of SqlDataAdapter type. To retrieve records from DataSet object, you iterate through the collection, starting with the table name and then each row in it.

DataSet object can store multiple tables of data, it can track updates made to the data (this feature is mostly used for desktop applications) and it can model relationships between tables it stores with the help of DataRelation object and Relations collection of DataSet object.

Relations on table objects inside a DataSet are created with the help of DataRelation type. Relations between tables defined on a DataSet can be used to retrieve child or parent rows using GetChildRows() and GetParentRows() methods of DataRow object.

For quick and dirty applications you can use a number of supplied data source controls which can be dropped onto a page at design time. All of them implement IDataSource interface and include access to databases as well as to XML. Data source controls supply data and bind to data display controls. They can also update, delete and insert data. Limitation is that they work on a single pre-set SQL code for select, update, delete and insert. So to access two different sets of data you need two data source controls. A single data source control can be added to multiple display controls, but DS control will execute its data retrieval code once for each bound display control. In display control you provide DataSourceID of the data source control in order to do the binding.

Out of the box DataSet type doesn't support LINQ. It needs to be retrofitted with extension methods. You transfer a DataTable object into a LINQ friendly object by running AsEnumerable() method of the DataTable type. Another useful extension method is DataRow method Field<T> tha is used to enforce data type at compile time. For example: var people = from person in persons.AsEnumerable() where person.Field<string>("HairColor") == "Blonde" select person.Field<string>("Name"); You can also use LINQ to populate DataTable objects with data using CopyToDataTable() method. You can also use LINQ to get a DataView type with the help of AsDataView() method.

Data binding

There are two main types of data binding, single value and multiple value. Single value data binding is very simple and can easily be replicated in code. All you need is <# myVariable > in front end, some value assigned to myVariable in back end, before a call to DataBind() is executed usually in Page_Load method. Note the # sign.

Multiple value data binding is used in list controls and rich controls. There is no easy code substitute and data binding is the easiest way to populate these controls.

Any collection that supports IEnumerable interface can be used as a data source for a list control. This includes arrays and data sets. All you need to do is set DataSource on the control to the appropriate data and call DataBind() method either for the entire page or just for the control you want populated. When binding to a dictionary based collection you need to specify which field in the data is the text to display - using DataTextField property of the control. Value is indicated by DataValueField property.

When using a DataSet as a data source you have two options. You can specify in DataSource the table you want to use and then appropriate DataTextField and DataValueField. Alternatively you can specify whole DataSet for DataSource and pick your table using DataMember control property. DataReader can also be used as a data source. It is faster then DataSet but only supports a single forward read of data, thus limiting one to a population of a single control.

When binding data to a GridView control by default all data columns are automatically created. For more flexibility, you defined each column and the way it is to be displayed. You can use VS to automatically create column definition - use Refresh Schema link. GridView control provides special columns for commands, this is used to create select button to select a record or edit button. GridView has build in sorting and paging functionality. Paging is inefficient since whole DataSet is always requested with only subset being displayed on each page.

Eval() and Bind() methods are part of the System.Web.UI.DataBinder class. Eval is used to automatically retrieve data item that is bound to current control. Eval also has the ability to format data on the fly. Bind() serves similar purpose to Eval() but it is used for fields which contain values that can change (are editable), as it ensures that the change to data is carried back to the server.

Data items inside a GridView can be fully customized with the use of templates. Templates allow anything to be placed inside grid cell, including other controls. By being able to customize cell view you can make editable cells that can handle events, are visually pleasant and support validation controls.

DetailsView and FormView are two rich controls used to view a single record. FormView is the more flexible of the two and supports only templated view with one template. Both of these controls are for single records. If multiple records need to be displayed, paging is used. Beware through that each time the control gets the whole DataSet.

Files, streams and object serialization

All file access classes are defined in the System.IO namespace. Here are some of the most useful classes:

Note that IIS user may not have permissions to access many files. If you you try to access data to which you have no permissions to you will get a security exception.

You write and read from a file using two dedicated classes, StreamWriter and StreamReader. For example, StramReader object is returned by File.OpenText method and StreamWriter by File.CreateText method.

To work with binary data you use BinaryReader and BinaryWriter classes. Main difference as opposed to text files is that you need to know what type of binary data you are dealing with.

FileStream class is an implementation for abstract Stream class and is used to open files with specified file mode, access and sharing. From this object StreamXXX and BinaryXXX objects can be constructed.

File upload is facilitated by FileUpload control. You find out what file was uploaded by checking Upload.PostedFile object. By default Asp.Net accepts uploads up to 4Mb. This value can be changed in web.config by setting new maxRequestLength value.

You can watch files on your system with the use of a FileSystemWatcher type. A number of simple events can be handled, such as file modification, access and deletion.

A stream represents a chunk of data flowing between source and destination. It is a common way to interact with a sequence of bytes. Concept of a stream is not limited to I/O.

Object serialization is the process of persisting and possibly transferring the state of an object into a stream. Persisted data contains all information needed to reconstruct an object, i.e. desterilize it.

Types that are to be serialized need to be marked with [Serializable] attribute. All types in serialized types inheritance chain are serialized, together with all data - this is called an object graph. By default binary serialization is used. However, you also have an option of using XML (XML formatter only serializes public members and fields) or SOAP. You can persists objects into any System.IO.Stream derived type. All objects that are part of object graph need to be marked with [Serializable] attribute. [Serializable] attribute is not inheritable, all derived classes need their own attribute.

You can mark parts of a type as non-serializable with the [NonSerialized] attribute.

In order to say write an object to FileStream all you need to do is to run Serialize() method of your favorite formatter on the object that you are serializing and the stream it is to be written to.

In order to serialize multiple objects add them to a favorite collection and then serialize the whole collection.

An object can implement ISerializable interface. If this is the case, during serialization of such an object GetObjectData() method is called to get object data. This lets the programmer get involved into the serialization process. Since .Net 2.0 a simpler serialization control mechanism was introduced that uses attributes. You can define two special methods adorned with [OnSerializing], [OnSerialized] and [OnDeserialized].

Working with XML

Recall following rules for XML documents:

Most XML manipulation classes live in System.Xml namespace. Most common and important classes are: XmlTextWriter, XmlTextReader and XDocument. Assembly name is System.Xml.dll.

XmlTextWriter class works the same way as StreamWriter class, but for Xml. All you need to do is create FileStream object, use it to create XmlTextWriter object and with methods WriteStartDocument, WriteStartElement, WriteEndElement, WriteAttributesString and WriteEndDocument you create your Xml. In order to make your XML file more readable add indenting by setting Formatting and Indentation properties of XmlTextWriter object.

XmlTextReader class works same way as StreamReader, but for Xml. It reads Xml documents one node at a time, using a Read() method. Read() returns false when no more nodes are left. Nodes can be bits of empty white space. Node types are returned as NodeType property of XmlTextReader object.

LINQ to XML is a less verbose way to create and manipulate XML documents. System.Xml.Linq namespace (lives in System.Xml.Linq.dll) contains useful types such as XElement and XAttribute that greatly speed up programmatic way of creating XML documents. You can in C# almost literally type in your XML document, while in VB you can simply supply raw XML.

XDocument class is a successor to old XmlDocument class and is used for in memory manipulation of Xml data. You can read Xml files into XDocument object using Load(). You can also load Xml documents from a string using Parse(). Or you can create Xml documents from scratch using XNamespace(), XDeclaration(), XComment(), XElement() and XAttribute() objects.

XDocument loads whole Xml into memory while XmlTextReader does not - one is used for Xml manipulation while the other two are more for simple storage or seqential read.

XDocument supports Xml searching through Descendants() and DescendantNodes() methods. It supports validation through Validate() method.

You can extract data from any container with LINQ and transform it into an XML document. Say use LINQ to extract some rows from an array, and each selected row is returned as a new XElement object.

To validate your Xml documents you need System.Xml.Schema namespace and use XmlReader object instead of XmlTextReader.

XML Web Control requires the use of an XSLT in order to display XML data correctly, otherwise you get just inner data that is all bunched together.

Website Security

You have two choices with authentication: forms or windows based. Forms authentication will work for internet and intranet users, while windows authentication is for intranet only.

To setup forms authentication, which is based on encrypted cookie stored on end users computer, you need to modify web.config file. You need to add authentication section, that indicates forms as the mode. You also need to setup authorization section, to indicate the users that you want to allow or deny access to. By default anonymous users are allowed in - thus you need to deny them access to secure parts of the site. Usually you secure whole directories, but you can add specific files one by one if needed.

Login page utilizes System.Web.Security.FormsAuthentication class. You log users in using RedirectFromLoginPage() method. You sign them out using SignOut() method.

In order to keep user signed in even after browser session ends you need to create a persistent cookie. This process is not automated by RedirectFromLoginPage() method and needs to be done manually.

Once user is logged in, you can access information about him through User object that is available as part of a Page object.

With windows authentication your browser and IIS do all work for you. Remember to deny anonymous access to the directory you want to secure. You can examine user's custom group membersip and builtin group membership (to fine tune security) using IsInRole() method of User object. There is no login or logout page as IIS does authentication for you. You may see a simple dialog if username and password are needed - they are both your windows domain user and password.

Dealing with users and security is such a common task that Asp.Net has a build in feature that creates user database for you. This is called a membership. Currently membership can use as a provider either active directory or SQL Server. In order to create all needed tables on your SQL Server you need to run aspnet_regsql command line utility. By default new database is called aspnetdb. Inside your web.config you need to configure your membership provider, using membership node. Here you define the connection string used by your membership as well as things such as password policy. You can create initial user list using Web Site Administration Tool.

Membership is manipulated by System.Web.Security.Membership class. User information is stored as MembershipUser class instance.

Once you have your users stored inside membership provider validating user is as simple as running Membership.ValidateUser() - no need for custom DB access code. All security controls provided by Asp.Net require membership, with which they integrate. Thus, you get things like a login control, password recovery control and create user wizard control.

More fine tuned security is provided by roles. You enable role based security by adding roleManager tag to web.config. To manage roles you use Roles class. Once roles are created and users assigned to them you can use them by either: modifying authorization section of web.config, using User.IsInRole() method or LoginView control to display different views based on user role.

LoginView control is similar to a Panel control, with the exception that users don't choose what they see, they see things based on their role.

Asp.Net offers another way of storing persistent information about users in a database, its called profiles. Profiles offer persistent state management that doesn't require developer to write code to access database. However, since they are a fit all solution they are best used to store limited amount of data that is used on few pages. Profile store user data in a single string serialized record. Since profile is user specific, users need to authenticate with the system before their profile data can be accessed. Anonymous profiles let you store data for users that have not yet logged in.

In order to use profiles, you need to enable authentication on your website, set profile provider, create profile DB tables, define profile properties and finally use these properties on a web page.

Profile provider is SqlProfileProvider or your own class, DB tables are created by the same command utility as membership tables. Profile properties are defined in web.config under profiles tag.

Once profiles are set, you can access information stored in them (or write to them) using Profile property of the Page object. Your profile inherits properties and methods from System.Web.Profile.ProfileBase class.

All profile information is saved in the DB as a one long string. You have a choice of the type of serialization you choose, string, xml, binary or custom. You can store objects in profiles as long as they can be serialized. If you store complex objects in your profile automatic save feature is unable to detect changes and thus you have to save your profiles explicitly. Groups of related profile properties can be grouped together using profile groups.

ProfileManager class is used to manage whole profile data store. It allows you to browser all user profiles, find profiles and delete them.

Component management

Components are blocks of related classes compiled into a single file. In order to use them in your application you need to add a reference to them for your project. For components that are based in the same solution but different project its a project reference. For compiled files in your bin directory its assembly reference.

Namespaces should start with company name in order to minimize any possible name collisions.

Static vs. instance based design choice depends on personal choice and designers skill. Usually utility based classes are static, while stateful objects are created for common data items such as users and orders. Static utility classes work with users and their orders.

Components should not throw detailed low level exceptions to the web page since if these are displayed to end user they can give him or her too much sensitive detail.

ObjectDataSource class allows you to save some coding on the front end by automatically connecting your front end to the back end data component. Once you have ObjectDataSource properties defined you can bind to it any other display component. This saves you the coding in the back end needed to extract data from backend component and dumping it into front end control such as DropDownList. You can pass parameters to the component methods that ObjectDataSource calls and use it for updates/inserts/deletes. ObjectDataSource is similar to SqlDataSource.

LINQ (Language Integrated Query) and Entity Framework

LINQ advantages:

LINQ allows developers to search for objects inside collections with the help of build in LINQ providers:

LINQ supports three styles of creating expressions:

LINQ return types are usually hidden from object browser, thus extensive use of the var keyword when defining variables that hold LINQ query results. Also sometimes the return type is generated at the runtime. Of note is that LINQ uses extension methods in the background to add functionality to the types it is working on (defined in System.Linq).

Arrays support LINQ to objects via extension methods, however, to use LINQ to Objects on non-generic collection you need an extra step of creating an enumeration from your collection with the help of OfType<T> method.

LINQ query expressions, at minimum, must contain in them 'from' and 'select' clauses. From is defined as: from [some object] in [object collection]. The [some object] will be used later on. The select clause defines what you want to get, it usually has some form of [some object] in it. The select clause can return collection of objects by creating them (using new keyword) from data supplied by [some object].

Full expression tree for query style expressions:
from identifier in expression
let[opt] identifier = expression
where[opt] boolean-expression
join[opt] type[opt] identifier in expression on
expression equals expression into[opt] identifier
orderby[opt] ordering-clause(s) ascending|descending [opt]
group[opt] expression by expression into [opt] identifier
select expression into[opt] identifier

More useful LINQ stuff:

Sorting and filtering is done with the help of a 'where' clause inserted between 'from' and 'select' clauses. The 'where' clause is a simple conditional statement, that includes elements in the output list if it evaluates to true. You can combine statements with && and ||. You can also call any method that returns a bool. 'Order by' clause is simply a list of fields by which to order the data, same as in SQL statement.

LINQ to Objects behind the scenes uses simple foreach loop to scan your collection. However, the object returned by LINQ is an implementation of IEnumerable interface with lazy execution. The returned object is populated with data only when such data is needed. This deferred execution is used for performance optimization reasons.

One way to force LINQ to execute its query is to convert resultset to some other type, such as ToArray() or ToList() or ToDictionary().

Basic query subset syntax is: var myData = from item in container where someExpression select item;

You can return new types (anonymous + defined at runtime) from a LINQ query as in var myDate = from item in container select new {item.something, item.somethingElse}; Note that you don't know return type of the query until runtime.

You can easily compare results of two LINQ queries using methods such as Except(LINQ query), Intersect(LINQ query), Concat(LINQ query) and Union(LINQ query).

Other useful LINQ methods are Distinct(), Sum(), Average(), Min(), Max() and Count().

Behind the scenes LINQ is a shorthand notation that is translated into a series of calls to Enumerable type methods defined in System.Linq.Enumerable with anonymous methods as arguments (shorthand for delegates).

Note that delayed execution of LINQ causes you to be not sure of the time at which the actual DB call is executed. Thus it is not obvious as to where SQL problems could pop-up. To remedy this you could place a whole access code into a single method, which could be wrapped up in try-catch block hunting for SQL exceptions.

The only difference in querying a database with respect to an in-memory object is that we need to instantiate our data context before our first query. The DataContext class transforms the LINQ query into a SQL query. The Log property of the DataContext class is an easy way to determine the SQL query sent to the database.

Some LINQ examples:

from call in callLog
join contact in contacts on call.Number equals contact.Phone
select new {
from call in callLog
where call.Incoming == true
group call by call.Number into g
join contact in contacts on g.Key equals contact.Phone
orderby contact.FirstName, contact.LastName
select new {
Count = g.Count(),
Avg = g.Average(c => c.Duration),
Total = g.Sum(c => c.Duration)

The purpose of Entity Framework is to lessen the gap between database constructs and OOP constructs. Entity Framework supersedes LINQ to SQL, i.e. new projects should use EF instead of LINQ to SQL API. EF is MS recommended tool to read and persist data inside a relational database. Objects are superior to datasets in every situation because they don't suffer from the limitations that general-purpose structures do, such as type safety, compile time type checking, intellisense and performance improvements.

MS updated its data provider for SQL Server in order to support EF. Third party vendors such as Oracle provide their own EF aware data providers.

Entities are client side classes that function as part of Entity Data Model. Entity framework lets you generate DB access code automatically based on the structure of your DB. You get all that code generated for you by asking VS to add new Entity Data Model to your project via a wizard. By working with the model in VS you don't change anything in the database. You can remove entities (data objects) you don't need in your model, rename fields in your model (can always see how these are mapped to real DB columns) etc. You can also do reverse operation - generate DB from a data model. Entity framework lives in System.Data.Entity.dll.

A data driven system is separated into three layers. In EF each layer is captured in a single XML file with an extension .edmx. This is the first file you should generate for your EF projects. It can be generated by a command line utility EdmGen.exe Graphical EDM generation is provided by VS.

Entities represent the tables in your database, while the context, one for each database, takes care of data access. In order to create a simple query, you first create the context object, then extract from that context the data you need. EF tracks all changes to entity objects. In order for these changes to be saved don't forget to call SaveChanges() context method.

The context type derives from ObjectContext type. It is a container for all entity objects, which themselves are stored in a collection of type ObjectSet<T>

In order to execute a stored procedure you use ExecuteFunction() method of the context. Parameters to your SP are handled by ObjectParameter type.

Entity framework is intelligent enough to detect junction tables used in DB to represent many-to-many relationships. These junction tables are hidden from view.

When grabbing data from your entities using LINQ make sure you don't send your entities to memory first using something like ToList() - if you do so you will be extracting whole data set first and then running LINQ to objects to get your records. You can force get whole sets of related data using the Include() method.

You can use your model to insert, update and delete records. Just remember to call SaveChanges() method on your context model in order to commit your changes.

You don't need to write C# code to get data out of entity framework - you can use EntityDataSource control, that works same way as SqlDataSource control, except it works with entities and uses LINQ to do selects, updates, deletes and inserts. With EF LINQ statements get translated down the road into SQL statements while LINQ to DataSet works only on in memory representation of data. In other words each application of LINQ on object context results in DB hit. If you don't want DB too much, just move your data into memory and play with it there.

Entity framework is divided into two major parts. Entity client is the layer that talks directly to the DB with types similar to these found in a data provider. Usually direct interaction with entity client is not needed unless one wants more control over such functionality as SQL code generation. Object services layer manages any class that extends EntityObject type and tracks such things as changes to entities or relationships between them.

With the help of Entity Client Data Reader object you have direct access to Entity data provider - you can create a connection, execute SQL and loop over entity data reader. This low level access is rarely needed.

Entity SQL is SQL like language that can be used with entities. It is used if you need more control over how SQL code is generated.

Introduction to .Net AJAX

All JavaScript needed resources are placed on the page by ScriptManager control. If you have multiple pages using Ajax, then its good idea to place that control in a master page and configure it via ScriptManagerProxy on each page.

You place all Ajax enabled controls inside UpdatePanel control, inside ContentTemplate tag. If one of these controls changes and creates a post back event, it is intercepted by UpdatePanel and converted to Ajax request. You can create controls programmatically and add them into an UpdatePanel as well - into ContentTemplate.controls structure. If the browser doesn't support Ajax - simple post backs are executed.

Certain controls don't work with Ajax such as file manipulation upload controls. Other controls cannot have some of their extended functionality turned on.

When Ajax encounters an error on call it is intercepted by ScriptManager and translated into JS error - you may need to enable these errors in a browser in order to see them.

With multiple UpdatePanels on a page you can set only some of them to refresh if you set their UpdateMode property to 'conditional'. You can also call panel's Update() method.

You can get UpdatePanel to watch controls outside of it for a change - all controls that a UpdatePanel should watch are listed in Triggers tag inside UpdatePanel control. You can also use this section to ignore some controls inside of UpdatePanel and make them cause full post back.

UpdateProgress control is used to alert the end user that a call is in progress to the server behind the scenes. By default, this control will fire up when any UpdatePanel is sending information to the server. You can limit it to only single UpdatePanel. You can add cancel button to this control in order to cancel operations in progress.

With a Timer control inside UpdatePanel you can refresh parts of the page automatically without end user input. For this control you also need to add it to the triggers section.

Asp.Net AJAX control toolkit is a separate file that you can install in VS that gives you access to additional AJAX controls. These include accordion control and autoCompleteExtender control among many others.

JavaScript needed by ASP.NET implementation iScriptManager control. This control generates a link to an .axd extension which in turn gets proper JavaScript file, depending on functionality wanted and browser type used.

If you are using a lot of AJAX features throughout your website you may want to place ScriptManager control inside your master page. Then each page that utilizes AJAX controls can configure ScriptManager class via ScriptManagerProxy class.

The simplest way of implementing AJAX is to place all controls that are to use AJAX partial updates into one or more UpdatePanel control(s). The UpdatePanel control intercepts post back causing events such as button clicks from controls contained within it and converts them into AJAX requests. If the browser that the end user is using does not support AJAX then all controls placed inside UpdatePanel work correctly in post back mode. You can force the UpdatePanel to update after changes to controls that don't cause postback by default by simply modifying AutoPostBack property of these controls. UpdatePanel control needs to be placed after ScriptManager control. The UpdatePanel type extends directly Control type.

UpdatePanel has no visible content on the page. All controls placed inside UpdatePanel are placed inside ContentTemplate element. When the UpdatePanel control renders itself it calls render on all controls within ContentTemplate element. In order to add controls programmatically to UpdatePanel you need to add them to the ContentTemplate element, not directly to Controls collection.

Using UpdatePanel doesn't decrease the amount of data sent by the server as with each request the whole page is generated. The AJAX enabled page follows the same page life cycle as non-AJAX page. The main difference is absence of a flicker effect caused by a post back operation.

When an error occurs on an AJAX page it is caught by ScriptManager object and passed to the client JavaScript. Most browsers by default suppress JS error messages & and thus in order to see explicit error messages in your browser, you need to enable them. You can use custom error pages with AJAX enabled pages, just add element "customErrors" to your web.config file.

Some controls don't work inside UpdatePanel, such as HtmlInputFile and FileUpload. Controls such as Login, PasswordRecovery, ChangePassword and CreateUserWizard work only if you converted their content to template. Controls GridView and DetailsView fail if EnableSortingAndPagingCallbacks property is true. Controls TreeView and Menu don't work if you set their Style property.

You can set conditional updates of UpdatePanel by modifying UpdateMode property. This will cause only a single UpdatePanel to update vs. all UpdatePanels at once. Note that .NET AJAX supports only one request at a time because we want page state to be kept constant. If one request is underway and user initiates another request, the older request is abandoned.

You can programmatically cause UpdatePanel control to update by calling its Update() method.

You can tell UpdatePanel to monitor controls not contained within it for changes that should cause content inside the panel to update. You accomplish this by adding one or more triggers inside "Triggers" element inside UpdatePanel control. These triggers are defined with AsyncPostBackTrigger control. If you want to tell UpdatePanel to cause some events from controls inside of it to cause full post back, add PostBackTrigger control.

UpdateProgress control works together with UpdatePanel control to indicate to the user that a request is being processed. You don't need to explicitly link this control with UpdatePanel since only single request can be processed at a time. However, you can associate, if you want, your UpdateProgress control with a single UpdatePanel control through AssociatedUpdatePanelID property. A message or animated image can be placed inside UpdateProgress control's ProgressTemplate element.

You can add a cancel request button to your UpdateProgress control. To make it work you need custom JS code that will cancel the request on the client (but not on the server).

You can implement timed page refreshes by including a Timer control on your page and making your UpdatePanel have Time control events as triggers.

ASP.NET AJAX Control Toolkit provides more then a dozen AJAX enabled controls that are both MS and community supported & available for your VS as a separate download.

Some of the most useful AJAX Control Toolkit extensions (there are dozens in the actual toolkit):

Object Lifetime

In unmanaged environment one of the most tedious tasks is tracking down memory leaks. This is avoided in managed environments with garbage collection of heap allocated objects.

Garbage collection is non-deterministic process. It can occur at any time, for reasons such as luck of memory to create new objects. It can also be programatically started.

An object is set for future garbage collection when it no longer is referenced by anything - there is no way of using that object in your code. You don't need to explicitly set a reference to null, through doing so doesn't hurt and immediately renders your object ready for GC.

CLR determines when an object is not reachable using a graph, where each note is a connection between objects. If an object cannot be reached, then it is marked as garbage. In order to avoid checking all objects during GC process CLR divides objects into three generations, concentrating efforts on lower generations first:

.NET 1.0 - 3.5 had concurrent garbage collection where all threads were suspended during GC. In .NET 4.0 background garbage collection was introduced for ephemeral generations (0 and 1).

System.GC type is used for direct interaction with garbage collector. It could be needed when one deals with non-managed code, needs to clear a lot of objects now or is about to enter sensitive area that cannot be interrupted by GC process.

To force garbage collection call static methods GC.Collect() and GC.WaitForPendingFinalizers() The first one initializes garbage collection and second one makes sure objects perform self-cleanup (finalizable objects).

You only need to override Finalize() method, inherited from Object type, if you are using unmanaged resources in your class. In order to override the Finalize() method you need to create a C++ style destructor, which is a tilde character followed by a class name as in ~MyClass() {} The destructor takes no arguments, deals only with unmanaged resources and there is only one per class. Note that it takes time for GC process to run the destructor method so GC for finalized objects is slower.

An alternative to creating a destructor for classes is to make them implement IDisposable interface. In this case the object user is required to call Dispose() method not GC process. Both classes and structures can implement IDisposable. You should always call Dispose() method on any object that implements IDisposable interface since inclusion of Dispose() method indicates that the objects has some clean up to do. Note that it is still possible to call members of a disposed object, since its still in memory.

Since it is a good practice to always call Dispose() on a class that implements IDisposable() .Net includes a handy shortcut for a try-catch block needed when we want to account for an exception thrown before a call to Dispose(). The using keyword is used to wrap a section of code that uses objects whose classes implement IDisposable. Once section of code finishes execution or exception is thrown the using statement calls appropriate Dispose() methods. Under covers using construct is simply try and catch.

In a well written class that uses unmanaged objects you both implement IDisposable and create a destructor so that if end user forgets to call Dispose() the object still gets GC with the help of a destructor.

Due to unpredictable nature of garbage collection you never know when your destructor is going to be run. Thus destructors should not be the only method used to finalize usage of precious resources such as database connections. For valuable resource cleanup developers should call Dispose() method and start explicit resource cleanup process.

In some cases you don't want to create large objects right away before they are actually used since you don't know if they will ever be used. .Net 4.0 supports generic class Lazy<T> which is used for lazy object creation.

In depth look at interfaces

An interface is a named set of abstract members. Abstract members don't provide default implementation. Interfaces are behaviors that a class or structure can support. Interfaces are not the same as abstract classes since they can only contain abstract members and nothing else. Interfaces can be implemented by any class while classes that derive from an abstract class can implement it. Interfaces are valid .Net types.

Interfaces are defined with the interface keyword. Interfaces cannot inherit from classes, but can specify base interfaces. Interface file names in .Net start with a capital letter I. All interface members are implicitly public and abstract. You can specify read-only properties by including only get; automatic accessor.

Interface have to have all of their member methods and properties implemented by a class that implements it. This is all or nothing contract.

You can determine programmatically whatever a given object supports an interface by either trying to explicitly trying to cast your object to an interface, using the is keyword or using the as keyword.

When a class implements multiple interfaces that define methods with the same name the class should explicitly define its member methods using Iinterface.MethodName() syntax.

Some of the more useful interfaces build into .Net are: IComparable, ICloneable and IEnumerable. The last one is useful for looping over your objects with foreach keyword.

Interfaces can define operators, such as +, - etc.


Prior to .Net 2.0 developers had only few classes available for storing data, all of them defined in System.Collection namespace. These classes are ArrayList, Queue, Stack, SortedList and Hashtable. These collections suffer from two main issues. The first issue is that of performance, since non-generic collections store everything as objects all value types needed to be boxed when placed into a collection and unboxed when taken out. The second issue is that of type safety, you can place different types into the same collection - something rarely desired.

All code written with .Net 2.0 and above should use generic collections. Classes, structures, interfaces and delegates can be expressed with generics. Enum type cannot use generics.

Formally T in List<T> is a type parameter, informally it is a placeholder for a type. When you create an instance of a generic class or structure you fill in the placeholder with the type you are going to use. When using generic methods, you also replace the placeholder with appropriate type. Same with generic interfaces.

Generics live in the System.Collections.Generic namespace. There you find a number of generic interfaces as well as generic classes. Some more useful are: List<T>, Queue<T>, Stack<T> and Dictionary<Tkey><Tvalue>

As with object initialization you can quickly fill in a generic with initial data using List<object> myList = new List<object> {new object(), new object(), new object()};

You can easily create your own generic methods, classes and interfaces. A generic class can be inherited, however you need to make sure generic logic is respected.

The default keyword can be used on a type placeholder T to get a default value of a type, such as a 0 for integers and other numerics.

You cannot use operators on generic types, since you cannot do T + T style operations. You can get around this limitation by defining operators inside an interface and implementing it.

You can constrain the type T using the where keyword, as in "where T : struct". Here is a list of constraints available:

Advanced C#

Pointers can be used in C#, however, they should be only used if a piece of code needs extreme optimization or you are calling methods of a C based DLL. All pointer arithmetic code has to be scoped using unsafe keyword. You can have unsafe blocks of code or whole unsafe methods. Before you can compile your code, you need to check 'unsafe' flag in compiler options. Pointers are declared with the * star operator following a type. To get pointer memory location, you use & operator. Pointers can point to a non-pointer type, but such operation requires the use of fixed keyword.

Indexer method provides an ability to treat any class or structure as an array. Recall, that when a class implements IEnumerable interface it can be iterated over with foreach keyword. An indexer is a method that has a signature public ReturnType this[int myIndex] {get {} set {}}. Of note is the this keyword use. You can also index with strings or other types. You can also overload indexer method. You can also index over multiple dimensions over integers and strings together. You can also include indexer method in an interface in order to state that types that implement it support indexing - format is MyObject this[int myIndex] {get; set;}. Indexers can also be called smart arrays.

Operator overloading is done with the help of static methods that include operator keyword before the operator being overloaded. The operator method being overloaded doesn't need to include two identical types, you may want to say add a number to your custom type. If you overload - and + you automatically get += and -= overloaded. You can also overload ++ and -- unary operators. For overloading == and != you must remember that both need to be overloaded at the same time. It is handy to override the Equals method on your type first and then just use it for your operators. If you overload < then you also need to overload > same thing with <= and >= they also need a partner. Operator overloading is handled behind the scenes by compiler generated reserved methods.

If you want to cast among types that are not related, i.e. are not in each other inheritance path, then you need custom type conversion. Similarly to operator overloading custom type conversion involves the use of operator keyword and either explicit or implicit keyword. The conversion method is static and has a signature similar to public static [explicit|implicit] operator TypeYouAreIn(TypeYouAreConvertingFrom variable){}. You cannot define identical explicit and implicit conversions - methods have to differ by either return type or parameter list.

Extension methods add additional functionality, in the context of the current application, to already compiled types. All extension methods are static and have to be defined inside a static class. The first parameter of an extension method is preceded by "this" keyword to indicate the type you are extending. Extension methods can have more then one parameter, but the first one is special. The main benefit of an extension is that it seems like it is part of the type it is extending. Of course, you are free to call it as a regular static method - as if the this keyword was not there. Extension methods have only access to public members of the type they are extending. You need to make sure that the namespace in which your extension methods are defined is included (use using) in the file you want to use them in. When an extension method is added to an interface you also need to provide its implementation - you are extending every type that implements that interface.

Partial methods allow you to defined a method in one file and implement it in another. Partial methods live inside partial classes, always return void, cannot have parameters with out modifier and are always private. They can be static or instance based. If implementation of a partial method is never provided, its name never is compiled (as there is no body). Partial methods are best used as a place holder for optional implementation. They are cleaner solution then adding dummy code. They are used as method hooks with optional implementation.

Anonymous types can be created with the help of var keyword as in: var MyAnonType = new {Version=4, ProgrammingLanguage=".Net"}; Anonymous types automatically derive from Object type. They have overridden version of Equals(), ToString() and GetHashCode(). Equals makes use of value based comparison. Note that operators such as == and + or - are not overridden. Internally anonymous types are auto generated class objects with public always read only fields and private data storage. Anonymous types don't support custom methods or other things regular types do. They are implicitly sealed. They are used extensively when working with LINQ.

An iterator is a method, get accessor, or operator that performs a custom iteration over an array or collection class by using the yield keyword. Multiple iterators can be implemented in a class. The return type of an iterator must be IEnumerable, IEnumerator, IEnumerable<T>, or IEnumerator<T>. To access values from an iterator use following syntax: foreach(int x in Iterator){};. Iterators are used in LINQ.

Detailed look at assemblies and processes

You can define your types in nested namespaces as in namespace MyMainNameSpace.MyMinorNameSpace { }.

Assembly versioning allows the application to specify not only the library it needs to run, but also the version of the assembly. This resolves DLL hell issues of Win32 architecture.

You can create aliases with the using keyword as in: using myAlias = Some.Very.Long.Name.Space; In CIL all objects always use fully qualified name, so using keyword is just programmers shorthand.

Multifile assemblies can only be compiled with command line tools and each module doesn't need to be written in the same .Net language. Multifile assemblies are referenced and used same way as any other assembly.

Types in an assembly need to be defined as public in order to be visible outside of it. By default types are defined as internal and only seen in the defining assembly. In rare circumstances internal types can be seen by "friend assemblies".

Types defined in one assembly in one .Net language can be extended when imported via another .Net language.

Private assemblies are assemblies that live in the same directory that application file exists in. If you wish to reference private assemblies in sub-directories of your application then you need to create application configuration file. Note that the first assembly found with matching name is loaded.

Shared assemblies may be used by more then one application on the system. Shared assemblies do not reside in the same directory as the application that uses them. They are instead deployed to Global Assembly Cache (GAC). Only .dll assemblies can be deployed to GAC. In order to deploy an assembly to GAC you first need to generate a strong name.

To create a strong assembly name you need to generate a public and private key data using sn.exe utility. The private data is used to digitally sign your assembly. You need to make the AssemplyInfo.cs file aware of the location of the file generated by sn.exe utility.

Once you have a strongly named assembly you still need to install it into GAC. For test purposes gacutil.exe can be used. On production systems preferred way is to use msi intaller package.

.Net 1.0 to 3.5 shared assemblies are stored under $\Windows\Assembly directory while in .Net 4.0 they are stored in sub-directories under $\Windows\Microsoft.Net\assembly\

Once a newer and hopefully better version of a shared assembly is available you can force all subscriber applications to use newer assembly version via Publisher Policy created via al.exe file.

A process is a collection of resources needed to run a program. Every process is given unique process id. Every process contains at least one thread - main thread, used as an entry point for an application. A thread is a path of execution within a process. If there are more threads then CPUs then each thread executes only for a short time on a CPU before it is suspended.

System.Diagnostics namespace contains a number of useful types that are used to manipulate processes. All of these types have "process" as the first token in their name. You are able to list all running processes on the system as well as investigate what resources they are using & what threads they are running. You can also start and stop processes programmatically. All of process investigative tools are in the Process type.

.Net executables are hosted in AppDomains (assemblies are hosted in AppDomains). An AppDomain is a subdivision inside a process that is completely separate from other AppDomains. System.AppDomain class allows you to get information about running appDomains, load assemblies into them, unload appDomains, create new AppDomains. You can only unload assemblies if you tear down the application that uses them first.

Each appDomain has a default context into which most objects are placed into. However, some objects may require their own context, for example, they require thread safety. All types that need to be in a non-default context need to inherit from ContextBoundObject type.

It is possible to write .Net applications in CIL alone, with help of ilasm.exe compiler. Official ECMA specification has full details about CIL grammar. CIL is divided into three main areas: CIL directives, CIL attributes and CIL operation codes.

CIL is composed of binary data that the JIT compiler compiles. However, each binary operation has a corresponding friendly name that can be displayed instead for human reader. This is what a decompiler displays to the end user. CIL is a stack based programming language. You are pushing values onto execution stack in order to process them, CIL cannot directly access anything - it has to be on the stack first.

With a decompiler (ildasm.exe) you can dump CIL code to an external file, modify it and then re-compile (ilasm.exe) it. With the help of a reflector.exe you can create C# code based on ildasm.exe CIL code.

The decompiler automatically creates code labels for each line in the format IL_XXX. These are usually not needed and can be removed. Their use is for looping and other similar applications.

Use peverify.exe to check your compiled CIL assembly for good format.

Static assembly is an assembly that lives on your hard drive. Dynamic assembly on the other hand is created in memory using the types provided by System.Reflection.Emit namespace.

Dynamic assemblies are used rarely, on demand user assembly generation, on the fly modification of static assemblies and auto generation based on remote meta data. Dynamic assemblies require some knowledge of CIL.

.Net framework is a grouping of following technologies: .Net language such as C#, Common Language Runtime (CLR) runs CIL and takes care of low level functions such as memory management, .Net libraries, Asp.Net framework - web specific services such as secure authentication. There is also CTS - common type system and CLS - common language specification.

C# defines a number of constructs that are not CLS compliant. If these constructs are not exposed outside of an assembly there is no problem. You can instruct the compiler to check for CLS compliance.

CLR is common for all .Net languages and has at its core mscoree.dll. .Net base classes are broken into a number of assemblies, the most important one being mscorlib.dll.

CLR runs only CIL to which every .Net language complies. It is also capable of loading different component versions - different .Net versions can be installed at the same time. Every .Net language since it complies to CIL has common types and identical capabilities. CIL is compiled by JIT compiler before it is processed on a computer. You can compile CIL with ngen.exe for very complex apps.

CLI stands for Common Language Interface and is part of ECMA specification. It defines most basic libraries needed by CLI distribution, missing are things such as ASP.NET - as it is a common extension of CLI.

Assembly is made of CIL compiled by .Net compiler into *.exe or *.dll file. Each assembly contains a lot of metadata in addition to CIL code. Metadata description of an assembly is called a manifest. Its not common but possible to have a multi-file assembly composed of multiple binary files (called modules) with a single one (primary) containing assembly manifest. VS can build only single-file assemblies, for multi-file assembly you need to use command line compiler. Commonly used C# compiler is csc.exe while a common de-compiler is ildasm.exe. VB compiler is vbc.exe. CIL code always uses fully qualified object names, "using" C# keyword is just a programmers short hand.

For desktop application development note that Win7 and Vista already come with .NET installed. For the rest, you can provide the framework for free. Its about 77mb. Available in both 64bit and 32bit versions.

Csc.exe supports response files (*.rsp) these files contain a list of commands for the compiler. Command line compiler is usually used for build automation.

Reflection and dynamic types

Reflection is a process of runtime type discovery. Through reflection you can dynamically extract all information contained inside assembly's metadata.

System.Type type returns types defined in System.Reflection namespace. You can obtain a Type reference using Object.GetType() method. You can also use C# typeof operator as in Type myType = typeof(SomeType); Finally you can use System.Type.GetType() method that takes string name of a type as input and can be used without compile time knowledge of a type.

The System.Type.GetType() method can use as its input generic types, except that the name of the generic type makes use of a special character ` - as in System.Collections.Generic.List`1 where 1 signifies only single input, as <T>

System.Reflection namespace major members:

Using System.Reflection.Assembly class you can dynamically load assemblies at run time and discover properties about them. You can use Load() method to load private assemblies. Use LoadFrom() to load assemblies using a absolute path. To load shared assemblies you need to specify PublicKeyToken.

Late binding is the process of creating an instance of a type at runtime without having compile time knowledge of it. You use System.Activator.CreateInstance method to create object instance. To use methods in your object you need to use reflection, as the returned object is of type Object.

.Net attributes are code annotations (embedded metadata) that can be applied to a given item. .Net attributes are class types that extend System.Attribute base class. Name of an attribute is in between square brackets and always applies to the next item that follows it. Attributes are useless unless something reflects upon them. Multiple attributes can be applied to the same item. By convention all attributes have word "Attribute" at the end, through when placing them in square brackets in can be omitted. However, when defining your own attributes, don't forget "Attribute" at the class end. For security reasons all custom attributes should be sealed classes. You can restrict on what items attributes can be applied.

Attributes can be discovered using reflection both in early binding (know at compile time) and late binding.

Dynamic loading is used when one is creating an application that needs to be extendable, such as VS IDE, which can be extended by third party tools.

Variables defined with dynamic keyword can store any type of data, similar to values boxed inside a System.Object or defined with a var keyword. The main big difference is that the dynamic keyword defines variables that are not strongly typed. You can assign to a single dynamic variable many different types without an error.

Since dynamic data is not statically typed it is not checked until runtime for validity. Thus, you can call in your program dynamic type's members that don't exist without getting an error at compile time, only an error at runtime. This also disables intellisense of VS for all dynamic types.

In difference to variables implicitly defined with a var keyword the dynamic types can be defined outside of a method and be used in definition of type properties. Implicit variables are only for local variables in member scope.

Dynamic types cannot work with anonymous methods (and thus not with lambda expressions). They also don't support extension methods and thus LINQ is of very little use.

Dynamic keyword is best used when one needs to do a lot of late binding (used for extension applications - DLR takes care of reflection for free) and when building applications that have to interact with older technologies (such as COM interoperability with MS products such as Word or Excel). Dynamic keyword also allows interoperability between strongly typed .Net languages such as C# and dynamically typed .Net languages such as IronPython. Dynamic keyword and its related type at runtime discovery technology is supported by DLR - Dynamic Language Runtime. Expando objects enable your custom classes to be consumed in dynamic languages.

Introduction to parallel programming

System.Threading namespace contains various types that enable creation of multithreaded applications. Multiple threads can live in the same application domain and threads can cross application domain boundaries, however they can be active in only one application domain at a time. Threads can also cross contexts. Thread app domain and context allocation is handled by CLR. You have very little control as to when a given thread executes. Almost all operations in .Net are not atomic and thus they are not thread safe.

Simple threading can be achieved using delegates and their build it asynchronous methods. Delegates have two build in methods called BeginInvoke and EndInvoke. BeginInvoke returns objects of type IAsyncResult type which are taken as inputs by EndInvoke method. IAsyncResult interface contains useful property IsCompleted to let calling thread know when child is done. For more robust setup use BeginInvoke argument of type AsyncCallback to have child thread call a method in parent when its done.

Simplest type in System.Threading namespace is System.Threading.Thread type that allows creation/destruction of new threads, getting information about current thread as well as putting threads to sleep.

The safest way of making sure one thread waits for another thread is to use AutoResetEvents class.

Foreground threads have ability to prevent current application from terminating. background threads are all killed when no more foreground threads exist. By default any thread created with Thread.Start() method is a foreground thread. Background threads are used best for non-critical uses.

Access to shared resources can be synchronized with the help of lock keyword. The lock keyword is a shorthand for working with System.Threading.Monitor type. Since simple arithmetic operations are not atomic you can use System.Threading.Interlocked type to make them atomic. In order to make whole types thread safe use attribute [Synchronization] on your type and make it derive from ContextBoundObject.

System.Threading.Timer type can be used to create applications that need to do periodic tasks, such as checking whatever a server is still alive.

Instead of creating threads manually, you can just grab one of the threads in a pool maintained by CLR. Pooled threads are always background threads with normal priority. Using one of threads from the pool is very simple, with the help of System.Threading.ThreadPool type.

.Net 4.0 introduced Task Parallel Library API mostly contained in System.Threading.Tasks namespace. This API is designed to make multi-thread application as simple as possible. It has a build in ability to determine whatever set of tasks is best done in parallel fashion or sequentially. One of the more useful types of the library is the Parallel type used to loop over collections of data with For() and ForEach() methods.

The Invoke() method of Parallel type is a simple way of running multiple threads at the same time.

You can try to execute your LINQ queries using parallel processing. Execution of LINQ in parallel is called PLINQ. The PLINQ internal logic will determine if using parallel processing is faster and use it. In order to use PLINQ you need to use AsParallel() extension method on the data source object. You have ability to cancel running PLINQ queries.

Windows Communication Foundation (WCF)

WCF is an API for distributed system development. A distributed system provides a way for two executables (processes) to exchange information regardless of whatever they live on the same machine or on different networked computers. Many distributed systems existed prior to introduction of WCF in .Net 3.0. WCF API is primarily represented by System.ServiceModel namespace. WCF is based on design principles established by service oriented architecture (SOA). WCF is the preferred way of building distributed systems under .Net 3.0+. WCF can communicate with other WCF-based applications or with applications built on other Web services platforms.

Service Oriented Architecture (SOA) is the evolution of component-oriented programming making it possible to encapsulate, reuse and distribute business functionality with the added benefit of interoperability across technology platforms. SOA can be implemented with the help of (among others) following technologies: Web Services, REST and WCF.

REST - Representational State Transfer is an architecture that emphasizes simplicity and embraces statelessness between server requests. RESTful web service uses HTTP native vocabulary such as POST, GET, DELETE and PUT to implement WS. Every resource is assigned a unique ID.

WCF supersedes following technologies and provides a single technology that is able to handle tasks that once required a diverse set of software:

Under VS you can create either WCF Service Library - for any binding or WCF Service - for HTTP binding over web services used in a web site.

WCF service is a unit of functionality exposed to the outside world. All services are associated with an address that defines where they live, a binding that defines how to communicate with them, and a contract that defines what each service does. These three things are known as ABC - Address-Binding-Contract.

Major features of WCF:

Major design rules of service oriented architecture (SOA) are all related to the use of interfaces and the fact that an interface should never change - to change functionality a new interface should be created.

Hosts and clients communicate through three settings (these three settings together make up an endpoint):

All WCF services must be hosted in a Windows process called the host process. Service and host process share many to many relationship. Host process could be the client as well. The host process can be provided by IIS or developer.

Interfaces that represent WCF contract are called service contracts while classes and structures that implement them are called service types.

If your WCF service contract members contain only simple data types all you need is [ServiceContract] and [OperationContract] attributes. If you are dealing with more complex types you will need to use types from System.Runtime.Serialization namespace and additional attributes such as [DataMember] and [DataContract].

.Net ships with multiple bindings and you are free to create your own custom bindings. A binding specifies transport layer (HTTP, TCP etc), channels used (one-way, request-reply etc.), encoding used (XML, binary etc.) and supported web service protocols (WS-Security, WS-Transaction etc.).

There are few HTTP centric WCF bindings. The simplest one is BasicHttpBinding, followed by WSHttpBinding.

Attribute [ServiceContract] adorns the interface that is a service contracts, while attribute [OperationContract] adorns each method exposed by that interface. [ServiceContract] takes an important parameter called namespace. This should be set to a unique HTTP address for web service based projects. [OperationContract] also supports input parameters.

Both [ServiceContract] and [OperationContract] attributes can be placed directly on a type definition without the use of an interface. This is usually not desired.

In a nutshell a WCF Web Service based solution would involve the following:

In a web service bound WCF service when you create overloaded methods you need to specify the name parameter of [OperationContract] attribute. This is needed since WSDL doesn't support identical names for methods.

If you used WCF Service Library template provided by VS you can use WcfTestClient.exe to test your WCF service. You can also use VS to graphically configure App.config (with help of svcConfigEditor.exe).

In .Net 4.0 default endpoint values are provided as part of machine.config.

Single host can expose a WCF service using multiple endpoints. This way you can use multiple bindings to the same service. All you need to do is modify host .config file with extra endpoints. In the client you need to refresh current service reference to get latest changes. At that point client can use whatever binding it likes that host supports.

For backward compatibility WCF will automatically encode any type marked with [Serializable] attribute. However, the preferred way is to use a type adorned with [DataContract] attribute and each field with [DataMember] attrribute.

IIS-hosted WCF services can only be accessed using SOAP over HTTP. No other transport protocols are supported. Hosting with Windows Process Activation Service (WAS) allows for use of different communication protocols.

Introduction to Model View Controller (MVC) framework version 3

Problems with standard forms design pattern that MVC is addressing:

In Web Forms the designers wanted to make web stateful and designed (somewhat complicated and cumbersome) abstractions to fulfill that requirement. On the other hand, MVC embraces web as it is - stateless. MVC follows natural user - application interaction, user does something which causes application to change its data model and deliver an updated view.

MVC framework is not new, its was introduced back in 1978. ASP.NET MVC implementation is open source.

MVC 3 uses new view engine called Razor. You should use it in all of your new projects. Old engine, from MVC 2 is called ASPX.

All incoming requests are handled by controllers, usually inherited from system.web.mvc.controller class. All public methods inside a controller are known as action methods. ViewResult objects are used to show different user views produced by Razor engine. You can use ViewBag object to pass information between controller and views. Model handles all data interaction. All model classes are placed inside ~/Models folder.

Other topics

To create dynamic images you first need to create a canvas, which is an instance of System.Drawing.Bitmap class. Next is the graphic image, from Graphics class. It can be made of existing image using FromImage() method. And now you can add extra drawings, using methods in Graphics class. Once image is ready, send it to browser (or anywhere else) using Image.Save() method. Once you are done with the image don't forget to free its resources - code is not managed.

Image manipulation classes allow in web pages to replace img src attribute with a page name that is an image factory.

Asp.Net ships with a single site map provider - XmlSiteMapProvider. This allows you to read site map data from a special XML file, web.sitemap. To use a sitemap in content pages, you first define sitemap datasource via SiteMapDataSource tag. Then you bind controls such as TreeView to the data source. Programmatically you can access information through SiteMap class. SiteMapPath control is used to display your current page location.

URL mapping is used when more then one entry to a page is needed or when pages are renamed. It is defined in web.config file.

URL routing is used to replace long URLs with more friendly ones. It is used a lot in MVC framework. It is implemented inside Application_Start method of global.asax file. You manipulate RouteTable object to set new routes (found in System.Web.Routing namespace).

When comparing .Net to other platforms note that classic C has manual memory management and no OOP constructs. C++ is like an OOP layer on top of C. VB6 is not trully OOP language. COM programming offers some cross language support, but its hard to use. Java is OOP but you are stuck with just one language.

VSS class diagram and class designer tools are useful in visualizing and designing visually classes.

Useful programming utilities (free and paid):

Cyclomatic Complexity is a measure of code complexity based on the number of decision points in a block of code.

Visual Studio tips:

Useful methods and Properties: