ASP.NET Web Forms
|Operating system||Windows, Linux, macOS|
|Type||Web application framework|
ASP.NET Web Forms is a web application framework and one of several programming models supported by the Microsoft ASP.NET technology. Web Forms applications can be written in any programming language which supports the Common Language Runtime, such as C# or Visual Basic. The main building blocks of Web Forms pages are server controls, which are reusable components responsible for rendering HTML markup and responding to events. A technique called view state is used to persist the state of server controls between normally stateless HTTP requests.
Web Forms was included in the original .NET Framework 1.0 release in 2002 (see .NET Framework version history and ASP.NET version history), as the first programming model available in ASP.NET. Unlike newer ASP.NET components, Web Forms is not supported by ASP.NET Core.
ASP.NET web pages, known officially as Web Forms, were the main building blocks for application development in ASP.NET before the introduction of MVC. There are two basic methodologies for Web Forms: a web application format and a web site format. Web applications need to be compiled before deployment, while web sites allow the user to copy the files directly to the server without prior compilation. Web forms are contained in files with a ".aspx" extension; these files typically contain static (X)HTML markup or component markup. The component markup can include server-side Web Controls and User Controls that have been defined in the framework or the web page. For example, a textbox component can be defined on a page as
<asp:textbox id='myid' runat='server'>, which is rendered into an html input box. Additionally, dynamic code, which runs on the server, can be placed in a page within a block
<% -- dynamic code -- %>, which is similar to other Web development technologies such as PHP, JSP, and ASP. With ASP.NET Framework 2.0, Microsoft introduced a new code-behind model that lets static text remain on the .aspx page while dynamic code goes into an .aspx.vb or .aspx.cs or .aspx.fs file (depending on the programming language used).
Microsoft recommends dealing with dynamic program code by using the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like "MyPage.aspx.cs" or "MyPage.aspx.vb" while the page file is MyPage.aspx (same filename as the page file (ASPX), but with the final extension denoting the page language). This practice is automatic in Visual Studio and other IDEs, though the user can change the code-behind page name. Also, in the web application format, the pagename.aspx.cs is a partial class that is linked to the pagename.designer.cs file. The designer file is a file that is autogenerated from the ASPX page and allows the programmer to reference components in the ASPX page from the code-behind page without having to declare them manually, as was necessary in ASP.NET versions before version 2. When using this style of programming, the developer writes code to respond to different events, such as the page being loaded, or a control being clicked, rather than a procedural walkthrough of the document.
ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a Web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model–view–controller (MVC) frameworks.
A directive is a special instruction on how ASP.NET should process the page. The most common directive is
<%@ Page %>, which can specify many attributes used by the ASP.NET page parser and compiler.
User controls are encapsulations of sections of page sections that are registered and used as controls in ASP.NET.
Programmers can also build custom controls for ASP.NET applications. Unlike user controls, these controls do not have an ASCX markup file, having all their code compiled into a dynamic link library (DLL) file. Such custom controls can be used across multiple Web applications and Visual Studio 2013 projects.
.NET uses a "visited composites" rendering technique. During compilation, the template (.aspx) file is compiled into initialization code that builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.
Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree, which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.
After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is a source of confusion among novice ASP.NET programmers who rely on the class instance members that are lost with every page request/response cycle.
ASP.NET applications are hosted by a Web server and are accessed using the stateless HTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUI state. Problems may arise if an application must track "data state"; for example, a finite-state machine that may be in a transient state between requests (lazy evaluation) or takes a long time to initialize. State management in ASP.NET pages with authentication can make Web scraping difficult or impossible.
Application state is held by a collection of shared user-defined variables. These are set and initialized when the
Application_OnStart event fires on the loading of the first instance of the application and are available until the last instance exits. Application state variables are accessed using the
Applications collection, which provides a wrapper for the application state. Application state variables are identified by name. Application is state management.
Server-side session state is held by a collection of user-defined session variables that are persistent during a user session. These variables, accessed using the
Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookie or by encoding the session ID in the URL itself.
ASP.NET supports three modes of persistence for server-side session variables:
- In-process mode
- The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.
- State server mode
- ASP.NET runs a separate Windows service that maintains the state variables. Because state management happens outside the ASP.NET process, and because the ASP.NET engine accesses data using .NET Remoting, ASPState is slower than In-Process. This mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. Because the state management service runs independently of ASP.NET, the session variables can persist across ASP.NET process shutdowns. However, since session state server runs as one instance, it is still one point of failure for session state. The session-state service cannot be load-balanced, and there are restrictions on types that can be stored in a session variable.
- SQL Server mode
- State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.
ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application. HTTP is a stateless protocol. This means that a Web server treats each HTTP request for a page as an independent request. The server retains no knowledge of variable values that were used during previous requests. ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session. By default, ASP.NET session state is enabled for all ASP.NET applications.
Alternatives to session state include the following:
- Application state, which stores variables that can be accessed by all users of an ASP.NET application.
- Profile properties, which persists user values in a data store without expiring them.
- ASP.NET caching, which stores values in memory that is available to all ASP.NET applications.
- View state, which persists values in a page.
- The query string and fields on an HTML form that are available from an HTTP request.
View state refers to the page-level state management mechanism, utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the Web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as
__VIEWSTATE. The server sends back the variable so that, when the page is re-rendered, the controls render at their last state. At the server side, the application may change the viewstate, if the processing requires a change of state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the
The main use for this is to preserve form information across postbacks. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should) be modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.
Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the Base64 string containing the view state data can easily be de-serialized. By default, View state does not encrypt the
__VIEWSTATE value. Encryption can be enabled on a server-wide (and server-specific) basis, allowing for a certain level of security to be maintained.
ASP.NET offers a "Cache" object that is shared across the application and can also be used to store various objects. The "Cache" object holds the data only for a specified amount of time.
When first released, ASP.NET lacked a template engine. Because the .NET Framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "
System.Web.UI.Page", write methods there that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application – not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.
Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.
When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.
The master page remains fully accessible to the content page. This means that the content page may still manipulate headers, change title, configure caching, etc. If the master page exposes public properties or methods (e.g., for setting copyright notices) the content page can use these as well.
Other file extensions associated with different versions of ASP.NET include:
|Extension||Introduced in version||Description|
|asax||1.0||This is the global application file.You can use this file to define global variables (Variable that can be accessed from any Web page in the Web application.) It is mostly used to define the overall application event related to application & session object.Global.asax, used for application-level logic|
|ascx||1.0||User Control, used for User Control files logic|
|ashx||1.0||Custom HTTP handlers do not have a user interface.|
|asmx||1.0||Web service pages. From version 2.0 a Code behind page of an asmx file is placed into the app_code folder.|
|aspx||1.0||An ASP.NET Web Forms page that can contain Web controls and presentation and business logic. http://msdn.microsoft.com/en-us/library/2wawkw1c.aspx|
|axd||1.0||When enabled in web.config requesting trace.axd outputs application-level tracing. Also used for the special webresource.axd handler, which allows control/component developers to package a component/control complete with images, script, css, etc. for deployment in one file (an 'assembly')|
|browser||2.0||Browser capabilities files stored in XML format; introduced in version 2.0. ASP.NET 2 includes many of these by default, to support common Web browsers. These specify which browsers have which abilities, so that ASP.NET 2 can automatically customize and optimize its output accordingly. Special .browser files are available for free download to handle, for instance, the W3C Validator, so that it properly shows standards-compliant pages as being standards-compliant. Replaces the harder-to-use BrowserCaps section that was in machine.config and could be overridden in web.config in ASP.NET 1.x.|
|config||1.0||web.config is the only file in a specific Web application to use this extension by default (machine.config similarly affects the entire Web server and all applications on it), however ASP.NET provides facilities to create and consume other config files. These are stored in XML format.|
|cs/vb/fs||1.0||Code files (cs indicates C#, vb indicates Visual Basic, fs indicates F#). Code behind files (see above) predominantly have the extension "|
|cshtml||4.1||Views (mixed C# and HTML using Razor syntax)|
|dbml||3.5||LINQ to SQL data classes file|
|edmx||3.5||ADO.NET Entity Framework model|
|master||2.0||Master page file. Default file name is Master1.master|
|resx||1.0||Resource files for internationalization and localization. Resource files can be global (e.g., messages) or local, which means specific for one aspx or ascx file.|
|sitemap||2.0||Sitemap configuration files. Default file name is web.sitemap|
|skin||2.0||Theme skin files.|
|svc||3.0||Windows Communication Foundation service file|
|vbhtml||4.1||Views (mixed VB and HTML using Razor syntax)|
In general, the ASP.NET directory structure can be determined by the developer's preferences. Apart from a few reserved directory names, the site can span any number of directories. The structure is typically reflected directly in the URLs. Although ASP.NET provides means for intercepting the request at any point during processing, the developer is not forced to funnel requests through a central application or front controller.
The special directory names (from ASP.NET 2.0 on) are:
- This is the "raw code" directory. The ASP.NET server automatically compiles files (and subdirectories) in this folder into an assembly accessible in the code of every page of the site. App_Code is typically used for data access abstraction code, model code and business code. Also any site-specific http handlers and modules and Web service implementation go in this directory. As an alternative to using App_Code the developer may opt to provide a separate assembly with precompiled code.
- The App_Data ASP.NET Directory is the default directory for any database used by the ASP.NET Website. These databases might include Access (mdb) files or SQL Server (mdf) files. The App_Data is the only directory with Write Access enabled for the ASP.NET web application.:
- Holds resx files with localized resources available to every page of the site. This is where the ASP.NET developer typically stores localized messages, etc. used on more than one page.
- E.g., a file called CheckOut.aspx.fr-FR.resx holds localized resources for the French version of the CheckOut.aspx page. When the UI culture is set to French, ASP.NET automatically finds and uses this file for localization.
- A file (not a directory) that disables the application by returning the contents of the file for any application request.
- Adds a folder that holds files related to themes, which is a new ASP.NET feature that helps ensure a consistent appearance throughout a Web site and makes it easier to change the Web site's appearance when necessary.
- holds discovery files and WSDL files for references to Web services to be consumed in the site.
- Contains compiled code (.dll files) for controls, components, or other code that you want to reference in your application. Any classes represented by code in the Bin folder are automatically referenced in your application.
ASP.NET aims for performance benefits over other script-based technologies (including Classic ASP) by compiling the server-side code the first time it is used to one or more DLL files on the Web server. These dll files or assemblies contain Microsoft Intermediate Language (MSIL) for running within the common language runtime; this provides a performance boost over pure scripted languages and is similar to the approach used by Python and not dissimilar to JavaServer Pages. This compilation happens automatically the first time a page is requested (which means the developer need not perform a separate compilation step for pages).
This feature provides the ease of development offered by scripting languages with the performance benefits of a compiled binary. However, the compilation might cause a noticeable but short delay to the user when the newly edited page is first requested from the Web server, but not again unless the requested page updates further.
The ASPX and other resource files are placed in a virtual host on an Internet Information Services server (or other compatible ASP.NET servers; see Other implementations, below). The first time a client requests a page, the .NET Framework parses and compiles the file(s) into a .NET assembly and sends the response; subsequent requests are served from the DLL files. By default ASP.NET compiles the entire site in batches of 1000 files upon first request. If the compilation delay is causing problems, the batch size or the compilation strategy may be tweaked.
Developers can also choose to pre-compile their "codebehind" files before deployment, using Microsoft Visual Studio, eliminating the need for just-in-time compilation in a production environment. This also eliminates the need of having the source code on the Web server. It also supports pre-compile text.
ASP.NET compared with Classic ASP
Other differences compared to Classic ASP are:
- Compiled code means applications run faster with more design-time errors trapped at the development stage.
- Significantly improved run-time error handling, making use of exception handling using try-catch blocks.
- Similar metaphors to Microsoft Windows applications such as controls and events.
- An extensive set of controls and class libraries, as well as user-defined controls, allow the rapid building of applications. Layout of these controls on a page is easier because most of it can be done visually in most editors.
- ASP.NET uses the multi-language abilities of the .NET Common Language Runtime, allowing Web pages to be coded in VB.NET, C#, J#, Delphi.NET, etc.
- Ability to cache the whole page or just parts of it to improve performance.
- Ability to use the code-behind development model to separate business logic from presentation.
- Ability to use true object-oriented design for programming pages and controls
- If an ASP.NET application leaks memory, the ASP.NET runtime unloads the AppDomain hosting the erring application and reloads the application in a new AppDomain.
- Session state in ASP.NET can be saved in a Microsoft SQL Server database or in a separate process running on the same machine as the Web server or on a different machine. That way session values are not lost when the Web server is reset or the ASP.NET worker process is recycled.
- Web Server Controls: these are controls introduced by ASP.NET WebForms for providing the UI for the Web form. These controls are state managed controls and are WYSIWYG controls.
- "What is Web Forms". docs.microsoft.com.
- "ASP.NET View State Overview". msdn.microsoft.com.
- "Choose between ASP.NET and ASP.NET Core". docs.microsoft.com.
- Staff (November 2001). "Overview of ASP.NET and Web Forms". Microsoft. Retrieved 2011-06-05.
- (MacDonald & Szpuszta 2005, p. 63)
- "Web Application Projects versus Web Site Projects in Visual Studio".
- "Code Behind vs. Code Inline". Microsoft .NET Framework. Microsoft. Archived from the original on 11 November 2010. Retrieved 2010-11-22.
- "aspx.designer.cs how does it work?". StackOverflow. September 10, 2015.
- "ASP.NET Web Page Syntax Overview". Microsoft .NET Framework. Microsoft. Retrieved 2010-11-22.
- "INFO: ASP.NET State Management Overview". Retrieved 2007-10-23.
- "ViewState in ASP.NET". Archived from the original on 14 October 2007. Retrieved 2007-10-23.
- "Encrypting Viewstate in ASP.NET". Retrieved 2009-07-19.
- "ASP.NET Master Pages". microsoft.com. Microsoft.
- "Global.asax Syntax". microsoft.com. Microsoft.
- "Turning an .ascx User Control into a Redistributable Custom Control". microsoft.com. Microsoft.
- "ASP.NET Web Project Folder Structure". microsoft.com. Microsoft.
- "ASP.NET Directory Structure". aspnet4.com.
- (MacDonald & Szpuszta 2005, pp. 7–8)
- "ASP.NET Web Site Project Precompilation Overview: Performing Precompilation". Microsoft Developer Network. Retrieved 13 January 2016.
- MacDonald, Matthew; Szpuszta, Mario (2005). Pro ASP.NET 2.0 in C# 2005 (1st ed.). Apress. ISBN 978-1-59059-496-4.CS1 maint: ref=harv (link)