ASP.NET Web Services

  • tightly coupled applications are applications where logic of UI and the logic for the database part of the same application module
  • XSLT enables you to transform one form of XML into some other form, including XML, simple text, and (of most benefit to web developers) HTML
  • Loosely coupled approach is an approach for separating data layer from presentation layer, where you provide a layer that generates XML from your database and a presentation layer that recognizes this XML and render it
  • A web service is a device-agnostic implementation of business logic. You generally invoke a web service by using an HTTP-POST verb to send an XML document containing your request details, and the service returns another XML document containing its response to you (this style of web service is more formally called an XML web service)
  • Discussion point: Why Web Services technology is better that DCOM (Distributed Computer Object Model) and CORBA ( Common Objects Request Broker Architecture)
  • Web Services come from the following:
    • HyperText Transmission Protocol
    • XML
    • Simple Object Access Protocol (SOAP): is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks
    • Web Services Description Language (WSDL): used to describe how the structure of SOAP document will be decipher
  • Fortunately, if you build your web service by using ASP.NET, the WSDL document is automatically generated for you


  • Profiles ensure that different technologies won’t prevent web service clients and servers from communicating with each other. The most common profile is called the Basic Profile. In its simplest sense, the Basic Profile ensures that only data that is common to all technology platforms can be exposed via a web service. Thus, to conform to the Basic Profile, a Java web service cannot expose a Java-specific data type such as Vector. Conversely, a .NET-based service cannot expose a .NET-specific data type such as DataSet.
  • To add a a value based on a outer parameter you can add @ char before it
  • Using Inheritance to improve your code readability:
class Dates : List<DateTime> { }

public class Program
public static void Main()
Dates m_currentDates = new Dates();

  • Using Web Service in your application called Web Reference
  • To bind data from Web Service in a GUI control you can do this using ObjectDataSource control

Data Binding with ASP.NET

  • Data-driven applications are applications that are based on saving and retrieving data from storage file
  • Scalability is typically achieved by breaking an application into functional tiers.
  • keeping state between tiers has a high cost when it comes to scalability, performance, and security
  • ADO.NET offers a disconnected model that enables you to access data from another tier, disconnect from that tier (thus breaking state), and access that data locally
  • The main data-provides used to connect to data source:
    • Connection
    • Command
    • DataReader
    • DataAdapter: used to facilitate communication between disconnected DataSet and the data store
    • DataSet
  • There is also an Object Linking and Embedding for Databases (OLEDB) provider and an Open Database Connectivity (ODBC) provider, which are written to access any database that provides OLEDB or ODBC databases, respectively
  • You need at least three pairs in any connection string: the name of the database server (Data Source), the database on that server to connect to (Initial Catalog), and the sign-on credentials. If you set Integrated Security to True, SQL Server will use the Windows account of the current process to sign into SQL Server. Or, you can specify a user ID and password to sign in using SQL Server credentials in Mixed Mode. You can easily hard-code a connection string into your application like this:
    • string strConn = "Data Source=BOOKDEV\SQLEXPRESS;" + "Initial Catalog=AdventureWorks;Integrated Security=True";
  • However, it makes much more sense to store the connection string in your Web.config file, because you may want to change it over time and prefer not to recompile your code just to reconfigure the connection to your database. You do this by using the <connectionStrings> section within Web.config


  • A command is implemented via the SqlCommand class and controlled using the SqlCommand.CommandType and SqlCommand.CommandText properties, which are often used in tandem. If you set the CommandType to CommandType.Text, the CommandText property (a string) should contain the SQL statement that you want to execute. If the type is CommandType. StoredProcedure, the CommandText should contain the name of the stored procedure to execute. Finally, if the type is CommandType.Table, the command text should contain the name of a table in your database. Executing this type of command will return all records stored in that table
  • There are 4 methods for executing commands:
    • ExecuteNonQuery: used for inserting, updating, deleting. Here it returns an integer number that indicates # of effected records
    • ExecuteScalar: returns the first column of the first row of the result set (useful in COUNT, MAX and SUM quires)
    • ExecuteReader: used for SELECT statements and returns DataReader object
    • ExecuteXMLReader: This is similar to ExecuteReader except that it gives you an XmlReader to access the data.
  • Be careful when using parameters in SQL statements that are derived from user input, as this is a common source of SQL injection attacks. This type of hacker attack involves a cleverly crafted parameter value on the user’s part and an insecure application hat doesn’t validate user input. This attack can allow a malicious user to access private data or even destroy your database!
  • How to use parameters in SQL (90)
  • When you are using parameters, don’t forget to sanitize strParamZIP before passing it to the database to avoid injection attacks. By sanitize, I mean that you should evaluate the value contained within strParamZIP and make sure it’s a valid postal code, not some other (invalid) text
  • Using SqlDataSource to connect to databases (92)
  • You may find in more advanced applications that the developer chooses to perform the paging in the database tier within their stored procedures. This is very effective in that it doesn’t persist a large amount of data on the presentation tier, and it reduces the amount of traffic on the wire. ASP.NET gives you the facility to page on the client, should you choose to, and SQL Server gives you the facility to page on the database tier, should you choose to. It’s all about flexibility!
  • Use DataList control when you want to configure way of presenting data

Web Forms with Asp.Net

– Web Applications Characteristics:

  • Multiuser
  • Designed to be executed on server and viewed in client
  • Most of web applications are stateless

– HTML controls are executed on client and Asp controls are executed on server

– In action attribute you specify the URI of the agent that handles the processing on the form

– With method attribute you specify that the form will use either the HTTP-POST or HTTP-GET to talk to server

  • When using HTTP-POST, the URI of the agent is called with the parameters specified in the form as name/value pairs in the URI. As a result, the call will look something like this: http://server/application?param=value&param=value
    • Usually HTTP-GET is used to request information from server (pull model)
    • If there had been parameters encoded in the query string (the URL), as is the case with HTTP-GET, we could access those values through the HttpRequest.QueryString parameter
  • When using HTTP-POST, values are embedded within the body of the HTTP request itself, following the HTTP header values
    • Usually HTTP-POST is used to send data to server (push model)
    • When using HTTP-POST: string value = Request.Form[“ItemName”];
    • You can add values to property HttpRequest

– Why is stateless

Processing of events is done by the flow:

  • When the page first runs, ASP.NET prepares the HTML to send to the client then destroy it from server memory
  • User trigger postback to server
  • Then page is send to server and ASP.NET stores the state of each control
  • Executes the event handler of the triggered event
  • Modified page is rendered back into HTML and returned to the client

– Using Automatic Postback you can make a control response right away (like city list)

  • Here this is achieved by enabling the AutoPostBack property

Session State Concept:

  • Having permanent data available during browning period
  • Methods to support statefull application:
    • Cookies:
      • Disadvantages:
        • They lead to security problems and privacy issues
        • Requires a lot of development overhead
      • View State:
        • Solves most of Cookies problems
        • Disadvantage here is that the size of page is increased by the view state info


  • If an excessively large page is giving you a problem, you can override view state by setting the EnableViewState property to false. Thus, when designing your application, you can optimize it for page size by enabling view state only for the controls that you want to maintain state for


Page Framework Initialization:

  • Here ASP.Net initializes the page memory on the server
  • Then page fires Page .Init event here you can perform actions upon initializing the page but UI actions are not permitted because UI rendering has not occurred yet

Application Code Initialization:

  • Page_Load will fired at this point
  • This event most is used for initialization issues
  • You can use Page.IsPostBack to make a distinction between page initialization and reloading

Performing Event Handling:

  • If a number of lists are used with no AutoPostBack, and the user selects items on them before pressing a button on the page—then each of these events will have their handler called at this stage

Performing Data Binding:

  • Any data binding that updates the data store via an insert, a delete, or an update will occur after all the control events are handled, but before the Page_PreRender occur. Then, after the PreRender event, the functionality that queries the data store will fire. This ensures that data isn’t stale, because any functionality on your page that updates the data store will happen before anything is read from the data store. Therefore, the data on your page is always up-to-date

– Use Page.Controls to access all controls

– [Programming] Changing the page title dynamically using Title property

– [Programming] Adding controls in run time: Page.Form.Controls.Add

  • Here we are adding controls to control container

– Common page elements:

  • Request
  • Response
  • Used to redirect web pages: Response.Redirect(“url”)