percaya sama occam razor
See also: Other Geeks@INDC

10 Fitur kenapa Asp.Net 4 cocok untuk website publik

Aku baru saja kelar membaca Asp.Net 4.0 Beta 2 Overview dan ga sabar untuk menanti framework ini keluar. Di post ini, aku ingin menyoroti sedikit peningkatan yang membuat 4 cocok untuk membuat website publik.

Kamu akan melihat bahwa sepertinya Microsoft berusaha untuk lebih ‘mempercayai’ komunitas programmernya. Kita bisa liat bagaimana Microsoft membuat bbrp fitur yang sudah ada bisa di extend lebih lanjut untuk kebutuhan kita masing-masing.

1. Accessibility: Bisa mengatur Url


Sebagian dari kita yang udah main-main sama Asp.Net MVC pasti ga bisa lepas sama fitur Routing. Tidak seperti Asp.Net yang secara default, sistem url-nya terikat sama file system, MVC punya kontrol lebih.

Di versi lama kita bisa bikin friendly url dengan membuat HttpModule khusus yang tugasnya meng-convert url internal dengan eksternal. Sejak Asp.Net 3.5 kita jg bisa memakai Routing class dari ASp.Ne MVC. Tapi di Asp.Net 4 lebih mudah lagi karena nanti akan ada:

  • Routing bisa nge-map ke physical file
  • Ngebaca informasi dari url bakal sama gampangya sama ngebaca dari query string

Page.RouteData.Values["blogtitle"] as string;

  • Bisa pakai Routing information supaya ga usah masukin url ke mark up. jadi ga ada yang di hard-code.


2. Accessibility: Permanently Redirecting a Page

Seperti yang mungkin kamu sudah tau, ada beberapa macam http response. 301 adalah salah satunya untuk menyatakan bahwa halaman yang user mau liat sudah pindah lokasi.

Sebelum 4.0 kita harus ngelakuin ini secara manual:

Response.Status = "301 Moved Permanently";

Di 4, sekarang kita bisa tinggal:


3. Accessibility: Extensible Browser Capabilities

Browser Definition adalah salah satu fitur yang bisa kita pakai untuk mengecek kemampuan dari browser. Fitur ini udah diperkenalkan sejak Asp.Net 3.5 SP1 tapi perlu konfigurasi xml dan manggil program di command prompt

Side Note: Scott Hanselman spoke to Chris Woods, a program manager at Microsoft on the Mobile Browse Platform Team about a database of mobile device capabilities which uses the same mechanism.

Di 4, Microsoft sudah masukin browser definition  untuk iphone, chrome, safari and opera.

taken from

Fitur ini juga bisa di-extend menggunakan Provider.

4. Performance: Extensible Output and Object Caching

Ga ada website yang bakal survive tanpa a good caching strategy.

[lanjutannya dalam bahasa inggris: diambil dari]

Asp.Net does always have a caching mechanism built in, but it lacks native support to external distributed caching engines.

On Asp.Net 4, output and object caching are implemented using the Provider model, which means you can use the normal cache object to interact with your own custom cache engine!

Or even better, implement your own custom caching strategy based usage patterns, time of day, etc.

5. Performance: Control over Client ID


With the prior versions of, we lost control over what Html ID gets generated to the clients. This introduce 2 problems: performance (size of download gets bigger) and it becomes so darn hard to write client side script without a reliable client ID.

Side Note: QA team also often finds it difficult to write consistent Automated UAT Script (using WatiN or Selenium) having the client ID automatically generated by Asp.Net.

Asp.Net 4 introduce ClientIDMode which lets you set AutoID, Static, Predictable and Inherit.

Static – specifies the ClientID to use the value as the ID of the web user control without the parent naming containers.

Predictable – specifies the Client ID with a specified row suffix. This is generally used for controls with repeating templates.

6. Performance: More Granular View State Control

In prior Asp.Net versions, ViewState is enabled by default and can’t be disabled sitewide. In Asp.Net 4 this is now possible. Possible values include Enabled, Disabled and Inherit.

Remember, View State aren’t evil but it has to be utilized carefully.


7. Performance: Session State Compression

Handling massive amount of session state can be quiet expensive on a large website. Asp.Net 4 introduce a simple switch to turn Gzip compression on out-of-process session state providers. Very cool!

8. Performance: Auto-Start Web Applications

Some sites have extensive Application_Start procedure, for e.g eager cache static content, or let the load balancer know that the server is ready to start serving requests. However in previous versions, Application_Start happens upon the first user visit the site causing terrible experience for this unlucky person.

Side Note: hence often we have an automated ping to fake the first request to kick off the application

Asp.Net 4 with IIS 7.5 introduce an always on mode which start the web site automatically.

9. Security: Extensible HTML, URL and HTTP Header Encoding

Have you ever had problems of not being able to escape special characters by using HttpUtility.Encode ? In the previous Asp.Net versions the encoding technique doesn’t seem to be aggressive enough. In Asp.Net 4, Microsoft again introduce an extensibility point to built our own and have it configured from the web.config file.

<httpRuntime encoderType="Samples.MyCustomEncoder, Samples" /> 

10. Security : Extensible Http Request Validation

Asp.Net 4 introduce a few things that improves security when it comes to handling http requests:

  • Url character check configuration.
    afraid of script injection/XSS (cross side scripting) attacks from the url? fear no more, now we can specify a list of invalid chars. If it failed the test, http 400 will be returned back
  • Request Validation
    This is an attempt to validate all HTTP request data. We have to see how effective it really is.
  • As you might start to recognize a pattern from the previous points, guess what? Request Validation feature is also extensible, so if Microsoft isn’t doing a good enough job, you could implement it yourself.

The Bad news is there seem to be  not much improvement over the rendering of the web controls. Render=Flow still generate a bunch of span-s instead of div-s which I personally found limiting.

Share this post: | | | |


No Comments