Learning Center
Plans & pricing Sign in
Sign Out
Get this document free


VIEWS: 128 PAGES: 28

									Microsoft .NET
Development Platform Overview

         Erik Sargent
         May 16, 2002
•   What is .NET? - Microsoft’s Strategy
•   Under the Hood
•   Security & Managed Code
•   Cross-Language Debugging
•   Zero-Footprint Desktop Deployment
                  What is .NET?
 A comprehensive XML Web Services platform

                Windows XP, Windows CE, Pocket PC, Office
Visual Studio

                    Passport, Alerts, .NET My Services

                   Windows Server, Enterprise Servers
             Under the Hood
Common Language Runtime (CLR)
  The execution environment for IL. Provides security,
    garbage collection, exception handling, inheritance and
    support for Base Class Libraries. Comparable to JVM.

Common Language Specification (CLS)
  A subset of the Common Type Specification which all
    language compilers targeting CLR must adhere to.

Intermediate Language (IL)
  Compilers generate “platform” independent IL which the
   JIT will compile for execution by the CLR. For
   equivalent functionality, the IL should be exactly the
   same for different languages! Performance is same.
         Language Neutrality
CLR doesn’t know what language it is running.
 There are more than 25 languages for .NET,
 including COBOL, PERL, Eiffel and Java!

CLS objects are cross-language. A VB.NET
 class can be created as an object in PERL and
 then passed to a COBOL method!

Java is language specific and platform neutral.
  .NET is language neutral, but platform specific.
         .NET Base Classes
Object Oriented

Over 4,500 classes provide most of the features
 that most applications ever need.

Much of the implementation of data is XML
 inside (ADO.NET)

.NET support for Web Services leads industry.
   .NET Assembly - The New .DLL
Combines MSIL with metadata for code management.

Strong Typing allows side-by-side, concurrent execution
  of different versions of the same assembly!
  Determination of which version to run can be made
  through application settings or by administrators of the

Global Assembly Cache (GAC) allows commonly
  shared assemblies to be pre-compiled and stored in
  one place.

No Registry Required! “DLL Hell” is gone.
      Security & Managed Code
Managed Code is type-safe and has execution
 boundaries, called Domains.

Application Domains can execute in the same

Unmanaged code in an Assembly is identified by
 metadata, letting the CLR treat it differently.

Policies at the Enterprise, Machine, User and
 Application levels define permissible actions for
 execution, and configuration settings.
           Role-Based Security
Programmers can use role-based security to control
  access to methods or properties at run-time.

Isolate security from code logic by applying attributes
  defined in System.Security or EnterpriseServices

System.Security is feature-rich, but is limited to Windows
  user groups.

EnterpriseServices uses COM+ roles for more flexibility
  but classes must inherit from EnterpriseServices

You can implement your own security provider for
  databases, LDAP, …
    Example: Security Using Attributes
using System.Security.Permissions;
public class Car
   public long StartEngine()

    public long OpenDoor()
      Evidence-Based Security
Evidence is the characteristics of the code such as its
  directory or digital signature.

Code Groups are logical groupings of code with
  evidence that satisfies certain conditions like
  <Directory=“c:\winnt\”> or <URL=“”>.

Named Permission Sets define the permissions
  applied to Code Groups.

Application Domain Hosts such as browsers or the shell
  can enforce more restrictive permissions and, if trusted,
  provide evidence about the hosted assembly to the CLR.
        Evidence-Based Security
Effective Permissions are determined by calculating the
  intersection of Named Permissions granted at each Policy

Each Policy Level grants permissions based on the union of
  Named Permissions for all matching Code Groups defined
  at that level. Attributes can be applied to Code Groups in
  each policy level to modify the default determination.

The effect is for least restrictive permissions within a Policy
  Level (unless “nothing” is specified) but most restrictive
  permissions when Policy Levels are combined.

Enterprise, Machine, User and Application policies are
  adhered to but defined independently.
            Website Security
ASP.NET is compiled to managed code before
 executing, so web pages can utilize the same
 role-based features as other .NET applications.

Web.config can define built-in ASP.NET security
 providers such as “Forms”, “Windows” or set
 event handlers for custom providers.

Web.config is an “application” level security policy
 file. Settings in higher level policy files take
 precedent, so administrators of shared web
 servers can breath.
      Security & Managed Code
Evidence-based security means that there is no
  guarantee your code has sufficient permission to
  run when the user executes it!

Download FxCop from to
 check that your assemblies follow Microsoft’s .NET
 Framework Design Guidelines. Add rules for your
 team’s design guidelines.

.NET classes are free-threaded.
Programming model can handle client-side events on
  the server as if they happened on the server.

Design-time provides GUI configuration of controls
 on the page. Microsoft provides controls that are
 fast and scalable for .NET (vs. VS6).

Compiled code means 2-5 times faster execution.

Session State is now fast and scalable.
    ASP.NET Change Management
•   Version code just like any other .NET application!
•   Debug Using Trace! (instead of Response.Write)
•   Automated Unit Testing!
•   Deploy Assemblies Without Source Code!
    – Protect your Intellectual Property!
• Publish web applications with simple XCopy!
    – Goodbye FrontPage Extensions!
• Dynamic Code Replacement - Without Rebooting!
• Concurrently Run Different Versions of Business
  Objects Side-By-Side!
• Script Builds from Source Control
       ASP.NET Cool Features
Output Caching is automatic, but configurable by
 user, query, time or underlying data source AND at
 either the page or control level.

ASP and ASP.NET can run in the same directory but
 do not share state.

Use any .NET language. Use structured exception
 handling as implemented in the language.

Debug from web pages down into business objects.
      Writing XML Web Services
Use the WebService directive in .ASMX pages. Code behind
  uses the WebMethod attribute and inherits from

.NET will use reflection to automatically generate a WSDL and
  a simple human-readable testing and documentation page.

Also, you can publish any COM+ object or .NET assembly by
  registering it in COM+ and checking a box. COM+ can use
  .NET remoting instead of HTTP for .NET to .NET calls.

SQL and Exchange 2000 both provide XML Web Services
  access methods to their data.
                 Web Services
Imports System.Web.Services

<WebService(Namespace := "")> _
Public Class Service1
  Inherits System.Web.Services.WebService

  <WebMethod()> Public Function HelloPerson(ByVal
  YourName As String) As String
    HelloPerson = "Hello, " & YourName & "."
  End Function

End Class
  Consuming XML Web Services
All Web Services are late-binding.

Static bindings are Web References. Use them just
  like a referenced assembly. IntelliSense works!

Dynamically bind to services at run-time by using
 UDDI and/or Disco.

If necessary, configure proxy server and credentials
   in machine.config.

Consume .NET Web Services from any platform.
Consuming Web Services
ASP.NET Web Form
             Web Services
Private Sub Button_Click(ByVal sender As
 System.Object, ByVal e As System.EventArgs)
 Handles Button.Click

   Dim ws As New HelloService.Service1()

    Results.Text &= ws.HelloPerson(strName.Text)
 & "<br>"

 End Sub
   Cross-Language Debugging

Because all .NET code is implemented based
 on the language independent Common
 Language Specification, it doesn’t matter
 what language you use when debugging.
Touchless Desktop Deployment

Only Windows 2000 and XP as servers.
  Windows 98 or better as clients. CE support
  is in beta and will be a subset.
Transparency of Source Code – MSIL is
  relatively easy to reverse engineer to source
  code. Obfuscators and encryption will solve
  this in the future.
Security of .NET is still questioned based on
  past experience with Microsoft.
                     .NET Myths
Myth: Passport is required for authentication in .NET. BizTalk
  is required for XML Web Services. Windows CALs are
  required for access to “authenticated” IIS applications.

Myth: J# is another Microsoft attempt to corrupt Java.

Myth: The Microsoft .NET Pet Store benchmark proves
  ASP.NET is 15-28 times faster, requires ¼ the CPU, ¼ the
  code and supports 6-8x as many users as J2EE.
Related Myth: Oracle’s latest Java Pet Store proves J2EE on
  Oracle is faster than .NET

Myth: .NET is a huge mental leap for VB developers.
• Microsoft’s .NET 6-Week Guide
• Mono – Open Source .NET on Linux
• DotNetExtreme.Com’s Explaination of .NET
• UseDotNet – Get the Slides & Samples

To top