Monday, June 29, 2015

.Net Framework 4.5 Features

.Net Framework 4.5 Features


.Net Framework 4.5 came up with lots of great features. Writing about all of them will not be possible but I would like to add light on some features especially with regards to Asp.Net.
Now I am just wondering from where should I start and how should I start?
I think I should start talking about target audience.
Let me be clear that this article is not intended for those who want to learn Asp.Net Web Forms or Asp.Net MVC. In order to understand this article you should have basic knowledge of web development and some features introduced in prior versions of .Net framework, especially Asp.Net features. 

What we will learn then? 

We will not cover each and every Asp.Net feature introduced with 4.5. Rather we will talk about some features which I personally felt good and thought I should share. If you think that there is something else which has to be covered, you have comment box and I will try to get it to you.

Agenda

  • Understand Asynchronous HTTP Modules and Handlers.
  • WebSocket protocol support in Asp.Net 4.5
  • New Request Validation features
  • What’s next and conclusion?
Enough talking, let’s get back to work.

Understand Asynchronous HTTP Modules and Handlers.

HTTP modules and HTTP handlers are two words we commonly hear from every Asp.Net developer. Many times we want to implement pre-processing logic before any web resource like image, text or aspx is requested. For example – We want to add a security check before actual page/resource processing starts.
HTTP modules emits lots of events in the Asp.Net request pipeline where we can write our own logic so it is termed as event based methodology. Each and every request passes through HTTP modules.
HTTP handlers on the other hand won’t get executed for every request, it depends on the extension of resource we are requesting so it is termed as extension based methodology. Let’s say end user make a request to image with .jpg extension but we internally retrieves the image from database and send it as a response. HTTP handler fits here best. 
If you are more curious about these two concepts and want to learn in-depth click  here.

Request Processing is Asp.Net

Now IIS web server maintains a pool of threads and whenever a new requests comes in it just takes one thread from that pool and allocates it for request processing. As long as threads are available in the thread pool, Asp.Net will be able to serve all requests. But once all threads got busy processing the request and no free threads remain in thread pool, new request has to wait for thread to become free. Obviously there is a waiting time and after that server will throw “HTTP 503 server busy” or “Server Unavailable” error.
Increasing the thread pool size doesn't really solve the problem.
Lack of threads is not the real problem, real problem is existing threads are not getting used efficiently.
Many times our request processing thread will be waiting for our I/O to complete instead of executing code, which I call as inefficient use of thread. We should release the thread as soon as I/O operation starts and obtain a new thread as soon as it completes.

Synchronous HTTP modules

Let’s talk about a scenario where we want to write a complex long running task in HTTP module.
Task may include
  • reading from or writing to some text/xml file 
  • may be some database operation
  • may be downloading something from web 
For demo purpose let’s say we want to log details of all requests into database.
Now if we execute modules in a synchronous manner it will degrade site performance a lot because it will keep request processing thread (which was allocated in the beginning) busy throughout database processing.

Asynchronous HTTP modules

Now Asp.Net has a support for creating asynchronous HTTP modules. In this case we will release the thread as soon as I/O or any other operation starts which won’t require CPU.
In order to do that we will use asynchronous methods in HTTP modules instead of synchronous methods. In example we are using AddOnPostAuthorizeRequestAsync method which is asynchronous version of synchronous event PostAcquireRequestState.

Then what is new in Asp.Net 4.5? 

Although previous versions of Asp.Net allowed the creation of asynchronous HTTP modules, with the introduction of Task in 4.0 and async/await keywords in 4.5, it has become much simpler.
In Asp.Net 4.5 we have a class called EventHandlerTaskAsyncHelper and a delegate type called TaskEventHandler using which we can integrate Task-based asynchronous methods with the older asynchronous programming model exposed by the Asp.Net HTTP Pipeline.  Let’s have a quick look at the refactored version of above code snippet. 

Synchronous HTTP handlers

Let’s discuss about the image processing scenario we discussed above (while explaining HTTP handlers). Now if we create a synchronous HTTP handler for the same, it will just block the request processing thread for a long time. We should release the thread to thread pool as soon as we start retrieving image from database(so that it can serve some other request) and should allocate a new thread when retrieving completes. 

Asynchronous HTTP handlers

Ultimate solution will be Asynchronous HTTP handlers.
Normally in order to create HTTP handler we use IHttpHandler but in order to create Asynchronous HTTP handler we will use IHttpAsyncHandler. 
public class MyAsyncHandelerOldWay: IHttpAsyncHandler
{
    public MyAsyncHandelerOldWay()
    {
    }
    public IAsyncResult BeginProcessRequest(HttpContext context, AsyncCallbackcb, object
extraData)
    {
        //......
    }
    public void EndProcessRequest(IAsyncResult result)
    {
        //......
    }
    public bool IsReusable
    {
        //......
    }
    public void ProcessRequest(HttpContext context)
    {
        //......
    }
}

Then what is new in Asp.Net 4.5?

Same problem. It’s too complex to implement. But .Net 4.5 made it easy to implement with async/await keyword and a class called HttptaskAsyncHandler. 
publicclassMyAsyncHandeler:HttpTaskAsyncHandler
{
    public MyAsyncHandeler()
    {
    }
    public override async Task ProcessRequestAsync(HttpContext context)
    {
        SqlCommand cmd = newSqlCommand();
        Object Image= await cmd.ExecuteScalarAsync();
        context.Response.BinaryWrite((byte[])Image);
        context.Response.End();
    }
}

WebSocket support in Asp.Net 4.5

HTML 5 WebSocket is a known features to everyone by now. It brings sockets to the web.
Clients connect to a server and sends an HTTP request (prefixed by “ws://” or “wss://”) with special headers, then web server response back HTTP 101 with special response headers. This is how handshaking works in case of WebSockets. This will establish a secure, real time communication between client and server over HTTP. 
Now it’s not required to use techniques like long pooling or periodic pooling to simulate the socket behavior in web, now it’s possible without much effort because of WebSockets.

What’s new in Asp.Net 4.5? 

Now in order to work with WebSockets we need
1. Client side JavaScript APIs which we can use,
  • For initiating connection
  • For sending messages to server
  • For receiving messages from Server.
2. Server side .Net APIs for creating and hosting WebSocket server.

Client Side APIs 

Now for client side scripting we have APIs provided by HTML 5.
Code 1 – Initiating connection:
window.onload = function ()
{
    //Url of WebSocket Server
    var url = "ws://localhost:9495/ChatServer.ashx?Name=Sukesh";
    var ws = new WebSocket (url);
}
Code 2- Sending Messages 
$('#BtnSend').click
(
    function ()
    {
        ws.send($('#TxtMessage').val());
        $('#TxtMessage').val('');
    }
);
Code 3 – Receiving Messages  
ws.onmessage = function (e)
{
    $('#ResponseDiv').append("<br>" + e.data.toString());
}
Note: $ in above code is from jQuery. For Dom manipulation we are using jQuery.

Server side APIs    

Asp.Net 4.5 provides APIs using which developers can easily (word easy is very important here) write code which will :
  • Accept client’s WebSocket request and upgrades HTTP Get request to WebSocket request.
    Code for accepting WebSocket request: 
    HttpContext.Current.AcceptWebSocketRequest (// WebSocket delegate goes here)
    
    Note: In case of web forms this code will be written in either HTTP Module or in HTTP Handler and in case of MVC we will use Web APIs.
    Code for WebSocket delegate: 
    private async Task MyProcessTask(AspNetWebSocketContext context)
    {
        //Code goes here
    }
    
  • Read string or binary data from WebSocket object synchronously or asynchronously. Code for creating WebSocket object:
    WebSocket socket = context.WebSocket; //context -> parameter of MyProcessTask
    Code for receive message
    ArraySegment<byte> buffer = newArraySegment<byte>(newbyte[1024]);
    //receive data from Client
    WebSocketReceiveResult result = await socket.ReceiveAsync(
    buffer, CancellationToken.None);
    </byte></byte>
    Code for send message
    //Send data to client
    await socket.SendAsync(
    buffer, WebSocketMessageType.Text, true, CancellationToken.None);
    
    Code example shows that WebSockets requests runs completely asynchronously inside.
    Application was waiting for client message asynchronously and for that we are using await socket.ReceiveAsync.
    Similarly, asynchronous messages are sent to a client by calling await socket.SendAsync.

New Request Validation features in Asp.Net 4.5

Request validation is one of the important feature in Asp.Net. It examines the incoming requests and determines whether it contains potential dangerous content.
  • What is meant by dangerous content?

    Any HTML or JavaScript code which is added for malicious purpose.
  • What is meant by request content here?

    It means posted values, query string, cookies and header of the request.
  • Why Request validation is required?

    It avoids XSS (Cross-site-scripting). Let’s say we have a textbox and button in page. When someone click the button, value in the textbox will be displayed in the page itself. Now let’s say if someone puts some kind of JavaScript code with script tag in textbox and when we try to write textbox content into the page, browser will execute the JavaScript code.
  • What happens if request validation fails?

    Asp.Net will throw an error “potentially dangerous value was detected" error and stops page processing.
It’s going to be a big problem if we want our application to accept HTML content. Example for application which will accept HTML content are Forum sites.

Solution – Disable request validation 

  • Either at Page level as    
<%@PagevalidateRequest="false"%> 
  • Or at application level as
 <configuration>
<system.web>
<pagesvalidateRequest="false" />
</system.web>
</configuration> 

Is this good? 

Obviously no!!!Because we have to validate each and every control in page so that XSS will not affect. Project requirement says only some controls are going to accept HTML content hence there is no sense in disabling request validation for all the controls in page (or application).

What Asp.Net 4.5 has in its pocket? 

It provides 2 new features
  1. Deferred request validation 
  2. Introduction of ValidateRequestMode property 
In order to understand these two features lets create a simple form as follows 
In order to solve this issue we will navigate to web.config and will change requestValidationMode to 4.5 (new in Asp.Net 4.5) 
<system.web>
<compilationdebug="true"targetFramework="4.5"/>
<httpRuntimetargetFramework="4.5"requestValidationMode="4.5"/>
</system.web>  
It will just vanish the error. Now it’s time to consume the values in code behind for further processing. So let’s write some code in button click handler. 
It seems like error is still there. Only difference is now it is coming when we try to access the value.The call to Request.Form["forum_post"] still triggers request validation for that specific request value.
This is what we call deferred request validation.

But how to access those values? 

For that we will use Request.Unvalidated.Form 
Example:
stringHtmlContent = Request.Unvalidated.Form["TxtHtmlContents"];

What if I want to useServer side controls?  

This question only applies for Asp.Net Web Forms. In above example we are using input textboxes (html controls). Now let’s try the same example with Server side textboxes. 
<div>
    (Html Contents): <br/>Server Textbox 
<asp:TextBoxrunat="server"ID="TxtHtmlContents"/><br/>
    (Normal Contents): <br/>Server Textbox 
<asp:TextBoxrunat="server"ID="TxtNormalContents"/><br/>
<asp:ButtonID="Button1"Text="Submit"runat="server"OnClick="Button1_Click"name="Address"/>
</div> 
We will see a strange behavior when we execute the code. Put some HTML content in textbox and click on button. We will get the same “Potential Error”. Setting  requestValidationModeto 4.5 just delegates request validation from one time to other time (time when we try to retrieve values). When we closely look into the Asp.Net life cycle events,we will find that just before the Page_Load event an event called LoadPostBackData gets fired, which will get all the values from posted data and load them into corresponding textboxes. It means, behind the scene Asp.Net is trying to access the values from posted form data which is causing error.

What is the solution?  

Now the good news is,Asp.Net 4.5 added a new property to every server control called  ValidateRequestMode. Set it to “disabled”. Using this property we can disable request validation for individual controls. 

Some small important features introduced in 4.5

There are some very small but useful features which I want to address.
  • Automatic Html encoding with <%: %>

  • Unobtrusive validation –

    which will significantly reduce the amount of JavaScript rendered inline in the page markup and thus reduces the overall page size.
  • New features with regards to HTML 5

    • TextMode property of Textbox supports more values now like email, datetime
    • Many html 5 controls supports runat=”server” attribute in order to support “~” sign while specifying URL. 
    • File upload control supports multi file upload

What is Next and Conclusion?

In this article we tried to understand 3 new features in Asp.Net 4.5 and I hope you enjoyed it. We started our journey with Asynchronous HTTP modules and Handlers, then we had demo on web sockets and ended up with new request validation features. 
In the further coming series we will talk about Improvements made on Asp.Net MVC
  • Asp.Net Web API  
  • Asynchronous controllers 
  • Display Mode support
Thanks for reading. Your feedbacks, comments and ratings not only motivates us but also improves us.
Keep coding and keep sharing.
For technical trainings on various topics like WCF, MVC, Business Intelligence, Design Patterns, WPF and Basic fundamentals feel free to contact  SukeshMarla@Gmail.com or visit  www.sukesh-marla.com
For more stuff like this click  here. Subscribe to  article updates or follow at twitter  @SukeshMarla 
Click and go here to get more on ASP.NET /.NET and C# learning stuffs
Do once go through this article  which talks about  5 important .NET 4.5 new features.

.Net Framework 4.5 Features

Table of contents

Introduction

It has been almost a year since .NET 4.5 got released. But the problems with most of the recent Microsoft releases have been communication with .NET developers. Only one or two features are known to developers and other features just stay on MSDN and end up becoming simple documents.
For example, the time you ask a .NET developer what is new in the core framework .NET 4.5 most of them will just say async and awaitt (at least with people whom I have interacted have just talked about those features).
Again it’s very difficult to run through all the new features. Because the features may not sound interesting depending on what you are working currently on..
So in this article I have picked my five favorite features introduced in .NET 4.5 core. Again it’s possible my favorites cannot be your favorites. But what I have done is while choosing these features I kept in mind the larger .NET community and I hope I have met that expectation.
Note: This article does not discuss the new features in ASP.NET, WCF, WPF, WWF etc. It only talks about new features related to the core.

Feature 1: async and await (code markers)

This feature has been oversold and every .NET evangelist has talked about it. But this is still my favorite and you will come to know why in a few lines from here.
async and await are markers which mark code positions from where control should resume after a task (thread) completes.
Let us try to make sense of the above statement by understanding the below code. If you see the flow of the below code:
  1. Method() gets called from the Static void main() entry point.
  2. Method() spawns a Task (thread) LongTask which waits for 10 seconds.
  3. At the same time the control comes back to Method() to execute the remaining code after the task was called. In other words as the invocation is multi-threaded (Task.Run…),  LongTask is also running i.e., waiting for 10 seconds and the remaining code of your Method() is also executed.
Now in certain scenarios we want step 3 to behave differently. We want that after LongTask() finishes execution, the control should go back to Method to execute the remaining code. The async and awaitkeywords help to achieve the above behavior.
Now there are three important points to remember about the async and await keywords:
  1. async and await are pair keywords. You cannot use them in a standalone manner.
  2. async is marked on a method. This keyword is just an indicator saying that this method will have theawait keyword.
  3. The await keyword marks the position from where the task should resume. So you will always find this keyword in conjunction with Task.
Below is a modified version of the previously discussed code where we have applied async and await. All the other steps remain the same but “Step 3” is executed after “Step 2” completes. In simple words the control comes back to Method() after the task has finished operation.
Now that you have read about “async” and “await”, let me put a cross question. The above behavior can be also achieved by using Task.Wait or Task.ContinueWith, so how do they differ? I am leaving this question as a home work for you.

Feature 2: Zip facility (Zip compression)

Zip is one of the most accepted archive file formats. Zip format is supported in almost all operating systems with some built-in name.
  • In Windows operating system it’s implemented by the name “Compressed folders”.
  • In MAC OS it’s implemented by the name “Archive utility”.
Now in .NET we did not have built-in support for implementing Zip compression. Many developers where using third party components like “DotnetZip”. In .NET 4.5, the Zip feature is baked in the framework itself, inside the namespace System.IO.Compression.
The first step is you need to reference two namespaces:
  • System.IO.Compression.FileSystem
  • System.IO.Compression
The next step is to import the below two namespaces:
using System.IO.Compression;
If you want to Zip files from a folder you can use the CreateFromDirectory function as shown below.
ZipFile.CreateFromDirectory(@"D:\data",@"D:\data.zip");
If you wish to unzip, you can use the ExtractToDirectory function as shown in the below code.
ZipFile.ExtractToDirectory(@"D:\data.zip", @"D:\data\unzip");

Feature 3: Regex timeout (TimeOut)

“Regex” has been the most preferred way of doing validations. In case you are new to Regex, please see the Regex video where I have explained how regex is implemented. But because of the typical parsing logic of regex it is exposed to DOS attacks. Let us try to understand in detail what I mean by that.
For instance consider this regular expression - “^(\d+)$”. This regex expression says that it can have only numbers. You can also see the regex symbolic diagram which shows how the regex will be evaluated .Now let’s say if we want to validate “123456X”. It will have six paths as shown in the below figure.
But if we add one more number to it, it will take seven paths. In other words as the length increases a regex takes more time to evaluate. In other words the time taken to evaluate is linearly proportional to the length of the characters.
Now let’s complicate the previously defined regex from “^(\d+)$” to “^(\d+)+$” . If you see the regex symbolic diagram it’s pretty complex. If we now try to validate “123456X”, it will run through 32 paths. If you add one more character the number pf paths become 64. 
In other words for the above regex, the time taken to evaluate rises exponentially with the number of characters.
Now the question you would ask is, how does it matter? This linear rise of evaluation time can be exploited by hackers to do a DOS (Denial of Service) attack. They can put a long, a really long string and make your application hang forever.
The proper solution for this would be to have a timeout on the regex operation. Good news, in .NET 4.5 you can now define a timeout property as shown in the below code. So if you get any kind of malicious string, the application will not go in a loop forever.
try
{
  var regEx = new Regex(@”^(\d+)+$”, RegexOptions.Singleline, TimeSpan.FromSeconds(2));
  var match = regEx.Match(“123453109839109283090492309480329489812093809x”);
}
catch (RegexMatchTimeoutException ex)
{
  Console.WriteLine(“Regex Timeout”);
}
Below is a nice video which is uploaded on Facebook which demonstrates the DOS attack by regular expression and how it can be prevented using regex timeout feature of .NET 4.5. Do not miss it, worth a watch.
 

Feature 4: Profile optimization (Improved startup performance)

We all know .NET code is in a half compiled format. During runtime, the JIT (Just-in-Time) compiler runs and translates this half compiled IL code to native machine code. One of the big complaints about JIT is that when a .NET applications runs the first time, it runs slow as JIT is busy translating IL code to machine code.
In order to bring down this startup time, in .NET 4.5, we have something called “profile optimization”. Profile is nothing but a simple file which has a list of methods which the application will need during startup. So when the application starts, a background JIT runs and starts translating IL code for those methods into machine / native code.
This background JIT compilation of startup methods happens across multiple processors thus minimizing the start up time further. Also note you need to have a multicore box to implement profile optimization. In case you do not have a multicore box then this setting is ignored.
In order to create the “profile” file, you first need to import the System.Runtime namespace. You can then call the SetProfileRoot and StartProfile methods of the static class ProfileOptimization. Now when the application starts the background JIT it will read from the profile file and compile your start up methods in the background thus reducing your startup time.
using System.Runtime;

// Call the Setprofilerroot and Startprofile method
ProfileOptimization.SetProfileRoot(@"D:\ProfileFile");

ProfileOptimization.StartProfile("ProfileFile");
One important note: Profileoptimization is enabled by default for ASP.NET 4.5 and Silverlight 5 applications. So the above code need not be written for these technologies.

Feature 5: Garbage collector (GC background cleanup)

Garbage collector is one real heavy task in a .NET application. And it becomes heavier when it is an ASP.NET application. ASP.NET applications run on the server and a lot of clients send requests to the server thus creating loads of objects, making the GC really work hard for cleaning up unwanted objects.
In .NET  4.0, when the GC runs for cleanup, all the application threads are suspended. You can see in the above figure we have three application threads running. We have two GCs running on separate threads. One GC thread for one logical processor. Now the application threads run and do their work. Now as these application threads are performing their task they also create managed objects.
At some point of time the background GC runs and starts clean up. When these background GCs start cleanup, they suspend all the application threads. This makes the server/application less responsive for that moment.
To overcome the above problem, server GC was introduced. In server GC there is one more thread created which runs in the background. This thread works in the background and keeps cleaning generation 2 (see this video for GC generation 0, 1, and 2)objects thus minimizing the load on the main GC thread. Due to double GC threads running, the main application threads are less suspended, thus increasing application throughput. To enable server GC, we need to use the gcServer XML tag and enable it to true.
<configuration>
   <runtime>
      <gcServer enabled="true"/>
   </runtime>
</configuration> 

Three more features worth exploring

Set default culture to App Domain 

In the previous versions of .NET if I needed to set culture I needed to do it in every thread. Below is a sample code which demonstrates the pain of setting culture at thread levels. That was a real pain when we had heavily multi-threaded applications.
CultureInfo cul = new CultureInfo(strCulture);
Thread.CurrentThread.CurrentCulture = cul;
Thread.CurrentThread.CurrentUICulture = cul;
In 4.5 we can set culture at the app domain level and all the threads inside that appdomain will inherit that culture. Below is a sample code of how to implement DefaultThreadCurrentCulture.
CultureInfo culture = CultureInfo.CreateSpecificCulture("fr-FR");
CultureInfo.DefaultThreadCurrentCulture = culture;

Array support more than two gigabyte size