06 June 2005

What Great .NET Developers Ought To Know (Part Four ASP.NET (UI) Developers)

Part Four ASP.NET (UI) Developers (III)
Describe ways to present an arbitrary endpoint (URL) and route requests to that endpoint to ASP.NET.

Explain how cookies work. Give an example of Cookie abuse.
Cookie is a text file has a name, contains a collection of values, and an expiration time. Cookie is planted to client browser by a web server. It contains value that can be used by the server to identify a client later.
Cookie abuse means a web contain provider using cookie to collect personal/demographic information without prior consent from the user and/or use these data in a way without user consent. Here is an example: Doubleclick sued over alleged cookie abuse

Explain the importance of HttpRequest.ValidateInput()?
ValidateInput check the three collections (QueryString, Form, and Cookies) for markup tags to prevent potentially dangerous data like cross site scripting.
If the validation feature is enabled by page directive or configuration, this method is called during the Page's ProcessRequest processing phase. ValidateInput can be called by your code if the validation feature is not enabled. Request validation works by checking all input data against a hard-coded list of potentially dangerous data.
QueryString, Form, and Cookies input data is checked during request validation.

<%@ Page validation="true" /“false” %>

What kind of data is passed via HTTP Headers?
HTTP header metadata (information) about the document (HTML). Standard ones like:

HTTP/1.1 200 OK
Date: Wed, 13 Aug 1997 02:35:50 GMT
Server: Apache/1.2.0
Last-Modified: Fri, 04 Jul 1997 22:18:24 GMT
ETag: "28f7d-810-33bd76b0"
Content-Length: 2064
Accept-Ranges: bytes
Connection: close
Content-Type: text/html

One can also define additional metadata like:
<META HTTP-EQUIV="Author" CONTENT="John Doe">
When the browser gets the document, it pretends that there is a header looks like this:
Author: John Doe

Pointers Quick reference to HTTP headers

Juxtapose the HTTP verbs GET and POST. What is HEAD?
HTTP-GET request gets information from a web server. It passes arguements (querystring) as a part of hostname via URL. Total length is limited a few hundred bytes. HTTP-POST request allows a client to send data to the server. The POST method passes all of its parameter data in an input stream, removing the limit of the size of the data. Unlike the GET method, POST is not expected to be safe nor idempotent
The HTTP HEAD method is very similar to the HTTP GET method. The request looks exactly the same as the GET request (except the word HEAD is used instead of GET), but the server only returns the header information.
HEAD is often used to check the following:
The last-modified date of a document on the server for caching purposes
The size of a document before downloading (so the browser can present progress information)
The server type, allowing the client to customize requests for that server
The type of the requested document, so the client can be sure it supports it
Note that HEAD, like GET, is expected to be safe and idempotent.
A practical use of HEAD is to scan massive URLs for validity or search stream files (MP3 search engine) in which we need retrieve only part of a file which contains the descriptor fields (metadata).

Name and describe at least a half dozen HTTP Status Codes and what they express to the requesting client.
1XX: informational:
100: Continue; 101: Switch protocols
2XX: Sucessful:
200: OK; 201 Created; 202 Accepted
3XX: Redirection
300 Multiple Choices; 301 Moved Permanently; 302: Redirect request found;
4XX: Client Error
400: Bad request; 401:Unauthorized; 403: Forbidden; 404: Resource Not Found;
5XX: Server Error
500: Internal Server Error; 501 Not Implemented; 502 Bad Gateway; 503 Service Unavailable.
Pointer
Hypertext Transfer Protocol -- HTTP/1.1 RFC 2616 Fielding, et al. Status Code Definitions

How does If-Unmodified-Since work? How can it be programmatically implemented with ASP.NET?
The If-Unmodified-Since request-header field is used with a method to make it conditional. If the requested resource has not been modified since the time specified in this field, the server SHOULD perform the requested operation as if the If-Unmodified-Since header were not present.

Tracking and Resuming Large File Downloads gives a nice clean example on a file download HttpHandler implementation. In the ProcessRequest method it checks HTTP headers to decide the download status.
...
ElseIf Not CheckIfUnmodifiedSince(objRequest, _
objFile) Then
' The entity was modified since the requested
' date...
objResponse.StatusCode = 412 ' Precondition failed

Private Function CheckIfUnmodifiedSince(ByVal objRequest As HttpRequest, ByVal objFile As Download.FileInformation) As Boolean
Dim sDate As String
Dim dDate As Date
Dim bReturn As Boolean


' Checks the If-Unmodified or Unless-Modified-Since header, if
' one of them was sent with the request.
'
' Returns True, if the file was not modified since the
' indicated date (RFC 1123 format), or
' if no header was sent,
' returns False, if the file was modified since the indicated date
' Retrieve If-Unmodified-Since Header value from Request (Empty if none is indicated)
sDate = RetrieveHeader(objRequest, "If-Unmodified-Since"
, String.Empty)

If sDate.Equals(String.Empty) Then
' If-Unmodified-Since was not sent, check Unless-Modified-Since...
sDate = RetrieveHeader(objRequest, HTTP_HEADER_UNLESS_MODIFIED_SINCE, String.Empty)
End If
If sDate.Equals(String.Empty) Then
' No date was indicated,
' so just give this as True
bReturn = True

End If
Return bReturn
End Function

Pointers Quick reference to HTTP headers Tracking and Resuming Large File Downloads

No comments: