IBuySpy
Posted May 24, 2002
Chat Date: April 18, 2002
Chat Participants:
- John Perry, Program Manager
- Susan Warren, Program Manager
JPerry_MSPM
Welcome to today's ASP.Net chat on IBuySpy. I will ask the hosts to introduce themselves.
Susan_MS
Hi, my name is Susan Warren and I'm a Program Manager on the ASP.NET team for pages and controls.
Susan_MS
Looks like I'm the only host right now :)
JPerry_MSPM
And I'm John Perry, PM For Communities for ASP.Net
JPerry_MSPM
Let's get started! Fire away with your questions for our hosts.
Susan_MS
Let me introduce the topic briefly:
Susan_MS
There are two IBuySpy applications. IBuySpy Store is a sample e-commerce storefront, and
Susan_MS
shows a lot of good tricks for creating web UI using ASP.NET. IBuySpy Portal is a corporate
Susan_MS
or Internet portal site, and shows some more advanced tricks for roles-based security
Susan_MS
and database-driven content.
Susan_MS
I'd ask you to identify WHICH IBuySpy sample your questions refer to -- thanks!
JPerry_MSPM
If you can put a Q: in front of your questions, that'll be a big help.
Susan_MS
Q: where did the idea for IBuySpy come from??
Susan_MS
A: The original Store sample idea came from a training program the Vertigo Software folks were running. The idea for Portal came from customers who wanted just such a sample.
Susan_MS
Q: In IbuySpy the code for creating parameters.... Gerasha -- can you please be more specific, not sure what you are asking here... thanks!
Susan_MS
A: Actually the samples *do* use datasets in a couple of places, but this is an awesome question!
Susan_MS
oops! missed the question :)
Susan_MS
Q: IBuySpy does not use DataSet's. How do you decide when to use a DataSet, and when to use lighter weight data structures?
Susan_MS
A: Actually the samples *do* use datasets in a couple of places, but this is an awesome question!
Susan_MS
DataSets are disconnected caches of data, and are great for passing data over remoting or a web service, or for caching in Cache or session state.
Susan_MS
But they are not as fast as DataReaders, which are forward-only read-only connected cursors. So we show using data readers in most cases.
Susan_MS
Q: In the portal version you can add extra tabs to the top and move there position - how is this done?
Susan_MS
A: It's all data-driven. The portal just asks the database for a list of tabs and dynamically created the UI for them. The tabs themselves are created using the DataList control, and ASP.NET databinding.
Susan_MS
Q: in asp.net is it okay to create a user object, store permissions, etc. and then load it in the session (a common practice in j2ee, to avoid terrible if then code nightmare for permission intense systems)
Susan_MS
A: sure. The trade-off is the per-user memory consumed on the web server. If the per user objects are very larger, you won't be able to serve thousands of users per server with this approach. But for many intranet applications the simplicity this allow
Susan_MS
I'd add that some of the things you are talking about caching -- user identity for example -- are already cached for you by ASP.NET. You don't need to explicitly cache them for your application.
Susan_MS
Q: How to make in IbuySpy,that menu object keep state, what was selected, between pages?
Susan_MS
A: In both applications, we use a low-tech approach to keeping the menu state: we pass a value on the query string.
Susan_MS
This has the added benefit of make the individual menu selection book-markable.
Susan_MS
Q: Portal: What does the '~' do in the Response.Redirect. Does this somehow imply the root? I can't find any docs on it.
Susan_MS
A: Yes that's almost correct. This gets translated by ASP.NET to Request.ApplicationPath on the *server*.
Susan_MS
One caveat is that (because the translation happens only in server code) you can't use it in client-only paths, like the SRC attribute of an IMG tag.
Susan_MS
We apologize for the skimpy docs -- it came on late in the product cycle. We'll have better docs for it in a future update.
Susan_MS
Q: so in asp.net its okay to store a DataReader in the session object, for paging etc.? I mean DataSet
Susan_MS
A: Yes =DataSets= work in these cases, DataReaders don't
Susan_MS
Q: How long did it take to develop IBuySpy Store and Portal?? How long do you think it would take for a user like myself - middle knowledge of ASP.net / VB.net
Susan_MS
A: Actually, Store was pretty fast -- about 1 man (or woman) month. Portal was about 4 man months.
Susan_MS
Q: or is it better just to store the data in a collection or arraylist
Susan_MS
A: This is one of those "mileage may vary" answers. Depends on what you are doing... Does your collection object contain special functionality you want in your applications?
Susan_MS
Q: IBuySpy is an excellent demo ASP.NET site. Are there any other demo sites that the IBuySpy team has done for .NET?
Susan_MS
A: We have a couple in the works now, but it's a little too earlier to talk about them --- with one exception!
Susan_MS
We're releasing a new sample next week called Cassini. This is a very lightweight sample web server that shows how to host ASP.NET outside of IIS
Susan_MS
It includes full source code of course, and the usual "do with it as you wish" licensing we have for IBuySpy
Susan_MS
The cool thing about Cassini is that it uses the hosting APIs that we expose in System.Web namespace in ASP.NET
Susan_MS
Q: When you need to retreive or validate data on each postback (or at least some) is it better to use a dataset in session or open a stream reader each time?
Susan_MS
A: Again, mileage may vary, but let's look at the tradeoffs.
Susan_MS
It comes down to where the bottleneck ( or potential bottlenecks ) in your app are: traffic to the database, complex/expensive database queries, web server memory load
Susan_MS
One other option is to do neither :) but instead round trip the data each time in page viewstate, either by binding it in a control or by placing it in viewstate manually
Susan_MS
for the viewstate option, you wouldn't want to use this for secure data, of course, since it goes to the client.
Susan_MS
Q: You can't bind a DataGrid or DataList to a DataReader in the web forms designer, because there is no DataReader component in the ToolBox. Will this be fixed in a future release, or is there some fundamental reason for not doing this?
Susan_MS
The reason we don't support this is that the designer requires the data live at design time to accomplish this trick. As a forward-only cursor the DataReader can't really fulfill this requirement.
Susan_MS
However, it's definitely a problem were working on solving in the future.
Susan_MS
Q: Is there any other .net samples like IBuySpy - I know there was a pet store once, where has that gone?
Susan_MS
A: .NET Pet Store is still available on www.GotDotNet.com, I believe
Susan_MS
Q: Portal: I noticed the iBuySpy portal site uses one namespace. In contrast, the petshop sample uses several. Which is better?
Susan_MS
A: The purpose of a namespace is to uniquely identify classes that may be named the same, like "Button" or "Order".
Susan_MS
The IBuySpy samples are intentionally a bit simpler than you might use in a real world app, just to reduce the number of things ..
Susan_MS
a developer must understand while learning them. In my own experience real (big) applications have more than one namespace in them.
Susan_MS
Q: Store/Portal: Could both be used in the real-world or would they need editing for performance
Susan_MS
A: We performance-test these samples. They are architected specifically for performance and scalability. So I'd say, probably not unless you have extreme requirements.
Susan_MS
Q: is there a better way to do paging then the datareader like an arraylist, or collection (an interface of arrylist)
Susan_MS
A: Sendman, can you please clarify? Do you mean paging the datasource, or paging in a UI widget, like Data Grid?
Susan_MS
Q: how to pass arraylist or collection to another pages?
Susan_MS
A: This is another great question -- thanks! There's a cool new feature in ASP.NET called the Context object.
Susan_MS
It has a collection property called Items that allows you to pass objects between the different bits of code that work together in the processing of a single request.
Susan_MS
Note -- it's a sort of state bag, but for just one request. But here's the trick: You can add your objects (including collections)
Susan_MS
to Context.Items, and then user Server.Transfer() to call the second page. The Context is transferred to the second page.
Susan_MS
For more details about Context, see my column on MSDN ("Nothing But ASP.NET") called a Matter of Context. There's a example there.
Susan_MS
Q: I might have missed this but where does the shopping cart get stored? In the db or cookies or something else?
Susan_MS
A: In the database. The store assigns a temporary id to the user that the cart items are tied to. When the user logs in (to check out for example) the cart items are migrated to the new user id.
Susan_MS
Abandoned items (never checked out) are cleared nightly by a database job.
Susan_MS
Q: is there any way to add parameters to the request object (such as a data set) and forward it to another page like in j2ee?
Susan_MS
A: I think I answered this with that long post about Context -- let me know if you have further questions on this.
Susan_MS
Q: When the Windows.net server is released will we be able to admin it (IIS) via ASP.net online?
Susan_MS
A: I don't know.
Susan_MS
Q: Is there set namespaces / APIs ?
Susan_MS
A: There are a set of namespaces and APIs in the .NET Framework, but your own application code creates new ones :) Ben thinks Susan is a bit overworked with the questions.....
Susan_MS
Susan thinks that the point of the chat :)
Susan_MS
Q: Are there some good examples of placing it in the viewstate manually?
Susan_MS
A: Yep, there's another Nothing But ASP.NET column on MSDN called "Taking a Bite Out of ViewState" that has all the gory details, and samples
Susan_MS
Q: susan was talking about a very lightweight sample web server.... once there was something like myweb:// in .NET (Preview) what about this
Susan_MS
A: The MyWeb feature got cut way back when, in the preview. The sample web server is only that... it doesn't try to solve the "take offline" problem where a cached set of the application data is managed for your too
Susan_MS
It's just a regular web server. But small, compact and pretty cool. :)
Susan_MS
One cool thing about Cassini is that it doesn't really on the IIS meta base -- no virtual roots, sites ,etc.
Susan_MS
You just point it at a folder at it becomes you temporary web root. One limitation of Cassini is that it only serves local requests.
Susan_MS
Q: it seems to be a way to host .NET web apps outside IIS (on the client)
Susan_MS
A: correct. You could package an ASP.NET application on a CD, for example (assuming the client had the .NET framework installed)
Susan_MS
Q: Any hope we will see a a datagrid that more closely rivals the WinForms hierarchical version in a future release?
Susan_MS
A: We're looking at it for a future release, but we haven't figured it out yet :)
Susan_MS
Q: Do IbuyStore Portal/Store use more of the features within ASP.net or only a small percentage
Susan_MS
A: I'd say many of the most common features are shown, but many *great* features of ASP.NET are not shown. For example, there are almost no Web Services in IBuySpy.
Susan_MS
Also, features like HttpHandlers and HttpModules, Cookieless Session State and security features like Passport support and impersonation are not shown.
Susan_MS
They are also pretty limited as examples of custom controls. I expect you will see samples from us soon that show a lot more code
Susan_MS
examples for custom ASP.NET server controls.
Susan_MS
Comment from Sendman: Susan: just like j2ee request.set
Susan_MS
A: yes
Susan_MS
Q: How would I set up ibuyspy portal to use windows authentication and nt groups to determine admin rights?
Susan_MS
A: Another great question. There's a config section in the web.config file that you can uncomment to enable windows authentication.
Susan_MS
But portal as is still expects to look up roles in the Roles database table. It actually discards the roles passed in from NT and replaces them with the database ones.
Susan_MS
This happens in Global.asax, in the event handler for Application_BeginRequest. You could modify the code to *not* create the
Susan_MS
custom Principal object (in other words, simplify it) and you'd be set.
Susan_MS
Q: For the component DB Customers there is a function that declares 10 different variables...the customer is wondering why 10 variables instead of 1?
Susan_MS
A: I'm still not sure I understand which function. Possibly the add new customer method, where we'd
Susan_MS
You *could* use a Customer object to package this up in the calling page, and pass the one Customer object instead. But you'd just need to parse the values out again
Susan_MS
for the code calling ADO.NET. There isn't a lot of real world business logic in Store; if there were it
Susan_MS
might make excellent sense to encapsulate the customer data with the methods that act on it. We didn't do it in the store in order to keep the sample simple.
Susan_MS
Q: following up from admin rights questions, how would I check the NT group to give different admin rights to different groups for different portal pieces
Susan_MS
A: Ok this is a bit more work, since the admin UI relies on the Roles table too. The quickest way to get this working
Susan_MS
A: is to add roles into the database (using the portal admin tool) that exactly match the NT roles you are expecting.
Susan_MS
then you can set the roles per tab and per module as normal in IBuySpy. This presumes that you've made the
Susan_MS
change in Application_BeginRequest I mentioned earlier.
JPerry_MSPM
Q: manni : does cassini support the full .NET framework and also features like session or app state
Susan_MS
A: Yes, it supports all that stuff :)
JPerry_MSPM
Q: wjvii : Is there a way to authenticate a user using Forms Authentication without a UI. We have a Win32 VB program that we migrating parts of it to ASP.NET and we host a browser control to the web pages so it works as a single application until it is a
JPerry_MSPM
Q: wjvii - continued. We want to have the equivalent of a single sign on, without relying on the Windows integrated authentication. We currently authenticate the user through SQL 2000.
Susan_MS
A: That's a hard one -- I can't think of how to get this to work in your scenario.
JPerry_MSPM
Q: TealWren : Why does ASP.Net not include a control in the toolbox for hidden fields?
Susan_MS
A: As noted by manni, there is an HTML control for type hidden. We're looking at doing a web control for this next time around.
JPerry_MSPM
Q: wjvii : Would be useful for ASP.NET pages and Web Services to be able to share a single "authenticated" session using "Forms" authentication. Just a thought for the future.
Susan_MS
A: This isn't supported now, but we're looking at it for a future release.
JPerry_MSPM
This has been a GREAT chat. Thank you to everyone. Unfortunately, it is time to go.
Susan_MS
Hey thanks everyone -- great questions!
.gif "Top of Page")
Top of Page