Microsoft .NETDevelopment Platform Overview

Erik SargentMay 16, 2002

Outline

• What is .NET? - Microsoft’s Strategy

• Under the Hood

• Security & Managed Code

• ASP.NET

• Cross-Language Debugging

• Zero-Footprint Desktop Deployment

Vis

ual

Stu

dio

Vis

ual

Stu

dio

Windows Server, Enterprise ServersWindows Server, Enterprise Servers

Passport, Alerts, .NET My ServicesPassport, Alerts, .NET My Services

Windows XP, Windows CE, Pocket PC, OfficeWindows XP, Windows CE, Pocket PC, Office

What is .NET?A comprehensive XML Web Services platform

Under the HoodCommon Language RuntimeCommon Language Runtime (CLR) (CLR)

The execution environment for IL. Provides security, The execution environment for IL. Provides security, garbage collection, exception handling, inheritance and garbage collection, exception handling, inheritance and support for Base Class Libraries. Comparable to JVM.support for Base Class Libraries. Comparable to JVM.

Common Language SpecificationCommon Language Specification (CLS) (CLS)A subset of the Common Type Specification which all A subset of the Common Type Specification which all

language compilers targeting CLR must adhere to.language compilers targeting CLR must adhere to.

Intermediate LanguageIntermediate Language (IL) (IL)Compilers generate “platform” independent IL which the Compilers generate “platform” independent IL which the

JIT will compile for execution by the CLR. For JIT will compile for execution by the CLR. For equivalent functionality, the IL should be exactly the equivalent functionality, the IL should be exactly the same for different languages! Performance is same.same for different languages! Performance is same.

Language NeutralityCLR doesn’t know what language it is running.

There are more than 25 languages for .NET, including COBOL, PERL, Eiffel and Java!

CLS objects are cross-language. A VB.NET class can be created as an object in PERL and then passed to a COBOL method!

Java is language specific and platform neutral. .NET is language neutral, but platform specific.

.NET Base Classes

Object Oriented

Over 4,500 classes provide most of the features that most applications ever need.

Much of the implementation of data is XML inside (ADO.NET)

.NET support for Web Services leads industry.

.NET Assembly - The New .DLL

Combines MSIL with metadata for code management.

Strong Typing allows side-by-side, concurrent execution of different versions of the same assembly! Determination of which version to run can be made through application settings or by administrators of the machine.

Global Assembly Cache (GAC) allows commonly shared assemblies to be pre-compiled and stored in one place.

No Registry Required! “DLL Hell” is gone.

Security & Managed CodeManaged Code is type-safe and has execution

boundaries, called Domains.

Application Domains can execute in the same process.

Unmanaged code in an Assembly is identified by metadata, letting the CLR treat it differently.

Policies at the Enterprise, Machine, User and Application levels define permissible actions for execution, and configuration settings.

Role-Based SecurityProgrammers can use role-based security to control

access to methods or properties at run-time.

Isolate security from code logic by applying attributes defined in System.Security or EnterpriseServices

System.Security is feature-rich, but is limited to Windows user groups.

EnterpriseServices uses COM+ roles for more flexibility but classes must inherit from EnterpriseServices

You can implement your own security provider for databases, LDAP, …

Example: Security Using Attributes

using System.Security.Permissions;public class Car{

[PrincipalPermission(SecurityAction.Demand,Role=“Parent")]public long StartEngine(){...}

[PrincipalPermission(SecurityAction.Demand,Role=“Parent")][PrincipalPermission(SecurityAction.Demand,Role=“Child")]public long OpenDoor(){...}

}

Evidence-Based SecurityEvidence is the characteristics of the code such as its

directory or digital signature.

Code Groups are logical groupings of code with evidence that satisfies certain conditions like <Directory=“c:\winnt\”> or <URL=“UseDotNet.com”>.

Named Permission Sets define the permissions applied to Code Groups.

Application Domain Hosts such as browsers or the shell can enforce more restrictive permissions and, if trusted, provide evidence about the hosted assembly to the CLR.

Evidence-Based SecurityEffective PermissionsEffective Permissions are determined by calculating the are determined by calculating the intersectionintersection of Named Permissions granted at each Policy of Named Permissions granted at each Policy Level.Level.

Each Policy Level grants permissions based on the Each Policy Level grants permissions based on the unionunion of of Named Permissions for all matching Code Groups defined Named Permissions for all matching Code Groups defined at that level. at that level. AttributesAttributes can be applied to Code Groups in can be applied to Code Groups in each policy level to modify the default determination.each policy level to modify the default determination.

The effect is for least restrictive permissions within a Policy The effect is for least restrictive permissions within a Policy Level (unless “nothing” is specified) but most restrictive Level (unless “nothing” is specified) but most restrictive permissions when Policy Levels are combined.permissions when Policy Levels are combined.

Enterprise, Machine, User and Application policies are adhered Enterprise, Machine, User and Application policies are adhered to but defined independently.to but defined independently.

Website SecurityASP.NET is compiled to managed code before

executing, so web pages can utilize the same role-based features as other .NET applications.

Web.config can define built-in ASP.NET security providers such as “Forms”, “Windows” or set event handlers for custom providers.

Web.config is an “application” level security policy file. Settings in higher level policy files take precedent, so administrators of shared web servers can breath.

Security & Managed Code

Evidence-based security means that there is no guarantee your code has sufficient permission to run when the user executes it!

Download FxCop from www.UseDotNet.com to check that your assemblies follow Microsoft’s .NET Framework Design Guidelines. Add rules for your team’s design guidelines.

.NET classes are free-threaded.

ASP.NET

Programming model can handle client-side events on the server as if they happened on the server.

Design-time provides GUI configuration of controls on the page. Microsoft provides controls that are fast and scalable for .NET (vs. VS6).

Compiled code means 2-5 times faster execution.

Session State is now fast and scalable.

ASP.NET Change Management• Version code just like any other .NET application!• Debug Using Trace! (instead of Response.Write)• Automated Unit Testing!• Deploy Assemblies Without Source Code!

– Protect your Intellectual Property!• Publish web applications with simple XCopy!

– Goodbye FrontPage Extensions!• Dynamic Code Replacement - Without Rebooting!• Concurrently Run Different Versions of Business

Objects Side-By-Side!• Script Builds from Source Control

ASP.NET Cool FeaturesOutput Caching is automatic, but configurable by

user, query, time or underlying data source AND at either the page or control level.

ASP and ASP.NET can run in the same directory but do not share state.

Use any .NET language. Use structured exception handling as implemented in the language.

Debug from web pages down into business objects.

Writing XML Web ServicesUse the WebService directive in .ASMX pages. Code behind

uses the WebMethod attribute and inherits from System.Web.Services.WebService.

.NET will use reflection to automatically generate a WSDL and a simple human-readable testing and documentation page.

Also, you can publish any COM+ object or .NET assembly by registering it in COM+ and checking a box. COM+ can use .NET remoting instead of HTTP for .NET to .NET calls.

SQL and Exchange 2000 both provide XML Web Services access methods to their data.

Web ServicesImports System.Web.Services

<WebService(Namespace := "http://tempuri.org/")> _Public Class Service1 Inherits System.Web.Services.WebService

<WebMethod()> Public Function HelloPerson(ByVal YourName As String) As String

HelloPerson = "Hello, " & YourName & "." End Function

End Class

Consuming XML Web ServicesAll Web Services are late-binding.

Static bindings are Web References. Use them just like a referenced assembly. IntelliSense works!

Dynamically bind to services at run-time by using UDDI and/or Disco.

If necessary, configure proxy server and credentials in machine.config.

Consume .NET Web Services from any platform.

Consuming Web Services

ASP.NET Web Form

Web Services

Private Sub Button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button.Click

Dim ws As New HelloService.Service1()

Results.Text &= ws.HelloPerson(strName.Text) & "<br>"

End Sub

Touchless Desktop Deployment

DEMO

Issues

Only Windows 2000 and XP as servers. Windows 98 or better as clients. CE support is in beta and will be a subset.

Transparency of Source Code – MSIL is relatively easy to reverse engineer to source code. Obfuscators and encryption will solve this in the future.

Security of .NET is still questioned based on past experience with Microsoft.

.NET MythsMyth: Passport is required for authentication in .NET. BizTalk

is required for XML Web Services. Windows CALs are required for access to “authenticated” IIS applications.

Myth: J# is another Microsoft attempt to corrupt Java.

Myth: The Microsoft .NET Pet Store benchmark proves ASP.NET is 15-28 times faster, requires ¼ the CPU, ¼ the code and supports 6-8x as many users as J2EE.

Related Myth: Oracle’s latest Java Pet Store proves J2EE on Oracle is faster than .NET

Myth: .NET is a huge mental leap for VB developers.

Resources

• Microsoft’s .NET 6-Week Guide http://msdn.microsoft.com/net/guide/

• Mono – Open Source .NET on Linuxhttp://www.go-mono.com/

• DotNetExtreme.Com’s Explaination of .NEThttp://www.dotnetextreme.com/articles/DotNet.asp

• UseDotNet – Get the Slides & Sampleshttp://www.usedotnet.com/