ASP.NET Applications

An ASP.NET application consists of all the Web pages and code files that can be invoked from a virtual directory and its subdirectories on a Web server. Besides .aspx files and code-behind files such as those we have already examined, an application can also have a global.asax file and a configuration file config.web . In this section we examine the features of ASP.NET applications. We then investigate the mechanisms for working with application state and session state and for configuring Web applications. Our illustration will be our Acme Case Study (Step 2).

Sessions

To appreciate the Web application support provided by ASP.NET, we need to understand the concept of a Web session . HTTP is a stateless protocol. This means that there is no direct way for a Web browser to know whether a sequence of requests is from the same client or from different clients . A Web server such as IIS can provide a mechanism to classify requests coming from a single client into a logical session. ASP.NET makes it very easy to work with sessions.

Global.asax

An ASP.NET application can optionally contain a file Global.asax , which contains code for responding to application-level events raised by ASP.NET. This file resides in the root directory of the application. Visual Studio will automatically create a Global.asax file for you when you create an ASP.NET Web Application project. If you do not have a Global.asax file in your application, ASP.NET will assume you have not defined any handlers for application-level events.

Global.asax is compiled into a dynamically generated .NET Framework class derived from HttpApplication .

Here is the Global.asax file for our Case Study Step 2.

 using System;  using System.Collections;  using System.ComponentModel;  using System.Web;  using System.Web.SessionState;  using OI.NetCs.Acme;  namespace AcmeWeb  {     public class Global : System.Web.HttpApplication     {        protected void Application_Start(Object sender,           EventArgs e)        {  HotelState.acme = new Acme();  }        protected void Session_Start(Object sender,           EventArgs e)        {  Session["UserId"] = "";  }        protected void Application_BeginRequest(           Object sender, EventArgs e)        {        }        protected void Application_EndRequest(Object sender,           EventArgs e)        {        }        protected void Session_End(Object sender,           EventArgs e)        {        }         protected void Application_End(Object sender,           EventArgs e)        {        }     }  } 

The most common application-level events are shown in this code. The typical life cycle of a Web application would consist of these events:

• Application_Start is raised only once during an application's lifetime, on the first instance of HttpApplication . An application starts the first time it is run by IIS for the first user . In your event handler you can initialize a state that is shared by the entire application.

• Session_Start is raised at the start of each session. Here you can initialize session variables .

• Application_BeginRequest is raised at the start of an individual request. Normally you can do your request processing in the Page class.

• Application_EndRequest is raised at the end of a request.

• Session_End is raised at the end of each session. Normally you do not need to do cleanup of data initialized in Session_Start , because garbage collection will take care of normal cleanup for you. However, if you have opened an expensive resource, such as a database connection, you may wish to call the Dispose method here.

• Application_End is raised at the very end of an application's lifetime, when the last instance of HttpApplication is torn down.

In addition to these events, there are other events concerned with security, such as AuthenticateRequest and AuthorizeRequest . We will discuss ASP.NET security in Chapter 12.

In the Case Study, we instantiate a single global Acme object instance in Application_OnStart . This single instance is stored as a static data member of HotelState .

 class HotelState  {     static public Acme acme;  } 

In the Session_Start event handler we initialize the session variable UserId to be a blank string. We discuss session variables later in this section.