What ASP.NET Can And Cannot Do

4.25 (24 votes)

If you are new to web development and choose ASP.NET Web Forms as your starting point, you may be forgiven for not understanding how ASP.NET works, and what its role is. This article covers the basics which should help you discover your limits.

ASP.NET Web Forms is a great paradigm in my view, but it has a lot to answer for. One of the main things it encourages is Windows Forms developers to come to the dark side of web application development. Web application development is totally unlike Windows Forms, but with a drag and drop RAD environment, and an event-driven model, Web Forms hides a lot of basic HTTP plumbing from the uninformed. And what happens is that things don't work as they expect. This question is typical of a large number of similar ones I have seen, and in fact finally prompted this write-up.

To start with, here's an overview of how web applications work. Consider a restaurant. You walk in, are greeted by the maitre d' and get seated. You give the waiter your order and he disappears. A while later, he returns with your meal. You don't know where your meal came from or how it was prepared. You don't care, so long as it is edible.

While he was gone, and completely out of your sight, the waiter passed your food order to the chef in the kitchen. The chef sprang into action and prepared the order. A part of the order may have been fulfilled without any real work, such as a plain bread roll. Or the order may have needed special processing, such as frying or grilling. These tasks would have been passed to specialists within the kitchen to manage. Once complete, the order is passed it to the waiter for delivery. The chef doesn't know what happened to the food that was prepared or where it went. He doesn't care (so long as he receives no complaints).

Web applications are like this. For the diner, read client. The chef is the web server, and the waiter is the transport mechanism for the Request (the meal order) and the Response (the cooked meal). The client makes a request which TCP conveys to the correct web server, given the URL of the request. The server examines the request and decides if it can be fulfilled without further ado, or whether some processing is required. The part of the request which is examined primarily is the file extension. These may have been registered with the server and mapped to special processors, such as ASP.NET or PHP. Or, in the case of an image or html file, there is no need for processing. The raw content of the file is served as a response.

A palatable meal in the case of a web response is generally html. If the processors are called into play, instead of grilling or frying the ingredients in preparation for the response, they execute any related or embedded code logic, which is responsible for generating html dynamically. However, once the response has been sent, the web server doesn't know what happened to it or care. Like the waiter, it sits back on its chair, and waits for the next request. It has no persistent connection with the client.

Where Javascript Fits In

Javascript, when associated with ASP.NET (or any other server-side technology) generated web pages is a client-side scripting technology. It means nothing whatsoever to the web server. Browsers contain Javascript interpreters, which are responsible for executing javascript code. Javascript code can only be run within the context of the browser, and in this context, it runs as a result of events that take place when the user interacts with the web page in the browser. This fact is important. It means that if no events take place, Javascript is nothing more than embedded strings of text within the page. What is also important to understand is that it is only the user who can cause events within the page to fire. The web server cannot. It has sent the page to the user, and gone back to its chair to wait for the next request.

The extent to which Javascript can perform its magic is confined by its security model.  By default, Javascript is confined to a relatively benign set of actions.  It can manipulate the DOM of the current page (the root of DHTML), respond to events that take place within the current page, open new browser windows and fiddle with a limited number of settings within the browser, such as invoking the Print dialogue box.  Using xmlhttprequest, it can also make additional web requests for content hosted in the same domain as the page the script is running within (AJAX).

What you can't do as a web developer

Hopefully by now it should be clear that html itself is totally inert.  Javascript has only very limited privileges.  Once the response has been sent by the web server, the server might as well disappear in a puff of smoke as far as the current page is concerned.  This means that there are a lot of things that web developers would like to do that are impossible.  While not comprehensive, the following list  of things that cannot be done represents those which are the most commonly asked in the forums at www.asp.net:

  • Force a page to print without invoking the Print dialogue box
  • Select a printer
  • Bookmark a site
  • Remove an item from the browser's History
  • Remove an item from the brower cache
  • Read cookies set by other sites
  • Access the client's file system
  • Force a user to upload a file
  • Get the size of a file prior to upload
  • Get the dimensions of an image prior to upload
  • Determine the file type prior to upload
  • Access a database on the client machine or the web server
  • Invoke Word, Excel, Outlook etc
  • Force the user to download a file or plugin without a prompt
  • Get the filepath of an upload
  • Adjust their page margins for printing
  • Change their default printer
  • Disable the back/forward buttons
  • Read a key from their registry
  • Change their security settings
  • Automatically run an EXE on the client
  • Force them to enable cookies
  • Force them to enable javascript
  • Access a page on another site

So how can you perform these actions if the business requirements demand them?  There are a number of options.  Traditionally, developers created ActiveX controls that the user must agree to download and install.  More information can be found here, but they are limited in that they can only work with Internet Explorer.  This is usually all that's needed for corporate Intranet sites, although if IT security teams forbid the installation of plugins or ActiveX, you have a problem.

A second option is to use Flash or SilverLight.  Like ActiveX controls, these technologies can be granted specific permissions to access the local file system as well as network locations.  However, unlike ActiveX controls, they are not restricted to the Internet Explorer browser as a host.  There are plugins for a number of different browsers for both types of application. A final option is to simply create an exe that the user chooses to download and install like any other application.

You might also like...

Date Posted:
Last Updated:
Posted by:
Total Views to date: 56154


- anoynmous

correct this ""ass well as network locations"" in the last paragraph -s in ass :-) . by the way your style of writing is good. keep is up

- Jack

Great article, its like seeing the real picture. Good one. POst more article.

- Polyt

Very True indeed, You must create a book

- Dan Buckley

New to all things programming, this was very helpful and clear. Please write more.

Recent Comments

Borut 17/02/2018 12:59
In response to I'm Not Writing A Book On Razor Pages
Mike, is it possible that Web Pages and Razor Pages "live" together in one web application? I a I...

hrboyce 09/02/2018 04:44
In response to I'm Not Writing A Book On Razor Pages
Mike, First thanks for doing this but I have to ask, any chance you would consider converting one of...

aziz sallam 07/02/2018 10:18
In response to I'm Not Writing A Book On Razor Pages
u are a great man...

Satyabrata Mohapatra 31/01/2018 11:36
In response to I'm Not Writing A Book On Razor Pages
This is a great news!!!! Thanks...

tangdf 30/01/2018 07:25
In response to I'm Not Writing A Book On Razor Pages
=> { o.ConfigureFilter(new IgnoreAntiforgeryTokenAttribute()); }); The extension method does...

Obinna Okafor 30/01/2018 04:02
In response to I'm Not Writing A Book On Razor Pages
Thank you very much. I would like to see a project built from scratch using Razor Pages. And it show...

rachida Dukes 31/10/2017 13:52
In response to Customising Identity in Razor Pages
Thanks again for this wonderful tutorial. I followed all the steps in this section called: Adding...

Rachida 31/10/2017 12:06
In response to Customising Identity in Razor Pages
Thanks very much for this wonderful tutorial, it helped a lot....

Satyabrata Mohapatra 13/10/2017 10:17
In response to Customising Identity in Razor Pages
Thanks for sharing. Learned a lot!!...

Cyrus 23/09/2017 11:44
In response to Routing in Razor Pages
I want to have dynamic sitemap in my razor page app so I've created a page named "SiteMap" and route...