Build Secure Web Services With SOAP Headers and Extensions

Legions of Web developers have built Web services using the Microsoft .NET Framework and have learned how easy it is to get a basic Web service up and running. Just create an ASMX file, add a class, decorate its methods with the [WebMethod] attribute, and presto! Instant Web service.

The Framework does the hard part, mapping Web methods to class methods, leaving you to concentrate on the business logic that makes your Web service unique. Building Web services with the .NET Framework is easy—easy, that is, unless the Web services are secure. There is no standard, agreed-upon method for exposing Web services over the Internet in such a way that only authorized users can call them. WS-Security will one day change that, but for now, you're on your own. One Microsoft sample published last year demonstrates how to secure Web services by passing user IDs in method calls. While functional, that approach is less than optimal because it mixes real data with authentication data and, to first order, requires each and every Web method to perform an authorization check before rendering a service. A better solution is one that passes authentication information out-of-band (that is, outside the Web methods' parameter lists) and that "front-ends" each method call with an authentication module that operates independently of the Web methods themselves.

SOAP headers are the perfect vehicle for passing authentication data out-of-band. SOAP extensions are equally ideal for examining SOAP headers and rejecting calls that lack the required authentication data. Combine the two and you can write secure Web services that cleanly separate business logic from security logic. In this column, I'll present one technique for building secure Web services using SOAP headers and SOAP extensions. Until WS-Security gains the support of the .NET Framework, it's one way to build Web services whose security infrastructure is both centralized and protocol-independent.

The Quotes Web Service

Let's start with the Web service in Figure 1. Called "Quote Service," it publishes a single Web method named GetQuote that takes a stock symbol (for example, "MSFT") as input and returns the current stock price.

Figure I

using System;
using System.Web.Services;
using System.Web.Services.Protocols;

[WebService (Name="Quote Service", Description="Provides instant stock quotes to registered users")]
public class QuoteService
{
[WebMethod (Description="Returns the current stock price")]
public int GetQuote (string symbol)
{
if (symbol.ToLower () == "msft")
return 55;
else if (symbol.ToLower () == "intc")
return 32;
else
throw new SoapException ("Unrecognized symbol", SoapException.ClientFaultCode);
}
}

Now you can call this web service from your application inorder to test. I guess you know how to test a web service. I did a small test with the Console Application as below. The application should respond by reporting a current stock price of 55.

Figure II:

using System;

class Client
{
static void Main (string[] args)
{
if (args.Length == 0)
{
Console.WriteLine ("Please supply a stock symbol");
return;
}
QuoteService qs = new QuoteService ();
int price = qs.GetQuote (args[0]);
Console.WriteLine ("The current price of " + args[0] + " is " + price);
}
}

Now the GetQuote method is simple enough that anyone can call it. And that's just the problem. Anyone can call it. Assuming you'd want to charge for such a service, you wouldn't want for it to be available to everyone. Rather, you'd want to identify the caller on each call to GetQuote and throw a SOAPException if the caller is not authorized.

Figure III lists a revised version of Quote Service that uses a custom SOAP header to transmit user names and passwords. A SOAP header is a vehicle for passing additional information in a SOAP message. The general format of a SOAP message is:

[soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"]
[soap:Header]
...
[/soap:Header]
[soap:Body]
...
[/soap:Body]
[/soap:Envelope]

SOAP headers are optional. Here's a SOAP message that lacks a header:

[soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"]
[soap:Body]
[GetQuote xmlns="http://tempuri.org/"]
[symbol]msft[/symbol]
[/GetQuote]
[/soap:Body]

And here's the same message with a header containing a user name and password:

[soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"]

[soap:Header]
[AuthHeader xmlns="http://tempuri.org/"]
[UserName]techie[/UserName]
[Password]imbest[/Password]
[/AuthHeader]
[/soap:Header]
[soap:Body]
[GetQuote xmlns="http://tempuri.org/"]
[symbol]msft[/symbol]
[/GetQuote]
[/soap:Body]
[/soap:Envelope]

The .NET Framework lets you define custom SOAP headers by deriving from SoapHeader, which belongs to the System.Web.Services.Protocols namespace. The following statements in Quotes.asmx define a custom header named AuthHeader:

public class AuthHeader : SoapHeader

{

public string UserName;

public string Password;

}

The statement

public AuthHeader Credentials;

declares an instance of AuthHeader named Credentials in QuoteService, and the statement

[SoapHeader ("Credentials", Required=true)]

makes AuthHeader a required header for calls to GetQuote and transparently maps user names and passwords found in AuthHeaders to the corresponding fields in Credentials.

Calls lacking AuthHeaders won't even reach GetQuote. Calls that do reach it can be authenticated by reading Credentials' UserName and Password fields. GetQuote checks the user name and password and fails the call if either is invalid:

if (Credentials.UserName.ToLower () != "techie" && Credentials.Password.ToLower () != "imbest")

throw new SoapException ("Unauthorized", SoapException.ClientFaultCode);

In the real world, of course, you'd check the caller's credentials against a database rather than hard-code a user name and password. I took the easy way out here to keep the code as simple and understandable as possible.

Figure III

<%@ WebService Language="C#" Class="QuoteService" %>

<%@ WebService Language="C#" Class="QuoteService" %>
using System;
using System.Web.Services;
using System.Web.Services.Protocols;

[WebService(Name="Quote Service",Description="Provides instant stock quotes to registered users")]

public class QuoteService
{
public AuthHeader Credentials;

[SoapHeader ("Credentials", Required=true)]
[WebMethod (Description="Returns the current stock price")]
public int GetQuote (string symbol)
{
// Fail the call if the caller is not authorized

if (Credentials.UserName.ToLower () != "techie" && Credentials.Password.ToLower () != "imbest")

throw new SoapException ("Unauthorized",SoapException.ClientFaultCode);

// Process the request
if (symbol.ToLower () == "msft")
return 55;
else if (symbol.ToLower () == "intc")
return 32;
else

throw new SoapException ("Unrecognized symbol",SoapException.ClientFaultCode);

}
}

public class AuthHeader : SoapHeader
{
public string UserName;
public string Password;
}

To call this version of Quotes.asmx version of GetQuote, a client must include a SOAP header containing the user name "techie" and the password "imbest" as below.

using System;
class Client
{
static void Main (string[] args)
{
if (args.Length == 0) {
Console.WriteLine ("Please supply a stock symbol");
return;
}
QuoteService qs = new QuoteService ();

AuthHeader Credentials = new AuthHeader ();
Credentials.UserName = "techie";
Credentials.Password = "imbest";
qs.AuthHeaderValue = Credentials;

int price = qs.GetQuote (args[0]);
Console.WriteLine ("The current price of " + args[0] + " is " + price);
}
}

Voila !! Our web service is secured.

Asp.Net 2.0's New SQL Server-Based Cache Invalidation Mechanism

With the advent of SQL Server 2005, your application can request SQL Server to notify it when critical data in a database has changed. Up to that point, an application can safely continue to retrieve data from the cache. This provides a much more granular level of control and takes any guesswork out of the question of how often the cache should be refreshed. This is possible via a new feature called Query Notification, used in conjunction with .NET 2.0.

There are various types of caching available in .Net. Then what's special in Sqlserver query notification. Basically one of the pitfalls with ASP.NET is that it is app domain specific. So if you have a web farm environment, each web server has its own copy of the cache, and this means there is a potential for data being out of sync. With SQL cache dependency you can cache the data on the web server but have SQL Server notify you when the data changes.

An overview of Query Notification

A multi-user web application should be able to provide the latest critical data to its users. To be sure of meeting this need, your application may have to retrieve the results from a database every time the user issues the query. However, this unnecessarily increases network round-trips, and is an inefficient use of resources. To reduce the number of round-trips, developers have traditionally relied on caching mechanisms. Once a query is run, the data is subsequently retrieved from the application's local cache. However, the lifetime value of this cache is generally defined so that the application can periodically update the cache with new values from the database, irrespective of whether the data in the back end has changed or not. This is much better, but it is still not precise.

With query notification enabled then when you run a query against the back-end database, you not only retrieve the data into the cache, but also tell SQL Server to register a subscription for notification if the underlying data changes in a way that will affect the result of the query.

When the notification is received, the event handler in your application invalidates the cache and the next time the application runs the query, it will fetch the data from the back-end server.

All this is done without the need to write any complex application code.

Before you can establish cache dependency with SQL Server 2005, you need to perform the following steps:

• Configure SQL Server to support SQL Cache invalidation. This is a one-time setup of the tables or databases in the SQL Server database that you want to monitor.
• Add the necessary configuration information to the web.config file.

Configuration of SQL Server to Support SQL Cache Invalidation

You can perform the configuration of SQL Server 2000 to support SQL Cache invalidation in two ways:

1. Using the aspnet_regsql utility
2. Using the EnableTableForNotifications method of the SqlCacheDependencyAdmin class

For this article, consider the first method. Basically, the aspnet_regsql utility creates an extra table named AspNet_SqlCacheTablesForChangeNotification that is used to keep track of the changes to all the monitored tables in the database. It also creates a number of triggers and stored procedures to enable this capability. To run the aspnet_regsql utility, open up the Visual Studio command prompt and enter the command shown below.

Command : aspnet_regsql -S localhost -U sa -P atanu -d TestDB -ed

Click the image to enlarge

The command enables the TestDB (My database..you can use your own) database to support SQL cache invalidation:

• S—Name of the Server
• U—User ID to use to connect to the SQL Server
• P—Password to use to connect to the SQL Server
• d—The name of the database
• ed—Enables the database for SQL Server-triggered cache invalidation

Once this is done at the database level, you need to enable cache invalidation at the individual table level.

Command :aspnet_regsql -S localhost -U sa -P atanu -t Products -d TestDB -et

Click the image to enlarge

In the above command:

• t—Specifies the name of the table
• et—Enables the table for SQL Server-triggered cache invalidation

The preceding screenshot shows how to enable SQL cache invalidation for the Products table in the TestDB database. Once you configure the Products table to send notifications, any time data in the table changes, it notifies ASP.NET to invalidate the corresponding item in the cache.

Web Configuration Settings for SQL Cache Invalidation

The next step, before you can use SQL cache invalidation in your ASP.NET application, is to update the Web configuration file. You need to instruct the ASP.NET framework to poll the databases that you have enabled for SQL cache invalidation. The following Web configuration file contains the necessary configuration information to poll the TestDB database at periodic intervals:

Click the image to enlarge

The preceding Web configuration file contains two sections, [connectionStrings] and [caching]. The connectionStrings section creates a database connection string to the TestDB database named "TestDbConnection". The caching section configures the SQL cache invalidation polling. Within the databases subsection, you list one or more databases that you want to poll for changes. The add section inside the databases section indicates that the database represented by "TestDB" is polled once a minute (every 60,000 milliseconds). You can specify different polling intervals for different databases. Remember, the server must do a little bit of work every time the database is polled for changes. If you don't expect the data in the database to change very often, you should increase the polling interval.

Enabling query notification in ASP.NET using SQLCacheDependency

Now that you have performed the required configurations, you are ready to take advantage of the SQL cache invalidation feature in your ASP.NET Web page. Add a new Web form named Default.aspx to your Web site. The following is the code for the Default.aspx where we are going to bind a Grid with the data of the Products table.

using System.Data.SqlClient;
using System.Web.Caching;

protected void Page_Load(object sender, EventArgs e)
{
GridView1.DataSource = bindCachedData();
GridView1.DataBind();
}

private DataSet bindCachedData()
{

DataSet dsProducts;
dsProducts = (DataSet)Cache.Get("Products");

if (dsProducts == null)
{
SqlConnection sqlcon = new SqlConnection(ConfigurationManager.ConnectionStrings["TestDbConnection"]
.ConnectionString);
SqlDataAdapter adapter = new SqlDataAdapter("Select * from Products", sqlcon);
dsProducts = new DataSet();
adapter.Fill(dsProducts);

SqlCacheDependency dependency = new SqlCacheDependency("TestDbConnection", "Products");
Cache.Insert("Products", dsProducts, dependency);
}

return dsProducts;
}

In the above code, you start by creating an instance of the SqlConnection object passing in the connection string that is retrieved from the web.config file. Then you create an instance of the SqlDataAdapter object and pass in the SQL statement to be executed and the previously created SqlConnection object as its arguments. Then you execute the SQL query using the Fill method of the SqlDataAdapter object. After that you create an instance of the SqlCacheDependency object and supply the database name (that corresponds to the database name specified in the web.config file) and the table name as its arguments. Then you insert the categories dataset to the cache using the Insert method of the Cache object. At the time of inserting, you should also specify the SqlCacheDependency object so that the dataset can be invalidated when the data in the Product table changes. Finally, you bind the dataset to the GridView control.

The first time this application loads, there will be nothing in the application cache and dsProducts will be null. As a result, the query will be called. When this happens, the function will register a notification subscription with SQL Server. It will also load up the cache with the output of our query. When the user runs this query again the data will be retrieved from the cache. You can confirm this by running the app in debug mode.

To test if the SQL Server based cache invalidation mechanism works, modify the data in the Products table and then if you navigate to the page using the browser, you will get the changed data as retrieved from the database.

Garbage Collection in .NET - How it really works

Garbage collection is a process of releasing the memory used by the objects, which are no longer referenced. This is done in different ways and different manners in various platforms and languages. We will see how garbage collection is being done in .NET.

Garbage Collection basis

• Almost every program uses resources such as database connection, file system objects etc. In order to make use of these things some resources should be available to us.
• First we allocate a block of memory in the managed memory by using the new keyword.
• Use the constructor of the class to set the initial state of the object.
• Use the resources by accessing the type's members
• At last CLEAR THE MEMORY

But how many times have programmers forgotten to release the memory. Or how many times the programmers try to access the memory which was cleaned.

These two are the serious bugs, which will lead us to memory leak and commonly occurring. In order to overcome these things the concept of automatic memory management has come. Automatic memory management or Automatic garbage collection is a process by which the system will automatically take care of the memory used by unwanted objects (we call them as garbage) to be released. Hurrah... Thanks to Microsoft's Automatic Garbage collection mechanism.

Automatic Garbage Collection in .NET

When Microsoft planned to go for a new generation platform called .NET with the new generation language called C#, their first intention is to make a language which is developer friendly to learn and use it with having rich set of APIs to support end users as well. So they put a great thought in Garbage Collection and come out with this model of automatic garbage collection in .NET.

They implemented garbage collector as a separate thread. This thread will be running always at the back end. Some of us may think, running a separate thread will make extra overhead. Yes. It is right. That is why the garbage collector thread is given the lowest priority. But when system finds there is no space in the managed heap (managed heap is nothing but a bunch of memory allocated for the program at run time), then garbage collector thread will be given REALTIME priority (REALTIME priority is the highest priority in Windows) and collect all the un wanted objects.

How does Garbage collector locate garbage

When an program is loaded in the memory there will be a bunch of memory allocated for that particular program alone and loaded with the memory. This bunch of memory is called Managed Heap in .NET world. This amount of memory will only be used when an object is to be loaded in to the memory for that particular program.

This memory is separated in to three parts :

• Generation Zero
• Generation One
• Generation Two

Ideally Generation zero will be in smaller size, Generation one will be in medium size and Generation two will be larger.

When we try to create an object by using NEW keyword the system will,

• Calculate the number of bytes required for the object or type to be loaded in to the managed heap.
• The CLR then checks that the bytes required to allocate the object are available in the reserved region (committing storage if necessary). IF the object fits, it is allocated at the address pointed to by NextObjPtr.
• These processes will happen at the Generation zero level.

When Generation Zero is full and it does not have enough space to occupy other objects but still the program wants to allocate some more memory for some other objects, then the garbage collector will be given the REALTIME priority and will come in to picture.

Now the garbage collector will come and check all the objects in the Generation Zero level. If an object's scope and lifetime goes off then the system will automatically mark it for garbage collection.

Note:

Here in the process the object is just marked and not collected. Garbage collector will only collect the object and free the memory.

Garbage collector will come and start examining all the objects in the level Generation Zero right from the beginning. If it finds any object marked for garbage collection, it will simply remove those objects from the memory.

Here comes the important part. Now let us refer the figure below. There are three objects in the managed heap. If A and C are not marked but B has lost it scope and lifetime. So B should be marked for garbage collection. So object B will be collected and the managed heap will look like this.
But do remember that the system will come and allocate the new objects only at the last. It does not see in between. So it is the job of garbage collector to compact the memory structure after collecting the objects. It does that also. So the memory would be looking like as shown below now.
But garbage collector does not come to end after doing this. It will look which are all the objects survive after the sweep (collection). Those objects will be moved to Generation One and now the Generation Zero is empty for filling new objects.

If Generation One does not have space for objects from Generation Zero, then the process happened in Generation Zero will happen in Generation one as well. This is the same case with Generation Two also.

You may have a doubt, all the generations are filled with the referred objects and still system or our program wants to allocate some objects, then what will happen? If so, then the MemoryOutofRangeException will be thrown.

Dispose

Instead of declaring a Finalizer, exposing a Dispose method is considered as good.

public void Dispose()
{
// all clean up source code here..
GC.SuppressFinalize(this);
}

If we clean up a object, using Dispose or Close method, we should indicate to the runtime that the object is no longer needed finalization, by calling GC.SuppressFinalize() as shown above.

If we are creating and using objects that have Dispose or Close methods, we should call these methods when we’ve finished using these objects. It is advisable to place these calls in a finally clause, which guarantees that the objects are properly handled even if an exception is thrown.

Exploring the Factory Design Pattern

Software changes. This is a rather obvious statement, but it is a fact that must be ever present in the minds of developers and architects. Although we tend to think of software development as chiefly an engineering exercise, the analogy breaks down very quickly. When was the last time someone asked the designers of the Empire State building to add ten new floors at the bottom, put a pool on the top, and have all of this done before Monday morning?

This is a daunting challenge. We must design systems that are capable of changing at a moment's notice. Be it requirements, technology, or personnel, there will be change and we must be prepared. If we forget this, we do so at our own peril.

Although this can be a frightening proposition, there are a great many tools at our disposal to ensure that systems are designed to change rapidly while reducing the negative impact these alterations can bring. One such tool is design patterns. Design patterns represent a wealth of collective knowledge and experience. The proper use of these patterns will help to ensure that systems are malleable, enabling rapid change.

Over the course of this article, I will try examine in short one of the most commonly used patterns, the Factory pattern.

Factory Pattern

An important facet of system design is the manner in which objects are created. Although far more time is often spent considering the object model and instance interaction, if this simple design aspect is ignored it will adversely impact the entire system. Thus, it is not only important what an object does or what it models, but also in what manner it was created.

Since most object-oriented languages and runtimes provide object instantiation (e.g. new, newobj, etc.) and initialization (e.g. constructors) mechanisms, there may be a tendency to simply use these facilities directly without forethought to future consequences. The overuse of this functionality often introduces a great deal of the inflexibility in the system, as the direct use of a language/run-time object instantiation function creates an explicit association between the creator and created classes. While associations are a necessary type of relationship in an object-oriented system, the coupling introduced between classes is extremely difficult to overcome should requirements change (as they always do).

One of the most widely used creational patterns is the Factory. This pattern is aptly named, as it calls for the use of a specialized object solely to create other objects, much like a real-world factory. In the following sections, we will examine the basic knowledge of this pattern which will help you to adopt this design pattern quickly.

Logical Model

As with other design patterns, there are countless variations of the Factory pattern, although most variants typically used the same set of primary actors, a client, a factory, and a product. The client is an object that requires an instance of another object (the product) for some purpose. Rather than creating the product instance directly, the client delegates this responsibility to the factory. Once invoked, the factory creates a new instance of the product, passing it back to the client. Put simply, the client uses the factory to create an instance of the product. Below figure shows this logical relationship between these elements of the pattern.

The factory completely abstracts the creation and initialization of the product from the client. This indirection enables the client to focus on its discrete role in the application without concerning itself with the details of how the product is created. Thus, as the product implementation changes over time, the client remains unchanged.

While this indirection is a tangible benefit, the most important aspect of this pattern is the fact that the client is abstracted from both the type of product and the type of factory used to create the product. Presuming that the product interface is invariant, this enables the factory to create any product type it deems appropriate. Furthermore, presuming that the factory interface is invariant, the entire factory along with the associated products it creates can be replaced in a wholesale fashion. Both of these radical modifications can occur without any changes to the client.

Consider an application that models the assembly of a variety of personal computers. The application contains a ComputerAssembler class that is responsible for the assembly of the computer, a Computer class that models the computer being built, and a ComputerFactory class that creates instances of the Computer class. In using the Factory pattern, the ComputerAssembler class delegates responsibility for creation of Computer instances to the ComputerFactory. This ensures that if the instantiation and/or initialization process changes (e.g. new constructor, use of an activator, custom pooling, etc.), the ComputerAssembler does not need to change at all. This is the benefit of abstracting the creation of an object from its use.

In addition, suppose that the business requirements changed and a new type of computer needs to be assembled. Rather than modifying the ComputerAssembler class directly, the ComputerFactory class can be modified to create instances of a new computer class (assuming that this new class has the same interface as Computer). Furthermore, it is also possible to address this requirement by creating a new factory class (that has the same interface as ComputerFactory) that creates instances of the new computer class (again, with the same interface as Computer). As before, nothing in the ComputerAssembler class needs to change, all the logic just continues to work as it had previously.This is the benefit of abstracting the types of the product and factory into invariant interfaces.

Conclusion

As I conclude this examination of the of the Factory pattern, it should be apparent that this pattern offers considerable benefits. From the abstraction of instance creation to the use of immutable product and factory interfaces, this pattern provides a clear mechanism to design flexible system that are highly adaptable. The inclusion of this pattern in the .NET Framework is a clear testament to it usefulness. Regardless of the nature of your application, this pattern can help it weather the winds of change.

Service-Oriented Architecture (SOA) ... Some Basic Info

What is Service-Oriented Architecture (SOA) ?

Service Oriented Architecture or SOA for short is a new architecture for the development of loosely coupled distributed applications. In fact service-oriented architecture is collection of many services in the network. These services communicate with each other and the communications involves data exchange & even service coordination. Earlier SOA was based on the DCOM or Object Request Brokers (ORBs). Nowadays SOA is based on the Web Services.

Broadly SOA can be classified into two terms: Services and Connections.

Services:
----------
A service is a function or some processing logic or business processing that is well-defined, self-contained, and does not depend on the context or state of other services. Example of Services are Loan Processing Services, which can be self-contained unit for process the Loan Applications. Other example may be Weather Services, which can be used to get the weather information. Any application on the network can use the service of the Weather Service to get the weather information.

Connections:
---------------
Connections means the link connecting these self-contained distributed services with each other, it enable client to Services communications. In case of Web services SOAP over HTTP is used to communicate the between services.

The following figure is a typical example of the service-oriented architecture. It shows how a service consumer sends a service request to a service provider. After accepting the request, service provider send a message to the service consumer. In this case a service provider can also be a service consumer.


Different Technologies Used:
---------------------------------
SOA is much different from point-to-point architectures. SOA comprise loosely coupled, highly interoperable application services. These services can be developed in different development technologies (such as Java, .NET, C++, PERL, PHP), the software components become very reusable i.e. the same C# service may be used by a Java application and / or any other programming language. WSDL defines an standard, which encapsulates / hides the vendor / language specific implementation from the calling client / service.

Why SOA ?
-----------
SOA architecture enables seamless Enterprise Information Integration. Here are some of the Benefits of the Service

• Due to its platform independence, it allows companies to use the software and hardware of their choice.
• There is no threat of vendor lock-in
  
• SOA enables incremental development, deployment, and maintenance.
  
• Companies can use the existing software (investments) and use SOA to build applications without replacing existing applications
  
• The training costs are low, so the available labor pool can be used for running the applications
  

Getting Started on your First Web Page

Creating your first web page can be a daunting and confusing task. Where do I get started? What should I do? However, it does not have to be this way, creating a web page can be a fun and rewarding experience if you just follow a few simple guidelines, which we will outline for you here.

The first thing that you should do when getting ready to construct your first web page is to define it. What do you want your web page to do? Do not just start constructing your page, really think about it. You should think about how you want it to look, what information you want to provide to your prospective customer in order to persuade him to buy your product or service rather than going elsewhere.

Be sure that you organize the page well, think of your Home Page like the Table of Contents page in a book, it is there so that your customers know where to go in your site for their particular needs, or just to familiarize themselves with your product. Lastly, when defining your site you should do your research. Always visit your competitions web site to see how they have organized their site, so you can make yours better, whether it is just including more information about your product, or simply making a better designed site.

Now that you have given some serious thought to how you want your web site to look, and what you want to include in it, you need to think of a name for it. There are various approaches to finding the right name for your web site. The first is to make the name logical, for instance, ****’s web site is ****.com. Another approach is to make the name memorable so that your customers can type it in without thought, the name does not have to be descriptive of the product you sell, for example amazon.com sells books. Further, you should keep the name as short as possible so that it is easy for your customers to type into the url field.

Now that you have your web page named and given some thought into how you want it to look, here are some pointers for building your site. If you have pictures on your web page go over them first with a photo editing program so that the customer’s browser does not have to crunch them. This will also speed up the download speed of your page so that the customer can view quickly without having to wait for large picture files to appear on the screen.

One of the most annoying things for people surfing the web are pages that take a long time to download. All those fancy graphics will not do you any good if instead of waiting for the page to download the viewer closes his browser and goes elsewhere, so consider going light on the pictures and heavy on the information content.

You should also put some serious thought into what color fonts you are going to use, and the background color as well. When in doubt, remember that a white background with black text has been successful for thousands of years!

Your website should also be easy to navigate, all your links should be obvious to the viewer, and should be self explanatory or have information about where the link will take them. Try to keep the number of links you have low, the viewer does not want to spend a lot of time waiting for links to download, chances are, like you, he is pretty busy! Further, always link back to your homepage in order to make navigating your web page easier for your potential customers.

Decide the number of pages you want to have inside of your site, and determine logical titles for them. Think of any pictures that you might want to put on each page and where you are going to put them in order to be most effective. You should plan out your hyperlinks now, as it will make keeping track of them later a lot easier and save you time trying to figure out why they are not working properly. Decide where you want to put any buttons that you might create for hyperlinks as well. Lastly write out any information content you will be putting onto your web page in Microsoft Word first so you can detect any spelling errors you might have made. You can cut and paste parts into your favorite editor later.

So be sure to prepare before you start, think of the content you want to put in, think about your links, think about your web site’s name, draw up an outline on paper before you start constructing the page and most importantly

“Plan Your Work and Work Your Plan”

Practical difference between Interface and Abstract class

Interface

Interface is used to collect similarities. Wherever we have to implement in the class means follow that similarities

Wherever we have to use (Real life scenario)

- Two person using same code but connection to the database methods only differ to each other. One person use sql based connection another one use oracle based connection. This type of scenario we can use Interface.
- A human and a parrot can both whistle, however it would not make sense to represent Humans and Parrots as subclass of a Whistle class, rather they would most likely be subclasses of an Animal class (likely with intermediate classes), but would both implement the Whistle interface.

What is Interface ?

• The behavior of a class
  
• All methods of an Interface are abstract methods.
  
• They cannot have bodies
  
• You cannot create an instance from an interface
  
• An interface can only be implemented
  
• This is the concept of encapsulation
  
• During runtime, actual object instance is associated with the interface type
• It needs only the interface at the compile time
  
• Interface does not contain constructor
  
• Multiple inheritance feature can be achieved through interface
  
• Cannot be versioned.
  

Abstract Class

• It is a class that contains one or more abstract methods
  
• It may contain constructor but interface does not contain constructor.
  
• In Interface all methods should be public but not in abstract class
• Abstract class we can put sharable code
  
• Its not Possible to create instance of Abstract class
  
• It cannot be instantiated on it’s own, it must be inherited.
  
• It can use One Overriding method
  
• It can specify members that must be implemented in inheriting classes
  
• A class can inherit only one abstract class
  
• It enables us to place common instance behavior.
  
• Offer versioning benefits.
• Used for sharing common features among verious objects.
  

Static Contructors in .Net

What is a static constructor?

As part of my job I conduct technical interviews for my company. One of the stock question in my interview is can constructors be declared static? Most of the time I get a blunt, no, as the answer. Even some argue that one cannot use the static word along with constructors. A very few who say yes are asked further questions on static constructors like what is the difference between a static constructors and normal constructors? For this also I have got lots of answers like static constructors can be called without creating an object, only static variables can be use etc. Some say static constructors are called only once and when I ask when is that once, People don’t have an answer. So I thought I will try to clear some confusion related to static constructors.

Can constructors be declared Static?

YES

What is the difference between a static constructor and normal constructors?

As we know Normal constructors are used to initialize class variables whereas static constructors are used to initialize class level static variables. Static constructors cannot access any other objects other than static as similar to static methods. Similar to static method, static constructors are class level and not instance level. Static constructors do not take any access modifiers, like public, private, protected etc. They also don’t take any arguments. Static constructors are called only once.

Static constructors are called only once, when is that once?

Static constructors are called only once throughout the life time of the program, i.e. when the first instance of the class having static constructors is created or when a static member is accessed/used whichever happens first.Let me explain further, suppose you have a class called StaticConstructor with a static constructor as shown below.

/***********Code*****************/

using System;
namespace StaticConstructorDemo
{
class StaticConstructor
{
private static string someText;
private static int counter;

static StaticConstructor()
{
someText = "Static constructor executed. No of times: ";
counter++;
}

public static void PrintSomeText()
{
Console.WriteLine(someText + counter.ToString());
}
}

class MainClass
{
static void Main(string[] args)
{
StaticConstructor sc1 = new StaticConstructor();
StaticConstructor sc2 = new StaticConstructor();
StaticConstructor sc3 = new StaticConstructor();
StaticConstructor.PrintSomeText();
}
}
}
/***********End******************/

The above code will print “Static constructor executed. No of times: 1”. The reason is static constructor is called only once when the first instance for the class is created i.e. when sc1 is created.If the above code inside the main method is rewritten like this

/***************Code**************/

class MainClass
{
static void Main(string[] args)
{
StaticConstructor.PrintSomeText();
StaticConstructor sc1 = new StaticConstructor();
StaticConstructor sc2 = new StaticConstructor();
>StaticConstructor sc3 = new StaticConstructor();
}
}
/***************End****************/

The above code will have the same output as the previous code i.e. “Static constructor executed. No of times: 1”. Static constructor is called before the code inside the static method, PrintSomeText(), is executed. As we know static methods can use static members and if a static constructor is not executed then there is every possibility of the system throwing “object reference not set to an instance” error. So static constructors are called before the first instance of the class is created or any static members are accessed/used.

Hope from the above e.g. gives a clear idea...