Chapter 4:Lesson 1

• Server-side state is secure but not quite scalable.
• Client-side state is quite scalable but not secure.
• Persisted state means saving state information into a database. Can be utilized if database server is heavy.
• Shared state means storing copies of commonly accessed data on the server (caching) so that the server does not need to process page (or part of page) for every request.
• ViewState stores object data that is not already represented as HTML in the page response.
• Page.ViewState property is a Dictionary of type StateBag.
• Object values on a page are hashed, compressed and encoded into Unicode string and stored using one or more hidden HTML fields (depending on how Page.MaxPageStateFieldLength is set)
• ViewState includes MAC (Message Authentication Code) used by ASP.NET to check if it has been tampered with during the round trip.
• ViewState can also be made to encrypt data, both on website level and individual page level.
• For website level, we may enable viewStateEncryptionMode to Always in web.config, and for page level we set this value to Page directive of the page we want it encrypted for. (Page 189)
• EnableViewState property on every server control allows for turning on/off ViewState management for that control.
• ViewState and ControlState are handled as two different values in ASP.NET 2.0 and above. ControlState manages how a control would keep its appearance during Postbacks and therefore a control may still contribute to page size even if EnableViewState is set to false.
• ViewState does not transfer from one page to another.
• All Serializable objects can be embeded in ViewState.
• ControlState cannot be disabled for a control and is used specially in case of custom server controls. (Refer back to Page 192)
• Hidden Fields may also be used in place of ViewState, except that the Value property of a HiddenField control is not hashed, compressed or chunked nor does it support encryption.
• Furthermore, HiddenField values would be accessible on server only if page is sent via POST method (and not GET method). So they won't work if user clicks on a Hyperlink on the page.
• ASP.NET uses Cookies to maintain user sessions.
• Cookies can be temporary or permanent. To make a Cookie permanent we set its Expire property. To delete a Cookie we may set Expire to a past date.
• Like Session variables, Cookies need not necessarily be added to the Response.Cookies using Add( ) method. They may also be created using something like
  Response.Cookies["lastvisit"].Value = something;
• Path property of the HttpCookie class may be used to restrict Cookie access to pages from a specific directory. Similarly, Domain property may be used to restrict Cookie access to a specific domain.
• Typically, 20 cookies (each of max 4 KB) are allowed per site.
• A single Cookie may contain multiple Key-Value pairs, e.g.
  Response.Cookies["pref"]["color"] = Color.Blue;
  Response.Cookies["pref"]["lang"] = "en-us";
• When using QueryStrings, some browsers restrict URL size to 2083 characters which may become a problem. Moreover, QueryStrings require page submission using HTTP GET method.
• Tip: Always validate values from QueryStrings.
• QueryStrings provide advantage of maintaining state when users bookmark or email a URL. Typically URL should be limited to 70 characters to enable it to be sent via plain text email.
• Tip: Always HtmlEncode( ) values from QueryStrings and Cookies, so that client-side scripts may not get processed.
• Passing HTML code to a QueryString throws HttpRequestValidationException (if not disabled by web server administrator)

Chapter 3-Lesson 2

• We may use Hyperlink control to enable Client-side Navigation within the page. No data is posted to the newly requested page, so we may need to use QueryStrings.
• Page.PostBackUrl property is used for Cross-page Posting.
• When a cross-page post is made, data from first page is posted to the second page. The second page may access that data using Page.PreviousPage property.
• We may use properties to encapsulate controls on a page so that they could be accessed from another page as strongly typed values during a cross-page posting.
• To access such porperties in the posted page, add PreviousPageType directive after the Page directive and set its VirtualPath attribute. (Page 169 for exact usage)
• Response.Redirect( ) method is used to cause a Client-side Browser redirect. This is similar to using Hyperlinks as the browser is sent an HTTP 302 message with the URL to redirect.
• Server.Transfer( ) method is used to cause a Server-side Page Redirection. PreviousPage property is populated for the new page in this case.
• Sitemap class is used to access Web.sitemap (or other such) files from code. It has three properties namely Title, Url and Description.
• Menu, TreeView and SiteMapPath are three navigational controls that use Sitemap files.
• SitemapPath connects itself to the Sitemap file automatically. It can be put on a masterpage where it could check (automatically) current page on which it is displayed and show its bread-crumb trail.

Chapter 3-Lesson 1

• ValidationSummary control can be configured to display Pop-up error messages incase of invalid data.
• Page class contains a Validators collection containing all the validation controls put into it.
• Similarly, it contains the Validate( ) method which checks to see if data is valid on the page control. This method automatically runs after Page_Load( )
• We may use Page.IsValid property at any time during event handling to see if Page is still valid on the server.
• Client validation is by default enabled for all user controls. Use EnableClientScript to turn it off.
• To set the Focus on a particular control, use Focus( ) method.
• SetFocusOnError property on validation control ensures that the user does not leave the control until entered data is valid. This is set to false by default.
• If we wish to have a control bypass validation checks on page (and cause Postback) we may use its CausesValidation property.
• ValidationGroup property allows to treat set of validation control on a page as a group, so that if a Postback occurs only for that validation group, only controls within that group would be validated.
• The InitialValue property of the RequiredFieldValidator is used to define a value that we may have set as 'Default Value/Text' on a given control to suggest that this value must be changed by the user.
• CompareValidator may be used to compare a control values against a given constant. Or it may simply be used to check that the data entered in a given control belongs to a specific data type. Set Operator property to DataTypeCheck in that case.

Chapter 2-Lesson 3

• Label control is rendered as tag while Literal control is rendered as static text. Therefore we can't apply CSS to Literal control.
• PassThrough property of Literal control renders the specified text as it is to the browser and it is upon the browser to determine how to render output from it. Encode property would first convert any HTML tags and Javascript to appropriate HTML characters before rendering final HTML. Transform would check the target browser and remove any unsupported tags from the text.
• Use Table, TableRow and TableCell controls to dynamically create/add tables, rows or columns to a page (maybe during Pre_Init). However, these dynamically added stuff would not persist during Postback.
• Table contains Rows collection, and each TableRow contains a Cells collection.
• Image control inherits from WebControl class, and ImageMap and ImageButton inherit from Image class.
• GenerateEmptyAlternateText property of the Image control, if set to true, could be useful for generating accessible images that typically don't contribute to the meaning of the webpage. These would normally be ignored by non-visual page readers.
• ImageButton's Click event contains a ImageClickEventArgs parameter which can be used to retrieve x and y coordinates of the user's click.
• ImageMap differs from ImageButton in that it allows specification of Hotspots which would cause Postback from the image. On the other hand, clicking anywhere on the ImageButton causes a Postback.
• Hotspots can be Circular, Rectangular or Polygonal.
• HotspotMode.Postback tells a Hotspot to cause a Postback while Hotspot.Navigate tells a hotspot to navigate to a specified URL (as mentioned in the NavigateURL property).
• Hotspots may also have a PostBackValue property which would be visible in ImageMapEventArgs of the Click/Command event when the Page is posted back.
• The SelectionMode property of the Calendar control determines whether the user will be able to select a single date, a whole week, a whole month or none.
• Calendar control contains a DayRender event that is fired wherever a single day is rendered within the control. We may use DayRenderEventArgs in this event to add various controls to the Cell.Controls collection of this argument.
• Tilde operator (~) represents application root directory.
• SaveAs( ) method of FileUpload control requires an absolute path to save a file. For that we use Server.MapPath( ) to specify the directory. Along with it we may use FileName property of the FileUpload control.
• Panel control renders a DIV element in HTML.
• A MiltiView control consists of a number of nested View controls. Each View represents a mutually exclusive viewable group of controls. i.e. Only one View is visiable at any time.
• We may use ActiveViewIndex property or SetActiveView( ) method to change views through code. Setting any of these to -1 would display no Views.
• Wizard control contains a WizardSteps collection which contains members of type WizardStepBase which in turn inherits from View class.
• The Xml Control allows to display an XML Document by applying XSL Transforms to it. DocumentSource property is used to specify path to the XML file and TransformSource property is used to specify the XSLT file.

Chapter 2-Lesson 2

• Use Server.HtmlEncode( ) or HttpUtility.HTMLEncode( ) methods to avoid XSS vulnerabilites while setting Text property of any control.
• Columns property of a (MultiLine) TextBox determines how many characters would be available per line, and Rows property determines how many lines would be visible to user at any time.
• A Button can be treated as a Submit button or a Command button.
• Set the CommandName property of the Button control to treat it as a Command Button. Such buttons raise a Command event on the server (which carries CommandEventArgs parameter).
• CommandArgument property may be used to provide additional information for the command to perform. This would be available in the CommandEventArgs.
• CausesValidation property of the Button control, if set to false, allows a Button to bypass page validation.
• Setting same GroupName property of the RadioButton control causes multiple radio buttons to be treated as a group.
• CheckBoxList and RadioButtonList are easier to use in case of data binding.

Chapter 2-Lesson 1

• All server controls including the Page class derive from System.Web.UI.Control class.
• ViewState data is not stored on the web server. It is sent as part of the response to the user.
• PreInit event might be used to create dynamic controls or set masterpage and theme dynamically from code.
• Init might be used to initialize values for dynamically created controls.
• ViewState (if any) is retrieved before Load event.
• Therefore, Load event may be used to check IF the page has been posted back. The Page is in stable state while this event is fired.
• If the page is posted back, the Control events are processed after Load event.
• Any changes made to controls during PreRender event are saved to ViewState.
• Render is a method and NOT an event. It renders the client-side HTML for every control that it runs upon.
• HTML Server controls are slightly different from ordinary HTML elements in that they have runat="server" and id attribute defined in them. ASP.NET generates an object instance for each HTML Server Control on the server.
• Use HTML Server Controls when using custom Javascript for a particular control on the form.
• When converting DIV element to HTML Server Control, we may use InnerText and InnerHTML properties through code.
• All HTML and Web Server Controls need to be placed inside a Form with runat="server".
• All postponed control events are raised before the event that actually caused the postback during page life-cycle.
• The UniqueID property of a control contains its fully qualified name (i.e. NamingContainer(s) Assigned ID + Control ID)

Chapter 1-Lesson 1-2-3

• For remotely servers, the server must have Frontpage Server Extensions installed for Visual Studio to connect to it. (This will be required when using HTTP Server during Website creation in Visual Studio)
• Solution (.sln) files are text files associated only with ASP.NET Web Application Projects (and not ASP.NET Website template) and contains information about information such as target framework, default language, list of project dependencies and so on.
• Solution User Options (.suo) files is a binary file that contains breakpoints and watch window settings, tasks list and VS window locations for current user.
• Special folders (usually prefixed with word App_) are protected by ASP.NET from direct user access. This excludes App_Themes folder.
• A typical ASPX page is made up three parts, namely: Page Directives, Code (or Code-Behind) and Layout.
• If we place all website files on server, it is referred to as Dynamic Compilation, i.e. the code will get compiled automatically by server the first time a user request is made.
• On the other hand ASP.NET also allows Pre-compilation which compiles code into assemblies and leaves layout files intact. This removes the first user performance hit but is difficult to manage (as the entire website would need re-compilation for even a small change made to code)
• Machine.config file contains settings for all .NET application types including Console, Windows and Web.
• Settings related to the Web Server are stored in Root Default web.config file which resides in the same directory as Machine.config. (Typically %SystemRoot%/Microsoft.Net/Framework//CONFIG/ ) Settings in this file may override some settings from Machine.config
• Each website may then have an optional web.config at its own root folder. This file may further override Root Default web.config settings.
• Sub-directories within a website may also their respective web.config files. The runtime effectively flattens this layered configuration model (from Machine.config to Sub-Directory specific web.config) to determine the final settings for pages contained in that folder.
• The WSAT (Website Administration Tool), accessible in VS 2008 through Website -> ASP.NET Configuration allows to visually change web.config settings.