因此 ASP.NET 特別可以在同一網站同時寫 vb 跟 C#,方式是在 web.config compilation 加上設定
<compilation debug="true" defaultLanguage="c#" targetFramework="4.0">
<codeSubDirectories>
<add directoryName="VB_Code"/>
<add directoryName="CS_Code"/>
</codeSubDirectories>
</compilation>
也就是 VB.NET 的 code 就放到 ~\APP_Code\VB_Code 目錄
C# 的 code 就放到 ~\APP_Code\CS_Code 目錄
這樣做有兩點要注意
1. Namespace 的命名,最好不要互相衝突, 要能夠區分出來
2. VB_Code 與 CS_Code 放的位置有很大的影響, 因為牽涉到 compiler的先後順序,因為 VB_Code 在 CS_Code 在前面,所以 CS_Code可以叫用 VB_Code下的程式,但是 VB_Code 卻不能叫用 CS_Code 的程式,如果希望 VB_Code可以叫用 CS_Code的程式,就把設定換過來
<compilation debug="true" defaultLanguage="c#" targetFramework="4.0">
<codeSubDirectories>
<add directoryName="CS_Code"/>
<add directoryName="VB_Code"/>
</codeSubDirectories>
</compilation>
缺點就是反過來 CS_Code不能使用 VB_Code的程式
基本上,若是舊的程式碼都在VB_Code 那就把 VB_Code 放到前面
http://weblogs.asp.net/jongalloway/10-things-asp-net-developers-should-know-about-web-config-inheritance-and-overrides
http://blog.uwinfo.com.tw/auth/article/reiko/172
基本上就是 ASP.NET 無法辨別 IE11的UserAgent, 誤判他是別種瀏覽器造成
上此 hotfix 就可以解決
http://support.microsoft.com/kb/2836939
解決方式
1. 先確認 aspx => ValidateRequest="false
2. 上面如果設定對
在Web.config中<system.web>中加入
這段 <httpRuntime requestValidationMode="2.0" />就ok了!!!
造成的原因
是.NET 4.0跟2.0版本在請求驗證的定義不同:
ASP.NET Request Validation 請求驗證是ASP.NET提供來保護XSS攻擊的一項功能
在2.0 僅針對.aspx及class進行驗證…
但到了4.0,請求驗認範圍擴大到所有的請求…
而不是只有.aspx,還包含WebService呼叫以及自訂的http Handlers,都會去驗證http請求的內容…
因為ASP.NET4.0與2.0版本在請求驗證的定義上已經有所不同:
這時為了避免這樣的問題,一樣在Web.Config中 <system.web>下加入下列語句
<httpRuntime requestValidationMode="2.0" />
http://www.dotblogs.com.tw/pin0513/archive/2010/10/22/18522.aspx
參考:http://forums.asp.net/t/1934887.aspx
解決方法:安裝更新 KB2836939 下載
這時我們會用 Response.Cookies.Add 寫入
但是大家都會忽略到一種情況,如果後面程式也會使用到該cookies時
Request.Cookies 會抓不到剛設定的cookies
這時就要 Request.Cookies.Set 來設定 Request 值
錯誤示範:
Page_Load --> Response.Cookies.Add a Cookie named "test"
Page_PreRender --> Request.Cookies("test") --> Nothing
正確示範(同時寫兩行):
Page_Load --> Response.Cookies.Add a Cookie named "test"
Request.Cookies.Set a Cookie named "test"
Page_PreRender --> Request.Cookies("test") --> Got it!
ASP.NET 在處理 HTTP POST 要求時最多只能接受 1,000 個參數,一般來說不會有人透過 POST 傳遞表單資料超過 1,000 個欄位 ( 以筆者的經驗來說,傳過最多的一次是 700 個欄位,當時是個問卷系統 ),如果傳數參數超過 1,000 筆的話,就會出現 Operation is not valid due to the current state of the object. (英文) 或 由於該物件目前的狀態,導致作業無效。 (中文) 例外狀況,細部的例外訊息會有 HttpException (0x80004005): The URL-encoded form data is not valid. (英文) 或 HttpException (0x80004005): URL 編碼型式資料無效。
參考:http://blog.miniasp.com/post/2012/01/01/Efficient-Denial-of-Service-Attacks-on-Web-Application-Platforms.aspx
解:
web.config加下面這個設定
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
</appSettings>
在 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet.config 之下, 可以設定
<system.web> <applicationPool maxConcurrentRequestsPerCPU="12" maxConcurrentThreadsPerCPU="0" requestQueueLimit="5000"/></system.web>
另外,在 registry 中,可以設定 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\MaxConcurrentRequestsPerCPU
參考:
http://blogs.msdn.com/b/tmarq/archive/2007/07/21/asp-net-thread-usage-on-iis-7-0-and-6-0.aspxHttpApplication Events:
Application_AcquireRequestState
Occurs when ASP.NET acquires the current state (for example, session state) that is associated with the current request.
Application_AuthenticateRequest
Occurs when a security module has established the identity of the user.
Application_AuthorizeRequest
Occurs when a security module has verified user authorization.
Application_BeginRequest
Occurs as the first event in the HTTP pipeline chain of execution when ASP.NET responds to a request.
Application_Disposed
Adds an event handler to listen to the Disposed event on the application.
Application_EndRequest
Occurs as the last event in the HTTP pipeline chain of execution when ASP.NET responds to a request.
Application_Error
Occurs when an unhandled exception is thrown.
Application_PostAcquireRequestState
Occurs when the request state (for example, session state) that is associated with the current request has been obtained.
Application_PostAuthenticateRequest
Occurs when a security module has established the identity of the user.
Application_PostAuthorizeRequest
Occurs when the user for the current request has been authorized.
Application_PostMapRequestHandler
Occurs when ASP.NET has mapped the current request to the appropriate event handler.
Application_PostReleaseRequestState
Occurs when ASP.NET has completed executing all request event handlers and the request state data has been stored.
Application_PostRequestHandlerExecute
Occurs when the ASP.NET event handler (for example, a page or an XML Web service) finishes execution.
Application_PostResolveRequestCache
Occurs when ASP.NET bypasses execution of the current event handler and allows a caching module to serve a request from the cache.
Application_PostUpdateRequestCache
Occurs when ASP.NET completes updating caching modules and storing responses that are used to serve subsequent requests from the cache.
Application_PreRequestHandlerExecute
Occurs just before ASP.NET begins executing an event handler (for example, a page or an XML Web service).
Application_PreSendRequestContent
Occurs just before ASP.NET sends content to the client.
Application_PreSendRequestHeaders
Occurs just before ASP.NET sends HTTP headers to the client.
Application_ReleaseRequestState
Occurs after ASP.NET finishes executing all request event handlers. This event causes state modules to save the current state data.
Application_ResolveRequestCache
Occurs when ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the event handler (for example, a page or an XML Web service).
Application_UpdateRequestCache
Occurs when ASP.NET finishes executing an event handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache.
Application_Init
This method occurs after _start and is used for initializing code.
Application_Start
As with traditional ASP, used to set up an application environment and only called when the application first starts.
Application_End
Again, like classic ASP, used to clean up variables and memory when an application ends.
Session Events:
Session_Start
As with classic ASP, this event is triggered when any new user accesses the web site.
Session_End
As with classic ASP, this event is triggered when a user's session times out or ends. Note this can be 20 mins (the default session timeout value) after the user actually leaves the site.
Profile Events:
Profile_MigrateAnonymous
Occurs when the anonymous user for a profile logs in.
Passport Events:
PassportAuthentication_OnAuthenticate
Raised during authentication. This is a Global.asax event that must be named PassportAuthentication_OnAuthenticate.
Possibly more events defined in other HttpModules like:
System.Web.Caching.OutputCacheModule
System.Web.SessionState.SessionStateModule
System.Web.Security.WindowsAuthentication
System.Web.Security.FormsAuthenticationModule
System.Web.Security.PassportAuthenticationModule
System.Web.Security.UrlAuthorizationModule
System.Web.Security.FileAuthorizationModule
System.Web.Profile.ProfileModule