Coffeehouse Thread

35 posts

*sigh* :'(

Back to Forum: Coffeehouse
  • User profile image
    Cybermagell​an

    OK, so, I'm Developer.

    Web - No problem, Server - No Problem, HTTP - No problem, most positions no problem. As a developer I've gotten WinForms work done, Web work done, etc.

    ASP.NET is killing me. I have no idea what my break in thinking is....

    I understand that <? ?> is pretty much equal to <% %> and etc....however as I'm trying to go  back and learn things...Microsoft is introducing Razor, etc. So I'm going from trying to learn to wrap things in <form> and <asp:TextBox> to normal <input type="text" />. In other words I need to break what I know, to learn what I need, to learn that I need to use what I've been.

    Mentally I'm exhausted and I don't know what to do.

  • User profile image
    evildictait​or

    Don't use ASP to generate pages. Write your page in flat HTML, and use jQuery or some other framework to fetch your data from JSON that is generated by your ASP server.

    That way you won't have to think about any ASP shenanigans, and your site will magically have no XSS vulnerabilities (so long as you avoid using eval) either!

  • User profile image
    Cybermagell​an

    evildictaitor,

    That's what I do now. Kinda not acceptable, that's why I'm in this place.

  • User profile image
    MasterPi

    @Cybermagellan: Why? It's a sound way of creating a web app. It also decouples the presentation from the data/logic.

  • User profile image
    spivonious

    @Cybermagellan: Yeah, Web Forms makes things a lot harder than they need to be. Try to approach things from a WinForms perspective and it might make more sense.

    To help ease the transition, remember that you can add runat="server" to any HTML control and it will be available in the code-behind for you to work with.

  • User profile image
    Cybermagell​an

    It's not acceptable because that's not the way the paying world works. They want the <asp:TextBox>, and the <form> to wrap around an entire page.

    (isPost), what is that? Why can't I just do an async call and handle my callback?

    Seriously it's depressing to get an interview for a Senior Developer position, and when they ask "What happens on page postback?", and I say "Unfortunately I don't write in that manner" and I hear "Oh, um, hmm, well that's how you do it in .NET"

    I feel like I'm losing my mind, I KNOW I'm Senior/Lead material, I just don't use it the "legacy", way (before jQuery came along and made everyone's life easier)?

  • User profile image
    blowdart

    , evildictait​or wrote

    That way you won't have to think about any ASP shenanigans, and your site will magically have no XSS vulnerabilities (so long as you avoid using eval) either!

    Oh if only this were true.

  • User profile image
    MasterPi

    , blowdart wrote

    *snip*

    Oh if only this were true.

    Yeah, you still have to worry about escaping data before it gets presented. And then there's reflected XSS...you're not immune to session hijacking (if you use sessions) or CSRF vulnerabilities. You also have to think about CORS with an AJAX based scheme, Security issues don't just magically disappear.

  • User profile image
    magicalclick

    @Cybermagellan: since you are new for me, I am going to contribute. The pre-Razor ASP .net is indeed difficult to learn. But, imo, Razor is pretty much the best evolution to ASP.net. You cannot change the past, but, if you get to work on a new site, Razor would be my personal choice.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    Hometoy

    I don't have any experience with it myself, but what about ASP.NET MVC?

    I am wondering if that method isn't more in-line with your regular process of putting server-side code elsewhere and accessing it via AJAX.

     

  • User profile image
    spivonious

    , Cybermagell​an wrote

    It's not acceptable because that's not the way the paying world works. They want the <asp:TextBox>, and the <form> to wrap around an entire page.

    (isPost), what is that? Why can't I just do an async call and handle my callback?

    Seriously it's depressing to get an interview for a Senior Developer position, and when they ask "What happens on page postback?", and I say "Unfortunately I don't write in that manner" and I hear "Oh, um, hmm, well that's how you do it in .NET"

    I feel like I'm losing my mind, I KNOW I'm Senior/Lead material, I just don't use it the "legacy", way (before jQuery came along and made everyone's life easier)?

    Well, IMO a senior ASP.NET developer should know all about postbacks and the page lifecycle. He doesn't have to use them in his web site, but he should know about them. Most dev work is maintaining existing sites. What happens if you need to modify a page that uses postbacks and the horribly confusing way that ASP.NET handles callbacks? You can't just rewrite the entire page to use jQuery. What if there's a requirement that the site work without JavaScript?

  • User profile image
    itsnotabug

    , Cybermagell​an wrote

    Seriously it's depressing to get an interview for a Senior Developer position, and when they ask "What happens on page postback?", and I say "Unfortunately I don't write in that manner" and I hear "Oh, um, hmm, well that's how you do it in .NET"

    Sounds like that company might not be the right fit for you, but I don't think it's fair to dismiss writing code "in that manner" if it's a job requirement, despite being an older technology. You'd just have to learn it if you wanted that job.

    I feel like I'm in the minority because I actually like web forms, despite my recent work with MV*. It provides a convenient, encapsulated object/event model to very RAPIDLY deliver solutions for a certain lob class of applications.

    Web forms allowed an entire generation of small/medium businesses to leverage their existing VB6 skills and enter the web space and for the companies I've worked for, they've been wildly successful. I had a non-technical boss tell me once that the only true measure of software quality is if the company is making money using it.

  • User profile image
    Deactivated User

    Comment removed at user's request.

  • User profile image
    ScanIAm

    This is much of the horribleness that is web app development in a nutshell:  Why the hell should I have to know the intricacies of the transfer protocol in order to make sure that my application functions correctly.  The same holds true even with ASP.Net MVC in that there is some inconsistencies about how a method in the controller functions when you start using ViewModels more extensively.

    It's all learnable, but it's similar to having to manually manage memory in C/C++.  It's required, but it will eventually be superseded by a better technology.

  • User profile image
    evildictait​or

    , blowdart wrote

    *snip*

    Oh if only this were true.

    OK. You also need to not ever use outer/innerHTML to not have XSSes - but you shouldn't be doing that anyway (if you are doing it - stop it. stop it now). If your code (and the frameworks you are using) don't ever use eval or write HTML to the DOM directly, then there is no path for attacker controlled data to be executed as a script*

     

    * that's not a challenge, btw. document.createElement("script").innerText is the same as eval, but people that do that kind of thing should not be allowed near computers for fear that their stupidity might leak out via the keyboard and contaminate the Internet.

  • User profile image
    blowdart

    , evildictait​or wrote

    If your code (and the frameworks you are using) don't ever use eval or write HTML to the DOM directly, then there is no path for attacker controlled data to be executed as a script*

    Much better. I keep finding this and it makes me weep.

  • User profile image
    cbae

    @Cybermagellan: All .NET web frameworks (Web Forms, MVC, or Web Pages), are built on top of ASP.NET. They're technically called ASP.NET Web Forms, ASP.NET MVC, and ASP.NET Web Pages, respectively. So it's imperative to have a good understanding of the ASP.NET web stack: application pools, worker processes, HttpContext, HttpRequest, HttpResponse, etc. even if the particular framework that you're working with tries to buffer you from having to have any knowledge of these components.

     

     

  • User profile image
    MarkDeFalco

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.