What’s New for ASP.NET?



What's New for ASP.NET?


By Elden Nelson


Sometime within the next month or two (or three, I suppose), Microsoft will release version 1.1 of the .NET Framework. As you'd expect, it sports a bunch of new features - and you can check out Microsoft's official overview at http://msdn.microsoft.com/netframework/productinfo/next/overview.asp if you're the kind of person who likes to get the full scoop.


If you're more like me, however, you'll prefer to know only what matters to ASP.NET developers in this update. I talked with ASP.NET program managers Rob Howard and Shawn Nandi to find out what changes in the Framework you should care about.


Improved Security

The forms authentication feature is a cookie-based authentication system. The user enters a username and password, which are verified, encrypted, and stored as a cookie. In version 1.1, you can now specify requireSSL (see the following code) so that when the cookie is sent back to the browser, SSL must be in place; otherwise, the form throws an exception. This ensures usernames and passwords are not sent in clear text when the negotiation of usernames and passwords is originally being done. This will set to "false" by default:


<authentication mode= "Forms">







     requireSSL="false"         <!-- New in 1.1 -->

     slidingExpiration="true"  <!-- New in 1.1 -->




You'll also notice the slidingExpiration option in the previous code, which lets you specify whether to have the account time out in the specified time, regardless of whether the user left then came back to the site during that period of time.


Machine.config has several places that require a username and password. Version 1.1 now has a way to encrypt that information so you don't have to store it in clear text.


One crucial security fix Microsoft is making is called "Safe-postback." Before version 1.1, you could do "cross-site scripting" - that is, you could input HTML and JavaScript code in forms that, after postback, would store that code back in the database. Then, when users requested that page, the code would be retrieved from the database and executed. You can see where this could cause massive problems. With version 1.1, if content contains any markup or script, an exception is thrown. You can disable this feature, but it's enabled by default.


Performance and .NET Server

When ASP.NET runs under .NET Server - to be released in the same timeframe - it takes advantage of the IIS 6 process model, which lets you set up multiple applications, each with their own process, whereas traditionally all ASP.NET apps must run under the same process.


Another important performance enhancement in version 1.1 comes from Shared Cache User Controls. The new "shared" attribute means instead of each page having to create its own cached version, pages can share information in the cache.  


Starter Kits

These are all interesting tweaks, to be sure, but the new thing I'm most excited about isn't even part of the .NET Framework update. About the same time the 1.1 version of the .NET Framework becomes available, Microsoft will be releasing a number of ASP.NET "Starter Kits." In the same way the IBuySpy sample app makes it easy to get started on building an e-commerce site, these new Starter Kits will give you robust, working code you can fold right in to your own ASP.NET applications. In addition to e-commerce, expect apps that will help you build portals, time-tracking apps, reporting apps, and communities.


By themselves, these Starter Kits are pretty darn helpful. Expect some articles in the near future from asp.netPRO, though, that will make them incredibly useful. You're really going to like what we've got on tap - unless you don't like code and real-world development strategies that can save you time and make you more productive.


With version 1.1 in beta and about ready to ship, it's time to start thinking about the next big thing - ASP.NET version 2. What new features do you think we'll see then? What new features do you think ASP.NET needs? And how long do you think we'll have to wait for it? Peek into your crystal ball and let me know. Send me e-mail at [email protected].


Elden Nelson is editor-in-chief of asp.netPRO and its companion newsletter, asp.netNOW.


Tell us what you think! Please send any comments about this article to [email protected]. Please include the article title and author.




Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.