Advanced web application development

Focusing on the practical application of internet technologies. Alan Oxley looks at developing web applications and explains how to create a web application that delivers dynamic content to a website.

In order to be proficient at web application development one must possess the following knowledge and skills:

an understanding of development concepts and technology;
the ability to express business logic in terms of data;
the skill to build a dynamic user interface and content using data driven objects;
the skill to extract, modify and insert data through a web interface;
an understanding of the architecture of a distributed web application.

Imagine a computer user sat at a PC interacting with a website. The user side of this interaction is referred to as the 'client'. The client-side software is the web browser. Examples include Internet Explorer and Firefox. The website side is called the server. The server-side software is the web server.

The user types in a website address to initiate the interaction. The server detects the request and sends a web page to the client. The web page sent by the server is written in programming code. The main language used is HTML. The HTML file is executed by the client and the corresponding web page becomes visible to the user.

The web page stored on the server can be a mixture of HTML and code from another language. This language could be one with reduced functionality, called a scripting language. An example is JavaScript. HTML and JavaScript are processed by the client. That is, they are used for simple web pages that are stored on the server and simply downloaded when the client requests it.

Alternatively, use could be made of a full-blown language such as Visual Basic or C#. Such a language is used for more complex web pages. When VB and C# are used, the file containing the code is first processed by the server. This produces, as its output, a file comprising HTML and JavaScript code, and it is this that is sent to the client.

A cascading style sheets (CSS) file may accompany the web page. Descriptions of the font, font size, background colour, and such things can be put in a CSS file so as to isolate some of the cosmetics from the web page logic. A CSS file is processed by the client.

Websites can be developed using one of several technologies. Some of the more common ones are ASP.NET, CGI, ColdFusion, JSP, PHP and Ruby on Rails. We will restrict our discussion to one of these - ASP.NET (Active Server Pages on Microsoft's .NET Framework).

What is ASP.NET?

You will have noticed that sometimes when you type a website address, the browser converts the address to something else. Sometimes the address changes to one ending with .aspx. When this happens you know that the website is an ASP one. ASP.NET is a web development technology. It is server-side software produced by Microsoft. It can be used with VisualStudio, an integrated development environment. At the time of writing, the current version is ASP.NET 2.0. Versions of all of the software necessary to develop websites can be downloaded free of charge.

There are several items of software to download. Example software includes: Visual Web Developer 2005 Express Edition, SQL Server 2005 Express Edition etc. Software engineers refer to a website as a web application. It is possible to write a web application in a simple text editor such as Notepad. However, there are tools that have been specifically designed to aid the software engineer. Visual Web Developer and Visual Studio are examples.

To develop a web application it is not necessary to have a client computer and a server computer connected over the internet. Instead the web server can be installed on the same PC as the web browser. The complete development of the web application can then take place and, when finished, the files can be uploaded to an external web host.

Many versions of Windows come with an in-built web server. However, it is not available on Windows XP Home edition. The web server is called Internet Information Services (IIS). With some Windows versions, IIS is pre-installed, with others it is an optional extra that is simple to install. It is a simple matter to check that all is well. You just create an HTML file, and then run the browser with its local address and the page should be displayed.

When writing programming code for a web application, one needs to conform to best practice. This includes making use of object oriented programming (OOP). The problem needs to be expressed in terms of objects. Each object is a member of a predefined class that has methods associated with it. As a simple example, we could have a class called 'BankAccount' that has methods 'WithdrawMoney' and 'DepositMoney'. An object is an instance of a class and so, in this example, we could have objects 'PatsAccount' and 'TrudisAccount'.

A dynamic web page means that it is interactive. Let us consider an example. Software engineers often write web applications that are connected to a database and so we will use one such example. The web page is a form to be completed by the user. At the bottom of the page is a button that the user has to click when finished. The button is termed a 'control'.

When the user clicks it, an event is said to have occurred. The data on the form is sent to the server, a process called post back. The web server detects the event and responds accordingly. The data is written to a database and the next web page is generated and downloaded to the user. A large part of a web application involves handling the processing of events.

It is possible for several users to be interacting with the same web page at the same time. The programming code has to be able to cope. The variables used in the code that are not dependent on individual use are isolated from the variables that are specific to individual use. We refer to the specific use as a session.

The values of the session variables for a user are lost when the user ceases using the website. To overcome this, the values can be stored on the user's PC. This is referred to as a cookie. When the user revisits the website, the browser searches for the cookie and sets the variables to the values contained therein.

Security of any database connected to a website needs to be borne in mind. In order to restrict access to a website, a login control is provided. It requests the user to enter a username and password before allowing the user to proceed. Other steps must be taken too.

The software engineer needs to have an awareness of the activities that hackers can get up to. For example, when completing the entry on a form, a hacker could enter some text and some programming code into a field. If the web application simply concatenates strings, and makes no allowance for this malicious type of input, then the hacker can change the logic used in the web application.