CS_348 Building Reliable Web Applications

(Attempt 2 Questions out of 3)

Question 1

The following is a simple C# Web Service:

[WebService(Namespace = "http://tempuri.org/")]
public class Service : System.Web.Services.WebService
{
[WebMethod(EnableSession=true)]
public float Dollars2Euros(float Value)
{
return Value* (float)Session[“Rate”];
Session["Count"] = (int) Session["Count"] + 1;
}

[WebMethod(EnableSession=true)]
public int GetCount(){
! return (int) Session[“Count”];
! }
}

The first web method is intended to convert US Dollars to Euros - you can assume that the
Session variable Rate contains the appropriate currency conversion rate. The session variable
Count contains a count of how many times the service has been invoked. The attribute
[WebMethod(EnableSession=true)] simply allows web service methods to store data
in session variables, like conventional web applications. (You can assume there are other
methods to, say, update Rate and reset Count etc - these have been omitted.)

(a) The attribute WebMethod identifies methods as Web Services. However, what does the
attribute instruct the .NET framework to do to make Dollars2Euros and GetCount
available as Web Services? [5 Marks]

(b) The WebService attribute assigns a namespace to the service. What is a namespace, and
what is its purpose? [5 Marks]

(c) The WebMethod attribute has the property EnableSession=true. What does this
property do? [5 Marks]

Question Continues
(d) In an attempt to make the service more efficient, a programmer observes that the conversion
rate between Dollars and Euros (i) doesn’t change that quickly and (ii) when it does the
actual changes are quite small, so even if a conversion uses an ‘old’ value it will still be
quite accurate. Therefore they change the first method to:

[WebMethod(EnableSession=true, CacheDuration=1800)]
public float Dollars2Euros(float input)
{
//Same code as before
}

This change caches results for 1800 seconds. So if the method is called with the same
arguments within a space of 30 minutes (1800 seconds) the previously-cached value will be
returned. However, the method is now wrong - why? [5 Marks]

(e) Write web methods to (i) reset Count and (ii) change Rate. [5 Marks
Question 2

(a) Consider the following web application code (with non-relevant fragments omitted) which uses
the web service from Question 1 (it is not necessary to answer Question 1 to answer this
Question). Explain briefly what the code does. Your explanation should include a summary of
what the user would see, what actions they can take, and what the result would be, as well as
explaining the behaviour of the program. [10 Marks]

The Web Form

<body>
<form id="form1" runat="server">
<div>
<asp:TextBox ID="InputField" runat="server">
</asp:TextBox>
<asp:Button ID="ConvertButton" runat="server"
OnClick="ConvertButton_Click" Text="Convert!" />
<asp:Label ID="Result" runat="server"></asp:Label>
</div>
</form>
</body>

The Corresponding C# Code File

public partial class CurrencyHandler : System.Web.UI.Page

{
private Service Serv = new Service();

protected void ConvertButton_Click(object sender,

EventArgs e)
{
Result.Text =
(Serv.Dollars2Euros(
Convert.ToFloat32(InputField.Text))).ToString();
}
}

Question Continues
(b) Currently, the web application in part (a) does not validate its input data. State three different
ways you could validate input data. (Note you are not being asked to actually write down the
implementation of these three methods: just to state what they are). You should state if any of
the methods you choose are only applicable to ASP.NET applications and not to other dynamic
web technologies. [5 Marks]
(c) The web application in part (a) separates the web form and the corresponding logic
implementing code. What are the advantages of doing this? Why is the modifier ‘partial’
used in the definition of class ‘CurrencyHandler’? [5 Marks]
(d) Someone points out to you that it’s a bit of a waste of resources to use a server-based application
and web service to perform a simple task like converting Dollars to Euros. A simple Javascript
application could perform the required calculation as long as it was possible to somehow embed
the current conversion rate in the page. They point out that this could be done very simply
using, say, PHP (or even ASP.NET). Once the page (with the current conversion rate) has been
loaded into their browser, a user could perform as many currency conversions as they want
without sending any more traffic to the server. There is however a potential flaw in this plan.
What is it? (Hint: the flaw is not that it is in any way difficult to use PHP or ASP.NET or any of
a range of similar technologies to embed the current conversion rate in the page sent to the
users’ browsers.) [5 Marks]
Question 3
The AJAX development method combines Javascript and some form of data delivery method –
either XML or text – to create interactive web applications. Consider the following PHP server
code, and client-side Javascript and HTML (note some HTML has been omitted).

palindrome.php
<?php
/*Copies values of web form variable 'string' into
PHP variable $inString*/
$inString=$_POST["string"];

/*These lines convert string to lower case and

remove non-alphanumerics*/
$String = strtolower($inString);
$String = str_replace(array("\n","\t","\r","
"),"",$String);
$String = ereg_replace("[^A-Za-z0-9]+","",$String);

/*strrev reverses a string*/

if ($String == strrev($String)) {
!print "$inString is a palindrome.";
} else {
!print "$inString is not a palindrome.";
}
?>

<script language="JavaScript">
! function submitForm()
! {
! ! var req = null;
!
! ! if(window.XMLHttpRequest)
! ! ! req = new XMLHttpRequest();
! ! else if (window.ActiveXObject)
! ! ! req = new ActiveXObject(Microsoft.XMLHTTP);

! ! req.onreadystatechange = function()
! ! { ! !
! ! ! if((req.readyState == 4) and (req.status == 200))
! ! ! {
! ! !
! document.ajax.dyn.value=req.responseText;! !
! ! ! } else {!
! ! ! ! document.ajax.dyn.value="Error!";!
! ! ! }
! ! };
! ! req.open("POST", "palindrome.php", true);
! ! req.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
! ! req.send("string="+document.ajax.string.value);
! }
! </script>
! ...
! <form name="ajax" method="POST" action="">
<input type="BUTTON" value="Submit"
onclick="submitForm()">
<input type="text" name="string" size="32"/>
<input type="text" name="dyn" size="32">
</form>

(a) Explain how the code above works. Why is req initialized in two different ways, depending
on the presence of window.XMLHttpRequest? [10 Marks]
(b) Suppose the form was replaced by the following:
<form name="ajax" method="POST" action="">
<input type="text" name="string" onkeydown="submitForm()"
size="32"/>
<input type="text" name="dyn" size="32">
</form>
How would the behaviour of the web page differ? [5 Marks]
(c) One use for Javascript is to validate data entered by users in web forms. Briefly outline how
this process works by using hidden form elements and Javascript to submit form data under
program control. [5 Marks]
(d) Normally, it is unwise to use client-side Javascript to check a password, because the
password itself must be part of the page sent to the client. However, the script below is more
secure. Note that the the method window.open(pass) will attempt to open and display the file
named in its argument.

<script language="JavaScript">

function check_pass(pass)

{
! Win = window.open(pass)
}

</script>
...
<form name="pass_form">
<input type="password" size="18" name="pass">
<input type="button" value="Click!"
onclick="CheckPassword(pass.value)">
</form>

Explain how this code works. What is an obvious disadvantage? [5 Marks]