Your source for ASP-related frequently asked questions and answers! : ASP FAQS : ASP.NET

Question: If I deploy an ASP.NET Web application will the sysadmin of the Web server where the code in installed be able to see my ASP.NET Web page source code?

Answer: One of the rather radical changes from classic ASP to ASP.NET is that in ASP.NET, Web pages are compiled programs. With classic ASP, ASP pages are comprised of script code. When an ASP page is requested, a scripting engine parses the script code of the ASP page producing HTML output. With ASP.NET, however, when pages are requested for the first time (or for the first time after a change has been made to the Web page), the code is converted into a class and then compiled into a DLL. This DLL is then "run," emitting HTML output.

The compiled model of ASP.NET invite a couple of advantages over the scripting model of classic ASP. First, a Web server can handle more ASP.NET Web page requests per second than classic ASP page requests per second. One of the major reasons for this performance increase is the fact that ASP.NET Web pages do not need to be recompiled every page view, like ASP pages need to be rerendered every time they are visited.*

"So," you may be wondering, "if the pages are compiled into a DLL then I can build an ASP.NET Web site, compile it into its corresponding DLL files, and then ship the DLL files, effectively hiding the source code from those who are using my system." Well, yes, if you create your application using code-behind pages. ASP.NET Web pages can be created in one of two ways: creating a single ASP.NET Web page that contains both the HTML content and server-side code (the server-side code, ironically, is placed in a <script runat="server"> block, even though it is not script code). The other approach is to use a two file system: the first file is an .aspx page, which contains the HTML content; the second file is a .vb or .cs page, containing a class derived from the Page object that holds the code for the ASP.NET Web page. This latter approach is called using code-behind pages, and is the default way Web pages are created when using Visual Studio .NET. Before your Web page can be viewed, the .vb or .cs must be compiled into a DLL (and there are some settings that must appear in the .aspx file, wiring up the .aspx page to work with the .vb or .cs file).

The code-behind pages have the advantage of separating the code of an ASP.NET Web page from the HTML content. This method can also be used to ship an ASP.NET Web application to a client with the source of the ASP.NET Web pages hidden. Simply by sending only the DLL files (along with the corresponding ASP.NET files that contain the HTML content), you allow your customer to change the look and feel of the ASP.NET Web pages (by editing the .aspx files) as well as hiding the "trade secrets" (the source code) in the code-behind DLL files.

(To learn more about creating code-behind files, check out:

-- ASP.NET Code Behind Pages
-- Creating your First Code Behind Page)

* Technically, ASP pages don't need to be rerendered every page view. IIS automatically caches the low-level output generated by the scripting engines and stores this page output in a memory-based cache. Therefore, ASP page output is cached away for quick access without the need for rerendered. The only caveat is that it is cached in a memory cache, meaning that only a finite number of pages can be held in the cache. (This number is configurable through a registry setting.)

On the other hand, ASP.NET uses a disk-based cache to store the compiled DLLs, guaranteeing a virtual infinite number of ASP.NET Web pages to be "cached" (that is, not needing to be recompiled each time the page is visited).

FAQ posted by Scott Mitchell at 3/11/2002 5:19:42 PM to the ASP.NET category. This FAQ has been viewed 73,651 times.

Copyright 2019 QuinStreet Inc. All Rights Reserved.
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers