Drop vs Truncate vs Delete in SqlServer

Drop Command: If we want to destroy the existing tables present in the database we use the Drop Command.


Truncate Command: Removes all rows from a table. TRUNCATE TABLE is functionally the same as the DELETE statement with no WHERE clause specified.


The difference between Truncate and Delete is:

  • Truncate table is faster in execution.
  • Truncate will reset the identity function if present on the table to initial value again which will not happen in delete.


Leave a comment

Posted by on June 3, 2016 in .NET


Url.Action vs Url.RouteUrl

Url.RouteUrl allows you to specify a particular route by name. This will force the usage of that route.

If you have multiple routes with similar parameters the Action method may pick a wrong one – it works based on the order of route definitions. This may take place when your routes have optional parameters.

Leave a comment

Posted by on June 3, 2016 in .NET


Lazy loading/Deferred loading in Entity frame work

One of the important functions of Entity Framework is lazy loading. Lazy loading means delaying the loading of related data with its parent object, until you specifically request for it.

you can also turn off lazy loading for a particular property or an entire context. To turn off lazy loading for a particular property, do not make it virtual. To turn off lazy loading for all entities in the context, set its configuration property to false:

public partial class SchoolDBEntities : DbContext
    public SchoolDBEntities(): base("name=SchoolDBEntities")
        this.Configuration.LazyLoadingEnabled = false;

Below are the advantages of lazy loading:

  • Minimizes start up time of the application.
  • Application consumes less memory because of on-demand loading.
  • Unnecessary database SQL execution is avoided.

The only one disadvantage is that the code becomes complicated. As we need to do checks if the loading is needed or not, there is a slight decrease in performance.


Leave a comment

Posted by on June 3, 2016 in .NET


Events in the Global.asax file

The Global.asax file, also known as the ASP.NET application file, is an optional file that contains code for responding to application-level events raised by ASP.NET or by HttpModules and session-level events.

The following are some of the important events in the Global.asax file.

  • Application_Init
  • Application_Start
  • Session_Start
  • Application_BeginRequest
  • Application_EndRequest
  • Application_AuthenticateRequest
  • Application_Error
  • Session_End
  • Application_End

The purpose of these event handlers is discussed in this section below.


The Application_Init event is fired when an application initializes the first time.


The Application_Start event is fired the first time when an application starts.


The Session_Start event is fired the first time when a user’s session is started. This typically contains for session initialization logic code.


The Application_BeginRequest event is fired each time a new request comes in.


The Application_EndRequest event is fired when the application terminates.


The Application_AuthenticateRequest event indicates that a request is ready to be authenticated. If you are using Forms Authentication, this event can be used to check for the user’s roles and rights.


The Application_Error event is fired when an unhandled error occurs within the application.


The Session_End Event is fired whenever a single user Session ends or times out.


The Application_End event is last event of its kind that is fired when the application ends or times out. It typically contains application cleanup logic.

Application_Start/End events are called only once.

Leave a comment

Posted by on June 3, 2016 in .NET


Encrypt ViewState info

The ViewState is stored in a hidden field with an ID __VIEWSTATE. This is nothing but a Base64 encoded string, and is not an encrypted string. So it can be easily decoded.

The main reasons for using Base64 encoding are as follows:

  1. Base64 makes a string suitable for HTTP transfers
  2. It makes it a little harder to read

But, after decoding the string (viewstate data), we can see the exact data that is stored inside the ViewState.


There are two different ways in which you can prevent someone from decrypting ViewState data.

  1. You can make sure that the ViewState information is tamper-proof by using “hash codes”. You can do this by adding EnableViewStateMAC=true in your page directive. MAC stands for “Message Authentication Code”.

When we use EnableViewStateMac=”True”, during ViewState save, ASP.NET internally uses a hash code. This hash code is a cryptographically strong checksum. This is added with the ViewState content and stored in a hidden filed. During postback, the checksum data is verified again by ASP.NET. If there is a mismatch, the postback will be rejected.

  1. The second option is to set ViewStateEncryptionMode=”Always” with your page directives. This will encrypt the ViewState data.

ViewStateEncryptionMode has three different options that can be set:

  • Always: encrypt the View State always.
  • Auto: encrypt if a control requests for encryption. For this to happen, the control must call thePage.RegisterRequiresViewStateEncryption() method.
  • Never: Never encrypt the ViewState.
<pages enableViewStateMac="true">
Leave a comment

Posted by on June 3, 2016 in .NET


Session State Modes in Asp.Net


Web is stateless, which means a new instance of a web page class is re-created each time the page is posted to the server.

HTTP is a stateless protocol, it can’t hold client information on a page. If the user inserts some information and move to the next page, that data will be lost and the user would not be able to retrieve that information.

What do we need here? We need to store information. Session provides a facility to store information on server memory. It can support any type of object to store along with our own custom objects. For every client, session data is stored separately, which means session data is stored on a per client basis


  • It helps maintain user state and data all over the application.
  • It is easy to implement and we can store any kind of object.
  • Stores client data separately.
  • Session is secure and transparent from the user.


  • Performance overhead on large volumes of data/user, because session data is stored in server memory.
  • Overhead involved in serializing and de-serializing session data, because in the case of StateServer and SQLServer session modes, we need to serialize the objects before storing them.

Storing and retrieving values from Session

Session[“UserName”] = txtUser.Text; //Storing UserName in Session

DataSet _MyDs = (DataSet)Session[“DataSet”]; //Retrieving Dataset from Session

Session ID

  • Client hits the web site and information is stored in the session.
  • Server creates a unique session ID for that client and stores it in the Session State Provider.
  • The client requests for some information with the unique session ID from the server.
  • Server looks in the Session Providers and retrieves the serialized data from the state server and type casts the object.

Session Mode and State Provider

In ASP.NET, there are the following session modes available:

  • InProc
  • StateServer
  • SQLServer
  • Custom

When ASP.NET requests for information based on the session ID, the session state and its corresponding provider are responsible for sending the proper information

Session State Mode State Provider
InProc In-memory object
StateServer Aspnet_state.exe
SQLServer Database
Custom Custom provider

Apart from that, there is another mode Off. If we select this option, the session will be disabled for the application.

    <sessionState cookieless="UseCookies" mode="Off" 
      stateNetworkTimeout="10800" timeout="10"/>

Or from server side: Session.TimeOut=30;

InProc Session Mode

This is the default session mode in ASP.NET. This is the best session mode for web application performance. It can be very helpful for a small web site and where the number of users is very less.


  • It stores session information in the current Application Domain So it is easily and quickly available.
  • There is not requirement of serialization to store data in InProc session mode.
  • Implementation is very easy, similar to using the ViewState.


  • If the worker process or application domain/server is recycled/restarted, all session data will be lost.
  • Though it is the fastest, more session data and more users can affect performance.
  • We can’t use it in web garden scenarios, and not suitable for web farm scenarios.

StateServer Session Mode

This is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service (aspnet_state.exe) which is independent of IIS and can also be run on a separate server.

This server may run on the same system, but it’s outside of the main application. So, if you restart your ASP.NET process, your session data will still be alive. It is useful in web farm and web garden scenarios.

You can start this service from the command prompt just by typing “net start aspnet_state”.

This approach has several disadvantages due to serialization of the data before storing in StateServer session mode and de-serialization, it also increases the cost of data access.

For the StateServer setting, we need to specify the stateConnectionString. This will identify the system that is running the state server. By default, stateConnectionString used the IP (localhost) and port 42424. And require stateNetworkTimeout.

<sessionState cookieless="UseCookies" mode="StateServer" 
   sqlConnectionString="data source=; Trusted_Connection=yes" 
   stateConnectionString="tcpip=" stateNetworkTimeout="10800" 

SQLServer Session Mode

To setup SQL Server, we need these SQL scripts:

  • For installing: InstallSqlState.sql
  • For uninstalling: UninstallSQLState.sql


  • This session mode provides us more secure and reliable session management in ASP.NET.
  • session data is serialized and stored in A SQL Server database (centralized location), is easily accessible from other applications.
  • Provides more security
  • Session data not affected if we restart IIS.
  • Very useful in web farms and web garden scenarios.
  • We can use SQLServer session mode when we need to share session between two different applications.


  • Processing is very slow in nature.
  • session storage method is the overhead related with data serialization and de-serialization.
  • As the session data is handled in a different server, we have to take care of SQL Server. It should be always up and running.

Configuration for SQLServer Session Mode

Step 1: From command prompt, go to your Framework version directory. E.g.:c:\windows\\framework\<version>.

Step 2: Run the aspnet_regsql command with the following parameters:

Parameters Description
-ssadd Add support for SQLServer mode session state.
-sstype p P stands for Persisted. It persists the session data on the server.
-S Server name.
-U User name.
-P Password.

aspnet_regsql -d <SQLDATABASENAME> -S <SQLSERVERNAME> -U <USERNAME> -P <PASSWORD> -ssadd -sstype c

Step 3: Open SQL Server Management Studio, check if a new database ASPState has been created, and there should be two tables:

  • ASPStateTempApplications
  • ASPStateTempSessions

Custom Session Mode

Custom session gives full control to us to create everything, even the session ID. You can write your own algorithm to generate session IDs.

We can use Custom session mode in the following cases:

  • We want to store session data in a place other than SQL Server.
  • When we have to use an existing table to store session data.
  • When we need to create our own session ID.

What configuration do we need for it?

We need to configure our web.config like this:

<sessionState mode=”Custom” customProvider=”AccessProvider”>
       <add name=”AccessProvider” type=”CustomDataType”/>


  • We can use an existing table for storing session data. This is useful when we have to use an existing database.
  • It’s not dependent on IIS, so restarting the web server does not have any effect on session data.
  • We can crate our own algorithm for generating session ID.


  • Processing of data is very slow.
  • Creating a custom state provider is a low-level task that needs to be handled carefully to ensure security.

It is always recommended to use a third party provider rather than create your own.

Session Event

These are events in the global.asax file of your web application. When a new session initiates, the session_start event is raised, and the Session_End event raised when a session is abandoned or expires.

void Session_Start(object sender, EventArgs e)
    // Code that runs when a new session is started
void Session_End(object sender, EventArgs e)
    // Code that runs when a session ends. 

Removing Session

Method Description
Session.Remove(strSessionName); Removes an item from the session state collection.
Session.RemoveAll() Removes all items from the session collection.
Session.Clear() Remove all items from session collection. Note: There is no difference between Clear and RemoveAll. RemoveAll()callsClear() internally.
Session.Abandon() Cancels the current session.

Enabling and disabling Session

For performance optimization, we can enable or disable session. We can enable and disable session state in two ways:

  • Page level
  • Application level

Page level

We can disable session state in page level using the EnableSessionState attribute in the Page directive.

<% Page Language=”C#” EnableSessionState=”False”

This will disable the session activities for that particular page.

The same way, we can make it read-only also. This will permit to access session data but will not allow writing data on session.

<% Page Language=”C#” EnableSessionState=”ReadOnly”

Application level

Session state can be disabled for the entire web application using the EnableSessionState property inWeb.Config.

<pages enableSessionState=”false”/>

Generally we use page level because some pages may not require any session data or may only read session data.


  • The in-process (InProc) session provider is the fastest because of everything being stored inside memory. Session data will be lost if we restart the web server or if the worker process is recycled. You can use this in small web applications where the number of users is less. Do not use InProc in web farms.
  • In StateServersession mode, session data is maintained by exe. It keeps session data out of the web server. So any issues with the web server does not affect session data. You need to serialized an object before storing data in StateServer session. We can use this safely in web farms.
  • SQLServersession modes store data in SQL Server. We need to provide the connection string. Here we also need to serialize the data before storing it to session. This is very useful in production environments with web farms.
  • We can use a Customprovider for custom data sources or when we need to use an existing table to store session data. We can also create custom session IDs in Custom mode. But it is not recommended to create your own custom provider. It is recommended to use a third party provider.


Leave a comment

Posted by on June 2, 2016 in .NET


Types of Stored Procedures in SqlServer

Stored procedure is a precompiled set of one or more SQL statements that is stored on Sql Server. stored Procedures is that they are executed on the server side, to reduce the network traffic.

Types of Stored Procedures

  1. System Defined Stored Procedure

These stored procedures are already defined in Sql Server. These are physically stored in hidden Sql Server. These procedure starts with the sp_ prefix. Hence we don’t use this prefix when naming user-defined procedures.  Its manage SQL Server through administrative tasks. These are in master and msdb database. Here is a list of some useful system defined procedure.

System Procedure Description


It is used to rename an database object like stored procedure,views,table etc.


It is used to change the owner of an database object.
sp_help It provides details on any database object.


It provide the details of the databases defined in the Sql Server.


It provides the text of a stored procedure reside in Sql Server


It provide the details of all database objects that depends on the specific database object.
  1. Extended Procedure

These are Dynamic-link libraries (DLL’s) that are executed outside the SQL Server environment. They are identified by the prefix xp_ Extended procedures provide an interface to external programs for various maintenance activities. These are stored in Master database

Ex. EXEC xp_logininfo ‘BUILTIN\Administrators’

  1. User Defined Stored Procedure

These procedures are created by user for own actions and stored in the current database

  1. CLR Stored Procedure

CLR stored procedure are special type of procedure that are based on the CLR (Common Language Runtime) in .net framework. CLR integration of procedure was introduced with SQL Server 2008 and allow for procedure to be coded in one of .NET languages

  1. Temporary Stored procedures

The temporary stored procedures have names prefixed with the # symbol. Temporary stored procedures stored in the tempdb databases. These procedures are automatically dropped when the connection terminates between client and server

  1. Remote Stored Procedures

The remote stored procedures are procedures that are created and stored in databases on remote servers. These remote procedures can be accessed from various servers, provided the users have the appropriate permission

     7. Dynamic Stored Procedures

Sp_executesql can be used to call any statement or batch, not just a stored procedure. Executing SQL statements that are built “on the fly” is referred to asdynamic SQL. You can use either sp_executesql or the EXECUTE command to execute your dynamic SQL statements.

DECLARE @string NVARCHAR(100)  
SELECT @string = 'select * from authors'  
EXEC sp_executesql @string --or EXEC(@string)
Leave a comment

Posted by on May 27, 2016 in .NET


Get every new post delivered to your Inbox.

Join 25 other followers

%d bloggers like this: