coollzh

出自: http://www.jdon.com/jive/article.jsp?forum=106&thread=12805

权威人士和预言学家都认为.NET对Java是一个威胁，其实那是骗人的，技术上看.NET非常不错，但是它有三大致命缺点：

1.它没有经过80/20. Java 从1.0发布，到现在进入中年成熟期，这个发展过程非常平滑和自然。相反，.NET好像一个塞得满满的厨房设备，它太匆忙，遗留了太多问题在以后某天发生和解决。（意思是，没有经过时间考验，很难说使用.NET很顺利，.NET能否用几天时间做了相当于Java几年的历程，答案是否定的）

2..NET是被一个有桌面系统开发悠久历史的公司推出的，其中有很多功能着眼如何建立一个桌面系统，我很抱歉，很多商业系统:将商务逻辑放在服务器端，用Web作为载体平台,并不和桌面系统有什么关系和兴趣。

3..NET是微软推出的一个议程，它有大地那样宽广，有天空那样高大，但是它在CIO和技术买家世界中却是少之甚少，我认为这是.NET面临的最大问题。

以上摘自TSS网站，网址：
http://www.theserverside.com/news/thread.tss?thread_id=24530

下面是我的回复：

1.首先.net是吸取了以前IT技术中大量成功和失败的经验，是个没有历史包袱的平台，再说.net推出也有4年多的历史了，应该是有很强的竞争力了。所谓以时间和经验论英雄，是没有道理的。几天和几年相比更是夸张！

2.java刚推出的也是着眼于桌面，只是hotspot的失败，才避sun走服务器段路线。j2ee概念的程序也是从99,2000开始成熟.
而.net一开始就以跨平服务为己任，ASP.NET更是领先于jsp一筹，web Services的更是领先于业界。配合COM+,WebFarm一点都不比j2ee差。

3.不可否认.net是个很宏伟的目标，难道宏伟的目标也有错，从这一点上说.java已经输了一阵，现在的CIO大都从Unix过来，向来对微软的技术存有偏见，或许和NT4有关系。看看64位windows2003,和64位的SQL Server，同样的价格，看看那个性能好。这些CIO觉得Unix高深，懂得人少，作政绩工程而已（这个比喻应该比”几天和几年“的好些！）
 

回应大家踊跃发表自己的看法！

http://www.eggheadcafe.com/articles/20030418.asp

We talked about the fact that the classic ASP Session_OnEnd handler is widely known to be pretty unreliable. However, in ASP.NET the corresponding Global class handler, Session_End, is very reliable. Then we talked about "what if" scenarios, such as what if the ASP.NET worker process was recycled? If so, I reasoned, it didn't matter whether you were using Session, Application or Cache, all of your stuff would be lost. The only exceptions to this would be if you were using the ASP.NET State Server service for your Session, or the SQL Server Session option. In particular, there is a second script available for the SQL Server Session option that does not use the TempDB, and this means that even if the whole machine goes down, when it comes back up, the Session data will still be there. Both StateServer and SQL Server Session options run out of process, so it really doesn't matter if the ASPNET_WP.EXE worker process is recycled - the sessions, which run out of the ASP.NET worker process and rely on the Session Cookie that's stored at the browser, will still be there.

I use this in Global.asax for my CSLA based app:

Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.AcquireRequestState

     If Not Session("CSLA-Principal") Is Nothing Then
      Thread.CurrentPrincipal = CType(Session("CSLA-Principal"), MyUser)
      HttpContext.Current.User = CType(Session("CSLA-Principal"), MyUser)
    Else
      If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
        Web.Security.FormsAuthentication.SignOut()
        Server.Transfer(Request.ApplicationPath + "/Login.aspx")
      End If
    End If

  End Sub

The code after the Else handles the case where the session died but the user
still has an authenticated cookie!
Can happen many ways - IIS recycles the app, etc.

以上代码每个Request都对当前的Thread进行授权，如果发现Session已经过期，但用户仍然有一个被授权的Cookie,则强迫用户重新登录。
这种事情在很多情况下都会发生....

如果你在WebFarm上使用需要加密的ViewState，则必须要让WebFarm上所有机器的MachineKey一致，否则ViewState将会失效，这篇文件就是讲述这个问题的，希望使用WebFarm技术的哥们可以看看。
The <machineKey> Element configures keys to use for encryption and decryption of forms authentication cookie data and viewstate data, and for verification of out-of-process session state identification. This section can be declared at the machine, site, and application levels, but not at the subdirectory level. For anybody that's running ASP.NET on a server farm, the <machineKey> element is one of those guys you want to know as much as you can about IN ADVANCE - before you run into problems!

http://www.eggheadcafe.com/articles/20030514.asp