Ajax vs. winforms vs. ASP.NET - there is no right answer

”rich” browser applications using CSS, JavaScript and XML (recently termed AJAX applications) seem to be gaining in popularity. Mary-Jo foley has an article on MicrosoftWatch extoling their virtues, an article which sounds suspisciously like it was written by somebody who has never written an application of this kind. While I’ve never written anything that leverages this stuff as much as GMail and the like I have written a few web apps that talk back asynchronously to a WebService back-end from time to time (I even wrote a helpful sample). Also I’ve worked on maintaining a small but extremely AJAX-esque application. The biggest problem I see with these kinds of apps is lack of tool support. There is little to no “design time” experience when building these types of GUIs, debugging is not as simple as building a vanilla ASP.NET application (can you press F8 in Visual Studio and “step” from a back-end call made by your XmlHttpRequest back into your client-side JavaScript and then “step” again into the client-side XSL transform you’re going to run….err…no). JavaScript is a nice language for writing small things but the fact that it isn’t compiled means you miss out on finding out about certain classes of bugs until runtime. Also the “dynamic typing” aspect of JavaScript contributes to this problem, making some classes of bugs harder to find. Maybe I’m just not the JavaScript programmer that some other people out there are. By writing AJAX applications a much larger proportion of your code base moves to client-side javascript where you don’t have a powerful framework of class libraries to fall back on (like the .NET BCL), meaning in some cases you have to move things back onto the server and make a cross-process call over the web to reach them, or write your own. All in all I’d roughly estimate that it takes between 5 and 10 times longer to write an AJAX-style browser-based rich client than it takes to write a .NET windows forms rich client app.

Then there is the “IP” issue - cracking open a JavaScript file and reading it is much easier than breaking in to somebody’s server to download and decompile their ASP.NET application (but I suppose only marginally easier than decompiling a “smart client” .NET application). Deployment technologies like HREF deployment and the Updater Application Block (in framework 1.x) and ClickOnce in framework 2.x make deploying smart client apps extremely easy and flexible, IF (and this might be a big IF) you have the .NET framework installed on the client.  As a programmer I think AJAX-style web apps are really cool, and make great sense for things like GMail - a desire to deliver rich functionality, millions of users running on many platforms and (presumably after that IPO) plenty of development talent to throw at the problem. Your typical line-of-business internet app probably doesn’t need to be this rich, and unless it does AND you need to target multiple platforms you’ll be hard-pressed to justify the increased development and maintenance costs. Plus if Sam Ruby says AJAX is harmful who am to argue. (OK, maybe I will argue - AJAX is OK but some implementations are using GET for everything which is no good).


Can you give some reasons why using GET for everything is bad? Is using POST better? Or some other transport?
19/03/2005 11:02:00 AM
Using GET for operations that change state violates the HTTP protocol - GET operations should be idempotent. Allowing GETs to change state opens you up to Cross-Site Request Forgery attacks. A good treatment of these is given here (this site concerns its self with PHP but the principles are the same) http://shiflett.org/articles/foiling-cross-site-attacks
20/03/2005 1:59:00 AM
Ket Yung Chee

Just 2share, A AJAX shopping cart,
http://www.smartborneo.com/h/home.php (PHP+AJAX)

AJAX Application by the use of JSP/Servlet/JavaBean, similar to 4th GL & Oracle web form

For more info also visit http://www.ajaxapp.com/
9/09/2005 7:58:00 AM
izmir sohbet
Awesome! That’s gettin checked in asap.
14/03/2010 4:23:00 PM