1 / 34

Web development

Web development. developing .aspx pages with ASP.NET IIS (Internet Information Service) : Web Server Visual Studio with ASP.NET : Web Project template WebForms / WebParts : server-oriented controls , mixed with HTML controls. Web Application. developing .aspx pages with ASP.NET

freddiee
Télécharger la présentation

Web development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web development developing .aspx pages with ASP.NET • IIS (Internet Information Service) : Web Server • Visual Studio with ASP.NET : Web Project template • WebForms / WebParts : server-oriented controls , mixed with HTML controls

  2. Web Application developing .aspx pages with ASP.NET • IIS (Internet Information Service) : Web Server • Visual Studio with ASP.NET : Web Project template • WebForms / WebParts : server-oriented controls , mixed with HTML controls

  3. Application Types • Web applications • Web Services • Internet enabled applications • Peer to Peer ASP.NET + IDE C# classes

  4. How Web applications work Web application browser client browser client internet server browser client

  5. HTTP requesthttp://www.myapp.com/welcome.aspx response welcome How Web applications work Web application browser server client

  6.  receives request composes response My Page server resources (files)  returns response How Web applications work Executable IIS server

  7. what ASP.NET can do • Visual Studio enhances productivity (code behind edition) • HTML and/or graphical Web Page Design • DB connectivity through ADO.NET • preferentially with ORACLE, OleDB, Odbc, Microsoft SQL Server. • IIS/.NET : an obvious concurrent to..APACHE/PHP/MySQL

  8. Building a Web application design window solution explorer toolbox

  9. .dll references Assembly information file Web page application start and end code config settings Solution explorer

  10. Toolbox

  11. HTML / Design View switch views

  12. HTML / Design View IIS holds information on the Web page HTML code contains server controls information

  13. Adding a label control

  14. Editing the label control

  15. HTML editing

  16. Codebehind .cs file

  17. Events on the page Label control generates no interactivity What about other controls ? a button control fires an event from the client a textbox control stores inputs : validation may fire an event

  18. Events and postback events are queud at the client level and sent when an event needs a response from the server : the server has to post back the page to the client postback events generate a round-trip between client and server : request / response are sent via the network

  19. Events and postback such roundtrips : time consuming performance relies on the availbale bandwidth rather than client or server performance : performance bottleneck sophisticated event handling strategy

  20. Buttons and postback buttons : always provide postback events, except for cancel button use VS web controls for buttons use html cancel button and client-side javascript to cancel other inputs

  21. Textbox and postback textbox : may fire many events (each selection and/keypress) a data validation process is used : validating with a button validating with 'enter' the button click fires a postback event, all queud events are treated one after another

  22. client-side data validation validation controls are used on the client to ensure data matches some input pattern (this 'stupid' task can be made by the client) postback only occurs when all validation controls are matched by user inputs on the web page

  23. An example : login page

  24. Web Apps elements Global.asax and Web.config files Global.asax contains code for Application and Session objects Application_Start, Application_End, Session_Start, Session_End are callback methods reacting to server generated events Application object : collection containing shared information, once for the application Store global variables using the Application["key"] element

  25. Web Apps elements Session object stores information for a user-session only : information is not shared with other users Session object use to maintain information state through postbacks main issue of Web programming : storing state information about the page Cookies, Session, Cache or Xml file storage

  26. Web.config file information about : server and application configuration allows application debugging with request tracing; allow remote debugging and tracing identification and user authentication windows form passport (windows live ID) application globalization and localization

  27. Security in Web Applications • Access security : preventing access to ressources • config.web security settings • Data security : preventing data corruption • parameters in SQL requests • Code security : preventing program hacking • strong named assemblies, stacktrace security

  28. SQL injection build a SQL query with string objects ? string myQuery ="SELECT COUNT(*) FROM mytable WHERE name="; string name; // user enters name (with a texbox) myQuery = myQuery+name; what happens if user enters : "doe";DROP TABLE mytable;

  29. Access Security .NET built-in authentication methods No authentication anyone can access the application public website public part of a website

  30. Access Security Form authentication authentication done trough login/pwd submission done with a form pwd encryption possible (SH1, MD5, none) page routing is automated users list in web.config file / XML file / Database registering & tracking users, commercial websites

  31. Access Security Windows authentication authentication done trough windows credentials login/password requested by IIS using the browser users list in Active Directory or Windows account database corporate website

  32. Access Security Passport authentication authentication done trough Microsoft identified user profile login/password requested by IIS using the windows live ID database Microsoft commercial / support website (IT Academy)

  33. Security configuration in the web.config file <authentication mode="none"> </authentication> or <authentication mode="Forms"> </authentication> or <authentication mode="Windows"> </authentication>

  34. Forms authentication <authentication mode="Forms"> </authentication> informations must be added to ensure authentication : • login page (login form) • credentials • trusted or listed users

More Related