1 / 79

ASP.NET With Visual Studio.NET Name Title Department Microsoft Corporation

ASP.NET With Visual Studio.NET Name Title Department Microsoft Corporation. What we will cover. Web Forms Usage of Global.asax How to work with Session State How to secure ASP .NET Applications Usage of Web.Config Caching Monitoring ASP .NET Applications. Session Prerequisites.

lynsey
Télécharger la présentation

ASP.NET With Visual Studio.NET Name Title Department Microsoft Corporation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ASP.NET With Visual Studio.NET Name Title Department Microsoft Corporation

  2. What we will cover • Web Forms • Usage of Global.asax • How to work with Session State • How to secure ASP .NET Applications • Usage of Web.Config • Caching • Monitoring ASP .NET Applications

  3. Session Prerequisites • Web Development • ASP Programming • Microsoft ADO • Understanding of XML Level 300

  4. Agenda • Web Forms • ASP.NET Applications • Web Application Security • Configuration and Monitoring

  5. Web FormsWhat is Web Forms? • Code Model • Life Cycle • Server Side Events • Server Controls • Validation

  6. Web FormsCode Model • Code Behind • Logic – Presentation Separation • Object Orientated • Event Driven

  7. Web FormsASP.NET Page Life Cycle • Similar to Win32 Application Coding • Events Raised as Page Created Form_Initialize() ~ Page_Init() Form_Load() ~ Page_Load() Form_Activate() ~ Page_PreRender() Form_Unload() ~ Page_Unload()

  8. Web FormsServer Side Events • Runat=“server” • <form runat=“server”> • <input type=button id=button1 OnServerClick=“Button1_Click” runat=“server” /> • Button1_Click(Sender as Object, e as EventArgs) • Button1.Text = “Save”

  9. Web FormsServer Controls • 45 Built In Controls • Target any HTML 3.2 browser • Raise Events to Server • Basic Controls • textbox, checkbox, radio, button • Advanced Controls • AdRotator, Calendar, DataGrid, Validator

  10. Web FormsBasic Server Controls • <asp:textbox id=text1 runat=server/>text1.text = “Hello World” • <asp:checkbox id=check1 runat=server/>check1.checked=True • <asp:button id=button1 runat=server/>button1_onClick() • <asp:DropDownList id=DropDownList1 runat=server>DropDownList1.SelectedItem.Text = “Hello”

  11. Web FormsAdvanced Server Controls • DataGrid • Defined by <asp:datagrid /> • Column Sorting • In-Line Editing • HTML Table • DataBinding • Paging

  12. Web FormsAdvanced Server Controls • Validation • Required Validator Control • Range Validator Control • Compare Validator Control • Regular Expression Validator • Custom Validator Control • Example: <asp:RequiredFieldValidator ControlToValidate="txtName" ErrorMessage="Please Enter Your Name" runat="server" />

  13. Demonstration 1Web FormsCode and Page ModelEvent ModelServer Controls

  14. Agenda • Web Forms • ASP.NET Applications • Web Application Security • Configuration and Monitoring

  15. ASP.NET ApplicationsTraditional ASP (global.asa) • Application_OnStart • Application_OnEnd • Session_OnStart • Session_OnEnd

  16. ASP.NET ApplicationsGlobal.ASAX events • First Request • Application_Start • First Request for Each User • Session_Start • Each Request • Application_BeginRequest • Application_Authenticate • Application_EndRequest • Application Error • Application_Error • User Logs Out/Session Times Out • Session_End • Web Server Shutdown • Application_End

  17. ASP.NET ApplicationsGlobal.ASAX Event Usage • Application_BeginRequest • Virtual Resources • Text to be included at the start of every page • Application_EndRequest • Text to be added to the end of every page • Application_Error • Useful for sending out an email or writing to the event log when an error occurs that was not properly handled at the source of the error

  18. ASP.NET ApplicationsGlobal.ASAX Event Usage • Session_End • Writing to a log file or database that a user has logged out at a given time • Application_End • Useful for writing out when the web application had to stop. Could write an entry out to the event log • Application_Start • Useful for loaded site specific configuration information

  19. ASP.NET ApplicationsSaving Application State • Essentially global variables for the application • Application(“CompanyName”) • Can lock or unlock Application State Variables • Application.lock • Application(“GlobalCounter”) = NewValue • Application.unlock

  20. ASP.NET ApplicationsSaving Session State • Per User Variables • Available to All Pages in the Site • Session(“UserID”) = 5 • UserID = Session(“UserID”)

  21. ASP.NET ApplicationsASP vs. ASP .NET State • ASP Session State • Forces “Server Affinity” • Dependent on cookies • Not fault tolerant • ASP .NET Session State • Support for Web Gardens and Server Farms • Doesn’t require cookies • Better fault tolerance

  22. ASP.NET ApplicationsConfiguring Session State • Configuration information stored in Web.Config <sessionState Inproc=“true” mode=“sqlserver” cookieless=“false” timeout=“20” sqlconnectionstring=“data source=127.0.0.1;user id=sa;password=“” stateConnectionString="tcpip=127.0.0.1:42424" /> </sessionState>

  23. ASP.NET ApplicationsConfiguring Session State • Mode • InProc – Conventional session variables. Stored in-memory on the web server. • Stateserver – Sessions are stored on an external server, in memory. • SQLServer – Sessions are stored in a SQL database. • Cookieless • Determines if Cookieless sessions should be used • Values are true or false • TimeOut • Determines the default timeout for the web site

  24. ASP.NET ApplicationsConfiguring Session State • SQLConnectionString • contains the datasource, userid, and password parameters necessary to connect to a sql database that holds the session state • stateConnectionString • Contains information needed to connect to the state server.

  25. ASP.NET ApplicationsStoring Data in SQL Server • In order to setup the SQL Server to store state information you must run a small T-SQL script on the target server • InstallSQLState.sql can be found in [sysdrive]\winnt\Microsoft.NET\Framework\[version] • Creates the following on the server • A database called ASPState • Stored Procedures • Tables in TempDB to hold session data. • Uninstall is via • UninstallSQLState.sql

  26. Demonstration 2ASP.NET Applications Uses for Global.asaxSaving Application State

  27. Agenda • Web Forms • ASP.NET Applications • Web Application Security • Configuration and Monitoring

  28. Web Application SecuritySecurity Concepts • Authentication • Authorization • Impersonation

  29. Web Application SecurityAuthentication • Windows • Basic • Digest • Integrated • Passport • Form

  30. Web Application SecurityWindows Authentication • Enabled For IIS Through Internet Services Manager

  31. Web Application SecurityWindows Authentication • Enabled for ASP.NET Through Web.config <security> <authentication mode="Windows" /> </security>

  32. Web Application SecurityWindows Authentication • Site Can Easily Access User Name Dim UserName As String UserName = User.Identity.Name • NT Groups Automatically Map to ASP.NET Roles If User.IsInRole(“Administrators”) Then…

  33. Web Application SecurityForm Authentication • Web Site is Responsible for Security, not IIS • Configure IIS to allow anonymous access • Set Web.Config to force users to authenticate through a form <authentication mode="Forms"> <forms loginUrl="Registration.aspx"> </forms> </authentication> <authorization> <deny users="?" /> </authorization> • Any Unauthenticated User Will Get Sent to “Registration.aspx”

  34. Web Application SecurityForm Authentication • You Code a Form to Collect User ID and Password • To Authenticate a User: FormAuthentication.RedirectFromLoginPage(UserName, False) • RedirectFromLoginPage • Marks the user as authenticated • Takes the user to the page they originally requested • If the user requested the login page, takes the user to Default.aspx • Can persist authentication in a cookie

  35. Web Application SecurityForm Authentication - Declarative • For Simple Sites, You Can Store User ID and Password in Web.config <credentials passwordFormat="clear"> <user name="MSDN" password="online" /> <user name="Guest" password="guest" /> </credentials>

  36. Web Application SecurityForm Authentication - Declarative • User is Authenticated by Calling FormsAuthentication.Authenticate( _ UserName, Password)

  37. Web Application SecurityForm Authentication - Programmatic • Code is Used to Authenticate the User SQL = “Select * From Users ” & _ “Where UserID = ‘” & UserName & “’” If UserFoundInDataBase then FormAuthentication.RedirectFromLoginPage(UserNam e,false) Else lblLoginError.Text = “User Not Found or Invalid Password” end if

  38. Web Application SecurityRoles Page RD Content Jane RD John Jill Admins Jamie Admin Content Jenny

  39. Web Application SecurityRoles • Build the Application In Terms of Roles • Access to Pages • Custom Page Content • After Deployment, Assign Users To Roles

  40. Web Application SecurityRoles • Programmatically Assigning Users to Roles Sub Application_AuthenticateRequest(ByVal Sender As Object, ByVal e As EventArgs) If request.IsAuthenticated = True Then sql = “select role from roles where userid=‘“ & UserID & “’” ‘ Get Roles from Result Set context.User = New GenericPrincipal(user, roles) End If End Sub

  41. Web Application SecurityRoles • Display Content Based on Roles If User.IsInRole(“HumanRes”) Then cmdEditSalary.Visible = true End If

  42. Web Application SecurityImpersonation • Windows Authentication • Web.config <identity> <impersonation enable="true" name="username" password="password" /> </identity>

  43. Demonstration 3Web Application SecurityWindows AuthenticationForm Based RegistrationForm Based AuthenticationAssigning Users to Roles

  44. Agenda • Web Forms • ASP .NET Applications • Web Application Security • Configuration and Monitoring

  45. Configuration and OptimizationWeb.Config • Site Configuration File • Ships with the Site • Stores Most Configuration Options • Eases Maintenance and Deployment • Changes Take Effect Immediately

  46. Configuration and OptimizationHierarchical Configuration Architecture • Web.Config files and their settings are inherited in a hierarchy • Machine Settings (Winnt\Microsoft .NET\Version\) • Web Application Root Directory • Sub directories

  47. Configuration and OptimizationHierarchical Configuration Architecture • Settings can be targeted at a specified set of files/directories by use of the <location> tag <configuration> <location path=“/admin”> <system.web> <security> <authorization> <allow roles=“Admins”> </authorization> </security> </system.web> </location> </configuration>

  48. Configuration and OptimizationDefault Configuration Settings • Machine.config • Tracing Disabled • Execution Timeout 90 Seconds • Session State Enabled, Inproc • Authentication Allow Anonymous • Multi CPU Support Disabled

  49. Configuration and OptimizationCustom Configuration Settings • Examples of Customization • AppSettings • CustomErrors • Trace Settings • Authentication • Session Settings • Browser Capabilities

  50. Configuration and OptimizationCustom Configuration Settings • Custom Setting in Config.Web <configuration> <appSettings> <add key="DSN" value="server=localhost… </appSettings> </configuration> • Accessing with Code DSN = ConfigurationSettings.AppSettings("DSN")

More Related