240 likes | 258 Vues
Poor usability definitely drives people away. Life is too short for difficult web sites. Design your web application with a focus on content, usability, and simplicity. Learn more at EasyWeb.com.
 
                
                E N D
Poor usability definitely drives people away. Life is too short for difficult web sites. Users have been burned enough in the past by bad sites, so most of them have concluded that if a site is too difficult on the first few pages, then it will probably not be worth an extended stay. So they leave. Leaving is the one thing that’s easy on the Web. - Jakob Nielson, interview, Database Management, Riccardi, p. 31.
Integrated Web Applications • The technologies discussed so far are used to implement web applications. • Integrated applications must be designed. • Technical Issues: (Chapter 11) • Integrating web forms into an application • Sharing data across an application • Securing an application • Information integrity and recovery
Web Application Design • You must determine: • The information requirements • The user requirements • The security requirements • General Guidelines: • Focus on the content, not the form. • Design for usability. • Keep it simple.
Back to the main page Secure Section
What’s the Big Idea Jakob NielsenDesigning Web Usability • Developed discount usability engineering • Focused much recent effort on website usability • http://www.useit.com/ image from www.useit.com
Navigation • Applications contain multiple web pages and web forms. Navigation mechanisms: • Standard web pages support hyperlinks. • Web forms, however, post back to themselves by default. • ASP.Net provides two mechanisms that transfer control from one form to another: • Response.Redirect(“aNewURL”) • Server.Transfer(“aNewForm”)
Response Class Redirects 1&2. The user initiates a program that executes a response redirect and the application processor sends a new URL. IIS Server Application Processor Network File System server client 3&4. The client requests the new URL and the appropriate server returns it.
Server Transfers 1&2. The user initiates a program that executes a server transfer and the application processor creates/sends back the new form. IIS Server Application Processor Network File System server client
User Sessions • HTTP is a stateless protocol: • HTTP requests are treated independently. • User sessions must be implemented on top of HTTP. • ASP.Net supports three types of state: • View State • Application State • Session State
View State • ASP.Net uses view state to represent the state of the page and its controls. • The information is: • Stored/transferred in the state bag, which is exchanged over the web in hidden fields. • Accessed with ViewState(“aName”) • View state is not well-suited for: • Large amounts of data • Hard-to-serialize data • Secure information
Application State • ASP.Net uses application state to represent global information shared by all sessions of a web application. • The information is: • Declared/stored in theglobal.asaxfile • Accessed with Application(“aName”)
Session State • ASP.Net uses session state to represent information associated with a single user session. • The information is: • Stored in web server memory, separately from the ASP.Net process • Indexed by a session ID, stored either in the URL or in a cookie • Accessed with Session(“aName”) • Discarded at the end of the session
Cookies • Are small files, stored on the client machine, that are associated with a specific domain. • They are: • < 4K in size • temporary or persistent • Pose privacy concerns
3rd Party Cookies 1. The user requests a page from a DoubleClick customer site. 2. The site returns a page that contains an image URL from DoubleClick. DoubleClick Customer Network server1 client 3. Client requests the image from DoubleClick (sending a cookie). 4. DoubleClick records the fact that you visited the customer site. DoubleClick 5. Double-click returns a customized advertisement (setting a cookie). database server2
Lou Montulli Cookies • Introduced in Netscape 1.1 in 1995 • Named them after UNIX magic cookies • Wrote this preliminary spec  http://home.netscape.com/newsref/std/cookie_spec.html image from www.epinions.com
Security • Web applications must be secured. • Key issues: • Authentication • Authorization • ASP.Net implements two-layered security: • Web server • Application server
Authentication • Authentication determines who the user is. • It is generally implemented with loginIDs and passwords. • ASP.Net supports 4 authentication types: • Anonymous access • Windows Authentication • Passport Authentication • Certificate Authentication • Forms Authentication
Anonymous Access • If a user is not authenticated, they are considered anonymous. • The resources available to these users are limited only by: • What the web server has access to • What the web server allows the user to access
Windows Authentication • This method uses the MS Windows-based authentication built into IIS. • The user must: • Use the Windows platform • Have a Windows account on the server • This is the default setting.
Passport Authentication • Passport authentication uses a centralized authentication service provided by Microsoft. • It allows a user to use a single login account for a number of websites. • It requires that the websites register for Passport service.
Certificate Authentication • Certificate authentication is based on digital keys installed on a computer. • Features: • Certificates are generally issued by a 3rd party. • Their operation is seamless to the user. • They are secured with public-key encryption.
Forms Authentication • ASP.Net forms authentication allows the system to authenticate users once per session. • It doesn’t require that: • the user have a Windows login • the application register for Passport service • It secures access to any ASP.Net form in a directory designated as secure.
Forms Authentication (cont.) 1. The user requests a web form in a secure folder. IIS Server Application Processor Network File System server client 2&3. If the user is anonymous, the application processor posts back a login form and collects authentication information. 4. The application processor posts back either the requested page or an error page, depending on whether the authentication is successful.
Authorization • Authorization determines what resources the authenticated user may access. • ASP.Net allows an application to restrict authorization based on: • Files • URLs