ASP.NET With Visual Studio.NET Name Title Department

ASP.NET With Visual Studio.NET
Name
Title
Department
Microsoft Corporation
What we will cover







Web Forms
Usage of Global.asax
How to work with Session State
How to secure ASP .NET Applications
Usage of Web.Config
Caching
Monitoring ASP .NET Applications
Session Prerequisites




Web Development
ASP Programming
Microsoft ADO
Understanding of XML
Level 300
Agenda




Web Forms
ASP.NET Applications
Web Application Security
Configuration and Monitoring
Web Forms
What is Web Forms?





Code Model
Life Cycle
Server Side Events
Server Controls
Validation
Web Forms
Code Model




Code Behind
Logic – Presentation Separation
Object Orientated
Event Driven
Web Forms
ASP.NET Page Life Cycle


Similar to Win32 Application Coding
Events Raised as Page Created
Form_Initialize()
Form_Load()
Form_Activate()
Form_Unload()
~
~
~
~
Page_Init()
Page_Load()
Page_PreRender()
Page_Unload()
Web Forms
Server Side Events





Runat=“server”
<form runat=“server”>
<input type=button id=button1
OnServerClick=“Button1_Click”
runat=“server” />
Button1_Click(Sender as Object, e as
EventArgs)
Button1.Text = “Save”
Web Forms
Server Controls




45 Built In Controls
Target any HTML 3.2 browser
Raise Events to Server
Basic Controls


textbox, checkbox, radio, button
Advanced Controls

AdRotator, Calendar, DataGrid, Validator
Web Forms
Basic Server Controls




<asp:textbox id=text1 runat=server/>
text1.text = “Hello World”
<asp:checkbox id=check1
runat=server/>
check1.checked=True
<asp:button id=button1
runat=server/>
button1_onClick()
<asp:DropDownList id=DropDownList1
runat=server>
DropDownList1.SelectedItem.Text =
“Hello”
Web Forms
Advanced Server Controls

DataGrid






Defined by <asp:datagrid />
Column Sorting
In-Line Editing
HTML Table
DataBinding
Paging
Web Forms
Advanced Server Controls

Validation






Required Validator Control
Range Validator Control
Compare Validator Control
Regular Expression Validator
Custom Validator Control
Example:
<asp:RequiredFieldValidator
ControlToValidate="txtName"
ErrorMessage="Please Enter Your Name"
runat="server" />
Demonstration 1
Web Forms
Code and Page Model
Event Model
Server Controls
Agenda




Web Forms
ASP.NET Applications
Web Application Security
Configuration and Monitoring
ASP.NET Applications
Traditional ASP (global.asa)




Application_OnStart
Application_OnEnd
Session_OnStart
Session_OnEnd
ASP.NET Applications
Global.ASAX events

First Request


First Request for Each User




Application_Error
User Logs Out/Session Times Out


Application_BeginRequest
Application_Authenticate
Application_EndRequest
Application Error


Session_Start
Each Request


Application_Start
Session_End
Web Server Shutdown

Application_End
ASP.NET Applications
Global.ASAX Event Usage
 Application_BeginRequest



Application_EndRequest


Virtual Resources
Text to be included at the start of every page
Text to be added to the end of every page
Application_Error

Useful for sending out an email or writing to the
event log when an error occurs that was not
properly handled at the source of the error
ASP.NET Applications
Global.ASAX Event Usage
 Session_End


Application_End


Writing to a log file or database that a user has
logged out at a given time
Useful for writing out when the web application had
to stop. Could write an entry out to the event log
Application_Start

Useful for loaded site specific configuration
information
ASP.NET Applications
Saving Application State
 Essentially
global variables for the
application
 Application(“CompanyName”)
 Can lock or unlock Application State
Variables
 Application.lock
 Application(“GlobalCounter”)
 Application.unlock
= NewValue
ASP.NET Applications
Saving Session State




Per User Variables
Available to All Pages in the Site
Session(“UserID”) = 5
UserID = Session(“UserID”)
ASP.NET Applications
ASP vs. ASP .NET State

ASP Session State




Forces “Server Affinity”
Dependent on cookies
Not fault tolerant
ASP .NET Session State



Support for Web Gardens and Server
Farms
Doesn’t require cookies
Better fault tolerance
ASP.NET Applications
Configuring Session State
 Configuration
information stored in
Web.Config
<sessionState
Inproc=“true”
mode=“sqlserver”
cookieless=“false”
timeout=“20”
sqlconnectionstring=“data
source=127.0.0.1;user id=sa;password=“”
stateConnectionString="tcpip=127.0.0.1:4
2424" />
</sessionState>
ASP.NET Applications
Configuring Session State
 Mode




Cookieless



InProc – Conventional session variables. Stored inmemory on the web server.
Stateserver – Sessions are stored on an external
server, in memory.
SQLServer – Sessions are stored in a SQL
database.
Determines if Cookieless sessions should be used
Values are true or false
TimeOut

Determines the default timeout for the web site
ASP.NET Applications
Configuring Session State
 SQLConnectionString


contains the datasource, userid, and password
parameters necessary to connect to a sql database
that holds the session state
stateConnectionString

Contains information needed to connect to the
state server.
ASP.NET Applications
Storing Data in SQL Server
 In
order to setup the SQL Server to store state
information you must run a small T-SQL script
on the target server
 InstallSQLState.sql can be found in
[sysdrive]\winnt\Microsoft.NET\Framework\[ve
rsion]
 Creates the following on the server




A database called ASPState
Stored Procedures
Tables in TempDB to hold session data.
Uninstall is via

UninstallSQLState.sql
Demonstration 2
ASP.NET Applications
Uses for Global.asax
Saving Application State
Agenda




Web Forms
ASP.NET Applications
Web Application Security
Configuration and Monitoring
Web Application Security
Security Concepts



Authentication
Authorization
Impersonation
Web Application Security
Authentication

Windows





Basic
Digest
Integrated
Passport
Form
Web Application Security
Windows Authentication

Enabled For IIS Through Internet
Services Manager
Web Application Security
Windows Authentication

Enabled for ASP.NET Through
Web.config
<security>
<authentication mode="Windows" />
</security>
Web Application Security
Windows Authentication

Site Can Easily Access User Name
Dim UserName As String
UserName = User.Identity.Name

NT Groups Automatically Map to ASP.NET
Roles
If User.IsInRole(“Administrators”)
Then…
Web Application Security
Form Authentication

Web Site is Responsible for Security, not IIS



Configure IIS to allow anonymous access
Set Web.Config to force users to authenticate through a
form
<authentication mode="Forms">
<forms loginUrl="Registration.aspx">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
Any Unauthenticated User Will Get Sent to
“Registration.aspx”
Web Application Security
Form Authentication


You Code a Form to Collect User ID and
Password
To Authenticate a User:
FormAuthentication.RedirectFromLoginPage(UserName,
False)

RedirectFromLoginPage




Marks the user as authenticated
Takes the user to the page they originally
requested
If the user requested the login page, takes the
user to Default.aspx
Can persist authentication in a cookie
Web Application Security
Form Authentication - Declarative

For Simple Sites, You Can Store User ID
and Password in Web.config
<credentials passwordFormat="clear">
<user name="MSDN" password="online" />
<user name="Guest" password="guest" />
</credentials>
Web Application Security
Form Authentication - Declarative

User is Authenticated by Calling
FormsAuthentication.Authenticate( _
UserName, Password)
Web Application Security
Form Authentication - Programmatic

Code is Used to Authenticate the User
SQL = “Select * From Users ” & _
“Where UserID = ‘” & UserName & “’”
If UserFoundInDataBase then
FormAuthentication.RedirectFromLoginPage(UserNam
e,false)
Else
lblLoginError.Text = “User Not Found or Invalid
Password”
end if
Web Application Security
Roles
Jane
John
Page
RD
RD Content
Jill
Jamie
Jenny
Admins
Admin Content
Web Application Security
Roles

Build the Application In Terms of Roles



Access to Pages
Custom Page Content
After Deployment, Assign Users To
Roles
Web Application Security
Roles

Programmatically Assigning Users to
Roles
Sub Application_AuthenticateRequest(ByVal Sender As
Object, ByVal e As EventArgs)
If request.IsAuthenticated = True Then
sql = “select role from roles where userid=‘“
& UserID & “’”
‘ Get Roles from Result Set
context.User = New GenericPrincipal(user,
roles)
End If
End Sub
Web Application Security
Roles

Display Content Based on Roles
If User.IsInRole(“HumanRes”) Then
cmdEditSalary.Visible = true
End If
Web Application Security
Impersonation


Windows Authentication
Web.config
<identity>
<impersonation enable="true"
name="username"
password="password" />
</identity>
Demonstration 3
Web Application Security
Windows Authentication
Form Based Registration
Form Based Authentication
Assigning Users to Roles
Agenda




Web Forms
ASP .NET Applications
Web Application Security
Configuration and Monitoring
Configuration and Optimization
Web.Config





Site Configuration File
Ships with the Site
Stores Most Configuration Options
Eases Maintenance and Deployment
Changes Take Effect Immediately
Configuration and Optimization
Hierarchical Configuration Architecture

Web.Config files and their settings are
inherited in a hierarchy



Machine Settings (Winnt\Microsoft .NET\Version\)
Web Application Root Directory
Sub directories
Configuration and Optimization
Hierarchical Configuration Architecture

Settings can be targeted at a specified set of
files/directories by use of the <location> tag
<configuration>
<location path=“/admin”>
<system.web>
<security>
<authorization>
<allow roles=“Admins”>
</authorization>
</security>
</system.web>
</location>
</configuration>
Configuration and Optimization
Default Configuration Settings

Machine.config





Tracing
Execution Timeout
Session State
Authentication
Multi CPU Support
Disabled
90 Seconds
Enabled, Inproc
Allow Anonymous
Disabled
Configuration and Optimization
Custom Configuration Settings

Examples of Customization






AppSettings
CustomErrors
Trace Settings
Authentication
Session Settings
Browser Capabilities
Configuration and Optimization
Custom Configuration Settings

Custom Setting in Config.Web
<configuration>
<appSettings>
<add key="DSN" value="server=localhost…
</appSettings>
</configuration>

Accessing with Code
DSN = ConfigurationSettings.AppSettings("DSN")
Configuration and Optimization
Custom Configuration Settings

Redirect Certain Errors to Certain
Pages
<customErrors mode="On">
<error statusCode="404"
redirect="errorpage404.aspx" />
</customErrors>
<customErrors mode=“RemoteOnly">
<error statusCode="404"
redirect="errorpage404.aspx" />
</customErrors>
Configuration and Optimization
Custom Configuration Settings

Tracing
<trace enabled=“true"
requestLimit="10"
pageOutput=“true"
traceMode="SortByTime"
/>
Configuration and Optimization
Custom Configuration Settings

Trace Options

Enabled


RequestLimit


Store tracing information for this many requests
PageOutput


Tracing information will be stored. Information can be
accessed through

http://site/trace.axd
Allows trace output to also appear at the bottom of the
page.
TraceMode

Allows trace information to be sorted by time or
category.
Configuration and Optimization
Custom Configuration Settings

Writing to the Trace Log
Trace.Write(“Page_Load”,”Entering Event”)
Trace.Warn(“GetCustomer”,”Invalid Argument”)
Demonstration 4
Configuration and
Optimization
ASP.NET Configuration
Configuration and Optimization
Page Output Caching


Pages That Don’t Change Frequently
Dramatic Performance Increase
<%@ OutputCache Duration= "500" %>
Configuration and Optimization
Fragment Caching



Dynamic Portions of a Page
Data Doesn’t Change Frequently
User Control
<%@ OutputCache Duration=“60" %>
Configuration and Optimization
Cache API’s

Programmatically Cache Data
Cache.Insert( _
Key, _
Value, _
CacheDependency, _
AbsoluteExpiration, _
SlidingExpiration, _
Priority, _
PriorityDecay, _
Callback)
Configuration and Optimization
Cache API’s

Key


Value


String used to look up the cached item
Item or object to store in the cache
CacheDependency

Cache item can automatically expire when
a file, directory, or other cache item
changes
Configuration and Optimization
Cache API’s

AbsoluteExpiration


SlidingExpiration


Cache item can expire after a certain amount of
inactivity
Priority


Cache item can expire at some fixed time
(midnight, for example)
When forcing items from the cache, which items
should go first
PriorityDecay

Within a given priority range, does this item
expire fast or slow
Demonstration 5
Configuration and
Optimization
ASP.NET Caching
Configuration and Monitoring
Monitoring ASP.NET Applications

Monitoring Tool Integration



Performance Monitor
Tracing Support
Service Control and Monitoring
Configuration and Monitoring
Performance Counters


Some Counters are now more
application specific as oppossed to
server specific for traditional ASP
Counter Groups


Global Performance Counters
Application Specific Counters
Configuration and Monitoring
Global Performance Counters

Global Performance Counters




Application Restarts
Applications Running
Requests Queued
Request Wait Time
Configuration and Monitoring
Application Specific Counters

Application Performance Counters






Cache Total Entries
Cache Total Hit Ratio
Request Bytes in Total
Requests Executing
Requests Timed Out
Sessions Timed Out
Configuration and Monitoring
PerformanceCounter Class

The PerformanceCounter class allows
you to access counter data from code
Dim Req_Bytes_Total As New
PerformanceCounter(“asp .net
applications", “Request Bytes Out
Total”, _Total_)
Dim s as Integer
S = Req_Bytes_Total.NextValue()

The same code can be used to retrieve
standard counters as well
Configuration and Monitoring
Tracing

Tracing




Timing information between successive
trace output statements
Information about the server control
hierarchy
The amount of viewstate used
Render size of controls on your page
Configuration and Monitoring
Tracing

Enable Tracing for a specific page
<%@ Page trace=true Language="vb"
AutoEventWireup="false"
Codebehind="Write_Trace_Info.aspx.vb"
Inherits="Opt_Monitor.Write_Trace_Info"%>

Writing Custom Trace Statements
Trace.Write(“Custom Trace”, “Begin Load
DataSet”)
Configuration and Monitoring
Accessing Services

ServiceController class

Allows you to access locally or remote services


Constructor

Takes ServiceName as Parameter
Methods

Stop

Start

Pause

WaitForStatus

Allows you to easily wait for the service state to
change to the desired state before continuing
Properties

MachineName
 Gets or sets the machine name


Srv.WaitForStatus(ServiceControllerStatus.
Stopped, System.TimeSpan.FromSeconds(30))
Configuration and Monitoring
Checking Service State

Checking the Service State
Protected Sub CheckServiceState(ByVal ServiceName
As String) as String
Dim Srv As New
ServiceController(ServiceName)
Select Case Srv.Status
Case ServiceControllerStatus.Running
CheckServiceState = "Started"
Case ServiceControllerStatus.Stopped
CheckServiceState = "Stopped"
Case Else
CheckServiceState = "Unknown"
End Select
End Sub
Demonstration 6
Configuration and
Optimization
ASP .NET
Optimization and Monitoring
Session Summary




Web Forms
ASP .NET Applications
Web Application Security
Configuration and Monitoring
For More Information…

MSDN Web Site at


msdn.microsoft.com
ASP.NET Related Sites at







msdn.microsoft.com/library/dotnet/cpguide/cpconaspwebfor
ms.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconaspnetapp
lications.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconaspstatem
anagement.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconoptimizing
aspapplications.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconsecuringa
spnetwebapplications.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconaspcachin
gfeatures.htm
msdn.microsoft.com/library/dotnet/cpguide/cpconaspnetcon
figurationconcepts.htm
MS Press
Essential Resources for Developers
Now you can build your own custom MS Press books at
mspress.microsoft.com/custombook
Choose from Windows 2000, SQL Server 200, Exchange 2000, Office 2000
and XML
Build it and then order it on either MS Reader, PDF, or printed versions
Training
Training Resources for Developers

Introduction to ASP.NET



Course 2063
Available: Now
Building and Using Web Services with
Visual Studio.NET


Course 2504
Available: July 2001
To locate a training provider for this course, please access
mcspreferral.microsoft.com/default.asp
Microsoft Certified Technical Education Centers (CTECs)
are Microsoft’s premier partners for training services
MSDN
Essential Resources for Developers
Subscription
Services
Library, Professional, Universal
Delivered via CD-ROM, DVD, Web
Online
Information
MSDN Online, MSDN Flash
Training &
Events
MSDN Training, Tech-Ed, PDC,
Developer Days, MSDN/Onsite Events
Print
Publications
MSDN Magazine
MSDN News
Membership
Programs
MSDN User Groups
Where Can I Get MSDN?




Visit MSDN Online at
msdn.microsoft.com
Register for the MSDN Flash
Email Newsletter at
msdn.microsoft.com/resources/
msdnflash.asp
Become an MSDN CD Subscriber at
msdn.microsoft.com/subscriptions
Attend More MSDN Events
Become A Microsoft
Certified Solution Developer

What Is MCSD?


How Do I Get MCSD Status?


Premium certification for professionals who design
and develop custom business solutions
It requires passing four exams to prove
competency with Microsoft solution architecture,
desktop applications, distributed application
development, and development tools
Where Do I Get More Information?

For more information about certification
requirements, exams, and training options,
visit www.microsoft.com/mcp