ASP.NET With Visual Studio.NET Name Title Department Microsoft Corporation What we will cover Web Forms Usage of Global.asax How to work with Session State How to secure ASP .NET Applications Usage of Web.Config Caching Monitoring ASP .NET Applications Session Prerequisites Web Development ASP Programming Microsoft ADO Understanding of XML Level 300 Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring Web Forms What is Web Forms? Code Model Life Cycle Server Side Events Server Controls Validation Web Forms Code Model Code Behind Logic – Presentation Separation Object Orientated Event Driven Web Forms ASP.NET Page Life Cycle Similar to Win32 Application Coding Events Raised as Page Created Form_Initialize() Form_Load() Form_Activate() Form_Unload() ~ ~ ~ ~ Page_Init() Page_Load() Page_PreRender() Page_Unload() Web Forms Server Side Events Runat=“server” <form runat=“server”> <input type=button id=button1 OnServerClick=“Button1_Click” runat=“server” /> Button1_Click(Sender as Object, e as EventArgs) Button1.Text = “Save” Web Forms Server Controls 45 Built In Controls Target any HTML 3.2 browser Raise Events to Server Basic Controls textbox, checkbox, radio, button Advanced Controls AdRotator, Calendar, DataGrid, Validator Web Forms Basic Server Controls <asp:textbox id=text1 runat=server/> text1.text = “Hello World” <asp:checkbox id=check1 runat=server/> check1.checked=True <asp:button id=button1 runat=server/> button1_onClick() <asp:DropDownList id=DropDownList1 runat=server> DropDownList1.SelectedItem.Text = “Hello” Web Forms Advanced Server Controls DataGrid Defined by <asp:datagrid /> Column Sorting In-Line Editing HTML Table DataBinding Paging Web Forms Advanced Server Controls Validation Required Validator Control Range Validator Control Compare Validator Control Regular Expression Validator Custom Validator Control Example: <asp:RequiredFieldValidator ControlToValidate="txtName" ErrorMessage="Please Enter Your Name" runat="server" /> Demonstration 1 Web Forms Code and Page Model Event Model Server Controls Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring ASP.NET Applications Traditional ASP (global.asa) Application_OnStart Application_OnEnd Session_OnStart Session_OnEnd ASP.NET Applications Global.ASAX events First Request First Request for Each User Application_Error User Logs Out/Session Times Out Application_BeginRequest Application_Authenticate Application_EndRequest Application Error Session_Start Each Request Application_Start Session_End Web Server Shutdown Application_End ASP.NET Applications Global.ASAX Event Usage Application_BeginRequest Application_EndRequest Virtual Resources Text to be included at the start of every page Text to be added to the end of every page Application_Error Useful for sending out an email or writing to the event log when an error occurs that was not properly handled at the source of the error ASP.NET Applications Global.ASAX Event Usage Session_End Application_End Writing to a log file or database that a user has logged out at a given time Useful for writing out when the web application had to stop. Could write an entry out to the event log Application_Start Useful for loaded site specific configuration information ASP.NET Applications Saving Application State Essentially global variables for the application Application(“CompanyName”) Can lock or unlock Application State Variables Application.lock Application(“GlobalCounter”) Application.unlock = NewValue ASP.NET Applications Saving Session State Per User Variables Available to All Pages in the Site Session(“UserID”) = 5 UserID = Session(“UserID”) ASP.NET Applications ASP vs. ASP .NET State ASP Session State Forces “Server Affinity” Dependent on cookies Not fault tolerant ASP .NET Session State Support for Web Gardens and Server Farms Doesn’t require cookies Better fault tolerance ASP.NET Applications Configuring Session State Configuration information stored in Web.Config <sessionState Inproc=“true” mode=“sqlserver” cookieless=“false” timeout=“20” sqlconnectionstring=“data source=127.0.0.1;user id=sa;password=“” stateConnectionString="tcpip=127.0.0.1:4 2424" /> </sessionState> ASP.NET Applications Configuring Session State Mode Cookieless InProc – Conventional session variables. Stored inmemory on the web server. Stateserver – Sessions are stored on an external server, in memory. SQLServer – Sessions are stored in a SQL database. Determines if Cookieless sessions should be used Values are true or false TimeOut Determines the default timeout for the web site ASP.NET Applications Configuring Session State SQLConnectionString contains the datasource, userid, and password parameters necessary to connect to a sql database that holds the session state stateConnectionString Contains information needed to connect to the state server. ASP.NET Applications Storing Data in SQL Server In order to setup the SQL Server to store state information you must run a small T-SQL script on the target server InstallSQLState.sql can be found in [sysdrive]\winnt\Microsoft.NET\Framework\[ve rsion] Creates the following on the server A database called ASPState Stored Procedures Tables in TempDB to hold session data. Uninstall is via UninstallSQLState.sql Demonstration 2 ASP.NET Applications Uses for Global.asax Saving Application State Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring Web Application Security Security Concepts Authentication Authorization Impersonation Web Application Security Authentication Windows Basic Digest Integrated Passport Form Web Application Security Windows Authentication Enabled For IIS Through Internet Services Manager Web Application Security Windows Authentication Enabled for ASP.NET Through Web.config <security> <authentication mode="Windows" /> </security> Web Application Security Windows Authentication Site Can Easily Access User Name Dim UserName As String UserName = User.Identity.Name NT Groups Automatically Map to ASP.NET Roles If User.IsInRole(“Administrators”) Then… Web Application Security Form Authentication Web Site is Responsible for Security, not IIS Configure IIS to allow anonymous access Set Web.Config to force users to authenticate through a form <authentication mode="Forms"> <forms loginUrl="Registration.aspx"> </forms> </authentication> <authorization> <deny users="?" /> </authorization> Any Unauthenticated User Will Get Sent to “Registration.aspx” Web Application Security Form Authentication You Code a Form to Collect User ID and Password To Authenticate a User: FormAuthentication.RedirectFromLoginPage(UserName, False) RedirectFromLoginPage Marks the user as authenticated Takes the user to the page they originally requested If the user requested the login page, takes the user to Default.aspx Can persist authentication in a cookie Web Application Security Form Authentication - Declarative For Simple Sites, You Can Store User ID and Password in Web.config <credentials passwordFormat="clear"> <user name="MSDN" password="online" /> <user name="Guest" password="guest" /> </credentials> Web Application Security Form Authentication - Declarative User is Authenticated by Calling FormsAuthentication.Authenticate( _ UserName, Password) Web Application Security Form Authentication - Programmatic Code is Used to Authenticate the User SQL = “Select * From Users ” & _ “Where UserID = ‘” & UserName & “’” If UserFoundInDataBase then FormAuthentication.RedirectFromLoginPage(UserNam e,false) Else lblLoginError.Text = “User Not Found or Invalid Password” end if Web Application Security Roles Jane John Page RD RD Content Jill Jamie Jenny Admins Admin Content Web Application Security Roles Build the Application In Terms of Roles Access to Pages Custom Page Content After Deployment, Assign Users To Roles Web Application Security Roles Programmatically Assigning Users to Roles Sub Application_AuthenticateRequest(ByVal Sender As Object, ByVal e As EventArgs) If request.IsAuthenticated = True Then sql = “select role from roles where userid=‘“ & UserID & “’” ‘ Get Roles from Result Set context.User = New GenericPrincipal(user, roles) End If End Sub Web Application Security Roles Display Content Based on Roles If User.IsInRole(“HumanRes”) Then cmdEditSalary.Visible = true End If Web Application Security Impersonation Windows Authentication Web.config <identity> <impersonation enable="true" name="username" password="password" /> </identity> Demonstration 3 Web Application Security Windows Authentication Form Based Registration Form Based Authentication Assigning Users to Roles Agenda Web Forms ASP .NET Applications Web Application Security Configuration and Monitoring Configuration and Optimization Web.Config Site Configuration File Ships with the Site Stores Most Configuration Options Eases Maintenance and Deployment Changes Take Effect Immediately Configuration and Optimization Hierarchical Configuration Architecture Web.Config files and their settings are inherited in a hierarchy Machine Settings (Winnt\Microsoft .NET\Version\) Web Application Root Directory Sub directories Configuration and Optimization Hierarchical Configuration Architecture Settings can be targeted at a specified set of files/directories by use of the <location> tag <configuration> <location path=“/admin”> <system.web> <security> <authorization> <allow roles=“Admins”> </authorization> </security> </system.web> </location> </configuration> Configuration and Optimization Default Configuration Settings Machine.config Tracing Execution Timeout Session State Authentication Multi CPU Support Disabled 90 Seconds Enabled, Inproc Allow Anonymous Disabled Configuration and Optimization Custom Configuration Settings Examples of Customization AppSettings CustomErrors Trace Settings Authentication Session Settings Browser Capabilities Configuration and Optimization Custom Configuration Settings Custom Setting in Config.Web <configuration> <appSettings> <add key="DSN" value="server=localhost… </appSettings> </configuration> Accessing with Code DSN = ConfigurationSettings.AppSettings("DSN") Configuration and Optimization Custom Configuration Settings Redirect Certain Errors to Certain Pages <customErrors mode="On"> <error statusCode="404" redirect="errorpage404.aspx" /> </customErrors> <customErrors mode=“RemoteOnly"> <error statusCode="404" redirect="errorpage404.aspx" /> </customErrors> Configuration and Optimization Custom Configuration Settings Tracing <trace enabled=“true" requestLimit="10" pageOutput=“true" traceMode="SortByTime" /> Configuration and Optimization Custom Configuration Settings Trace Options Enabled RequestLimit Store tracing information for this many requests PageOutput Tracing information will be stored. Information can be accessed through http://site/trace.axd Allows trace output to also appear at the bottom of the page. TraceMode Allows trace information to be sorted by time or category. Configuration and Optimization Custom Configuration Settings Writing to the Trace Log Trace.Write(“Page_Load”,”Entering Event”) Trace.Warn(“GetCustomer”,”Invalid Argument”) Demonstration 4 Configuration and Optimization ASP.NET Configuration Configuration and Optimization Page Output Caching Pages That Don’t Change Frequently Dramatic Performance Increase <%@ OutputCache Duration= "500" %> Configuration and Optimization Fragment Caching Dynamic Portions of a Page Data Doesn’t Change Frequently User Control <%@ OutputCache Duration=“60" %> Configuration and Optimization Cache API’s Programmatically Cache Data Cache.Insert( _ Key, _ Value, _ CacheDependency, _ AbsoluteExpiration, _ SlidingExpiration, _ Priority, _ PriorityDecay, _ Callback) Configuration and Optimization Cache API’s Key Value String used to look up the cached item Item or object to store in the cache CacheDependency Cache item can automatically expire when a file, directory, or other cache item changes Configuration and Optimization Cache API’s AbsoluteExpiration SlidingExpiration Cache item can expire after a certain amount of inactivity Priority Cache item can expire at some fixed time (midnight, for example) When forcing items from the cache, which items should go first PriorityDecay Within a given priority range, does this item expire fast or slow Demonstration 5 Configuration and Optimization ASP.NET Caching Configuration and Monitoring Monitoring ASP.NET Applications Monitoring Tool Integration Performance Monitor Tracing Support Service Control and Monitoring Configuration and Monitoring Performance Counters Some Counters are now more application specific as oppossed to server specific for traditional ASP Counter Groups Global Performance Counters Application Specific Counters Configuration and Monitoring Global Performance Counters Global Performance Counters Application Restarts Applications Running Requests Queued Request Wait Time Configuration and Monitoring Application Specific Counters Application Performance Counters Cache Total Entries Cache Total Hit Ratio Request Bytes in Total Requests Executing Requests Timed Out Sessions Timed Out Configuration and Monitoring PerformanceCounter Class The PerformanceCounter class allows you to access counter data from code Dim Req_Bytes_Total As New PerformanceCounter(“asp .net applications", “Request Bytes Out Total”, _Total_) Dim s as Integer S = Req_Bytes_Total.NextValue() The same code can be used to retrieve standard counters as well Configuration and Monitoring Tracing Tracing Timing information between successive trace output statements Information about the server control hierarchy The amount of viewstate used Render size of controls on your page Configuration and Monitoring Tracing Enable Tracing for a specific page <%@ Page trace=true Language="vb" AutoEventWireup="false" Codebehind="Write_Trace_Info.aspx.vb" Inherits="Opt_Monitor.Write_Trace_Info"%> Writing Custom Trace Statements Trace.Write(“Custom Trace”, “Begin Load DataSet”) Configuration and Monitoring Accessing Services ServiceController class Allows you to access locally or remote services Constructor Takes ServiceName as Parameter Methods Stop Start Pause WaitForStatus Allows you to easily wait for the service state to change to the desired state before continuing Properties MachineName Gets or sets the machine name Srv.WaitForStatus(ServiceControllerStatus. Stopped, System.TimeSpan.FromSeconds(30)) Configuration and Monitoring Checking Service State Checking the Service State Protected Sub CheckServiceState(ByVal ServiceName As String) as String Dim Srv As New ServiceController(ServiceName) Select Case Srv.Status Case ServiceControllerStatus.Running CheckServiceState = "Started" Case ServiceControllerStatus.Stopped CheckServiceState = "Stopped" Case Else CheckServiceState = "Unknown" End Select End Sub Demonstration 6 Configuration and Optimization ASP .NET Optimization and Monitoring Session Summary Web Forms ASP .NET Applications Web Application Security Configuration and Monitoring For More Information… MSDN Web Site at msdn.microsoft.com ASP.NET Related Sites at msdn.microsoft.com/library/dotnet/cpguide/cpconaspwebfor ms.htm msdn.microsoft.com/library/dotnet/cpguide/cpconaspnetapp lications.htm msdn.microsoft.com/library/dotnet/cpguide/cpconaspstatem anagement.htm msdn.microsoft.com/library/dotnet/cpguide/cpconoptimizing aspapplications.htm msdn.microsoft.com/library/dotnet/cpguide/cpconsecuringa spnetwebapplications.htm msdn.microsoft.com/library/dotnet/cpguide/cpconaspcachin gfeatures.htm msdn.microsoft.com/library/dotnet/cpguide/cpconaspnetcon figurationconcepts.htm MS Press Essential Resources for Developers Now you can build your own custom MS Press books at mspress.microsoft.com/custombook Choose from Windows 2000, SQL Server 200, Exchange 2000, Office 2000 and XML Build it and then order it on either MS Reader, PDF, or printed versions Training Training Resources for Developers Introduction to ASP.NET Course 2063 Available: Now Building and Using Web Services with Visual Studio.NET Course 2504 Available: July 2001 To locate a training provider for this course, please access mcspreferral.microsoft.com/default.asp Microsoft Certified Technical Education Centers (CTECs) are Microsoft’s premier partners for training services MSDN Essential Resources for Developers Subscription Services Library, Professional, Universal Delivered via CD-ROM, DVD, Web Online Information MSDN Online, MSDN Flash Training & Events MSDN Training, Tech-Ed, PDC, Developer Days, MSDN/Onsite Events Print Publications MSDN Magazine MSDN News Membership Programs MSDN User Groups Where Can I Get MSDN? Visit MSDN Online at msdn.microsoft.com Register for the MSDN Flash Email Newsletter at msdn.microsoft.com/resources/ msdnflash.asp Become an MSDN CD Subscriber at msdn.microsoft.com/subscriptions Attend More MSDN Events Become A Microsoft Certified Solution Developer What Is MCSD? How Do I Get MCSD Status? Premium certification for professionals who design and develop custom business solutions It requires passing four exams to prove competency with Microsoft solution architecture, desktop applications, distributed application development, and development tools Where Do I Get More Information? For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcp
© Copyright 2024