ASPdotNET Presentation Part3

8/14/2019 ASPdotNET Presentation Part3

1/36

Softsmith Infotech

.Net

Table of contents Introduction to VS 2005 Application and Page Frameworks GUI Controls Validation Server Controls Working with Master Pages Themes & Skins Collections & Lists

Data Binding Data Management with ADO.Net Working with XML Site Navigation Security State Management Caching Debugging & Error Handling File I/O & Streams Configurations


2/36

Softsmith Infotech

Site Navigation

We can access an aspx web applicationby means of virtual path.

http://localhost/VirtualDirectoryName/Default.aspx

If Default.aspx file exists in the application, this

URL would open the file in browser.We can also give any other valid aspx file namein the browser to view that file
http://localhost/VirtualDirectoryName/Default.aspxhttp://localhost/VirtualDirectoryName/Default.aspx


3/36

Softsmith Infotech

Security

Threats faced by an application

Spoofing

Tampering

Repudiation

Information disclosure

Denial of Service

Elevation of privilege


4/36

Softsmith Infotech

Security in ASP .Net

Security in the context of ASP.NET applicationinvolves 3 fundamental terms

Authentication is the process of identifying users who can use the

application (password checking)

Authorization Defining what operations the users can do and to

what level (access rights check)

ImpersonationThis is the technique used by a server application

to access resources on behalf of a client


5/36

Softsmith Infotech

Authentication

Authentication Modes

Windows Authentication IIS authentication

Forms Authentication - Application credential

verification Microsoft Passport Authentication

Specifying Authentication Mode

Can be specified in the Web.config file as follows


6/36

Softsmith Infotech

IIS Authentication

Basic

IIS instructs the browser to send the user's credentials over HTTP

Credentials are Base64 encoded which are not that much secure

Digest

Digest authentication sends credentials across the network as a Message

Digest 5 (MD5) hash (encrypted)

Integrated Windows (Used in large organisation connected with Network)

Uses either NTLM challenge/response or Kerberos to authenticate users with a

Windows NT Domain or Active Directory account

A Hash of the credentials is sent, password is encrypted and sent

.NET Passport The credentials that are registered with Microsoft which can be used with any

microsoft application like hotmail, msn messenger or skydrive or windows Live

etc


7/36

Softsmith Infotech

Authorization

We can allow or deny Users using authorization tag in web.config

file


8/36

Softsmith Infotech

Forms Authentication

Can store credentials in web.config files

For Login page, only if given the following

credentials it will allow.


9/36

Softsmith Infotech

State Management

Web forms are created and destroyed each time a client makes a request

Page state is not retained

For postbacks

Between pages

State management is implemented using

Client side options Viewstate

Cookies

QueryString Server side options

Application

Session

Database support


10/36

Softsmith Infotech

View State

Stores information as hidden fields

ViewState is enabled for every page by default

Saving Arraylist in a view state

protected void Page_PreRender(object sender, EventArgs e)

{

ViewState.Add("arrayListInViewState", PageArrayList);

}

We can access the same as follows

ViewState[arrayListInViewState]


11/36

Softsmith Infotech

Cookies

To store small amounts of information on a client

To store user-specific information

Store as key/value pair

//Create a cookie

HttpCookie uname = new HttpCookie("UserName");

uname.Value = txtUser.Text;//Add the cookie

Response.Cookies.Add(uname);

//Set the Expiry date for the cookie

Response.Cookies["UserName"].Expires = d1.AddYears(2);

//Retrive the value of cookieif(Request.Cookies["UserName"] != null) {

//Display the value of cookie

lblUser.Text = Request.Cookies["UserName"].Value;

}


12/36

Softsmith Infotech

Query string

Easy way to pass information

Between pages

Way to pack information with URL

The URL with a query string look like below

http://localhost/Demo/Default.aspx?Uname=guest

To send page data as query string

Response.Redirect("welcome.aspx?category="+txtCategory.Text)

To retrieve data in next page

lblCategory.Text=We welcome +

Request.QueryString[category];


13/36

Softsmith Infotech

Session

Can store information that we want to keep local to the current session

(single user)

We can store values that need to be persisted for the duration of a user

Every user session will be assigned a unique SessionId

protected void Session_Start(Object sender, EventArgs e)

{

Session["userName"] =guest";

}

protected void Session_End(Object sender, EventArgs e){

Session.Remove("userName");

}


14/36

Softsmith Infotech

Session State

Session state can be stored in three ways

InProc Stores session data in the memory of the ASP.NET worker process

Provides faster access to these values

Session data is lost when the ASP.NET worker process is recycled

Need to give in the Web.config file as follows


15/36

Softsmith Infotech

Session State

SQLServer Similar to State Server, except that the information persists in MS-SQL

Server database tables

Need to give the following in Web.config file

Note: To use SQL Server as session state store, create the necessary

tables and stored procedures

.NET SDK provides us with a SQL script InstallPersistSqlState.sql


16/36

Softsmith Infotech

Application

Provides a mechanism for storing data that is accessible to all users using

the Web Application

Are declared in a special file called as Global.asax

void Application_Start() {

Application["startTime"] = DateTime.Now.ToString();

}

void Application_End() {

Application["startTime"] = null;

}


17/36

Softsmith Infotech

Database Support

Database support may be used to maintain state of your Web site

Advantages of Using a Database to Maintain State

Security

Storage capacity Data persistence

Robustness and data integrity

Accessibility

Widespread support

Disadvantages of Using a Database to Maintain State

Complexity

Performance considerations


18/36

Softsmith Infotech

Caching

In ASP.NET, page gets processed and is

destroyed for every request

Some times, dynamic contents of page maynot change frequently

ASP.NET holds such content in memory so

that it can be delivered again efficientlywithout processing


19/36

Softsmith Infotech

Caching Single Response

Use the @OutputCache page directive to cache a Web form in the

servers memory

The Duration attribute of@OutputCache directives controls

how long the page is cached.

Setting VaryByParam="None caches only one version of the webform

// Web form is Cached for 60 seconds


20/36

Softsmith Infotech

Caching Multiple Response

//This page sends item (Infopage.aspx)

private void btnSubmit_Click(object sender,System.EventArgs e)

{

Response.Redirect("NextPageVaryParam.aspx?id="+drpTimeZone.SelectedItem);

}

// Web form is Cached for dropdownlistbox selected item

//This page is cached depend on item selected from

//infopage.aspx


21/36

Softsmith Infotech

Fragment Cache

Cache regions of a page content

Attribute used

@ OutputCache

VaryByParam -varies cached results based on name/value pairs sent

using POST orGET

VaryByControl -varies the cached fragment by controls within the user

control


22/36

Softsmith Infotech

Data Caching

Data caching is storing of data internal to a web application

This enables to use the cached object across all the pages of the

application

Cache is global to entire web application and is accessible to all the

clients of that application The lifetime of such cached objects is that of the application itself

If the application is restarted then all the cached objects are

destroyed

Expiry time can be set for cache objects

Absolute Expiry (Absolute value)

Sliding Expiry (relative value from now onwards 5 seconds)


23/36

Softsmith Infotech

Debugging

Visual studio 2005 provides a built in

debugger.

Breakpoint Press F9 to insert break

point at a location or Select Insert Break

Point from Debug Menu

We can Step Over using (F10 key) or Step

Into using (F11 key) a function


24/36

Softsmith Infotech

Error Handling

.NET CLR provides structured Exception handling

Using try catch block

ASP.NET provides declarative error handling

Automatically redirect users to error page when unhandled exceptionsoccur

Prevents ugly error messages from being sent to usersThe Web.Config should have these lines


25/36

Softsmith Infotech

Error Handling

The mode attribute can be one of the following:

On Error details are not shown to anybody, even local users

If you specify a custom error page it will be always used

Off Everyone will see error details, both local and remote users

If you specify a custom error page it will NOT be displayed

RemoteOnly Local users will see detailed error pages

Remote users will be presented with a concise page notifying themthat an error occurred

Note : Local user means User browsing the site on the same machinewhere web applications are deployed


26/36

Softsmith Infotech

File Handling

System.IO name space will have Methods

and classes for File Handling

FileInfo and DirectoryInfo class helps us in

managing files and directory

Both these classes are inherited from

FileSystemInfo class


27/36

Softsmith Infotech

FileSystemInfo

Used to discover general characteristics about agiven file or directory.

Properties

- Attributes- Creation Time- Exists

- Extension

- Full Name- Last Access Time

- Last Write time

- Name


28/36

Softsmith Infotech

FileInfo

Methods

- AppendText() - MoveTo()

- CopyTo() - Open()

- Create() - OpenRead()

- CreateText() - OpenText()- Delete() - OpenWrite()

Properties

- Directory- DirectoryName

- Length

- Name


29/36

Softsmith Infotech

FileInfo Example

FileInfo FI = new FileInfo(@"form1.cs)

MessageBox.Show(FI.DirectoryName.ToString());

MessageBox.Show(FI.Extension.ToString());

MessageBox.Show(FI.LastAccessTime.ToString());

MessageBox.Show(FI.LastWriteTime.ToString());


30/36

Softsmith Infotech

Streams

Streams are channels of communication between programs and

source/destination of data

A stream is either a source of bytes or a destination for bytes.

Provide a good abstraction between the source and destination

Abstract away the details of the communication path from I/Ooperation

Streams hide the details of what happens to the data inside the actual

I/O devices.

Streams can read/write data from/to blocks of memory, files and

network connections

Stream can be File or Console or Network or Hardware


31/36

Softsmith Infotech

Stream

Byte Stream

FileStream Works with File

MemoryStream Works with array

BufferedStream - Optimized read/write operations

Character Stream

TextReader

TextWriter


32/36

Softsmith Infotech

Byte Stream

FileStream class is used to read from, write to, open, and close

files on a file system

The MemoryStream class creates streams that have memory as a

backing store instead of a disk or a network connection encapsulates data stored as an byte array

BufferedStream

A buffer is a block of bytes in memory used to cache data

reduces the number of calls to the operating system

Buffers improve read and write performance.


33/36

Softsmith Infotech

Character Stream

Both are abstract classes used read and write data using charactersfrom different streams

TextReader

Represents a reader that can read a sequential series of

characters

TextWriter

Represents a writer that can write a sequential series ofcharacters

To read and write we use derived classes like StreamReader andStreamWriter


34/36

Softsmith Infotech

Binary Reader/Writer

It can be used in the way StreamReader/Writer are used.

The BinaryReader methods

bool ReadBoolean()

byte ReadByte() char ReadChar()

float ReadSingle()

double ReadDouble()

int ReadInt32()

The BinaryWriter method

-void Write( any single primitive type argument )


35/36

Softsmith Infotech

Configurations

These two files helps us in setting

configurations

Machine.Config Machine level

configuration

Web.Config Application level

configuration


36/36

Softsmith Infotech

Configurations

Configuration files can be stored in application folders

Configuration system automatically detects changes

Hierarchical configuration architecture

Applies to the actual directory and all subdirectories

Examples:

Documents

ASPdotNET Presentation Part3