Softsmith Infotech.Net Table of contents Introduction to VS 2005 Application and Page Frameworks GUI Controls Validation Server Controls Working with Master.

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Web Development in Microsoft Visual Studio Slide 2 Lecture Overview Introduce Visual Studio 2013 Create a first ASP.NET application.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 1.1 of…
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
ASP.NET Programming with C# and SQL Server First Edition
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Tutorial: Introduction to ASP.NET Internet Technologies and Web Application 4 th February 2010.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Session 11: Security with ASP.NET
JavaScript & jQuery the missing manual Chapter 11
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Overview of Previous Lesson(s) Over View  Server controls are small building blocks of the graphical user interface, which includes  Text boxes  Buttons.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
ASP.NET 2.0 Chapter 5 Advanced Web Controls. ASP.NET 2.0, Third Edition2 Objectives.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
State Management. What is State management Why State management ViewState QueryString Cookies.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
ASP.NET State Management. Slide 2 Lecture Overview Client state management options Cookies Server state management options Application state Session state.
Session and Cookie Management in.Net Sandeep Kiran Shiva UIN:
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
ASP.NET OPTIMIZATION. Why Optimize? $$$ Whether you build applications for customers or not, enhanced applications save money.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
Database Handling, Sessions, and AJAX. Post Back ASP.NET Functionality The IsPostBack method in ASP.NET is similar to the BlackBerry.refresh method –IsPostBack.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
Object Oriented Software Development 10. Persistent Storage.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
PAGE DIRECTIVES. Page Directives  They are instructions, inserted at the top of an ASP.NET page, to control the behavior of ASP.NET pages.  So it is.
ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Understanding Web Applications Lesson 4. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding Web Page Development Understand Web.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
ASP.NET P AGE O BJECTS.  Each ASP.NET page inherits the PAGE object  The PAGE supplies 3 built in objects:  REQUEST: All information passed to the.
Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.
Configuring and Deploying Web Applications Lesson 7.
Overview of Previous Lesson(s) Over View  ASP is a technology that enables scripts in web pages to be executed by an Internet server.  ASP.NET is a.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Alexey Polovinkin Post graduate student, CMC department.
Introduction to ASP.NET, Second Edition2 Chapter Objectives.
ASP.NET State Management Overview Prepared By Manish Kumar Aery(IM66) Department of computer Application IET Bhaddal (Ropar)
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
Managing State Chapter 13.
Agenda Introduction Security flow for a request Authentication
State Management.
Jim Fawcett CSE686 – Internet Programming Summer 2005
Chapter 23 – ASP.NET Outline 23.1 Introduction NET Overview
State management & Master Pages in asp.net
ASP.NET 4.0 State Management Improvements – Deep Dive
Presentation transcript:

Softsmith Infotech.Net Table of contents Introduction to VS 2005 Application and Page Frameworks GUI Controls Validation Server Controls Working with Master Pages Themes & Skins Collections & Lists Data Binding Data Management with ADO.Net Working with XML Site Navigation Security State Management Caching Debugging & Error Handling File I/O & Streams Configurations

Softsmith Infotech Site Navigation We can access an aspx web application by means of virtual path. If Default.aspx file exists in the application, this URL would open the file in browser. We can also give any other valid aspx file name in the browser to view that file

Softsmith Infotech Security Threats faced by an application –Spoofing –Tampering –Repudiation –Information disclosure –Denial of Service –Elevation of privilege

Softsmith Infotech Security in ASP.Net Security in the context of ASP.NET application involves 3 fundamental terms Authentication –is the process of identifying users who can use the application (password checking) Authorization –Defining what operations the users can do and to what level (access rights check) Impersonation –This is the technique used by a server application to access resources on behalf of a client

Softsmith Infotech Authentication Authentication Modes –Windows Authentication – IIS authentication –Forms Authentication - Application credential verification –Microsoft Passport Authentication Specifying Authentication Mode –Can be specified in the Web.config file as follows

Softsmith Infotech IIS Authentication Basic –IIS instructs the browser to send the user's credentials over HTTP –Credentials are Base64 encoded which are not that much secure Digest –Digest authentication sends credentials across the network as a Message Digest 5 (MD5) hash (encrypted) Integrated Windows (Used in large organisation connected with Network) –Uses either NTLM challenge/response or Kerberos to authenticate users with a Windows NT Domain or Active Directory account –A Hash of the credentials is sent, password is encrypted and sent.NET Passport –The credentials that are registered with Microsoft which can be used with any microsoft application like – hotmail, msn messenger or skydrive or windows Live etc

Softsmith Infotech Authorization We can allow or deny Users using authorization tag in web.config file <!-- <allow users="[comma separated list of users]" roles="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]"/> -->

Softsmith Infotech Forms Authentication Can store credentials in web.config files For Login page, only if given the following credentials it will allow.

Softsmith Infotech State Management Web forms are created and destroyed each time a client makes a request Page state is not retained –For postbacks –Between pages State management is implemented using –Client side options Viewstate Cookies QueryString –Server side options Application Session Database support

Softsmith Infotech View State Stores information as hidden fields ViewState is enabled for every page by default Saving Arraylist in a view state protected void Page_PreRender(object sender, EventArgs e) { ViewState.Add("arrayListInViewState", PageArrayList); } We can access the same as follows ViewState[“arrayListInViewState”]

Softsmith Infotech Cookies To store small amounts of information on a client To store user-specific information Store as key/value pair //Create a cookie HttpCookie uname = new HttpCookie("UserName"); uname.Value = txtUser.Text; //Add the cookie Response.Cookies.Add(uname); //Set the Expiry date for the cookie Response.Cookies["UserName"].Expires = d1.AddYears(2); //Retrive the value of cookie if(Request.Cookies["UserName"] != null){ //Display the value of cookie lblUser.Text = Request.Cookies["UserName"].Value; }

Softsmith Infotech Query string Easy way to pass information –Between pages Way to pack information with URL The URL with a query string look like below To send page data as query string Response.Redirect("welcome.aspx?category="+txtCategory.T ext) To retrieve data in next page lblCategory.Text=“We welcome” + Request.QueryString[“category”];

Softsmith Infotech Session –Can store information that we want to keep local to the current session (single user) –We can store values that need to be persisted for the duration of a user –Every user session will be assigned a unique SessionId protected void Session_Start(Object sender, EventArgs e) { Session["userName"] =“guest"; } protected void Session_End(Object sender, EventArgs e) { Session.Remove("userName"); }

Softsmith Infotech Session State Session state can be stored in three ways –InProc Stores session data in the memory of the ASP.NET worker process Provides faster access to these values Session data is lost when the ASP.NET worker process is recycled Need to give in the Web.config file as follows –StateServer Uses a stand alone window service (State Server) to store session variables –Independent of IIS as it can run as separate service Better load balancing management as clustered servers can share their session information Need to give in the Web.config file as follows

Softsmith Infotech Session State –SQLServer Similar to State Server, except that the information persists in MS-SQL Server database tables Need to give the following in Web.config file Note: To use SQL Server as session state store, create the necessary tables and stored procedures.NET SDK provides us with a SQL script InstallPersistSqlState.sql

Softsmith Infotech Application Provides a mechanism for storing data that is accessible to all users using the Web Application Are declared in a special file called as Global.asax void Application_Start() { Application["startTime"] = DateTime.Now.ToString(); } void Application_End() { Application["startTime"] = null; }

Softsmith Infotech Database Support Database support may be used to maintain state of your Web site Advantages of Using a Database to Maintain State –Security –Storage capacity –Data persistence –Robustness and data integrity –Accessibility –Widespread support Disadvantages of Using a Database to Maintain State –Complexity –Performance considerations

Softsmith Infotech Caching –In ASP.NET, page gets processed and is destroyed for every request –Some times, dynamic contents of page may not change frequently –ASP.NET holds such content in memory so that it can be delivered again efficiently without processing

Softsmith Infotech Caching – Single Response Use page directive to cache a Web form in the server’s memory –The Duration attribute directive’s controls how long the page is cached. Setting VaryByParam="None” caches only one version of the web form // Web form is Cached for 60 seconds

Softsmith Infotech Caching – Multiple Response //This page sends item (Infopage.aspx) private void btnSubmit_Click(object sender, System.EventArgs e) { Response.Redirect("NextPageVaryParam.aspx?id="+drpTimeZone.SelectedItem); } // Web form is Cached for dropdownlistbox selected item //This page is cached depend on item selected from //infopage.aspx

Softsmith Infotech Fragment Cache Cache regions of a page content Attribute used OutputCache –VaryByParam -varies cached results based on name/value pairs sent using POST or GET –VaryByControl -varies the cached fragment by controls within the user control OutputCache Duration="120" VaryByParam="none" VaryByControl="Category" %>

Softsmith Infotech Data Caching Data caching is storing of data internal to a web application This enables to use the cached object across all the pages of the application Cache is global to entire web application and is accessible to all the clients of that application The lifetime of such cached objects is that of the application itself If the application is restarted then all the cached objects are destroyed Expiry time can be set for cache objects –Absolute Expiry (Absolute value) –Sliding Expiry (relative value – from now onwards 5 seconds)

Softsmith Infotech Debugging Visual studio 2005 provides a built in debugger. Breakpoint – Press F9 to insert break point at a location or Select Insert Break Point from Debug Menu We can Step Over using (F10 key) or Step Into using (F11 key) a function

Softsmith Infotech Error Handling.NET CLR provides structured Exception handling –Using try catch block ASP.NET provides declarative error handling –Automatically redirect users to error page when unhandled exceptions occur –Prevents ugly error messages from being sent to users The Web.Config should have these lines <error statusCode=“403” redirect=“noaccessallowed.htm”/>

Softsmith Infotech Error Handling The mode attribute can be one of the following: –On Error details are not shown to anybody, even local users If you specify a custom error page it will be always used –Off Everyone will see error details, both local and remote users If you specify a custom error page it will NOT be displayed –RemoteOnly Local users will see detailed error pages Remote users will be presented with a concise page notifying them that an error occurred Note : Local user means User browsing the site on the same machine where web applications are deployed

Softsmith Infotech File Handling System.IO name space will have Methods and classes for File Handling FileInfo and DirectoryInfo class helps us in managing files and directory Both these classes are inherited from FileSystemInfo class

Softsmith Infotech FileSystemInfo Used to discover general characteristics about a given file or directory. Properties - Attributes - Creation Time - Exists - Extension - Full Name - Last Access Time - Last Write time - Name

Softsmith Infotech FileInfo Methods - AppendText()- MoveTo() - CopyTo()- Open() - Create()- OpenRead() - CreateText()- OpenText() - Delete()- OpenWrite() Properties - Directory - DirectoryName - Length - Name

Softsmith Infotech FileInfo Example FileInfo FI = new MessageBox.Show(FI.DirectoryName.ToString()); MessageBox.Show(FI.Extension.ToString()); MessageBox.Show(FI.LastAccessTime.ToString()); MessageBox.Show(FI.LastWriteTime.ToString());

Softsmith Infotech Streams Streams are channels of communication between programs and source/destination of data –A stream is either a source of bytes or a destination for bytes. Provide a good abstraction between the source and destination Abstract away the details of the communication path from I/O operation Streams hide the details of what happens to the data inside the actual I/O devices. Streams can read/write data from/to blocks of memory, files and network connections Stream can be File or Console or Network or Hardware

Softsmith Infotech Stream Byte Stream –FileStream – Works with File –MemoryStream – Works with array –BufferedStream - O ptimized read/write operations Character Stream –TextReader –TextWriter

Softsmith Infotech Byte Stream FileStream class is used to read from, write to, open, and close files on a file system The MemoryStream class creates streams that have memory as a backing store instead of a disk or a network connection –encapsulates data stored as an byte array BufferedStream –A buffer is a block of bytes in memory used to cache data –reduces the number of calls to the operating system –Buffers improve read and write performance.

Softsmith Infotech Character Stream Both are abstract classes used read and write data using characters from different streams TextReader –Represents a reader that can read a sequential series of characters TextWriter –Represents a writer that can write a sequential series of characters To read and write we use derived classes like StreamReader and StreamWriter

Softsmith Infotech Binary Reader/Writer It can be used in the way StreamReader/Writer are used. The BinaryReader methods –bool ReadBoolean() –byte ReadByte() –char ReadChar() –float ReadSingle() –double ReadDouble() –int ReadInt32() The BinaryWriter method -void Write( any single primitive type argument )

Softsmith Infotech Configurations These two files helps us in setting configurations Machine.Config – Machine level configuration Web.Config – Application level configuration

Softsmith Infotech Configurations Configuration files can be stored in application folders –Configuration system automatically detects changes Hierarchical configuration architecture –Applies to the actual directory and all subdirectories Examples: