Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.

Slides:



Advertisements
Similar presentations
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
Advertisements

ASP.NET Web Application Security Hannes Preishuber ppedv AG
ASP.NET Web Application Security Hannes Preishuber ppedv AG
Web Development in Microsoft Visual Studio Slide 2 Lecture Overview Introduce Visual Studio 2013 Create a first ASP.NET application.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET Security 9/9/2002 LA.NET Users Group Presented by David Henson
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
CS603 Microsoft.NET April 8, What is.NET? Language for distributed computation –C#, VB.NET, JScript Protocols –SOAP, HTTP Run-time environment –Common.
Session 11: Security with ASP.NET
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
© 2008 Dr. Paul Walcott – The University of the West Indies: Cave Hill CampusDr. Paul Walcott COMP6325 Advanced Web Technologies Dr. Paul Walcott The University.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Efficient Deployment & Management of ASP.NET 2.0 Applications on IIS 6.0 Alexis Eller Program Manager Internet Information Services Microsoft Corporation.
The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting
ASP.NET State Management. Slide 2 Lecture Overview Client state management options Cookies Server state management options Application state Session state.
Introduction to ASP.NET, Second Edition2 Chapter Objectives.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
ASP. NET Differences Dave Webster EMEA Technical Team dave
ASP.NET P AGE O BJECTS.  Each ASP.NET page inherits the PAGE object  The PAGE supplies 3 built in objects:  REQUEST: All information passed to the.
Configuring and Deploying Web Applications Lesson 7.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. Configuration.
ASP.NET – Active Server Pages ASP.NET is a server-side technology for developing web applications based on the.NET Framework.
Personalizing Web Sites Nasrullah. Understanding Profile The ASP.NET application service that enables you to store and retrieve information about users.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
ASP – Web Programming Class  Ravi Anand. ASP – Active Server Pages What is ASP? - Microsoft Technology - Can Run using IIS/PWS/Others - Helps us create.
Authentication and Authorization
XML and Web Services ASP.NET and Its Security Lesson 8
Agenda Introduction Security flow for a request Authentication
Authentication and Authorisation in ASP.Net
Session Variables and Post Back
State Management.
Jim Fawcett CSE686 – Internet Programming Summer 2005
ASP.NET Web Configuration File
Security mechanisms and vulnerabilities in .NET
ASP.NET Application Framework
Chapter 23 – ASP.NET Outline 23.1 Introduction NET Overview
Application Infrastructure
Introduction to .net Impersonation
Created by : Asst. Prof. Ashish Shah
ASP.NET Module Subtitle.
AUTHENTICATION.
Configuring .NET Web Applications
Web Servers (IIS and Apache)
Presentation transcript:

Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14

Building Applications using ASP.NET and C# / Session 14 / 2 of 18 Session Objectives Discuss: Machine.Config Secure your web pages using Authentication Web.Config Structure of a configuration file

Building Applications using ASP.NET and C# / Session 14 / 3 of 18 Web Pages – Web Application Web Page WEB APPLICATION

Building Applications using ASP.NET and C# / Session 14 / 4 of 18 Configuration Files Stored in plain text format No need to restart server in case of changes to file Written in XML. Rules for naming tags and attributes Clients cannot view the file from browser Each directory can have its own file Each directory overrides earlier configuration file Tag and attribute names Attribute values FEATURESFEATURES

Building Applications using ASP.NET and C# / Session 14 / 5 of 18 Types of Configuration Files - 1 Machine.config Settings are applied to all the applications residing on the server Settings are applied to single application residing on the server XML based file Stored in C:\WinNT\Microsoft.NET\Framework\v.1.xxxx\config Build number of.net CLR Web.config Only one file per ASP.net installation on a machine XML based file One file per each directory of the web application

Building Applications using ASP.NET and C# / Session 14 / 6 of 18 Types of Configuration Files - 2 Web Applications One per machine One per application Override settings of machine.config

Building Applications using ASP.NET and C# / Session 14 / 7 of 18 Typical Web.config File ” /> Configuration section Handler Declaration Area Configuration section Settings Area

Building Applications using ASP.NET and C# / Session 14 / 8 of 18 Page Configuration Setting <pages buffer=”false” enableViewState=”true” /> Response to the client can be buffered View state can be set

Building Applications using ASP.NET and C# / Session 14 / 9 of 18 Application Setting Configuration settings in form of key-value pair The settings are read in ASP.NET page... String GetQuery = Configuration.AppSettings(“MyQuery”);...

Building Applications using ASP.NET and C# / Session 14 / 10 of 18 Compilation Setting <compilation debug="true" defaultLanguage=”C#”/> Specifies whether to compile retail binaries or debug binaries. Provides a semicolon-separated list of language names to use in dynamic compilation of files

Building Applications using ASP.NET and C# / Session 14 / 11 of 18 Sub-tags of Compilation tag -1 <compilation debug="true" defaultLanguage=”C#”/> addremoveclear

Building Applications using ASP.NET and C# / Session 14 / 12 of 18 Sub-tags of Compilation tag - 2 <compilation debug="true" defaultLanguage=”C#”/>

Building Applications using ASP.NET and C# / Session 14 / 13 of 18 customErrors Setting <customErrors defaultRedirect="url" mode="On|Off|RemoteOnly"> <customErrors defaultRedirect=" mode="RemoteOnly"> <error statusCode="404" redirect=“

Building Applications using ASP.NET and C# / Session 14 / 14 of 18 Authentication and Authorization -1 <forms name="name" loginUrl="url" protection="All|None|Encryption " timeout="xx" path="/" >

Building Applications using ASP.NET and C# / Session 14 / 15 of 18 Authentication and Authorization - 2 Authentication TypeDescription Windows authentication as default authentication mode. Used for any form of IIS authentication ASP.NET forms-based authentication as default authentication mode Microsoft Passport authentication as default authentication mode No authentication. Used by anonymous users and applications providing own authentication

Building Applications using ASP.NET and C# / Session 14 / 16 of 18 Attributes of tag AttributeOptionDescription NameNoneCookie name used for authentication LoginUrlNoneLogin page URL. The client is redirected to this URL if no authentication cookie protectionALLApplication uses both data validation and encryption to protect the cookie. NoneBoth encryption and validation are disabled timeoutThe amount of time, in minutes, after which the authentication cookie expires. Default value is 30. pathPath for cookies issued by the application. Default value is a backslash (/)

Building Applications using ASP.NET and C# / Session 14 / 17 of 18 Forms Authentication <forms name="form1" loginUrl="login.aspx" protection="None" timeout="60">

Building Applications using ASP.NET and C# / Session 14 / 18 of 18 AuthorizationAuthorization <forms name="form1” loginUrl="login.aspx" protection="None" timeout="60">

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.