Module 7: Creating a Microsoft ASP.NET Web Application

Overview Requirements of a Web Application What Is New in ASP.NET? Sharing Information Between Pages Securing an ASP.NET Application

Requirements of a Web Application State Maintenance Security Performance and Scalability Easy Configuration Easy Deployment

 What Is New in ASP.NET? Cookie-less Session IDs Configuration File (web.config) Setting Up Cookie-less Sessions Global Application File (Global.asax) Demonstration: Using Event Procedures in Global.asax Page Caching

Cookie-less Session IDs Each Active Session Is Identified and Tracked Using Session IDs SessionIDs Are Communicated Across Client-Server Requests Using an HTTP Cookie or Included in the URL Using a Cookie Default mechanism for storing SessionIDs Cookie-less Sessions Information is encoded into URLs

Configuration File (web.config) All Configuration Information for an ASP.NET Application Is Contained in web.config Web.config Can Be Placed in the Same Folder as the Application Files Web.config Contains Sections for Each Major Category of ASP.NET Functionality <trace enabled="true" requestlimit="40" pageoutput="true"/> <trace enabled="true" requestlimit="40" pageoutput="true"/>

Setting Up Cookie-less Sessions Session State Is Configured in the Section of web.config Settings: cookieless timeout Setting Up Cookie-less Session mode sqlConnectionString

Global Application File (Global.asax) Global.asax is Similar to Global.asa in ASP Applications Global.asax Supports More Than 15 Events As page is requested: BeginRequest, AuthenticateRequest, AuthorizeRequest As page is returned: EndRequest

Demonstration: Using Event Procedures in Global.asax

Page Caching Output Caching Caches content generated from dynamic pages Page is compiled into IL and native code Native code is cached as Page class and is available to serve for the next request Page class is updated when the source ASP.NET file is changed or cache timeout happens Setting the Cache Timeout

 Sharing Information Between Pages Using ASP.NET Cache Using web.config Variables Demonstration: Using web.config Variables Using Session and Application Variables Demonstration: Using Session Variables Saving Session and Application Variables in a Database Discussion: Different Ways of Sharing Information

Using ASP.NET Cache ASP.NET Cache: Stores objects and values for reuse in an application Placing Objects in ASP.NET Cache Retrieving Objects From ASP.NET Cache Cache.Insert("mykey", myValue, _ Nothing, DateTime.Now.AddHours(1), _ TimeSpan.Zero) Cache.Insert("mykey", myValue, _ Nothing, DateTime.Now.AddHours(1), _ TimeSpan.Zero) myValue = Cache("mykey") If myValue <> Nothing Then DisplayData(myValue) End If myValue = Cache("mykey") If myValue <> Nothing Then DisplayData(myValue) End If

Using web.config Variables Store Application Variables in web.config Retrieve in an.aspx File <add key="pubs" value= "server=localhost;uid=sa;pwd=;database=pubs"/> <add key="pubs" value= "server=localhost;uid=sa;pwd=;database=pubs"/> Dim appSetting As NameValueCollection Dim strConn As String appSetting = CType(Context.GetConfig _ ("appsettings"), NameValueCollection ) strConn = appSetting("pubs").ToString() Dim appSetting As NameValueCollection Dim strConn As String appSetting = CType(Context.GetConfig _ ("appsettings"), NameValueCollection ) strConn = appSetting("pubs").ToString()

Demonstration: Using web.config Variables

Using Session and Application Variables Session Object Stores Information for a Particular User Session Application Object Shares Information Among All Users of a Web Application Sub Session_Start(s As Object, e As EventArgs) Session("BackColor") = "beige" Session("ForeColor") = "black" End Sub Sub Session_Start(s As Object, e As EventArgs) Session("BackColor") = "beige" Session("ForeColor") = "black" End Sub Sub Application_Start(s As Object, e As EventArgs) Application("NumberofVisitors") = 0 End Sub Sub Application_Start(s As Object, e As EventArgs) Application("NumberofVisitors") = 0 End Sub

Demonstration: Using Session Variables

Saving Session and Application Variables in a Database Session State Can Be Stored in a Separate SQL Server Database A Temporary Table Is Used for the Serialized Session Data Advantages: State can be recovered even if an application crashes An application can be partitioned across multiple Web farm machines

Discussion: Different Ways of Sharing Information

 Securing an ASP.NET Application What Is Authentication? Forms Authentication Architecture Setting Up Security in web.config Creating a Login Form Demonstration: Setting Up Security in web.config

What Is Authentication? Authentication Accept credentials from a user Validate the credentials Types of ASP.NET Authentication Windows authentication Passport authentication Forms authentication

Forms Authentication Architecture Client requests page Authorized ASP.NET Authentication Not Authenticated Authenticated Login Page (Users enter their credentials) Authenticated Cookie Authorized Not Authenticated Access Denied Requested Page 

Setting Up Security in web.config Setting Up Authentication Setting Up Authorization

Creating a Login Form Login Page Verifies and Checks the Credentials of a User Login page validates user credentials and redirects if valid Reading User Credentials from Cookie User.Identity.Name returns the value saved by CookieAuthentication.RedirectFromLoginPage Sub cmdLogin_Click(s As Object, e As EventArgs) If (login(txt .Value, txtPassword.Value)) FormsAuthentication.RedirectFromLoginPage _ (txt .Value, False) End If End Sub Sub cmdLogin_Click(s As Object, e As EventArgs) If (login(txt .Value, txtPassword.Value)) FormsAuthentication.RedirectFromLoginPage _ (txt .Value, False) End If End Sub

Demonstration: Setting Up Security in web.config

Lab 7: Creating an ASP.NET Web Application

Review Requirements of a Web Application What Is New in ASP.NET? Sharing Information Between Pages Securing an ASP.NET Application