Presentation is loading. Please wait.

Presentation is loading. Please wait.

ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University.

Published byPaulina Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University."— Presentation transcript:

1 ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University

2 Overview State Management Application State Application State Session State Session State Storage and Scalability Storage and Scalability Authentication and Authorization Security overview Security overview Windows-based and form-base authentication Windows-based and form-base authentication NTFS and URL-based authorization NTFS and URL-based authorization XML Web Services What are Web Services? What are Web Services? Creating Web Services Creating Web Services Using Web Services Using Web Services

3 State Management In most cases you will need to keep data stored across requests and track users during their visit. Application state will preserve data across users in a global area. Session state will recognize one user and allocate some data for each. HTTP is stateless, so other systems must be used, such as cookies and URL id’s. ASP.NET abstracts these from you. You just need to worry about what to store.

4 The Application State Any data you share among multiple users. You can easily add and remove items from your application state. Since this is a shared resource, you should lock it every time you write to it, then unlock it. Hints: Lock the application state for as little time as possible. Lock the application state for as little time as possible. Put unlock in a finally block so it’s always executed. Put unlock in a finally block so it’s always executed. Application state stores items as Object type, don’t forget to cast them back to your specific type. Application state stores items as Object type, don’t forget to cast them back to your specific type. Store data you don’t need all the time, or that you need to survive a server crash or restart, in a file or database. Store data you don’t need all the time, or that you need to survive a server crash or restart, in a file or database.

5 Application State code snippet // Code// Shows: if((int)Application["UserCount"] > 1)// cast your retrieved values // In the right context, toString() is called, no need to cast this.lastserve.Text = "Last access: " + Application["LastAccess"]; try{ Application.Lock();// Lock before use Application["LastAccess"] = DateTime.Now; } finally// This is ALWAYS run { Application.UnLock();// Unlock after use }

6 The Session State Maintains data for individual users. Uses cookies normally, but cookie-less option also available. Works like Application object, but no need to lock/unlock as it’s not shared. Use syntax Session[“MyVar”] as before. Hints: It’s enabled by default, disable it in every page in which you don’t use it (via Properties pane) to save resources. It’s enabled by default, disable it in every page in which you don’t use it (via Properties pane) to save resources. Remember that each piece of data you store in memory is allocated for each user. Remember that each piece of data you store in memory is allocated for each user. Understand and use the different methods for state storage (coming up next). Understand and use the different methods for state storage (coming up next).

7 Session State Storage options Choose via web.config file by updating sessionState mode property: In-Process (InProc) In-Process (InProc) Default. Session is stored in the process memory for each user. Out-of-process (StateServer) Out-of-process (StateServer) A separate server will handle storing the session data. You’ll need to start the ASP.NET State Service and update stateConnectionString. SQL Server (SQLServer) SQL Server (SQLServer) An SQL database (local or on a different server) will store the session data. You’ll need to run InstallSqlState.sql (in the.NET framework directory) against your main db and update sqlConnectionString. Cookieless Set/unset this sessionState property to use sessions without cookies.

8 Scalability Issues Several state management issues can compromise your speed and scalability: Misuse of Application.Lock(): make sure you use it as little as possible and always unlock. Misuse of Application.Lock(): make sure you use it as little as possible and always unlock. Use of session state: don’t leave session state enabled unless you use it. You can disable it in one page even if it’s used in others. Use of session state: don’t leave session state enabled unless you use it. You can disable it in one page even if it’s used in others. Abuse state storage: this easily eats up your memory if you store too much data, especially for session state, as it’s multiplied for each user. Abuse state storage: this easily eats up your memory if you store too much data, especially for session state, as it’s multiplied for each user. Use of non-thread-safe objects: make sure whatever you store in application or session is thread-safe or your whole application will be blocked. Use of non-thread-safe objects: make sure whatever you store in application or session is thread-safe or your whole application will be blocked. Multi-server: application and session data stored in- process will not carry over to Web farms. Use a state server or a central database instead. Multi-server: application and session data stored in- process will not carry over to Web farms. Use a state server or a central database instead.

9 ASP.NET Security issues Security will be covered next time, these are the main issues to keep in mind and that will be covered. Make sure you are aware of these techniques: Configure your file system for safety Configure your file system for safety Disable unnecessary services Disable unnecessary services Create security policies and templates Create security policies and templates When, where, and how to configure passwords When, where, and how to configure passwords Remove sample web applications Remove sample web applications Use validation extensively Use validation extensively Check for and install patches regularly Check for and install patches regularly Configure logging Configure logging Configure SSL Configure SSL And more… And more…

10 Windows-based authentication Relies on IIS Comes in basic (least secure), digest (more secure, uses domain servers), and NTLM (most secure, IE only). Enable and configure via IIS: Choose the resource to protect Choose the resource to protect Click on Properties Click on Properties Select Directory security or File security tab Select Directory security or File security tab Click Edit… button on authentication control Click Edit… button on authentication control Uncheck anonymous access and check desired authentication method(s). Uncheck anonymous access and check desired authentication method(s).

11 Forms-based authentication It’s mostly automated in ASP.NET Create a login page that obtains a username and password from the user. Call FormsAuthentication.Authenticate with username and password. Returns true or false. Configure web.config to use forms authentication. Create user credentials with hashed passwords.

12 Web.Config snippet for Forms authentication You’ll need to modify web.config so that it know what’s the login page and who are the users. You’ll need to modify web.config so that it know what’s the login page and who are the users. </forms></authentication><authorization> </authorization> Make sure you set the right password format and generate the hash with some program (available on the web too).

13 Authentication code snippet Since ? (anonymous) users are denied, the page specified in the web.config (like login.aspx) will be displayed. There you’ll collect user information and login. To login, use the automatic authentication and then redirect the user to the page the were denied access to. Using System.Web.Security.... private void Login_Click(object sender, System.EventArgs e) { if(FormsAuthentication.Authenticate(user.Text, pass.Text)) { FormsAuthentication.RedirectFromLoginPage(user.Text, false); }} To logout use FormsAuthentication.SignOut();

14 Authorization If you’re using Windows authentication, just set up file permission for the user that has logged in. Add to your web.config. You can also use the authorization section of the web.config to allow or deny users and roles from a web page. This applies to the root and all sub- directories without conflicting web.config settings.

15 Authorizing a specific URL To authorize certain users to specific URL’s, you can add this to your web.config outside the main system.web element: <system.web><authorization> …allows and denies… </authorization></system.web></location>

16 XML Web Services Web Services allow you to invoke any code across the web. They make great middle-tier material. They use XML and SOAP to work across platforms and transmitting text across firewalls (using port 80). Can be implemented in any language, but.NET makes it very easy. Can be searched, located and linked to using UDDI servers.

17 Creating a Web Service In Visual Studio.NET, create a new Web Service project in your favorite language. Write your code normally (as in a library) in.asmx file Add [WebMethod] before any method you’d like to publish. Build your solution. That’s it!

18 Using a Web Service In Visual Studio.NET Solution Explorer, right-click on References, and select Add Web Reference. Paste the URL of the.asmx file or locate one with the options provided. Click Add Reference. Now the classed and methods exported by the web service are available to your transparently, enjoy!

19 What we have learned How to create more customized and dynamic web applications using Application and Session management. Some ways to make sure our web applications are scalable. What are the main security issues to keep in mind. Simple ways to authenticate and authorize users on our website. How to use web services.

20 Q&A

Download ppt "ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.

Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
LEARN THE QUICK AND EASY WAY! VISUAL QUICKSTART GUIDE HTML and CSS 8th Edition Chapter 21: Publishing Your Pages on the Web.

LEARN THE QUICK AND EASY WAY! VISUAL QUICKSTART GUIDE HTML and CSS 8th Edition Chapter 21: Publishing Your Pages on the Web.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.

IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.

CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.

This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.

Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.

Similar presentations

Ads by Google