Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to ASP.NET, Second Edition2 Chapter Objectives.

Published byBetty Ella Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to ASP.NET, Second Edition2 Chapter Objectives."— Presentation transcript:

1

2 Introduction to ASP.NET, Second Edition2 Chapter Objectives

3 Introduction to ASP.NET, Second Edition3 Web Applications (Page 464) Web application – Group of files and folders (including virtual folders) located in Web applications root directory – Virtual Web and directories – Stored outside of the C:\Inetpub\wwwroot\ folder Internet Information Services Management Tools – Create Chapter9 project and import files – Microsoft Management Console (MMC) %systemroot%\System32\inetserv\iis.mmc

4 Introduction to ASP.NET, Second Edition4 The Internet Information Services Management Tools

5 Introduction to ASP.NET, Second Edition5 The Internet Information Services Management Tools (continued)

6 Introduction to ASP.NET, Second Edition6 Web Application Memory Models

7 Introduction to ASP.NET, Second Edition7 Web Application Memory Models (continued) Create Chapter9High process Configure to run in isolated process – IIS MMC – Directory tab, change Application Protection property to High(Isolated) Use Component Services – %systemroot%\system32\Com\comexp.msc

8 Introduction to ASP.NET, Second Edition8 Web Application Memory Models (continued, Page 468)

9 Introduction to ASP.NET, Second Edition9 Web Application Memory Models (continued)

10 Introduction to ASP.NET, Second Edition10 Session Data User information tracked across user sessions – HTTP headers - ServerVariables collection – SessionID - identifies each session – Read Session ID, ServerVariables, store data Dim SID As String = Session.SessionID Session("UserAgent") = Request.UserAgent.ToString Session("SID") = SID Dim strName As String = txtName.Text Session("username") = strName

11 Introduction to ASP.NET, Second Edition11 SessionGetVariables.aspx (Page 471)

12 Introduction to ASP.NET, Second Edition12 Session Data (continued)

13 Introduction to ASP.NET, Second Edition13 Building Information Management Security Policies Security Policies – Sample – encode forms to prevent entering <> Dim strName As String strName = txtName.ToString message.Text = "Welcome " &  HTTPUtility.Encode(strName) Privacy Policies – Inform user about information being collected and what is being done with that information

14 Introduction to ASP.NET, Second Edition14 Application Configuration Registry - Windows applications store configuration settings Metabase stored Web application configuration To access the Metabase – Microsoft Management Console (MMC) – local application – Windows Scripting Host (WSH) - creates scripts to access the Metabase – ASP.NET configuration files

15 Introduction to ASP.NET, Second Edition15 Viewing the Web Server Property Pages (Page 477) Web Site Tab – IP address and Port – HTTP Keep-Alives Enabled - maintain state – W3C Extended Log File Format Extended properties Default location - %WinDir%\System32\LogFiles Default directory - is W3SVC1 Log filename - is named after the date Local time

16 Introduction to ASP.NET, Second Edition16 Viewing the Web Server Property Pages (continued)

17 Introduction to ASP.NET, Second Edition17 Viewing the Web Server Property Pages (continued)

18 Introduction to ASP.NET, Second Edition18 Viewing the Web Server Property Pages (continued)

19 Introduction to ASP.NET, Second Edition19 Viewing the Web Server Property Pages (continued) Documents tab – Default document name – Document Footer HTTP Headers tab – Expire page content – Internet Content Rating Association (ICRA) Home Directory tab – Web site location – Properties – Read, Write, Directory browsing, Log visits property, Index this resource, Script source, Execute, Scripts only – Configuration

20 Introduction to ASP.NET, Second Edition20 Viewing the Web Server Property Pages (continued)

21 Introduction to ASP.NET, Second Edition21 Viewing the Web Server Property Pages (continued)

22 Introduction to ASP.NET, Second Edition22 Application Configuration Files XML-based – Machine-level - machine.config – Application - Web.config settings configured as a node, include nested child nodes – Root node - – ConfigSections node - identify configuration sections system.web - Web configuration settings

23 Introduction to ASP.NET, Second Edition23 The AppSettings Configuration Node Key/value pairs - application variables Retrieve dim SN as string SN =  ConfigurationSetttings.AppSettings("SN")

24 Introduction to ASP.NET, Second Edition24 The Pages Configuration Node How content is delivered to the Web page – Buffer - area in memory on the server – enableSessionState - use Session – enableViewState - store data in ViewState – enableViewStateMac - validate data in ViewState – autoEventWireup - override Page_OnLoad event – SmartNavigation - continue at the row where they left off when they refresh the page

25 Introduction to ASP.NET, Second Edition25 The httpRuntime Configuration Node Properties: – executionTimeout - time allowed to execute before the request times out – maxRequestLength - kilobytes accepted from an HTTP request – UseFullyQualifiedRedirectURL - fully qualify the URL when the client has been redirected to a new page

26 Introduction to ASP.NET, Second Edition26 Globalization Configuration Node Encoding standard – Unicode - each character set has its own identity Default value is UTF-8 All Unicode character values are supported Culture and uiCulture – Can set at page level, to configure language & dates – Identify a language and culture string fr-FR for French en-US for United States English

27 Introduction to ASP.NET, Second Edition27 Setting the Culture Property France.aspx (Page 489)

28 Introduction to ASP.NET, Second Edition28 Compilation Node Configuration Language compilers build applications – DefaultLanguage property Can set at page level – Explicit - declare your variables – Strict - declare the variable data type <compilation debug="false" explicit="true" defaultLanguage="vb" >

29 Introduction to ASP.NET, Second Edition29 Trace Node Configuration Properties – enabled - turn tracing on – localOnly - results displayed at http://localhost/. – traceMode - sort trace results – pageOutput - display results with Web page – trace stack – stores data – requestLimit - number of trace results stored

30 Introduction to ASP.NET, Second Edition30 Trace Node Configuration (continued) Trace.Write – Trace.Write – writes data to trace stack – Trace.Warn shows up in red font – Trace.Write("CategoryName", "Value") TraceTool – http://localhost/approot/Trace.axd http://localhost/approot/Trace.axd – http://localhost/Configuration/Tracing/TraceTool/trace.axd http://localhost/Configuration/Tracing/TraceTool/trace.axd

31 Introduction to ASP.NET, Second Edition31 Trace Node Configuration (continued)

32 Introduction to ASP.NET, Second Edition32 Using the Trace Utility Program Trace.aspx (Page 493) Change Web.config <trace enabled="true" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />

33 Introduction to ASP.NET, Second Edition33 Trace.aspx (continued)

34 Introduction to ASP.NET, Second Edition34 Trace.aspx (continued)

35 Introduction to ASP.NET, Second Edition35 Trace.aspx (continued)

36 Introduction to ASP.NET, Second Edition36 CustomErrors Node Configuration Both ASP.NET and IIS provide error pages – IIS Web pages - c:\winnt\Help\iisHelp\common\ directory MMC - configure custom error pages – HTTP status message code - status of request 200 - success 404 - file requested could not be found 400’s usually indicate a client-related error 500’s usually indicate a server-related error

37 Introduction to ASP.NET, Second Edition37 CustomErrors Node Configuration (continued) Properties: – Mode – where to display rich error pages (yellow) RemoteOnly - only locally On - custom error pages except at localhost Off - ASP.NET error pages displayed – defaultRedirect property - sets a default error page if no custom error page is configured – error node – uses statusCode to redirect user

38 Introduction to ASP.NET, Second Edition38 CustomErrors Node Configuration (continued) <customErrors mode="RemoteOnly" defaultRedirect="/defaultError.aspx"/> <error statusCode="404" redirect="/error404.aspx"/>

39 Introduction to ASP.NET, Second Edition39 CustomErrors Node Configuration (continued)

40 Introduction to ASP.NET, Second Edition40 Maintaining State in an ASP.NET Application Methods - unique identifier to recognize the client across Web pages: – ViewState – with hidden fields – Client-Side Cookies - – ASP.NET uses Application and Session objects – Cookieless applications – identification data is passed with the URL.

41 Introduction to ASP.NET, Second Edition41 Client-Side Cookies Small piece of information stored on client – Cookies collection - group of cookies Sent by the server through the header Browser writes the cookie document.cookie = "CookieEmail=kkalatatarastore.com; expires =Monday, 07-Jan-07 12:00:00 GMT"; readCookie = document.cookie;

42 Introduction to ASP.NET, Second Edition42 Client-Side Cookies (continued)

43 Introduction to ASP.NET, Second Edition43 Client-Side Cookies ClientCookies.aspx (Page 499)

44 Introduction to ASP.NET, Second Edition44 Cookie Settings in the Internet Explorer Browser

45 Introduction to ASP.NET, Second Edition45 Cookie Settings in the Internet Explorer Browser (continued)

46 Introduction to ASP.NET, Second Edition46 Cookie Settings in the Internet Explorer Browser (continued)

47 Introduction to ASP.NET, Second Edition47 Creating Cookies with ASP.NET HTTP cookies - created by the Web server – SessionID - value of the HTTP cookie Retrieve using server variable HTTP_COOKIE Response.Cookies – Sends cookie to browser in Set-Cookie header – Named group of cookies - dictionary cookie – Individual cookies - cookie keys

48 Introduction to ASP.NET, Second Edition48 Creating Cookies with ASP.NET (continued) Create cookie <% Response.Cookies("myCookie").Expires =  "MM DD, YYYY" %> Read cookie

49 Introduction to ASP.NET, Second Edition49 Maintaining State with Cookies Cookies.aspx (Page 505)

50 Introduction to ASP.NET, Second Edition50 Cookies.aspx (continued)

51 Introduction to ASP.NET, Second Edition51 Maintaining State Without HTTP Cookies HTTP cookies used to link session to Session object using SessionID – Session timeout - session ends if no activity – Default - 20 minutes Cookie Munging or (Cookieless appication) – cookieless = true in sessionState node – Web server appends any requested URL with Session ID (it appears like a subdirectory) – SessionID doesn’t contain the session data. The session data is still maintained by the Web server or outside the web server.

52 Introduction to ASP.NET, Second Edition52 Creating a Cookieless Web Application Cookieless.aspx (Page 508) Change Web.config <sessionState cookieless=“true" timeout="2" /> View page – it’s set to 2 minutes to make it faster to view changes.

53 Introduction to ASP.NET, Second Edition53 Cookieless.aspx (continued)

54 Introduction to ASP.NET, Second Edition54 Storing Session Data sessionState node for configuring session management – Mode property - session storage method Off - turns off InProc - in process with Web Server StateServer - StateServer Windows service SQLServer – SQL Server (includes MSDE)

55 Introduction to ASP.NET, Second Edition55 Using the Web Server to Manage Session Data All session data lost if stop and start Web server <sessionState mode="InProc" cookieless="true" timeout="20" />

56 Introduction to ASP.NET, Second Edition56 Using State Server to Manage Session State (Page 511) aspnet_state service – Start - DOS or Windows Services – stateConnectionString - connection to StateServer Need to accept HTTP session cookies Change Web.config <sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10" cookieless="false" timeout="20" />

57 Introduction to ASP.NET, Second Edition57 Using State Server to Manage Session State (continued)

58 Introduction to ASP.NET, Second Edition58 Using SQL Server to Manage Session State InstallSqlState.sql (Page 515) Configure SQL Server CD C:\WINNT\Microsoft.net\Framework\[Version]\ OSQL – S localhost –U sa –P password  <InstallSqlState.sql Change Web.config <sessionState mode="SQLServer" sqlConnectionString=  "data source=MACHINENAME\NetSDK;  user id=sa;password=password" cookieless="false" timeout="20" />

59 Introduction to ASP.NET, Second Edition59 Using SQL Server to Manage Session State (continued)

60 Introduction to ASP.NET, Second Edition60 Using SQL Server to Manage Session State SessionSetVariables.aspx (Page 516)

61 Introduction to ASP.NET, Second Edition61 ASP.NET Security Methods Authentication - validating identity of request – Windows, Passport Forms, or None. Identity Node – Impersonate user account

62 Introduction to ASP.NET, Second Edition62 MachineKey Node Configuration Identify value and method to encrypt data – validationKey - Only valid applications use data – decryptionKey – Nontrusted can’t read data – Autogenerate the key values (not Web Farm) validation – encryption method <machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" />

63 Introduction to ASP.NET, Second Edition63 Authenticating Users Custom Authentication – Mode – None Passport – Single sign-on identity system – Passport service authenticates user, send cookie – redirectURL – when user is not authenticated

64 Introduction to ASP.NET, Second Edition64 Authenticating Users with Windows Authentication NTFS file and folder security - Windows Explorer – Full Control – can change permission settings – Modify – view and modify file properties, add and delete files – No Access – no access to the resource Web site security properties with MMC Web application settings in configuration files

65 Introduction to ASP.NET, Second Edition65 Web Server Permissions Anonymous access – IUSR_MachineName - Internet Guest Account - Authenticated access – Basic authentication username and password sent as clear text unless encrypt with SSL – Windows authentication username and password are not sent

66 Introduction to ASP.NET, Second Edition66 Web Server Permissions (continued)

67 Introduction to ASP.NET, Second Edition67 Web Server Configuration Files WindowsAuthentication.aspx (Page 523) Default –Windows Only allow administrator users <allow roles="BUILTIN\Administrators" users="BUILTIN\Administrator" />

68 Introduction to ASP.NET, Second Edition68 WindowsAuthentication.aspx (continued)

69 Introduction to ASP.NET, Second Edition69 Authorization Node Configuration Access to resources – NTFS - set permissions with access control list – Authorization node Allow and deny nodes Users - identify the user Roles - identify a group of users Wildcards – * all users – ? the anonymous user

70 Introduction to ASP.NET, Second Edition70 Authorization Node Configuration (continued) Resource-based – Individual resources assigned permissions – Only in small sites Role-based – Users assigned to groups – Groups assigned permissions to resources – Scalable – Recommended strategy Front-end authentication - assign users to roles

71 Introduction to ASP.NET, Second Edition71 Authenticating Users with Forms Authentication Cookie-based – Authentication cookie in header packet No username or password stored Identifies the client Use SSL to encrypt the login – No cookie, redirected to the login page – User validated using the credential list within Configuration files, XML file, Database In-memory structure, LDAP directory, Web Service

72 Introduction to ASP.NET, Second Edition72 Forms Node Configuration Properties – Name - identify the cookie that contains the ID of the user, default name is.ASPXAUTH. – Path - is the server path valid for the cookie default path property is “/” to access the cookie from any directory – Timeout - valid duration - default is 30 – loginUrl - redirect page - default is “login.aspx” – Protection - protect HTTP cookie All, None, Encryption, or Validation

73 Introduction to ASP.NET, Second Edition73 Credentials Node Configuration Provide the credentials for users – passwordformat property - encryption method Clear, SHA1, and MD5 - store password as a hash value – user node - identify users name - username password – password Creating a Hash Value – encrypt values

74 Introduction to ASP.NET, Second Edition74 Credentials Node Configuration (continued) <forms name=".ASPXAUTH" loginurl="login.aspx" protection="all" timeout="30" path="/" >

75 Introduction to ASP.NET, Second Edition75 Credentials Node Configuration CreateHashValue.aspx (Page 529)

76 Introduction to ASP.NET, Second Edition76 Storing User Credentials in an XML File Method 1 - "XMLUserEmail.xml" kkalata painter

77 Introduction to ASP.NET, Second Edition77 Storing User Credentials in an XML File (continued) Import namespaces Retrieve the values Create a DataSet object Create a FileStream object to retrieve a file Pass URL to XML file as a parameter to a FileStream Use ReadXml method of DataSet to retrieve the data and populate the DataSet Close the FileStream Use DataTable object and DataRow object to search for the user

78 Introduction to ASP.NET, Second Edition78 Storing User Credentials in an XML File (continued)

79 Introduction to ASP.NET, Second Edition79 Forms Authentication Using Credentials SimpleFormsAuthentication.aspx (Page 532) <forms name=".SIMPLELOGIN" loginUrl="/Chapter9/SimpleLogin.aspx" path="/" protection="All" timeout="20"> <user name = "kkalata" password = "32562DB2022ABCC6384939403AA882ABB9542D04" /> <user name = "student" password = "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8" />

80 Introduction to ASP.NET, Second Edition80 Forms Authentication Using an XML File XMLUsers.xml (Page 533) password Web.config <forms name=".XMLLOGIN" loginUrl="/Chapter9/XMLLogin.aspx" path="/" protection="All" timeout="20">

81 Introduction to ASP.NET, Second Edition81 Forms Authentication Using an XML File XMLLogin.aspx (continued) Import the namespaces Imports System.Web.Security Imports System.Xml Imports System.IO Retrieve values from form and compare to XML file Dim pwd As String = Password.Value Dim user As String = Username.Value Dim myFile As String = _ Server.MapPath("XMLUsers.xml").ToString Dim xmlDoc As New XmlDocument xmlDoc.Load(myFile) Dim UserNode As XmlNodeList = _ xmlDoc.GetElementsByTagName(user)

82 Introduction to ASP.NET, Second Edition82 Forms Authentication Using an XML File XMLLogin.aspx (continued) If Not UserNode Is Nothing Then If pwd = _ UserNode(0).FirstChild().Value Then FormsAuthentication.RedirectFromLoginPage _ (user, Persist.Checked) End If XMLFormsAuthentication.aspx – Redirect to XMLLogin.aspx if not authenticated

83 Introduction to ASP.NET, Second Edition83 Forms Authentication Using a Database WebUsers (Page 535) Create database WebUsers – Create Users table - UserEmail and UserPass Insert data with stored procedure CREATE PROCEDURE dbo.InsertData AS INSERT INTO users (UserEmail, UserPass ) VALUES ('student', 'password')... RETURN

84 Introduction to ASP.NET, Second Edition84 Web.config (Page 536) Change the Web.Config file <forms name=".DBLOGIN" loginUrl="/Chapter9/DBLogin.aspx" path="/" protection="All" timeout="20">

85 Introduction to ASP.NET, Second Edition85 Forms Authentication Using a Database DBLogin.aspx (Page 536) Import the namespaces Retrieve the values and compare to the database values - build SQL statement Dim strSQL As String strSQL = "SELECT * FROM Users WHERE UserEmail='" _ & strUsr & "' AND UserPass='" & strPwd & "'"

86 Introduction to ASP.NET, Second Edition86 Forms Authentication Using a Database DBLogin.aspx (continued) blnIsAuth stores if present in database Set the Authentication to Persist Preview the DBFormsAuthentication.aspx page If blnIsAuth Then FormsAuthentication.RedirectFromLoginPage _ (strUsr, Persist.Checked) Else Message.Text = _ "We couldn't locate your login " & _ "information. " & _ "Please try to log in again. " End If

87 Introduction to ASP.NET, Second Edition87 Summary Web application is a group of files and folders IIS Web server software configures applications MMC management tool Web application can be run within Web Server memory, or in a pooled or isolated process Security includes protecting resources It’s important to have a Security and Privacy Policy

88 Introduction to ASP.NET, Second Edition88 Summary (continued) Web server will log data related to HTTP requests MMC allows you to configure permissions and application settings Web.config is an XML-compliant file that configures the Web application SessionID identifies the client Cookie is a text file stored on the client Store session data within Web Server process, State Server, or SQL Server database

89 Introduction to ASP.NET, Second Edition89 Summary (continued) Authorization can be configured via Web.config or NTFS Anonymous authentication uses Internet Guest Account Basic authentication sends login data as clear text Windows authentication allows the user to log in Forms authentication is a cookie based technique to protect the Web application XML, Database, and static data sources work with Forms authentication

Download ppt "Introduction to ASP.NET, Second Edition2 Chapter Objectives."

Similar presentations

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
ASP.NET Web Application Security Hannes Preishuber ppedv AG

ASP.NET Web Application Security Hannes Preishuber ppedv AG
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.

Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.

IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Similar presentations

Ads by Google