.Net

1
.Net

• Table of contents
• Introduction to VS 2005
• Application and Page Frameworks
• GUI Controls
• Validation Server Controls
• Working with Master Pages
• Themes Skins
• Collections Lists
• Data Binding
• Data Management with ADO.Net
• Working with XML
• Site Navigation
• Security
• State Management
• Caching
• Debugging Error Handling
• File I/O Streams
• Configurations

2
Site Navigation

• We can access an aspx web application by means of
  virtual path.
• http//localhost/VirtualDirectoryName/Default.aspx
  
• If Default.aspx file exists in the application,
  this URL would open the file in browser.
• We can also give any other valid aspx file name
  in the browser to view that file

3
Security

• Threats faced by an application
• Spoofing
• Tampering
• Repudiation
• Information disclosure
• Denial of Service
• Elevation of privilege

4
Security in ASP .Net

• Security in the context of ASP.NET application
  involves 3 fundamental terms
• Authentication
• is the process of identifying users who can use
  the application (password checking)
• Authorization
• Defining what operations the users can do and to
  what level (access rights check)
• Impersonation
• This is the technique used by a server
  application to access resources on behalf of a
  client

5
Authentication

• Authentication Modes
• Windows Authentication IIS authentication
• Forms Authentication - Application credential
  verification
• Microsoft Passport Authentication
• Specifying Authentication Mode
• Can be specified in the Web.config file as
  follows
• ltauthentication modeWindows" /gt
• ltauthentication modeForms" /gt
• ltauthentication modePassport" /gt

6
IIS Authentication

• Basic
• IIS instructs the browser to send the user's
  credentials over HTTP
• Credentials are Base64 encoded which are not that
  much secure
• Digest
• Digest authentication sends credentials across
  the network as a Message Digest 5 (MD5) hash
  (encrypted)
• Integrated Windows (Used in large organisation
  connected with Network)
• Uses either NTLM challenge/response or Kerberos
  to authenticate users with a Windows NT Domain or
  Active Directory account
• A Hash of the credentials is sent, password is
  encrypted and sent
• .NET Passport
• The credentials that are registered with
  Microsoft which can be used with any microsoft
  application like hotmail, msn messenger or
  skydrive or windows Live etc

7
Authorization

• We can allow or deny Users using authorization
  tag in web.config file
• ltauthorizationgt
• ltdeny users"?"gtlt/denygt
• ltallow users"" /gt lt!-- Allow all users --gt
• lt!--
• ltallow users"comma separated list of
  users"
• roles"comma separated list of roles"/gt
• ltdeny users"comma separated list of
  users"
• roles"comma separated list of roles"/gt
• --gt
• lt/authorizationgt

8
Forms Authentication

• Can store credentials in web.config files
• For Login page, only if given the following
  credentials it will allow.
• ltauthentication mode"Forms"gt
• ltforms name"Login" loginUrl"Login.aspx"gt
• ltcredentials passwordFormat"Clear"gt
• ltuser name"smith" password"manager"gtlt/usergt
• ltuser name"Smith" password"manager"gtlt/user
  gt
• lt/credentialsgt
• lt/formsgt
• lt/authenticationgt

9
State Management

• Web forms are created and destroyed each time a
  client makes a request
• Page state is not retained
• For postbacks
• Between pages
• State management is implemented using
• Client side options
• Viewstate
• Cookies
• QueryString
• Server side options
• Application
• Session
• Database support

10
View State

• Stores information as hidden fields
• ViewState is enabled for every page by default
• Saving Arraylist in a view state
• protected void Page_PreRender(object sender,
  EventArgs e)
• ViewState.Add("arrayListInViewState",
  PageArrayList)
• We can access the same as follows
• ViewStatearrayListInViewState

11
Cookies

• To store small amounts of information on a client
• To store user-specific information
• Store as key/value pair
• //Create a cookie
• HttpCookie uname new HttpCookie("UserName")
• uname.Value txtUser.Text
• //Add the cookie
• Response.Cookies.Add(uname)
• //Set the Expiry date for the cookie
• Response.Cookies"UserName".Expires
  d1.AddYears(2)
• //Retrive the value of cookie
• if(Request.Cookies"UserName" !
  null) //Display the value of cookie
• lblUser.Text Request.Cookies"UserName".Value
  

12
Query string

• Easy way to pass information
• Between pages
• Way to pack information with URL
• The URL with a query string look like below
• http//localhost/Demo/Default.aspx?Unameguest
• To send page data as query string
• Response.Redirect("welcome.aspx?category"txtCa
  tegory.Text)
• To retrieve data in next page
• lblCategory.TextWe welcome
  Request.QueryStringcategory

13
Session

• Can store information that we want to keep local
  to the current session (single user)
• We can store values that need to be persisted for
  the duration of a user
• Every user session will be assigned a unique
  SessionId
• protected void Session_Start(Object sender,
  EventArgs e)
• Session"userName" guest"
• protected void Session_End(Object sender,
  EventArgs e)
• Session.Remove("userName")

14
Session State

• Session state can be stored in three ways
• InProc
• Stores session data in the memory of the ASP.NET
  worker process
• Provides faster access to these values
• Session data is lost when the ASP.NET worker
  process is recycled
• Need to give in the Web.config file as follows
• ltsessionState mode"InProc/gt
• StateServer
• Uses a stand alone window service (State Server)
  to store session variables
• Independent of IIS as it can run as separate
  service
• Better load balancing management as clustered
  servers can share their session information
• Need to give in the Web.config file as follows
• ltsessionState mode" StateServer/gt

15
Session State

• SQLServer
• Similar to State Server, except that the
  information persists in MS-SQL Server database
  tables
• Need to give the following in Web.config file
• ltsessionState modeSQLServer/gt
• Note To use SQL Server as session state store,
  create the necessary tables and stored procedures
• .NET SDK provides us with a SQL script
  InstallPersistSqlState.sql

16
Application

• Provides a mechanism for storing data that is
  accessible to all users using the Web Application
• Are declared in a special file called as
  Global.asax
• void Application_Start()
• Application"startTime" DateTime.Now.ToString()
  
• void Application_End()
• Application"startTime" null

17
Database Support

• Database support may be used to maintain state of
  your Web site
• Advantages of Using a Database to Maintain State
• Security   
• Storage capacity  
• Data persistence  
• Robustness and data integrity   
• Accessibility   
• Widespread support 
• Disadvantages of Using a Database to Maintain
  State
• Complexity   
• Performance considerations 

18
Caching

• In ASP.NET, page gets processed and is destroyed
  for every request
• Some times, dynamic contents of page may not
  change frequently
• ASP.NET holds such content in memory so that it
  can be delivered again efficiently without
  processing

19
Caching Single Response

• Use the _at_OutputCache page directive to cache a
  Web form in the servers memory
• The Duration attribute of _at_OutputCache
  directives controls how long the page is cached.
  
• Setting VaryByParam"None caches only one
  version of the web form
• // Web form is Cached for 60 seconds
• lt_at_ OutputCache Duration"60" VaryByParam"None"
  gt

20
Caching Multiple Response

• //This page sends item (Infopage.aspx)
• private void btnSubmit_Click(object sender,
  System.EventArgs e)
• Response.Redirect("NextPageVaryParam.aspx?id"drp
  TimeZone.SelectedItem)
• // Web form is Cached for dropdownlistbox
  selected item
• //This page is cached depend on item selected
  from //infopage.aspx
• lt_at_ OutputCache Duration"60" VaryByParamid" gt
  

21
Fragment Cache

• Cache regions of a page content
• Attribute used
• _at_ OutputCache
• VaryByParam -varies cached results based on
  name/value pairs sent using POST or GET
• VaryByControl -varies the cached fragment by
  controls within the user control
• lt_at_ OutputCache Duration"120"
  VaryByParam"none"
• VaryByControl"Category" gt

22
Data Caching

• Data caching is storing of data internal to a web
  application
• This enables to use the cached object across all
  the pages of the application
• Cache is global to entire web application and is
  accessible to all the clients of that application
• The lifetime of such cached objects is that of
  the application itself
• If the application is restarted then all the
  cached objects are destroyed
• Expiry time can be set for cache objects
• Absolute Expiry (Absolute value)
• Sliding Expiry (relative value from now
  onwards 5 seconds)

23
Debugging

• Visual studio 2005 provides a built in debugger.
• Breakpoint Press F9 to insert break point at a
  location or Select Insert Break Point from Debug
  Menu
• We can Step Over using (F10 key) or Step Into
  using (F11 key) a function

24
Error Handling

• .NET CLR provides structured Exception handling
  
• Using try catch block
• ASP.NET provides declarative error handling
• Automatically redirect users to error page when
  unhandled exceptions occur
• Prevents ugly error messages from being sent to
  users
• The Web.Config should have these lines
• ltconfigurationgt
• ltcustomErrors modeOn defaultRedirecterror.h
  tmgt
• lterror statusCode404 redirectadminmessage
  .htm/gt
• lterror statusCode403
• redirectnoaccessallowed.htm/gt
• lt/customErrorsgt
• lt/configurationgt

25
Error Handling

• The mode attribute can be one of the following
• On
• Error details are not shown to anybody, even
  local users
• If you specify a custom error page it will be
  always used
• Off
• Everyone will see error details, both local and
  remote users
• If you specify a custom error page it will NOT be
  displayed
• RemoteOnly
• Local users will see detailed error pages
• Remote users will be presented with a concise
  page notifying them that an error occurred
• Note Local user means User browsing the site
  on the same machine where web applications are
  deployed

26
File Handling

• System.IO name space will have Methods and
  classes for File Handling
• FileInfo and DirectoryInfo class helps us in
  managing files and directory
• Both these classes are inherited from
  FileSystemInfo class

27
FileSystemInfo

• Used to discover general characteristics about a
  given file or directory.
• Properties
• - Attributes
• - Creation Time
• - Exists
• - Extension
• - Full Name
• - Last Access Time
• - Last Write time
• - Name

28
FileInfo

• Methods
• - AppendText() - MoveTo()
• - CopyTo() - Open()
• - Create() - OpenRead()
• - CreateText() - OpenText()
• - Delete() - OpenWrite()
• Properties
• - Directory
• - DirectoryName
• - Length
• - Name

29
FileInfo Example

• FileInfo FI new FileInfo(_at_"form1.cs)
• MessageBox.Show(FI.DirectoryName.ToString())
• MessageBox.Show(FI.Extension.ToString())
• MessageBox.Show(FI.LastAccessTime.ToString())
  
• MessageBox.Show(FI.LastWriteTime.ToString())

30
Streams

• Streams are channels of communication between
  programs and source/destination of data
• A stream is either a source of bytes or a
  destination for bytes.
• Provide a good abstraction between the source and
  destination
• Abstract away the details of the communication
  path from I/O operation
• Streams hide the details of what happens to the
  data inside the actual I/O devices.
• Streams can read/write data from/to blocks of
  memory, files and network connections
• Stream can be File or Console or Network or
  Hardware

31
Stream

• Byte Stream
• FileStream Works with File
• MemoryStream Works with array
• BufferedStream - Optimized read/write operations
• Character Stream
• TextReader
• TextWriter

32
Byte Stream

• FileStream class is used to read from, write to,
  open, and close files on a file system
• The MemoryStream class creates streams that have
  memory as a backing store instead of a disk or a
  network connection
• encapsulates data stored as an byte array
• BufferedStream
• A buffer is a block of bytes in memory used to
  cache data
• reduces the number of calls to the operating
  system
• Buffers improve read and write performance.

33
Character Stream

• Both are abstract classes used read and write
  data using characters from different streams
• TextReader
• Represents a reader that can read a sequential
  series of characters
• TextWriter
• Represents a writer that can write a sequential
  series of characters
• To read and write we use derived classes like
  StreamReader and StreamWriter

34
Binary Reader/Writer

• It can be used in the way StreamReader/Writer are
  used.
• The BinaryReader methods
• bool ReadBoolean()
• byte ReadByte()
• char ReadChar()
• float ReadSingle()
• double ReadDouble()
• int ReadInt32()
• The BinaryWriter method
• -void Write( any single primitive type argument
  )

35
Configurations

• These two files helps us in setting
  configurations
• Machine.Config Machine level configuration
• Web.Config Application level configuration

36
Configurations

• Configuration files can be stored in application
  folders
• Configuration system automatically detects
  changes
• Hierarchical configuration architecture
• Applies to the actual directory and all
  subdirectories
• Examples
• ltcompilation defaultLanguage"c
  debug"true/gt
• ltsessionStategt
• lt!--- sessionstate subelements go here
  --gt lt/sessionStategt