- •Preface
- •Who Should Read This Book
- •Organization and Presentation
- •Contacting the Authors
- •Acknowledgments
- •Contents
- •Introduction
- •Why Microsoft .NET?
- •The Microsoft .NET Architecture
- •Internet Standards
- •The Evolution of ASP
- •The Benefits of ASP.NET
- •What Is .NET?
- •.NET Experiences
- •.NET Clients
- •.NET Services
- •.NET Servers
- •Review
- •Quiz Yourself
- •Installation Requirements
- •Installing ASP.NET and ADO.NET
- •Installing the .NET Framework SDK
- •Testing Your Installation
- •Support for .NET
- •Review
- •Quiz Yourself
- •Designing a Database
- •Normalization of Data
- •Security Considerations
- •Review
- •Quiz Yourself
- •Creating a Database
- •Creating SQL Server Tables
- •Creating a View
- •Creating a Stored Procedure
- •Creating a Trigger
- •Review
- •Quiz Yourself
- •INSERT Statements
- •DELETE Statements
- •UPDATE Statements
- •SELECT Statements
- •Review
- •Quiz Yourself
- •The XML Design Specs
- •The Structure of XML Documents
- •XML Syntax
- •XML and the .NET Framework
- •Review
- •Quiz Yourself
- •ASP.NET Events
- •Page Directives
- •Namespaces
- •Choosing a Language
- •Review
- •Quiz Yourself
- •Introducing HTML Controls
- •Using HTML controls
- •How HTML controls work
- •Intrinsic HTML controls
- •HTML Control Events
- •The Page_OnLoad event
- •Custom event handlers
- •Review
- •Quiz Yourself
- •Intrinsic Controls
- •Using intrinsic controls
- •Handling intrinsic Web control events
- •List Controls
- •Rich Controls
- •Review
- •Quiz Yourself
- •Creating a User Control
- •Adding User Control Properties
- •Writing Custom Control Methods
- •Implementing User Control Events
- •Review
- •Quiz Yourself
- •Common Aspects of Validation Controls
- •Display property
- •Type Property
- •Operator Property
- •Using Validation Controls
- •RequiredFieldValidator
- •RegularExpressionValidator
- •CompareValidator
- •RangeValidator
- •CustomValidator
- •ValidationSummaryx
- •Review
- •Quiz Yourself
- •Maintaining State Out of Process for Scalability
- •No More Cookies but Plenty of Milk!
- •Out of Process State Management
- •Review
- •Quiz Yourself
- •Introducing the Key Security Mechanisms
- •Web.config and Security
- •Special identities
- •Using request types to limit access
- •New Tricks for Forms-based Authentication
- •Using the Passport Authentication Provider
- •Review
- •Quiz Yourself
- •ASP.NET Updates to the ASP Response Model
- •Caching with ASP.NET
- •Page Output Caching
- •Absolute cache expiration
- •Sliding cache expiration
- •Fragment Caching
- •Page Data Caching
- •Expiration
- •File and Key Dependency and Scavenging
- •Review
- •Quiz Yourself
- •A Brief History of Microsoft Data Access
- •Differences between ADO and ADO.NET
- •Transmission formats
- •Connected versus disconnected datasets
- •COM marshaling versus text-based data transmission
- •Variant versus strongly typed data
- •Data schema
- •ADO.NET Managed Provider Versus SQL Managed Provider
- •Review
- •Quiz Yourself
- •Review
- •Quiz Yourself
- •Creating a Connection
- •Opening a Connection
- •Using Transactions
- •Review
- •Quiz Yourself
- •Building a Command
- •Connection property
- •CommandText property
- •CommandType property
- •CommandTimeout property
- •Appending parameters
- •Executing a Command
- •ExecuteNonQuery method
- •Prepare method
- •ExecuteReader method
- •Review
- •Quiz Yourself
- •Introducing DataReaders
- •Using DataReader Properties
- •Item property
- •FieldCount property
- •IsClosed property
- •RecordsAffected property
- •Using DataReader Methods
- •Read method
- •GetValue method
- •Get[Data Type] methods
- •GetOrdinal method
- •GetName method
- •Close method
- •Review
- •Quiz Yourself
- •Constructing a DataAdapter Object
- •SelectCommand property
- •UpdateCommand, DeleteCommand, and InsertCommand properties
- •Fill method
- •Update method
- •Dispose method
- •Using DataSet Objects
- •DataSetName property
- •CaseSensitive property
- •Review
- •Quiz Yourself
- •Constructing a DataSet
- •Tables property
- •TablesCollection Object
- •Count property
- •Item property
- •Contains method
- •CanRemove method
- •Remove method
- •Add method
- •DataTable Objects
- •CaseSensitive property
- •ChildRelations property
- •Columns property
- •Constraints property
- •DataSet property
- •DefaultView property
- •ParentRelations property
- •PrimaryKey property
- •Rows property
- •Dispose method
- •NewRow method
- •Review
- •Quiz Yourself
- •What Is Data Binding?
- •Binding to Arrays and Extended Object Types
- •Binding to Database Data
- •Binding to XML
- •TreeView Control
- •Implement the TreeView server control
- •Review
- •Quiz Yourself
- •DataGrid Control Basics
- •Binding a set of data to a DataGrid control
- •Formatting the output of a DataGrid control
- •Master/Detail Relationships with the DataGrid Control
- •Populating the Master control
- •Filtering the detail listing
- •Review
- •QUIZ YOURSELF
- •Updating Your Data
- •Handling the OnEditCommand Event
- •Handling the OnCancelCommand Event
- •Handling the OnUpdateCommand Event
- •Checking that the user input has been validated
- •Executing the update process
- •Deleting Data with the OnDeleteCommand Event
- •Sorting Columns with the DataGrid Control
- •Review
- •Quiz Yourself
- •What Is Data Shaping?
- •Why Shape Your Data?
- •DataSet Object
- •Shaping Data with the Relations Method
- •Review
- •Quiz Yourself
- •OLEDBError Object Description
- •OLEDBError Object Properties
- •OLEDBError Object Methods
- •OLEDBException Properties
- •Writing Errors to the Event Log
- •Review
- •Quiz Yourself
- •Introducing SOAP
- •Accessing Remote Data with SOAP
- •SOAP Discovery (DISCO)
- •Web Service Description Language (WSDL)
- •Using SOAP with ASP.NET
- •Review
- •Quiz Yourself
- •Developing a Web Service
- •Consuming a Web Service
- •Review
- •Quiz Yourself
- •ASP and ASP.NET Compatibility
- •Scripting language limitations
- •Rendering HTML page elements
- •Using script blocks
- •Syntax differences and language modifications
- •Running ASP Pages under Microsoft.NET
- •Using VB6 Components with ASP.NET
- •Review
- •Quiz Yourself
- •Preparing a Migration Path
- •ADO and ADO.NET Compatibility
- •Running ADO under ASP.NET
- •Early Binding ADO COM Objects in ASP.NET
- •Review
- •Quiz Yourself
- •Answers to Part Reviews
- •Friday Evening Review Answers
- •Saturday Morning Review Answers
- •Saturday Afternoon Review Answers
- •Saturday Evening Review Answers
- •Sunday Morning Review Answers
- •Sunday Afternoon Review Answers
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Windows
- •What’s on the CD
- •The Software Directory
- •Troubleshooting
- •ADO.NET Class Descriptions
- •Coding Differences in ASP and ASP.NET
- •Retrieving a Table from a Database
- •Displaying a Table from a Database
- •Variable Declarations
- •Statements
- •Comments
- •Indexed Property Access
- •Using Arrays
- •Initializing Variables
- •If Statements
- •Case Statements
- •For Loops
- •While Loops
- •String Concatenation
- •Error Handling
- •Conversion of Variable Types
- •Index
132 |
Saturday Afternoon |
Using the Passport Authentication Provider
Passport authentication is a service supported by Microsoft that provides a centralized authentication service for single sign-on and core profile services. Using Passport authentication is not mandatory, but the benefits of using such a service are apparent when you look at the number of Internet users handled by the Microsoft HotMail or MSN Service. These users already have profiles established as part of these services; and you can use this data for your own public Web sites. Additionally it simplifies users’ experience with your site, in that they do not need to go through a second registration process, but instead use an existing profile. Should a new visitor not have a Passport profile, the service provides methods to register the user for a new Passport userid.
The PassportAuthenticationModule provider supplies a wrapper around the Passport Software Development Kit (SDK) for ASP.NET applications. It requires installation of the Passport SDK and provides Passport authentication services and profile information from an IIdentity-derived class called PassportIdentity. This provides an interface to
the Passport profile information as well as methods to encrypt and decrypt Passport authentication tickets.
The general process for implementing Passport authentication in an ASP.NET application is as follows:
1.Establish a PREP Passport Account. In order to test the SDK you will need to create a PREP Passport Account that effectively creates a testing account for development purposes. This can be done at https://current-register.passporttest.com/
2.Download, install, and configure the Passport SDK. It can be found at http://www.passport.com/devinfo/Start_Goals.asp. When installing, be sure to select the installation options for Development/Testing unless you are planning on implementing a production environment. This option will install a sample application of AdventureWorks that utilizes the Passport Authentication Scheme. However this version utilizes standard ASP rather than the ASP.NET Passport approach.
3.Create a new PREP Site ID by following the instructions at http://siteservices. passport.com/
4.Create a virtual directory on your default Web site to store the Web.config and login.aspx files discussed below.
5.Make sure that your site has access to the Internet. The passport service operates by using the public site http://current-login.passporttest.com.
6.Create a Web.config file and set up Passport as the authentication as shown in the following example.
<?xml version=”1.0” encoding=”utf-8” ?> <configuration>
<system.Web>
<authentication mode=”Passport”> <passport redirectUrl=”login.aspx”> </passport>
</authentication>
<authorization> <deny users=”*”>
Session 13—Authentication and Authorization |
133 |
</deny>
</authorization>
<sessionState mode=”InProc” cookieless=”false” timeout=”20”/> </system.Web>
</configuration>
1. @NL:Next you will need to create a basic login.aspx file which the user will be sent to by default when they first request a file from your site, as shown in the following example:
<%@ Page Language=”vb” %>
<%@ Import Namespace=”System.Web”%>
<%@ Import Namespace=”System.Web.SessionState”%> <%@ Import Namespace=”System.Web.Security”%> <%@ Import Namespace=”System.Web.HttpUtility”%> <SCRIPT LANGUAGE=”VB” RUNAT=”SERVER”>
Sub Page_Load(ByVal Sender As System.Object, ByVal e As System.EventArgs)
Dim oPassport As Web.Security.PassportIdentity
Dim sReturnURL As String
Dim sLogoURL As String
Dim sAuthURL As String
‘Create a new PassportIdentity object oPassport = New Web.Security.passportidentity
‘Dynamically generate the ReturnURL as this page
sReturnURL = Server.URLEncode(“http://” & Request.ServerVariables(“SERVER_NAME”) & Request.ServerVariables(“SCRIPT_NAME”))
‘Establish the PassportIdentity.LogoURL
slogourl = opassport.LogoTag2(sReturnURL, 3600, True, Nothing, 1033, True, Nothing, Nothing, True)
‘Determine the users Authenticated Status If oPassport.IsAuthenticated() Then
Response.Write(“<H3>You are Authenticated, Click Below To SignOut, Note that unless you have a valid Passport Contract with Microsoft, SignOut functionality may not work properly.</H3>”)
Else
Response.Write(“<H3>You are Not Authenticated, Click Below To Login.</H3>”) End If
‘Dynamically display the appropriate Passport Login or Logout Logo Response.Write(sLogoURL)
END SUB </SCRIPT> <HTML>
<BODY>
</BODY>
</HTML>
In this example, we are using PassportIdentity to do all of the authentication labor. First we create a variable sReturnURL, which describes what URL that Passport should redirect the user to after a successful login or logout. We then use the sReturnURL to create the string variable slogourl using the PassportIdentity.LogoTag2() method, which will dynamically display a login or logout graphic depending on the status of the user’s session.
134 |
Saturday Afternoon |
To determine if a user is in fact already authenticated we use the PassportIdentity. IsAuthenticated property, which returns True if a user is authenticated or False otherwise. Depending upon the user’s state, we display a message indicating if they are logged on or not. If they are logged in, then the passport service will automatically create the Passport sign-out hyperlink, otherwise we insert the string of html stored in the slogourl value, creating a dynamic hyperlink to the Passport sign-in page.
REVIEW
In this session, we reviewed how to handle simple forms-based authentication, as well as how to implement basic Passport authentication. The forms-based examples show how to use a database to look up a user’s credentials. The passport example shows how to use
a Web service to validate authentication. You should continue exploring authorization and impersonation to add further granular security capabilities to your end solution.
QUIZ YOURSELF
1.What security and privacy issues are associated with using Passport authentication? (See “Introducing the Key Security Mechanisms.”)
2.Provide an example Web.config file that only allows POST requests from the user John in domain corporate. (See “Web.config and Security.”)
3.What alternatives are there to using a database to look up user credentials? (See “New Tricks for Forms-based Authentication.”)
S E S S I O N
14
ASP.NET Caching
Session Checklist
Implementing Page Output Caching
Using Fragment Caching
Caching Data Objects
In ASP.NET there have been tremendous improvements in providing a framework that scales much better than previous versions of ASP. Caching is another area where Microsoft has gone to great lengths to provide ASP.NET developers control over their
application performance and scalability.
What is caching? Caching improves overall system performance by storing frequently accessed or computationally expensive data in memory. Once a page or piece of data has been compiled and delivered, it is stored in memory. Subsequent requests access the cache rather than reinitiating the process that originally created it.
Caching is one of three state management approaches you can use in ASP.NET.
Session state is used to store data, such as personalization data, that you want available to the user each time a page is accessed. You need to be efficient about using this approach, however, as the session information isn’t shared across users.
Application state is used to store data that needs to be available to the entire application. The approach and methods for application state are the same as for session state, however the visibility of data is global across all application users.
In caching, we are able to make any object or piece of data globally available to all users and have robust methods for optimizing how long this data is stored and what dependencies affect the optimal delivery of the data.
In this session, we will first cover how you can implement caching using the same Response object properties and methods that were available in ASP. Then, we will cover how ASP.NET implements page and data output caching to improve the scalability and responsiveness of your applications.