360 likes | 486 Views
Objectives In this lesson, you will learn to: Identify the role of view state in state management Identify the role of hidden fields in state management Identify the role of cookies in state management Identify the role of query strings in state management
E N D
Objectives In this lesson, you will learn to: • Identify the role of view state in state management • Identify the role of hidden fields in state management • Identify the role of cookies in state management • Identify the role of query strings in state management • Identify the importance of securing a Web application • Identify the types of authentication mechanisms available in IIS
Objectives(Contd.) • Configure Internet Information Server for implementing security • Configure a Web application by using Internet Service Manager • Configure an ASP.NET application for Windows authentication • Configure an ASP.NET application for Forms authentication
Introducing Statement Management in ASP.NET • State management is the process by which you maintain application and session-related information when multiple users request for the same or different pages of an ASP.NET application. • State management also includes maintaining page-level information during the round trip of a Web Form page. • State and page-level information of an ASP.NET application needs to be maintained because Web Form pages and the ASP.NET Framework use the stateless protocol, HTTP, for communication.
State Management Options in ASP.NET • To overcome the limitations of using HTTP as the communication protocol, Visual Studio .NET includes the state management feature in ASP.NET. • The client-side options are: • View State • Hidden Form Fields • Cookies • Query Strings
State Management Options in ASP.NET (Contd.) • The server-side options are: • Application state • Session state • Database support
Just a Minute… • Which property of a Web page automatically saves the values of the page and of each control prior to rendering of the page? • What are persistent cookies? • How does a Web browser access a cookie?
Problem Statement 5.D.1 The New User registration Web application needs to be upgraded so that it automatically saves a cookie by the name WebShoppe on the client computer when a user successfully registers with the WebShoppe site. The cookie should be a persistent cookie having the expiry date 12/12/2005. The application should also send an e-mail message confirming new user registration for the WebShoppe site. The subject of the confirmation message should be Thanks for registering and the body of the message should be Thank you for registering with the WebShoppe site. The e-mail message should be in an HTML format and should be sent when all the required fields of the new registration form has been validated. A blind carbon copy of the e-mail message should also be sent to the Business Group Head of the WebShoppe site. The e-mail address of the Business Group Head is Ronald@WebShoppe.com.
Task List • Identify the data that needs to be stored on the client computer. • Identify the data that needs to be sent by using e-mail message. • Identify the mechanism to write cookie on client computers. • Identify the mechanism to send an e-mail message from an ASP.NET page. • Perform appropriate steps to enable the application to write cookies on the client computer. • Write the code to send the e-mail message. • Execute the application.
Task 1: Identify the data that needs to be stored on the client computer. Result: • As per the problem statement, you need to create a cookie on the client computer after a user has successfully registered on the WebShoppe site. The name and the expiry date of the cookie should be WebShoppe and 12/12/2005 respectively.
Task 2: Identify the data that needs to be sent by using e-mail message. Result: • As per the problem statement, the subject and the body of the e-mail message should respectively be as shown below: • Thanks for registering • Thank you for registering with the WebShoppe site
Task 3: Identify the mechanism to write cookie on client computers. • In ASP.NET application, you can include cookie-writing facility in a Web application by using the HttpCookie class. Result: • As per the problem statement, you need to create a cookie by the name WebShoppe on the client computer when a user registers with the WebShoppe site.
Task 4:Identify the mechanism to send an e-mail message from an ASP.NET page. • The following classes can be used to send electronic mails: • SmtpMail • MailMessage • MailAttachment
Result: • As per the problem statement, you need to send an e-mail message confirming the registration of a user in an HTML format. You also need to send a blind copy of the message to the business group head of the WebShoppe site. Therefore, you need to use the MailMessage class to set the bcc property of the e-mail message and the HtmlTextWriter class to easily create the message in an HTML format.
Task 5: Perform appropriate steps to enable the application to write cookies on the client computer. Task 6: Write the code to send the e-mail message. Task 7: Execute the application.
Introducing Security in ASP.NET Application • ASP.NET addresses the security needs of Web applications using: • Microsoft.NET Framework security • Internet Information Service (IIS)
Security Policy in .NET Framework • Security policy is a set of rules that map a security requirement to a set of permissions. • Some actions defined by the security policy are as follows: • Which code is granted or denied permissions to run • What the code is allowed to do • What are the users permitted to do • What resources the code can access
Microsoft .NET Framework Security • The .NET Framework provides permission classes to control the rights of an application to request or accept data. • Every application that gets executed is automatically evaluated and given a set of permissions by the runtime security system. The application runs properly if all required permissions are granted. • You can secure a class library to ensure that only authorized code can access its functions and data members.
Microsoft .NET Framework Security (Contd.) • Internet Services Manager enablesyou to configure the following authentication mechanisms in a Web application: • Anonymous • Basic • Integrated Windows • Digest
Configuring an ASP.NET Application for Security • The Web.Config file provides various sections for implementing security through: • Authentication • Authorization • Impersonation
Implementing Authentication in ASP.NET Application • Implementing Windows Authentication: • To configure an ASP.NET Web application for Windows authentication, you need to change the mode attribute of the <authentication> element to Windows, as shown below: <authentication mode="Windows" /> • Implementing Forms Authentication: • In Forms authentication, users are validated against their credentials in a data source. To implement Forms authentication, you need to specify the authentication mode as Forms, as shown below: <authentication mode="Forms">
Implementing Authorization in ASP.NET Application • You can specify the list of users who are allowed to access the Web site in the <authorization> element. • The <authorization> element includes two child elements: • <allow> • <deny> • The <allow> element is used to allow to access a Web site. • The <deny> element is used to restrict access to a Web site.
Just a Minute… • In which type of authentication mechanism the user credentials are transmitted over the network in an encrypted form? • Which file is used to specify the authorization details of a Web site?
Implementing Impersonation in ASP.NET Application • Impersonation is used to avoid authentication and authorization issues in the application code. By default, impersonation is disabled in ASP.NET. • To enable impersonation in an ASP.NET application, you need to add the following line of code in the Web.Config file: <identity impersonate=“true” name=“domain1\student” password=“password”>
Problem Statement 5.D.2 A logon form needs to be created to validate users accessing the discount list of the products available for sale on the WebShoppe site. The logon form should have username and password fields. A Welcome message should be displayed on correct logon entry. (To test the application, consider James to be a valid user with the username jamesbond and the password 007.)
Task List • Identify the data to be accepted from a user. • Identify the mechanism to validate user input. • Identify the type of controls required. • Design the Web Form. • Write the code to validate user input. • Execute the application.
Task 1: Identify the data to be accepted from a user. Result: • As per the problem statement, the Logon form should have the following fields to accept data from a user: • Username • Password
Task 2: Identify the mechanism to validate user input. Result: • In ASP.NET application, you can check for a valid user by implementing form level validation. In a form level validation, you add a Web Form to an ASP.NET application, which will be used as the logon page and specify the name of the Web Form as the value for the loginUrl attribute of the <form> element.
Task 3: Identify the type of controls required. Result: • As per the problem statement, you need to accept username and password in the logon form. Therefore, you need to add two TextBox controls to accept username and password. You should also add two Label controls to indicate the type of value a user should enter in the TextBox controls. The logon form should also have two Button controls to submit or cancel the logon credential. In addition, to display an error message when an incorrect username or password is entered, you should add another Label control to the logon form. Task 4: Design the Web Form.
Task 5: Write the code to validate user input. Task 6: Execute the application.
Summary In this lesson, you learned that: • State management is the process by which you maintain application and session-related information when multiple users request for the same or different pages of an ASP.NET application. • State management also includes maintaining page-level information during the round trip of a Web Form page. • In an ASP.NET application, the state management feature is implemented by using the client-side and the server-side options.
Summary (Contd.) • Client-side options include: • View State property • Hidden Fields • Cookies • Query Strings • Server-side options include: • Application state • Session state • Database support
Summary (Contd.) • ASP.NET Framework uses the ViewState property to automatically save the values of the page and of each control prior to rendering of the page. • A cookie is a small data structure used by a Web server to deliver data to a Web client. A cookie contains page-specific information that a Web server sends to a client along with page output. • Cookies are saved on the client computer. Cookies can be either temporary or persistent. • A temporary cookie is stored in the volatile memory of the client computer, whereas a persistent cookie is stored in a text file on the hard disk of the client computer.
Summary (Contd.) • A query string provides a simple way to pass information from one page to another. • ASP.NET provides application state as a means of storing global application-specific information.Cookies are saved on the client computer. Cookies can be either temporary or persistent. • ASP.NET addresses the security needs of Web applicationsusing: • Microsoft.NET Framework security • Internet Information Service (IIS)
Summary (Contd.) • The Web.Config file provides various sections for implementing security through: • Authentication • Authorization • Impersonation • When a user tries to access a secure resource, an application must first check whether the user has rights to access it or not. This process is known as authentication. • Authorization enables you to restrict the access of an authenticated user to parts of the application or Web site for which a user is already authenticated.
Summary (Contd.) • When an ASP.NET application uses the identity of a client, it is referred to as impersonation. • FormsAuthentication class provides the following important methods for implementing Forms authentication: • Authenticate • RedirectFromLoginPage • SignOut • The Authenticate method is used for checking the credentials supplied by a user against a given data source.
Summary (Contd.) • The RedirectFromLoginPage method is used to redirect a user to the resource that the user had initially requested. • The SignOut method is used to log a user off from the Web application.