Beruflich Dokumente
Kultur Dokumente
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
17
to Our Users
In this chapter, you will
• Plan the deployment of a web application
• Create a setup program that will install or uninstall a web application
• Deploy a web application
• Add assemblies to the Global Assembly Cache
• Maintain and support a web application
• Optimize the performance of a web application by implementing caching
• Configure security for a web application
• Install and configure a web server and the Microsoft FrontPage Server Extensions
The final step after designing and developing your Web Forms and web application is to
complete your ASP.NET web application by deploying the application to the produc-
tion server that is going to respond to the client requests. The term deploy is used to en-
compass the optimization and configuration of the web application, the planning of
how and what to install on the production server, and the installation of the web appli-
cation on the production server.
The deployment process also includes configuration of the web application by set-
ting up the security for the web application as well as optimizing the response time for
the web application by configuring Cache objects. The configuration of the web appli-
cation is performed by modifying the content of the web applications configuration file.
The configuration settings are stored in text files that must be organized to support and
secure the ASP.NET web application. The deployment questions of the exam focus on
the configuration files.
The last topic in the chapter is the issue of installing and configuring the IIS web
server and FrontPage extensions. These topics are not exactly in the developer realm, but
they are listed as potential areas that can be queried in the exam.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:20 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
The planning for deployment centers around performance and security, and it is
driven by the need to achieve good performance (good response time) and the security
policy in place at the site. We will start with the performance issues.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:20 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
The developer configures a web page to request that an item be stored in the Cache
object. To save an item in the Cache object, the web page needs to specify a key-value
pair. The key is what the Cache object uses to reference the item by, and the value is the
information to be cached. Keys are arbitrary strings that you define.
The following code segment shows how you can store an item in the Cache object:
Cache["theKey"] = theValue;
To retrieve an item from the Cache object, you use this syntax:
theValue = Cache["theKey"];
PART III
Every time the item is requested, the Cache object checks to see if there is an avail-
able cached version of the item—if there is a cached version, it is used, and if there is no
cached version available, ASP.NET re-creates the item and stores it in the Cache object
for future use.
There is one Cache object per ASP.NET web application, and only web pages in that
application can access the Cache object. There is no sharing between applications
through the Cache object. Once created, the Cache object’s lifetime is the same as the
ASP.NET web application.
EXAM TIP There is only one Cache object per web application.
The Cache object can be used to store information similar to that which would be
stored in an application variable, but that would not normally be considered session
state information and stored in the Session object. (For a discussion about applica-
tion and session state, see Chapter 13.)
EXAM TIP The Cache object has application scope and cannot be used to
store session variables.
As you saw earlier in this section, the simple syntax for storing a value in the Cache
object is to implicitly assign the value:
Cache["theKey"] = theValue;
Alternatively, the item can be inserted into the Cache object by using the Insert()
method of the Cache object:
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:20 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
In this example, the key is theKey and the value is theValue. The cached item has no
dependency (null) and it will be removed in 2 minutes (DateTime.Now
.AddMinutes(2)) with no sliding aging window (TimeSpan.Zero). It has a high pri-
ority (CacheItemPriority.High) and will call onRemove() when it is actually re-
moved from the cache.
EXAM TIP The number and size of the items that are placed in the Cache
object must be planned. Storing too many items in the Cache object will
actually slow down the server by using too much of the memory for the
cache and not leaving enough for the server.
Output Caching
There are times when you’ll need to minimize the response time from the web applica-
tion to the user. By caching pages, or even parts of pages, in memory at the first request,
and then using the cached page for all subsequent requests, you will avoid the process-
ing and I/O time that is required to create the page. Output caching is a method that is
provided through ASP.NET to give us that caching environment. The difference between
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:21 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
EXAM TIP To cache page fragments, turn the fragment into a user
control first.
PART III
The output cache will refresh the page cached when the source for the page changes.
Even so, you are not advised to enable output caching for the web forms in an applica-
tion until the application is debugged, because the caching could return the cached copy
of a page rather than the one you are working on, which can lead to confusion in the de-
bugging and testing phase if nothing else.
To direct a page to be loaded into the output cache, you need to add the @ OutputCache
page directive to the ASP.NET page. This directive takes two mandatory attributes—Du-
ration and VaryByParam. The Duration attribute specifies how long the page will
be cached for in seconds, with 0 (zero) meaning that the page is not cached.
VaryByParam is a required attribute, and it specifies one of three methods of caching
different versions of a page based on the request from the client. Table 17-2 lists the
methods and their attributes.
The following example page directive is for a page that should be cached for 15 min-
utes and that will not have multiple cached versions:
Setting the VaryByParam attribute to “None” means that there will only be one ver-
sion of the page cached. The VaryByParam attribute can be set to any string. For exam-
ple, setting VaryByParam to “orderID” results in a new version being cached for each
orderID. Setting VaryByParam to “*” (the wildcard character) means that a new ver-
sion will be cached for every different parameter in the GET or POST request.
Attribute Description
VaryByParam Allows multiple versions controlled by parameters in the GET or POST
request. This attribute is required, so if you do not want multiple cached
versions, set VaryByParam to “none”.
VaryByHeader Allows multiple versions controlled by the HTTP header of the request.
VaryByCustom Allows multiple versions controlled by the client’s browser or custom strings.
Table 17-2 Attributes for the @ OutputCache Page Directive
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:21 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
The next step in deploying the application is to configure and optimize the ASP.NET
web application using the different configuration files.
Machine.config
The system-specific configuration information is stored in the Machine.config file
located in C:\WINNT\Microsoft .NET\Framework\version\Config\Ma-
chine.config on a computer running Windows 2000—the version in that path is the
version of the installed .NET Framework. The configuration system starts looking for
configuration settings in the <appSettings> element of the Machine.config file,
and then in the application’s Web.config files.
The benefit of using the Machine.config file to configure the web server and ap-
plications is that all configuration data is in one place. The negative aspect is that the
Machine.config file is scoped on the server, so it will not be transferred with the ap-
plication when it is deployed.
Web.config
The central configuration file for a web application is the Web.config file located in
the root of the web application. You can use this configuration file to share settings and
information between web pages in the application. Virtual and local directories can
have their own Web.config files, as well. If there is a local Web.config file in a direc-
tory, it will be used when the effective configuration is determined.
The Web.config file has elements for each major category of ASP.NET functional-
ity. Table 17-3 lists the elements that correspond to those sections.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:21 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
<processModel> Includes settings for the ASP.NET process model on the IIS
(Internet Information Server) web server.
<sessionState> Configures the session state httpModule.
<trace> Configures the ASP.NET trace service.
Table 17-3 The Sections in the Web.config File
The configuration that is in effect for a page when it is requested by a client browser is the
combination of settings in the Machine.config file and any Web.config files that are
in the path for the page. The inheritance of configuration items follows these rules:
The following section will explore the settings in different configuration files and
show some examples on the inheritance.
Let’s look at some example configuration files. Consider the following Machine
.config file:
<configuration>
<appSettings>
<add key = "The answer" value = "42"/>
<appSettings>
<authentication mode="Windows">
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="30"
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:22 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
The settings in the preceding Machine.config file sets the authentication to Win-
dows authentication, defines the universal answer to be 42, and turns off tracing (see
the highlighted lines).
The following Web.config file is located in the virtual root of the application, (the
application Web.config):
<configuration>
<appSettings>
<add key="marvin"
value="data source=localhost;
initial catalog=robotData;
integrated security=true;" />
</appSettings>
<system.web>
<trace
enabled="true"
localOnly="true"
pageOutput="false"
requestLimit="30"
traceMode="SortByCategory"
/>
</system.web>
</configuration>
The effective application-level configuration is the sum of the settings in the Ma-
chine.config and the application Web.config files. The authentication is inher-
ited from Machine.config, as is the answer (42). We have changed the trace settings
in the Web.config file so trace is now turned on, but we cannot use a remote computer
to trace because the localOnly attribute is set to True. In addition, we declared a DSN
we called marvin to connect to a database server.
The following Web.config file is from a child directory under the application root:
<configuration>
<appSettings>
<add key="marvin"
value="data source=DBServer3;
initial catalog=robotData;
integrated security=true;" />
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:22 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
</configuration>
The resulting configuration can be seen in Table 17-4. The bold entries are the ones
that form the effective configuration.
As you saw in the previous example, we stored application data in the Ma-
chine.config (answer) and Web.config file (marvin). As you saw, you use the
<appSettings> section to define key-value pairs that can be used throughout your appli-
cation.
One very common example is to define database connection strings in the Web.config
file so you have a common string used everywhere in the application. The element that de-
fines the data item takes this form:
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:22 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
<configuration>
<appSettings>
<add key="X3" value="server=DBServer3; initial catalog=robotDB;
integrated security=true;" />
</appSettings>
</configuration>
Once the key-value pairs are defined in the Web.config file, you can access them
through the ConfigurationSettings.AppSettings static string collection. The
following example shows how you can retrieve the value of X3:
One other issue that we must consider when we build applications is the cost of
maintaining them when changes need to be made to the data that the applications use.
In the case of Web Forms, we can use the Web.config file to store the data for us and
bind that data dynamically to properties in our applications. This offers us a central lo-
cation for defining frequently changing data, which means changes in the data won’t re-
quire changes in the applications. One excellent candidate for a dynamic property is
connection strings that might change frequently. Storing that information in the
Web.config file will make changes easier to manage.
To configure the connection string as a dynamic property, expand the
DynamicProperties section in the Properties Explorer for the xxxConnection ob-
ject, as shown in Figure 17-1. Note that the ConnectionString is listed as an avail-
able dynamic property.
Click the ellipsis button to open the Dynamic Property dialog box, shown in the fol-
lowing illustration. You can make the property dynamic by selecting the Map Property
to a Key in Configuration File check box. Then click OK.
After you click OK, the wizard that configures the project will insert code in the
codebehind module to bind the property to the Web.config file. The following code
segment shows that code:
thissqlConnection1.ConnectionString = ((string)(configurationAppSettings.GetValue.
("sqlConnection1.ConnectionString", typeof(string))));
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:22 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
Figure 17-1 The dynamic properties
A key-value pair to hold the connection string has also been added to the Web.config
file, as can be seen in this code segment:
<configuration>
...
<appSettings>
<!-- User application and configured property settings go here.-->
<!-- Example: <add key="settingName" value="settingValue"/> -->
<add key="sqlConnection1.ConnectionString" value="" />
</appSettings>
...
</configuration>
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:23 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
The next step in configuring the web application is to ensure the application is se-
cured according to the design requirements.
EXAM TIP Authentication is the process of ensuring that the client is known
and that the credentials submitted are correct for that client.
Authorization is the process of determining whether the authenticated identity has ac-
cess to the requested resource. The authorization process controls, and limits, access to
specific resources, such as web pages, database records, files, and so on.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:23 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
• Windows authentication
• Forms authentication
• .NET Passport authentication
PART III
the credentials do not match, IIS will reject the request. All clients using Windows au-
thentication must be using a Windows operating system and must be authenticated to a
Windows domain. The Windows authentication method is not appropriate for Internet
applications, but it is very functional for intranet applications in networks that already
use Windows domain authentication.
The forms authentication method presents the user with a form in which the username
and password are entered and sent back to the web server. If the credentials are vali-
dated, the user will be given a security cookie that is then returned along with any fur-
ther access requests to the web application. The forms method can be used with clients
running on any operating system, but the client must allow cookies.
The .NET Passport method is a centralized authentication service supplied by Microsoft.
The service allows the user to log in once to a large number of web services using a single
Passport account. Web services must have signed up with the .NET Passport service to be
able to offer this service. The .NET Passport method is based on cookies, so the client must
support cookies. There are possible usage fees involved with registering a web site to use
this method. The .NET Passport service is not being tested in the exam, hence we will not
discuss it in this chapter.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:23 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:23 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
suitable for applications that must operate through a firewall.
To configure the IIS authentication methods, start by opening the Computer Man-
agement console by right-clicking My Computer and selecting Manage. Once the con-
sole is open, expand Services and Applications | Internet Information Services | Web
Sites | Default Web Site. Right-click Default Web Site and select Properties. In the De-
fault Web Site Property dialog box, select the Directory Security tab and click Edit in the
Anonymous Access and Authentication Control section. The resulting dialog box is
shown in the following illustration.
After you select the authentication method, IIS is configured to support the security
required. You can also select multiple authentication methods that will be used in order
by IIS. If you configure multiple methods and anonymous authentication fails, IIS will
attempt to use the other enabled methods.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:24 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
<system.web>
<authentication mode="Windows" />
</system.web>
Then you need to set the authorization in the Web.config file by including an
<authorization> section:
<system.web>
<authorization>
<deny users="?" />
<allow users="Ken" />
</authorization>
</system.web>
In the preceding example, anonymous users are denied access, while the user named
Ken is given access.
If you want to specify authorization for specific pages, you need to add <location>
sections to Web.config. The following code segment denies access to the Statis-
tics.aspx page to anonymous users, while it is allowed to the user Ken.
<location path="Statistics.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow users="Ken" />
</authorization>
</system.web>
</location>
Impersonation in ASP.NET allows the server to execute code using the security context
of the client, or as an anonymous user. The benefit of impersonation is that the user will
have the same access to resources through IIS as if the user connected directly to the
same resource using a client application. Impersonation is used when there are existing
applications that already have user authorization configured, and we need to build an
ASP.NET application that accesses the same resources.
The default impersonation setting is off (disabled), but you can control the imper-
sonation settings using the <identity> section in the <system.web> section of the
Web.config file. The following code turns impersonation on and shows the creden-
tials being used.
<system.web>
<identity impersonate="true" username="Ken" password="KungKarl" />
</system.web>
After the user is authenticated by IIS, you can read the information using the
User.Identity object (this is an object of the WindowsIdentity class). The fol-
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:24 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
...
string strName = User.Identity.Name;
bool bAuthen = User.Identity.IsAuthenticated;
PART III
1. The client requests a protected page.
2. When IIS receives the request, it will pass it to ASP.NET. The request will be
passed on by IIS because the authentication method for IIS is set to anonymous.
3. The ASP.NET process will investigate whether a valid authentication cookie is
attached to the request. If there is a valid authentication cookie, it means that
the user’s credentials already have been validated, so ASP.NET checks for valid
authorization by comparing the settings in the Web.config file’s authorization
section to the client’s authorization cookie. If the user is authorized, access to
the resource is granted.
4. If there is no valid authentication cookie attached to the request, ASP.NET
redirects the request to an authentication (logon) page.
5. The code on the authentication page validates the credentials and, if they are
valid, attaches a cookie with the credentials to the request. If authentication
fails, an “Access Denied” message is returned.
6. If the user is authenticated, ASP.NET checks for valid authorization by comparing
the settings in the Web.config file’s authorization section to the client’s
authorization cookie. If the user is authorized, access to the resource is granted.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:24 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:24 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
FrontPage Extensions, and there is also the Web Setup Project that can automate the in-
stall and uninstall process for the web application.
XCOPY Deployment
The first step in using XCOPY to deploy a web application to a web server is to configure
a virtual directory in IIS and mark that directory as the start of an application. Follow
these steps to do so:
If the directory you need is not in the left pane of the console, right-click on the De-
fault web site and select New | Virtual Directory, and the wizard will help you associate
the directory with IIS and mark it as a virtual directory.
Once you have the directory set, the next step is to make sure all the required files are
available to be deployed. Start by building the web application and ensure that the ap-
plication is functioning correctly.
Next, select the files that must be copied. These will include the following:
• The /bin directory—this is where all DLL files for the web application are stored.
• All Web Forms, user controls, and XML web service files (.aspx, .ascx, .asmx).
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:24 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
When selecting the files, never include the following types because they are part of
the development environment:
EXAM TIP Any assembly that is located in the /bin directory does not
require registration.
The next step is to copy the files using Windows Explorer or FTP to the production
server.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:25 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
We will create and deploy a very simple web application here as an example. Follow
these steps:
1. Create a web application by selecting File | New | Project from the menu.
2. Select Visual C# Projects in the Project Types pane of the New Projects dialog
box. Select ASP.NET Web Application in the Templates pane. In the Location
PART III
field, name the application DeployTest and locate the project on the
localhost server (http://localhost/DeployTest). Click OK.
3. Drag a label and a button to the Web Form, and keep all the defaults. In the
click handler for the button, set the Text property of the label to “Hello
World!”, like this:
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:25 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
1. With the DeployTest project open, select File | Add Project | New Project.
2. In the Add New Project dialog box, select Setup and Deployment Projects in the
Project Types pane. Select Web Setup Project in the Templates pane. Name the
project WebDeploy. Click OK.
3. After the project is added, the File System editor is opened (see Figure 17-2).
4. Change the ProductName property of the Deployment project to
DeployTest.
5. Add the output of the web application to the Deployment project by selecting
the Web Application folder in the left pane of the File System editor. Right-click
the Web Application folder and select Add | Project Output.
6. In the Add Project Output Group dialog box, select DeployTest from the
project combo box.
7. Choose the Primary Output and Content Files groups from the list, and click OK.
8. Select the Web Application folder, and set the VirtualDirectory property
to Tester.
9. Select the Web Application folder, and set the DefaultDocument property
to WebForm1.aspx.
10. Select Build | Build DeployTest from the menu.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:25 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
Figure 17-2 The File System editor
These steps will create the installation program, so we can now go ahead with the instal-
lation. Start by locating the installation program—if you kept the default locations of files,
the installation should be located at this location: \documents and settings\login
name\My Documents\Visual Studio Projects\DeployTest\DeployTest\De-
bug\WebDeploy.msi.
Navigate to the installation file and run it from that location. The web application
will be installed—the installation screen is shown in Figure 17-3. Once the application
is installed, go ahead and test it: the URL should be http://localhost/Tester.
To uninstall the application, select Start | Settings | Control Panel, and double-click
the Add/Remove Programs icon. In the Add/Remove Programs utility, select the appli-
cation to be removed, and click Remove, as shown in Figure 17-4.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:25 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:25 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
EXAM TIP The .NET Framework supports multiple versions of the same
assembly in the GAC.
To be able to develop XML Web Services, your system also needs to have the
FrontPage Server Extensions installed and properly configured.
Installing IIS
To install IIS on a Windows 2000 computer, you must have administrative permissions
before you start the installation. If you cannot get administrative rights, you will need to
have your computer support group perform the installation.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:26 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
1. In the Control Panel (Start | Settings | Control Panel), open the Add/Remove
Programs utility.
2. Select Add/Remove Windows Components on the left of the Add/Remove
Programs dialog box.
3. Select Internet Information Services.
4. Do not add any additional services nor change the defaults for IIS without
consulting a security expert.
5. Insert the installation CD if prompted.
6. Repair the .NET Framework installation to use IIS by inserting the Visual Studio
.NET Windows Component update CD in your CD drive and running the
following command (assuming D:\ is your CD drive):
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:26 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
NOTE If the Configure Server Extensions option is not available, they are
PART III
already configured. The Check Server Extensions option is available in the
All Tasks menu to check the security of the server extensions.
EXAM TIP The FrontPage Server Extensions are installed with IIS, but they
must be configured if the file system is FAT16 or FAT32.
Summary
This chapter dealt with the deployment and configuration of a web application. The
most important point is that no configuration of caching is performed until the web ap-
plication is tested and ready to go into production. All configuration is performed by us-
ing the *.config files: the Machine.config file for the entire web server, and
Web.config files for the application, and optionally for individual folders. The config-
uration settings are inherited from Machine.config to the application Web.config
and then to child folder Web.config files. Any conflicting settings are applied from
the last Web.config file read.
Security for the web application was defined as authentication and authorization.
Authentication is the client presenting the credentials to a server that validates the login.
Authorization matches an authenticated client with the rights (permissions) the client
has with respect to a resource. Authentication becomes an important issue if you need to
give secure access to multiple users. If they are using both Windows and non-Windows
operating systems, the solution is to use forms-based authentication.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
Test Questions
1. You are the developer of a web application that is retrieving historical sports
information from a database server and displays it to the users of your application.
What cache strategy will give you the best performance?
A. Use the output cache.
B. Use the cache object.
C. Use the ASP.NET central cache.
D. Use the client cache.
2. You are the developer of a web application and have decided to use the output
cache in ASP.NET. Which of the following statements correctly defines the Web
Form if you want to use the output cache, cache all items for 14 minutes, and
store different versions of the cached objects for each customer ID?
A. <%@ OutputCache Duration="840" VaryByCustom="true" %>
B. <%@ OutputCache Duration="14" VaryByCustom="true" %>
C. <%@ OutputCache Duration="840" VaryByParam="Customer ID" %>
D. <%@ OutputCache Duration="14" VaryByParam="Customer ID" %>
3. The following Machine.config file is installed on the server (http://www.x3.xxx)
that will host your web application:
<configuration>
<appsettings>
<add key = "Home" value = "/bigsite" />
</appsettings>
</configuration>
You need to ensure that your web application always uses http://www.x3.xxx/
smallsite for its Home variable. What is the most efficient way of accomplishing that
task?
A. Add an <appsettings> section to the application’s Web.config file, and
add the following to the <appsettings> section: <replace key = "Home"
value = "/smallsite" />
B. Add an <appsettings> section to the application’s Web.config file, and
add the following to the <appsettings> section: <add key = "Home"
value = "/smallsite" />
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"
</forms>
</authentication>
</configuration>
What will you replace "<<Enter Answer Here>>" with to successfully have
all users authenticate to the application?
A. Forms
B. Basic
C. Digest
D. Windows
5. What should be added to basic authentication?
A. FTP
B. TCP
C. SSL
D. NHL
6. You are deploying a web application using the XCOPY method, and you are
now selecting the files that should be included in the deployment. What file
extensions must be included in the deployment? Select all that apply.
A. .resx
B. .aspx
C. .cs
D. .ini
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
17
PART III
display anything, and there are a large number of errors displayed. You need
to make the application function normally—what is the most efficient way to
achieve that goal?
A. Enable tracing for the application, trace to an XML file, analyze the output,
and correct the source of the problems.
B. Copy the /bin directory from the development system to the production
server.
C. Install Visual Studio .NET on the production server; enable debugging; and
single-step through the application, correcting all problems as they appear.
D. Abort the deployment, and inform the customer that you will be back as
soon as you have found the problem.
14. True or false. The GAC cannot store multiple versions of the same assembly.
A. True.
B. False.
15. You are configuring your web application to require digest-based authentication.
What must you have in place before you can use digest-based authentication?
A. A DNS server.
B. Active Directory.
C. Strong encryption keys.
D. A strongly named Web.config file.
Test Answers
1. A. The mostly static nature of the data makes the output cache a best strategy.
2. C. The Duration parameter takes seconds, and the correct attribute is
VaryByParam.
3. B. The Web.config file will override the Machine.config file.
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
17
P:\010Comp\All-in-1\443-6\ch17.vp
Friday, August 23, 2002 5:01:27 PM