Beruflich Dokumente
Kultur Dokumente
NET
Session Prerequisites
This session assumes that you
understand the fundamentals of
Development on Windows®
ASP or Visual Basic®
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
Introduction to .NET
ASP.NET
VB C++ C# JScript …
Visual Studio.NET
ASP.NET: Web Services Windows
and Web Forms Forms
ASPX
.ASPX
ASP.NET
Architecture
Partially,
the auto-generated class,
along with a compiled instance of
Compiled .ASPX
the class, is stored in the:
WINDOWS\Microsoft.NET\Framework\version\Temporary ASP.NET Files folder,
ASP.NET
Architecture
Compiled .ASPX
Code behind
System.Web.UI.Page
class
inherits
MyWebForm.aspx.vb
class
inherits
MyWebForm.aspx
DLL creation – ASP.NET 1.1
The code behind files for all the web forms in the project are compiled
into a DLL before deployment
First, it checks its cache to see whether that page has been compiled
already.
The code for button click in the code behind file is linked with the
button in the aspx file with the onclick attribute.
The default.aspx file in ASP.NET 1.x.
<%@ Page debug="true" language="c#" Codebehind="Default.aspx.cs"
Inherits="Test._Default" %>
namespace Test {
public class _Default : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Button Button1;
private void Page_Load(object sender, System.EventArgs e)
{ // Put user code to initialize the page here }
ASP.NET now takes care of compiling all of the code in your Web
application, so that you have far fewer opportunities to make a
mistake while building or deploying your application.
JIT Compiler
Native Code
2 categories of browsers –
Up level
Support Jscript and JavaScript Version 1.2
HTML version 4.0
Microsoft Document Object Model (MSDOM)
Cascading Style Sheets (CSS)
Only the latest versions of IE fall under this
category
Down level
HTML version 3.2
Browser Compatibility
ASP.NET server side controls automatically
determine the browser level that has
requested the page, and generate HTML code
appropriate to that browser.
Global.vb –
This contains the event handling code corresponding to the
Global.asax
HelloWorld.vb –
This contains the event handling code for the corresponding
.aspx file
Styles.css –
Style sheet that can be used across the application
ASP.NET
In classic ASP all Web site related information was stored in the
metadata of IIS.
Disadvantage that remote Web developers couldn't easily make Web-site
configuration changes.
for example, if you want to add a custom 404 error page, a setting needs to
be made through the IIS admin tool, and you're Web host will likely charge
you a fee to do this .
The configuration settings are then cached for all subsequent requests
The server does not have to be rebooted for the changes to take effect.
Now, in any of the ASP.NET Web pages in the Web site you can
read the value of the connString parameter like:
Dim myConnection as New
SqlConnection(ConfigurationSettings.AppSettings("connString")
ASP.NET config files
Specifying Classes of Application-Wide Settings
While you can use the appSettings tag if you intend to sell this
Web application or have it be used on other people's Web
sites, placing such parameters in the appSettings tag may
lead to problems.
Ideally you'd like not to present your end user with this
headache. To avoid this complication you can "group" your
application's settings into a unique tag in the Web.config file.
That is, you can create a tag named: <MyAppSettings> in
Web.config and then use the <CODE<ADD code >< ...>as we
did earlier to add application-wide settings.
ASP.NET config files <customErrors/> tag
From the moment you request a page in your browser to the moment
you see a response on your screen a complex process takes place on
the server.
This instance can be pooled and reused only after it is done processing
a request.
Application Level Error Handling
The ASP.NET runtime parses your global.asax,
compiles a class derived from HttpApplication and
hands it a request for your web application.
ctx.Response.Write (errorInfo);
// To let the page finish running we clear the
error ctx.Server.ClearError ();
Application Level Error Handling
Be careful when modifying global.asax.
<configuration>
<sessionstate mode="inproc"
cookieless="false" timeout="20"
sqlconnectionstring="data
source=127.0.0.1;user id=<user
id>;password=<password>"
server="127.0.0.1" port="42424" />
</configuration>
ASP.NET Session State
Attributes of the sessionstate tag -
Mode –
The mode setting supports three options: inproc, sqlserver, and
stateserver.
As stated earlier, ASP.NET supports two modes: in process and
out of process.
There are also two options for out-of-process state
management: memory based (stateserver), and SQL Server
based (sqlserver).
Cookieless –
The cookieless option for ASP.NET is configured with this simple
Boolean setting.
Timeout –
This option controls the length of time a session is considered valid.
The session timeout is a sliding value; on each request the timeout
period is set to the current time plus the timeout value
ASP.NET Session State
Sqlconnectionstring - The sqlconnectionstring identifies the
database connection string that names the database used for
mode sqlserver.
Server - In the out-of-process mode stateserver, it names the
server that is running the required Windows NT service:
aspnet_state.
Port - The port setting, which accompanies the server setting,
identifies the port number that corresponds to the server setting
for mode stateserver.
ASP.NET Session State
In-process Mode –
In-process mode simply means using ASP.NET session state in a similar
manner to classic ASP session state.
That is, session state is managed in process and if the process is re-cycled,
state is lost.
Given the new settings that ASP.NET provides, you might wonder why you
would ever use this mode.
In-process mode is the default setting for ASP.NET. When this setting is
used, the only other session web.config settings used are cookieless and
timeout.
So after setting a session state value, stop and start the ASP.NET process
(iisreset), the value set before the process was cycled will be lost.
ASP.NET Session State
Out-of-process Mode
Included with the .NET SDK is a Windows® NT service: ASPState.
This Windows service is what ASP.NET uses for out-of-process
session state management. To use this state manager, you first
need to start the service. To start the service, open a command
prompt and type:
net start aspnet_state
ASP.NET
In web.config
Session State
<configuration>
<sessionstate mode="stateserver"
cookieless="false" timeout="20"
sqlconnectionstring="data source=127.0.0.1;user id=<user
id>;password=<password>" server="127.0.0.1"
port="42424" />
</configuration>
This setting tells ASP.NET to look for the ASP state service on
the server specified in the server and port settings—in this case,
the local server.
Now set a session state value, stop and start the IIS process
(iisreset), and continue to have access to the values for our
current state.
ASP.NET Session State
SQL Server Mode
The SQL Server mode option is similar to that of the
Windows NT Service, except that the information persists to
SQL Server rather than being stored in memory.
To use SQL Server as our session state store, we first must
create the necessary tables and stored procedures that
ASP.NET will look for on the identified SQL Server. The .NET
SDK provides us with a SQL script (state.sql) to do just that.
state.sql
The state.sql file contains the SQL commands used to create
the ASPState database. This script creates two tables and
several stored procedures. ASP.NET uses both the tables
and the procedures to store data in SQL Server. I would
recommend reading through state.sql to learn more about
what it is doing.
The state.sql file can be found in [system
drive]\winnt\Microsoft.NET\Framework\[version]\
ASP.NET Session State
In web.config
<configuration>
<sessionstate mode="sqlserver" cookieless="false"
timeout="20" sqlconnectionstring="data
source=MySqlServer; user id=ASPState;
password=1Gr8State" server="127.0.0.1"
port="42424" />
</configuration>
Now set a session state value, stop and start the IIS process
(iisreset), and continue to have access to the values for our
current state.
In fact, we could cluster the SQL Servers such that if one SQL
Server happened to be unavailable, another server that was
replicating its data could take its place.
This provides a level of reliability that was not available in ASP.
ASP.NET Session State
Cookieless State –
This feature allows sites whose clients
choose not to use cookies to take
advantage of ASP.NET session state.
This is done by modifying the URL with an
ID that uniquely identifies the session:
http://localhost/(lit3py55t21z5v55vlm25s55)/App
lication/SessionState.aspx
ASP.NET will modify relative links found within
the page and embed this ID.
Thus, as long as the user follows the path of
links the site provides, session state can be
maintained.
However, if the end user re-writes the URL, the
session state instance will most likely be lost.
ASP.NET Session State
In web.config -
<configuration>
<sessionstate mode="stateserver"
cookieless="true" timeout="20"
sqlconnectionstring="data
source=127.0.0.1;user id=<user
id>;password=<password>"
server="127.0.0.1" port="42424" />
</configuration>
Once cookieless is set to true, ASP.NET will
do the work necessary to enable cookieless
session state. Also note that all modes are
supported for cookieless sessions.
Authorization & Authentication
Authentication and Authorization are two interrelated security
concepts.
The server requests the user to log on and also sends a NONCE
used to encrypt the password.
The server then encrypts its own copy of the user's password
and compares the two. If they match and the user has
permissions, access is granted.
The server tries Kerberos first, and if this fails, then the
server falls back to Windows NT Challenge/Response. If
this fails, the server does not try any of the other
methods.
Authentication & Authorization
If Basic is the only supported method (or if Anonymous
fails), then a dialog box appears in the to get the credentials,
and then passes these to the server.
Attribute – verbs
Defines the HTTP verbs to which the action applies, such as GET, HEAD, and
POST.
To allow John and deny everyone else, one might construct the
following configuration section.
<authorization>
<allow users="John"/>
<deny users="*"/>
</authorization>
The following example lets everyone do a GET, but only Kim can
use POST.
<authorization>
<allow verb="GET" users="*"/>
<allow verb="POST" users="Kim"/>
<deny verb="POST" users="*"/>
</authorization>
ASP.NET Authorization
Rules are applied using the following heuristics:
Rules contained in configuration files at lower directory levels take precedence over
rules at higher directory levels.
The system determines which rule takes precedence by constructing a merged list of
all rules for a URL, with the most recent (nearest in the hierarchy) rules at the head of
the list.
Given a set of merged rules for a URL, the system starts at the head of the list and
checks rules until the first match is found.
Note that the default configuration for ASP.NET contains an <allow users="*">
element, which authorizes all users.
If a match is found and the match is a <deny> element, it returns the 401 status code.
Applications or sites can easily configure a <deny users="*"> element at the top level
of their site or application to prevent this behavior.
If an <allow> matches, the module does nothing and lets the request be processed
further.
There is also a <location> tag that you can use to specify a particular file or directory
to which settings wrapped by that tag (between <location> and </location> tags)
should apply.
ASP.NET Impersonation
When using impersonation, ASP.NET applications can
optionally execute with the identity of the client on whose behalf
they are operating.
This hidden form field can, of course, greatly add to the overall
size of the Web page.
The view state is serialized to the hidden form field in the Page
class's SavePageStateToPersistenceMedium() method during
the save view state stage, and is deserialized by the Page
class's LoadPageStateFromPersistenceMedium() method in the
load view state stage.
With just a bit of work we can have the view state persisted to
the Web server's file system, rather than as a hidden form field
weighing down the page.
If it does not match up, the view state has been changed en
route.
Protecting the View State from
Modification
By default, the LosFormatter class applies the MAC.
The default, True, indicates that the MAC should take place; a
value of False indicates that it should not.
The validationKey attribute specifies the key used for the MAC;
decryptionKey indicates the key used in the Triple DES
encryption.
This setting works well for a single Web server environment, but
if you have a Web farm, it's vital that all Web servers use the
same keys for MAC and/or encryption and decryption.
Once the duration for the cached page expires, the next
request is handled explicitly and causes a dynamically
generated response.
• Response.cache.SetCacheability
(HttpCacheability.Public))
Caching Multiple Versions of a Page
Often, an application may have a Web page
that can receive different requests for
different information that will be rendered on
the same page; hence, the presentation of the
information will mostly be changed for each
request.
xmlns:soap="http://schemas.xmlsoap.org/soap/envel
ope/">
<soap:Body>
<Add xmlns="Web Service Namespace">
<a>5</a>
<b>8</b>
</Add>
</soap:Body>
</soap:Envelope>
SOAP Envelope – Server Response
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envel
ope/">
<soap:Body>
<AddResponse xmlns="Web Service Namespace">
<AddResult>13</AddResult>
</AddResponse>
</soap:Body>
</soap:Envelope>
SOAP Request - Response
HTTP Request - Response
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
Server Controls
Simplify Common Tasks
Forms
Tables
Data Display
Server Side Programming Model
Automatic Browser Compatibility
Less Code, Less Complexity
Extensible
Server Controls
HTML and Server Controls
</script>
PostBack
Server Side Object Automatically Populated from
Client Side Controls
Server Controls
Browser Support
Targets Client on the Fly
<asp:textbox ForeColor=“red”/>
Style
Font
Validation
Client Side
Server Side
Server Controls
Validation
Without Code
Required Field
Within Range
Two Fields Equal (Password)
Regular Expressions
Validation Error Messages
With Code, but Simplified
Custom Validation
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
Data Controls
Bind to many data sources
Collections
Array
HashTable
Dictionary
ADO.NET
DataReader
DataSet
XML
Data Controls
ADO.NET
Connection
Command
DataAdapter
DataReader
DataSet
DataView
Data Controls
ADO.NET
DataSet
Database
Authors
Connection Authors
DataSetCommand
Select … from authors
Data Controls
ADO.NET
DataSet
Database
Authors
Connection Publishers
DataSetCommand
Publishers
Select … from
publishers
Data Controls
ADO.NET
DataSet
Authors DataGrid
Repeater
Publishers
DataList
DataView
Data Controls
DataGrid
Displays data as a table
Control over
Alternate item
Header
Footer
Colors, font, borders, etc.
Paging
Updateable
Item as row
Data Controls
Repeater
List format
No default output
More control
More complexity
Item as row
Not updateable
Data Controls
DataList
Directional rendering
Good for columns
Item as cell
Alternate item
Updateable
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
ASP.NET Web Applications
Global ASAX
Application_OnStart
Application_OnEnd
Session_OnStart
Session_OnEnd
Session
Application
ASP.NET Web Applications
Config.Web
Site Configuration file
Like an .INI file for your site
XML format
Extensible
Some settings
Security
Session
Localization
Tracing
Debugging
ASP.NET Web Applications
Session Variables
Store state information
No longer require Cookies
Share between servers
<sessionstate
inproc="false"
server=“AnotherServer"
port="42424"
/>
ASP.NET Web Applications
DEMO : Cookieless Sessions
Sessions with cookies
Config.Web
Sessions without cookies
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
Business Objects
Problems with ASP and DLLs
DLLs with .NET
Business Objects
Problems with ASP and DLLs
DLL Locking
Page hit
Shutdown web application
Shutdown Internet information Server
Edit in Visual Interdev
MTS/COM+
Shutdown package
Binary compatibility
Registry
Business Objects
DLLs with .NET
Not registered
Placed in ./BIN directory
Not locked
Shadow Copy
Agenda
Introduction to .NET
ASP Today
ASP.NET
Server Controls
Data Controls
ASP.NET Web Applications
Business Objects
Web Services
Web Services
The Web today
How Web services work
Web Services
The Web Today
Purchase courseware
Purchased
Purchase Courseware
?
.ASMX
Web Services
Testing
Courseware.asmx
Test HTML Page
.ASMX
Web Services
WebServiceUtil
Courseware.asmx?SDL
Service Definition(XML)
Proxy
DLL
.ASMX
Web Services
Proxy
DLL
.ASMX
ASP.NET Web Services
DEMO : Web Services
Web service source
Testing
SDL
Client Proxy creation
Consuming a Web service