asp.net with visual studio.net name title department microsoft corporation

ASP.NET With Visual Studio.NET

NameTitleDepartmentMicrosoft Corporation

What we will cover Web Forms Usage of Global.asax How to work with Session State How to secure ASP .NET Applications Usage of Web.Config Caching Monitoring ASP .NET Applications

Session Prerequisites Web Development ASP Programming Microsoft ADO Understanding of XML

Level 300

Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring

Web FormsWhat is Web Forms? Code Model Life Cycle Server Side Events Server Controls Validation

Web FormsCode Model

Code Behind Logic – Presentation Separation Object Orientated Event Driven

Web FormsASP.NET Page Life Cycle

Similar to Win32 Application Coding Events Raised as Page Created

Form_Initialize() ~ Page_Init()Form_Load() ~ Page_Load()Form_Activate() ~ Page_PreRender()Form_Unload() ~ Page_Unload()

Web FormsServer Side Events

Runat=“server” <form runat=“server”> <input type=button id=button1 OnServerClick=“Button1_Click” runat=“server” /> Button1_Click(Sender as Object, e as EventArgs) Button1.Text = “Save”

Web FormsServer Controls

45 Built In Controls Target any HTML 3.2 browser Raise Events to Server Basic Controls

textbox, checkbox, radio, button Advanced Controls

AdRotator, Calendar, DataGrid, Validator

Web FormsBasic Server Controls <asp:textbox id=text1 runat=server/>

text1.text = “Hello World” <asp:checkbox id=check1

runat=server/>check1.checked=True

<asp:button id=button1 runat=server/>button1_onClick()

<asp:DropDownList id=DropDownList1 runat=server>DropDownList1.SelectedItem.Text = “Hello”

Web FormsAdvanced Server Controls

DataGrid Defined by <asp:datagrid /> Column Sorting In-Line Editing HTML Table DataBinding Paging

Web FormsAdvanced Server Controls Validation

Required Validator Control Range Validator Control Compare Validator Control Regular Expression Validator Custom Validator Control Example:

<asp:RequiredFieldValidator ControlToValidate="txtName" ErrorMessage="Please Enter Your Name" runat="server" />

Demonstration 1Web Forms

Code and Page ModelEvent Model

Server Controls

Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring

Application_OnStart Application_OnEnd Session_OnStart Session_OnEnd

ASP.NET ApplicationsTraditional ASP (global.asa)

ASP.NET ApplicationsGlobal.ASAX events First Request

Application_Start First Request for Each User

Session_Start Each Request

Application_BeginRequest Application_Authenticate Application_EndRequest

Application Error Application_Error

User Logs Out/Session Times Out Session_End

Web Server Shutdown Application_End

Application_BeginRequest Virtual Resources Text to be included at the start of every page

Application_EndRequest Text to be added to the end of every page

Application_Error Useful for sending out an email or writing to the

event log when an error occurs that was not properly handled at the source of the error

ASP.NET ApplicationsGlobal.ASAX Event Usage

Session_End Writing to a log file or database that a user has

logged out at a given time Application_End

Useful for writing out when the web application had to stop. Could write an entry out to the event log

Application_Start Useful for loaded site specific configuration

information

ASP.NET ApplicationsGlobal.ASAX Event Usage

Essentially global variables for the application

Application(“CompanyName”)Can lock or unlock Application State

Variables Application.lock Application(“GlobalCounter”) = NewValue Application.unlock

ASP.NET ApplicationsSaving Application State

Per User Variables Available to All Pages in the Site Session(“UserID”) = 5 UserID = Session(“UserID”)

ASP.NET ApplicationsSaving Session State

ASP Session State Forces “Server Affinity” Dependent on cookies Not fault tolerant

ASP .NET Session State Support for Web Gardens and Server Farms Doesn’t require cookies Better fault tolerance

ASP.NET ApplicationsASP vs. ASP .NET State

Configuration information stored in Web.Config

<sessionStateInproc=“true”mode=“sqlserver” cookieless=“false”timeout=“20”sqlconnectionstring=“data source=127.0.0.1;user id=sa;password=“”

stateConnectionString="tcpip=127.0.0.1:42424" /></sessionState>

ASP.NET ApplicationsConfiguring Session State

Mode InProc – Conventional session variables. Stored in-

memory on the web server. Stateserver – Sessions are stored on an external server,

in memory. SQLServer – Sessions are stored in a SQL database.

Cookieless Determines if Cookieless sessions should be used Values are true or false

TimeOut Determines the default timeout for the web site

ASP.NET ApplicationsConfiguring Session State

SQLConnectionString contains the datasource, userid, and password

parameters necessary to connect to a sql database that holds the session state

stateConnectionString Contains information needed to connect to the

state server.

ASP.NET ApplicationsConfiguring Session State

In order to setup the SQL Server to store state information you must run a small T-SQL script on the target server

InstallSQLState.sql can be found in [sysdrive]\winnt\Microsoft.NET\Framework\[version]

Creates the following on the server A database called ASPState Stored Procedures Tables in TempDB to hold session data.

Uninstall is via UninstallSQLState.sql

ASP.NET ApplicationsStoring Data in SQL Server

Demonstration 2ASP.NET Applications

Uses for Global.asaxSaving Application State

Agenda Web Forms ASP.NET Applications Web Application Security Configuration and Monitoring

Web Application SecuritySecurity Concepts Authentication Authorization Impersonation

Web Application SecurityAuthentication Windows

Basic Digest Integrated

Passport Form

Web Application SecurityWindows Authentication Enabled For IIS Through Internet

Services Manager

Web Application SecurityWindows Authentication Enabled for ASP.NET Through

Web.config

<security><authentication

mode="Windows" /></security>

Web Application SecurityWindows Authentication Site Can Easily Access User Name

Dim UserName As StringUserName = User.Identity.Name

NT Groups Automatically Map to ASP.NET Roles

If User.IsInRole(“Administrators”) Then…

Web Application SecurityForm Authentication Web Site is Responsible for Security, not IIS

Configure IIS to allow anonymous access Set Web.Config to force users to authenticate through a

form<authentication mode="Forms"><forms loginUrl="Registration.aspx"></forms></authentication><authorization><deny users="?" /></authorization>

Any Unauthenticated User Will Get Sent to “Registration.aspx”

Web Application SecurityForm Authentication You Code a Form to Collect User ID and

Password To Authenticate a User:

FormAuthentication.RedirectFromLoginPage(UserName, False)

RedirectFromLoginPage Marks the user as authenticated Takes the user to the page they originally

requested If the user requested the login page, takes the

user to Default.aspx Can persist authentication in a cookie

Web Application SecurityForm Authentication - Declarative For Simple Sites, You Can Store User

ID and Password in Web.config

<credentials passwordFormat="clear"><user name="MSDN"

password="online" /><user name="Guest"

password="guest" /></credentials>

Web Application SecurityForm Authentication - Declarative User is Authenticated by Calling

FormsAuthentication.Authenticate( _UserName, Password)

Web Application SecurityForm Authentication - Programmatic Code is Used to Authenticate the User

SQL = “Select * From Users ” & _“Where UserID = ‘” & UserName & “’”

If UserFoundInDataBase thenFormAuthentication.RedirectFromLoginPage(UserNam e,false)

ElselblLoginError.Text = “User Not Found or Invalid Password”

end if

Web Application SecurityRoles

JaneJane

JillJillJohnJohn

JennyJennyJamieJamie

RDRD

AdminsAdmins

PagePageRD ContentRD Content

Admin ContentAdmin Content

Web Application SecurityRoles Build the Application In Terms of Roles

Access to Pages Custom Page Content

After Deployment, Assign Users To Roles

Web Application SecurityRoles Programmatically Assigning Users to

Roles

Sub Application_AuthenticateRequest(ByVal Sender As Object, ByVal e As EventArgs)

If request.IsAuthenticated = True Thensql = “select role from roles where userid=‘“

& UserID & “’”

‘ Get Roles from Result Setcontext.User = New GenericPrincipal(user,

roles)End If

End Sub

Web Application SecurityRoles Display Content Based on Roles

If User.IsInRole(“HumanRes”) ThencmdEditSalary.Visible = true

End If

Web Application SecurityImpersonation Windows Authentication Web.config

<identity> <impersonation enable="true" name="username" password="password" />

</identity>

Demonstration 3Web Application Security

Windows AuthenticationForm Based Registration

Form Based AuthenticationAssigning Users to Roles

Agenda Web Forms ASP .NET Applications Web Application Security Configuration and Monitoring

Configuration and OptimizationWeb.Config

Site Configuration File Ships with the Site Stores Most Configuration Options Eases Maintenance and Deployment Changes Take Effect Immediately

Configuration and OptimizationHierarchical Configuration Architecture Web.Config files and their settings are inherited in a hierarchy

Machine Settings (Winnt\Microsoft .NET\Version\) Web Application Root Directory Sub directories

Configuration and OptimizationHierarchical Configuration Architecture

Settings can be targeted at a specified set of files/directories by use of the <location> tag

<configuration><location path=“/admin”>

<system.web><security>

<authorization><allow roles=“Admins”></authorization>

</security></system.web>

</location></configuration>

Configuration and OptimizationDefault Configuration Settings Machine.config

Tracing Disabled Execution Timeout90 Seconds Session State Enabled, Inproc Authentication Allow Anonymous Multi CPU Support Disabled

Configuration and OptimizationCustom Configuration Settings Examples of Customization

AppSettings CustomErrors Trace Settings Authentication Session Settings Browser Capabilities

Configuration and OptimizationCustom Configuration Settings Custom Setting in Config.Web

<configuration><appSettings><add key="DSN" value="server=localhost…</appSettings></configuration>

Accessing with Code

DSN = ConfigurationSettings.AppSettings("DSN")

Configuration and OptimizationCustom Configuration Settings Redirect Certain Errors to Certain

Pages

<customErrors mode="On"><error statusCode="404" redirect="errorpage404.aspx" />

</customErrors>

<customErrors mode=“RemoteOnly"><error statusCode="404" redirect="errorpage404.aspx" />

</customErrors>

Configuration and OptimizationCustom Configuration Settings Tracing

<trace enabled=“true" requestLimit="10" pageOutput=“true" traceMode="SortByTime" />

Configuration and OptimizationCustom Configuration Settings Trace Options

Enabled Tracing information will be stored. Information can be accessed through

http://site/trace.axd RequestLimit

Store tracing information for this many requests PageOutput

Allows trace output to also appear at the bottom of the page. TraceMode

Allows trace information to be sorted by time or category.

Configuration and OptimizationCustom Configuration Settings Writing to the Trace Log

Trace.Write(“Page_Load”,”Entering Event”)Trace.Warn(“GetCustomer”,”Invalid Argument”)

Demonstration 4Configuration and

Optimization

ASP.NET Configuration

Configuration and OptimizationPage Output Caching Pages That Don’t Change Frequently Dramatic Performance Increase

<%@ OutputCache Duration= "500" %>

Configuration and OptimizationFragment Caching Dynamic Portions of a Page Data Doesn’t Change Frequently User Control

<%@ OutputCache Duration=“60" %>

Configuration and OptimizationCache API’s Programmatically Cache Data

Cache.Insert( _Key, _Value, _CacheDependency, _AbsoluteExpiration, _SlidingExpiration, _Priority, _PriorityDecay, _Callback)

Configuration and OptimizationCache API’s Key

String used to look up the cached item Value

Item or object to store in the cache CacheDependency

Cache item can automatically expire when a file, directory, or other cache item changes

Configuration and OptimizationCache API’s AbsoluteExpiration

Cache item can expire at some fixed time (midnight, for example)

SlidingExpiration Cache item can expire after a certain amount of

inactivity Priority

When forcing items from the cache, which items should go first

PriorityDecay Within a given priority range, does this item

expire fast or slow

Demonstration 5Configuration and

Optimization

ASP.NET Caching

Configuration and MonitoringMonitoring ASP.NET Applications Monitoring Tool Integration

Performance Monitor Tracing Support Service Control and Monitoring

Configuration and Monitoring Performance Counters Some Counters are now more

application specific as oppossed to server specific for traditional ASP

Counter Groups Global Performance Counters Application Specific Counters

Configuration and Monitoring Global Performance Counters Global Performance Counters

Application Restarts Applications Running Requests Queued Request Wait Time

Configuration and Monitoring Application Specific Counters Application Performance Counters

Cache Total Entries Cache Total Hit Ratio Request Bytes in Total Requests Executing Requests Timed Out Sessions Timed Out

Configuration and Monitoring PerformanceCounter Class The PerformanceCounter class allows

you to access counter data from code

Dim Req_Bytes_Total As New PerformanceCounter(“asp .net applications", “Request Bytes Out Total”, _Total_)

Dim s as IntegerS = Req_Bytes_Total.NextValue()

The same code can be used to retrieve standard counters as well

Configuration and Monitoring Tracing Tracing

Timing information between successive trace output statements

Information about the server control hierarchy

The amount of viewstate used Render size of controls on your page

Configuration and Monitoring Tracing Enable Tracing for a specific page

<%@ Page trace=true Language="vb" AutoEventWireup="false" Codebehind="Write_Trace_Info.aspx.vb" Inherits="Opt_Monitor.Write_Trace_Info"%>

Writing Custom Trace Statements

Trace.Write(“Custom Trace”, “Begin Load DataSet”)

Configuration and MonitoringAccessing Services ServiceController class

Allows you to access locally or remote services Constructor

Takes ServiceName as Parameter Methods

Stop Start Pause WaitForStatus

Srv.WaitForStatus(ServiceControllerStatus.Stopped, System.TimeSpan.FromSeconds(30))

Allows you to easily wait for the service state to change to the desired state before continuing

Properties MachineName

Gets or sets the machine name

Configuration and MonitoringChecking Service State Checking the Service State

Protected Sub CheckServiceState(ByVal ServiceName As String) as String

Dim Srv As New ServiceController(ServiceName)Select Case Srv.Status

Case ServiceControllerStatus.Running CheckServiceState = "Started" Case ServiceControllerStatus.Stopped CheckServiceState = "Stopped"

Case Else CheckServiceState = "Unknown"

End Select End Sub

Demonstration 6Configuration and

Optimization

ASP .NET Optimization and Monitoring

Session Summary Web Forms ASP .NET Applications Web Application Security Configuration and Monitoring

For More Information… MSDN Web Site at

msdn.microsoft.com ASP.NET Related Sites at

msdn.microsoft.com/library/dotnet/cpguide/cpconaspwebforms.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconaspnetapplications.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconaspstatemanagement.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconoptimizingaspapplications.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconsecuringaspnetwebapplications.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconaspcachingfeatures.htm msdn.microsoft.com/library/dotnet/cpguide/

cpconaspnetconfigurationconcepts.htm

MS PressEssential Resources for Developers

Now you can Now you can build your own custombuild your own custom MS Press books at MS Press books at

mspress.microsoft.com/custombookmspress.microsoft.com/custombookChoose from Windows 2000, SQL Server 200, Exchange 2000, Office 2000 Choose from Windows 2000, SQL Server 200, Exchange 2000, Office 2000

and XMLand XML

Build it and then order it on either MS Reader, PDF, or printed versionsBuild it and then order it on either MS Reader, PDF, or printed versions

TrainingTraining Resources for Developers Introduction to ASP.NET

Course 2063 Available: Now

Building and Using Web Services with Visual Studio.NET Course 2504 Available: July 2001

To locate a training provider for this course, please accessTo locate a training provider for this course, please access

mcspreferral.microsoft.com/default.aspmcspreferral.microsoft.com/default.aspMicrosoft Certified Technical Education Centers (CTECs) Microsoft Certified Technical Education Centers (CTECs)

are Microsoft’s premier partners for training servicesare Microsoft’s premier partners for training services

Training & Training & EventsEvents

MSDN Training, Tech-Ed, PDC, MSDN Training, Tech-Ed, PDC, Developer Days, MSDN/Onsite EventsDeveloper Days, MSDN/Onsite Events

MSDNEssential Resources for Developers

Subscription Subscription ServicesServices

OnlineOnlineInformationInformation

MembershipMembershipProgramsPrograms

Print Print PublicationsPublications

Library, Professional, UniversalLibrary, Professional, UniversalDelivered via CD-ROM, DVD, WebDelivered via CD-ROM, DVD, Web

MSDN Online, MSDN FlashMSDN Online, MSDN Flash

MSDN User GroupsMSDN User Groups

MSDN MagazineMSDN MagazineMSDN NewsMSDN News

Where Can I Get MSDN? Visit MSDN Online at

msdn.microsoft.com Register for the MSDN Flash

Email Newsletter at msdn.microsoft.com/resources/msdnflash.asp

Become an MSDN CD Subscriber at msdn.microsoft.com/subscriptions

Attend More MSDN Events

Become A Microsoft Certified Solution Developer What Is MCSD?

Premium certification for professionals who design and develop custom business solutions

How Do I Get MCSD Status? It requires passing four exams to prove competency

with Microsoft solution architecture, desktop applications, distributed application development, and development tools

Where Do I Get More Information? For more information about certification

requirements, exams, and training options, visit www.microsoft.com/mcp