Major Updates to ASP.NET 2.0: A Developer's Notebook - examples ...

bubblemessengerSecurity

Nov 5, 2013 (3 years and 11 months ago)

76 views

Major Updates to ASP.NET 2.0: A Developer’s Notebook




README

................................
................................
................................
........................

1

Page 32, delete the following block of text

................................
................................
.....

1

Page 34, delete the Tip box

................................
................................
.............................

2

Page 37, modify

the block as shown in yellow

................................
...............................

2

Page 117, add a Tip box before Step 3

................................
................................
...........

2

Page 180, add the following in yellow to the Tip box

................................
....................

2

Page 184, replace Example 4
-
7 with the following

................................
........................

3

Page 185, replace Example 4
-
8 with the following

................................
........................

3

Page 186, step 11, remove the line in yellow

................................
................................
.

4

Page 186, replace the sidebar with the following

................................
...........................

4

Page 197, remove the following line in the Tip box

................................
.......................

4

Page 258, replace the block

................................
................................
............................

4

Page 260, remove the following block i
n the What about… section
..............................

5

Page 266, add the code highlighted in yellow

................................
................................

5

Page 267, modify the following paragraph in yellow

................................
.....................

7


README

This document contains the most recent updates to ASP.NET 2.0: A Developer’s
Notebook. Only breaking changes
/major updates

resulting from the final release of
Visual Studio 2005
are

listed in this document.
Minor cha
nges like figures changes,
minor
folder name changes
,

are not listed in this document, but you can find them in
the new reprint of the book.
The source code for the entire book has also been
updated and you can download them from:
http://www.oreilly.com/catalog/aspnetadn/
.

Page 32
, delete the following block

of text

…a more efficient method for dividing screens that does not require

a postback?

While this lab uses the MultiView control to split a l
ong page into multiple

views, the
inherent disadvantage with this control is that every

change of view requires a
postback. Unless you need to access data on

the server side, it is much more
efficient to use the Wizard control, which

performs similar tasks

without a postback.


…a more efficient method for collecting user inputs?

While this lab uses the MultiView control to split a long page into multiple

views, the inherent disadvantage with this control is that
you need to design your
own navigation (such
as Buttons as shown

in this lab
) to switch between the
different View controls.
For tasks such as collecting user inputs, the Wizard control is
much more efficient as it automatically provides navigation between different views.



Page 34
,
delete the Tip
box

T I P

In this example, the Wizard control does not perform a postback to

the server when the user clicks on the Next or Previous button.

However, if the user clicks on the Calendar control in Step 2, a postback

does occur.


Page 37
, modify the block as

shown in yellow

Wiring Up Event Handlers in ASP.NET

2.0

ASP.NET
provides
two
way
s

for you to wire up your event handlers, one

which

eliminates the need to use the Handles keyword.

To use this technique, add an
attribute

to the Web Form that identifies th
e event you wish to trap and the code to

handle it. Then, add code for the handler to the code
-
behind page. For example,

to
handle the Click event of
btnSubmit
, add the OnClick attribute to the

Source View of
your form and then set it to point to an event
handler in your

code
-
behind. For
example:
…..



Page 117
, a
dd a Tip box

before

Step 3

T I P

In order for you to test this example, you need to be an authenticated user. The
easiest way is to set
<
authentication

mode
=
"
Windows
"

/>
in Web.config.



Page 180,
a
dd the following in yellow to the Tip box

TIP

The SqlCacheDependency attribute has the format of
database
:
table
for SQL Server
2000 polling. If you are using SQL Server

2005, the SqlCacheDependency attribute
should be set to

CommandNotification
.
You shoul
d also
add the following code to the
Form_Load event:



Protected

Sub

Page_Load(
ByVal

sender
As

Object
, _


ByVal

e
As

System.EventArgs)
Handles

Me
.Load


Dim

settings
As

ConnectionStringSettings


settings = _


ConfigurationM
anager.ConnectionStrings(
"PubsDatabase"
)


System.Data.SqlClient.SqlDependency.Start( _


settings.ConnectionString)


End

Sub



Page 184, replace Example 4
-
7 with the following

...

<configuration
xmlns="http://schemas.microsoft.com/.NetCo
nfiguration/v2.0">





<connectionStrings
configProtectionProvider="DataProtectionConfigurationProvider">


<EncryptedData>


<CipherData>


<CipherValue>AQAAANCMnd......gioRQR0Y/n</CipherValue>


</CipherData>


</EncryptedData>


</connectionStrings>


<system.web>

...



Page 185,
r
eplace Example 4
-
8 with the following

...

<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">





<connectionStrings
configProtectionProvider="RsaProtectedConfigurationProvider">


<EncryptedData Type=
"http://www.w3.org/2001/04/xmlenc#Element"


xmlns="http://www.w3.org/2001/04/xmlenc#">


<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes
-
cbc" />


<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">


<EncryptedKey xmlns="htt
p://www.w3.org/2001/04/xmlenc#">


<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa
-
1_5" />


<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">


<KeyName>Rsa Key</KeyName>


</KeyInfo>


<CipherData>


<CipherValue>
CgnpVe87ISd3
......
N4vqWOUblKNo=</CipherValue>


</CipherData>


</EncryptedKey>


</KeyInfo>


<CipherData>


<CipherValue>rlRKN2QkGZM......ScwFDL2IRjM=</CipherValue>


</CipherData>


</EncryptedData>


</connectionStrings>


<system.web>

...



Pa
ge 186,

s
tep 11, remove the line in yellow

11. You can check whether a section is protected by using the IsProtected

property, like this
(you can use this block of code in the Page_

Load event, for example)
:


If Not section.SectionInformation.IsProtected T
hen


section.SectionInformation.ProtectSection(protectionProvider)


config.Save( )

End If



Page 186
, replace the sidebar with the following

Self
-
Contained Protection

Notice that the
configProtectionProvider

attribute added to the
connectionStrings

ele
ment co
ntains information

needed to decrypt the connection strings.

More
importantly,
Web.config

doesn’t contain the decryption key. For

example, if you use
the Windows
DataProtectionConfigurationProvider
,

the decryption key is
autogenerated and saved in t
he Windows Local Security

Authority (LSA).



Page 197
,
r
emove the following line in the Tip box

This behavior might change in the final release of Visual Studio 2005.



Page 239


remove last line


The Roles class also supports other methods, including:


Roles.GetRolesForUser


Roles.GetUsersInRole


Roles.GetUsersInRole



Page 258
,
r
eplace the block

ASP.NET 2.0 supports two precompilation options:

• Precompile for site deployment

• Precompile In
-
Place

Precompile for site deployment allows to you to deploy

the compiled binaries

of your web site to the hosting machine without the need to deploy

your source code. This is a great boost to protecting your source, especially

when you are deploying to a remote hosting machine and do not

want others to see the sou
rce code behind your web site. It also precompiles

the site and so reduces the first
-
use response time of the application.


With:


ASP.NET 2.0 supports
the

“Precompile for site deployment”
option
.
Precompile for

site deployment allows to you to deploy the
compiled binaries

of your web site to the

hosting machine without the need to deploy

your source code. This is a great boost
to protecting your source, especially

when you are deploying to a remote hosting
machine and do not

want others to see the source c
ode behind your web site. It also
precompiles

the site and so reduces the first
-
use response time of the application.



Page 260
,
r
emove the
following block in the
What about…
section

What about…

…precompiling in
-
place?

That’s certainly possible. Precompil
e In
-
Place allows you to precompile a

web site before the user loads the page. Traditional ASP.NET pages are

dynamically compiled and cached the first time a user loads the page, so

the load time is always higher the first time the site is accessed. With

p
recompilation, the web site is compiled and cached before a user loads

a page for the first time, eliminating the long wait for the page to be

compiled. Another benefit to this approach is the ability to check for bugs

before the user discovers them.

To pr
ecompile your site before the first user loads it, you simply invoke

the special handler
precompile.axd
located in the virtual root of your web

application, like this:

http://localhost/chap06
-
Precompile/precompile.axd

After precompilation, you will notice
that there are no delays when the

application is first accessed.

T I P

Precompiling works by compiling the entire site (including subdirectories).

…hackers launching a denial
-
of
-
service attack at my site by forcing

it to constantly precompile?

ASP.NET 2.0
will turn off remote precompiling in
-
place. You can only

perform a precompile in
-
place locally.


Leave only the following:


…updating an application once I have precompiled it?

Once you have precompiled an application, you can only deploy the

directory tha
t
has been generated. To update an application, you would

need to modify the original
application files and perform the precompilation steps again.



Page 266
, add the code highlighted

in yellow

4. Switch to the code
-
behind of the default Web Form. The Web

Form

that is going to
receive the postback needs to implement the ICallbackEventHandler

interface. You
also need to declare a public
String

(its use will be evident later on)
as well as a
private

S
tring for containing the result to be returned to the clie
nt
:


Partial Class Default_aspx


Inherits System.Web.UI.Page


Implements ICallbackEventHandler


Public callbackStr As String


Private

_result
As

String


The ICallbackEventHandler interface has
two

method
s

to implement:

RaiseCallbackEvent( )

and
Get
Callbackresult()
.
The
RaiseCallbackEvent()

method is
invoked when the client

sends a postback to the server. In this case, this is the place
to

check the city and state information of a Zip Code, as well as retrieve

the states
and cities of a country.

When

the processing is done,

the
GetCallbackresult()
event is
fired to return the result back to the client.




Replace Example 6
-
1 with the following:



Public

Sub

RaiseCallbackEvent( _


ByVal

eventArgument
As

String
) _


Implements

_



System.Web.UI.ICallbackEventHandler.RaiseCallbackEvent



If

eventArgument.StartsWith(
"1:"
)
Then


'
---
strips away the command


eventArgument = eventArgument.Substring(2)


'
---
get city and state based on Zipcod
e



' System.Threading.Thread.Sleep(5000)


Select

Case

eventArgument


Case

"95472"

: _result =
"Sebastopol,CA"


Case

"02140"

: _result =
"Cambridge,MA"


Case

Else


_resul
t =
"error"


End

Select


ElseIf

eventArgument.StartsWith(
"2:"
)
Then


'
---
strips away the command


eventArgument = eventArgument.Substring(2)


'
---
get states and cities related to country


Select

Case

eventArgument


Case

"Sing"

: _result =
"Singapore,"


Case

"US"

: _result = _


"Alabama,California,Maryland,Massachusetts,New
York,Oklahoma,Wisconsin,"


Case

"UK"

: _result = _


"Birmi
ngham,Cambridge,Christchurch,Leeds,Sheffield,"


Case

Else


_result =
""


End

Select


Else


_result =
"Command not recognized"


End

If

End

Sub



Page 267,
m
odify the following paragraph

i
n yellow

Notice that the RaiseCallbackEvent( ) function takes
in a single
String parameter
.

Therefore, if you have complex data types

to transfer from the client to the server
(and vice versa), you need to

serialize the complex object into a string and the
n
back.


The eventArgument parameter is passed from the client. To retrieve

the state and
city based on Zip Code, the eventArgument parameter

would look like this:


1:02140


where
1
: is the command and
02140
is the Zip Code.

To retrieve all states and citi
es based on country, the eventArgument

parameter
would look like this:


2:US


where
2
: is the command and
US
is the country code.


The result of the processing is then stored in the private _result variable.



To return the result back to the client, you n
eed to implement the
GetCallbackresult()
method:



Public

Function

GetCallbackresult()
As

String

_


Implements

System.Web.UI.ICallbackEventHandler.GetCallbackResult


If

_result =
"error"

Then


Throw

(
New

Exception(
"ZipCode not va
lid!"
))


Else


Return

_result


End

If

End

Function