SRM University, Kattankulathur

childlikenumberSecurity

Nov 5, 2013 (3 years and 10 months ago)

108 views

D. Deva
Hema

Assistant professor(O.G)

SRM University,
Kattankulathur



8/22/2011

School of Computing, Department of IT

1

The

contents

of

the

slides

are

solely

for

the

purpose

of

teaching

students

at

SRM

University
.

All

copyrights

and

Trademarks

of

organizations/persons

apply

even

if

not

specified

explicitly
.


8/22/2011

School of Computing, Department of IT

2

8/22/2011

School of Computing, Department of IT

3


Introduction to ASP.NET


Web Forms and Controls



Data Binding and Data Source Controls



Validation Controls



Master and Content pages



The Asp.Net Configuration Files and security



Caching.



8/22/2011

School of Computing, Department of IT

4


Server
-
side

programming

technology


Consists

of

static

HTML

interspersed

with

script


ASP

intrinsic

objects

(Request,

Response,

Server,

Application,

Session)

provide

services


Commonly

uses

ADO

to

interact

with

databases


Application

and

session

variables


Application

and

session

begin/end

events


ASP

manages

threads

and

database

connections,

8/22/2011

School of Computing, Department of IT

5


ASP
.
NET

provides

services

to

allow

the

creation,

deployment,

and

execution

of


Web

Applications

and

Web

Services


Like

ASP,

ASP
.
NET

is

a

server
-
side

technology


Web

Applications

are

built

using

Web

Forms


Web

Forms

are

designed

to

make

building


web
-
based

applications

as

easy

as

building

Visual

Basic

applications


8/22/2011

School of Computing, Department of IT

6


Simplify: less code, easier to create and
maintain


Multiple, compiled languages


Fast


Scalable


Manageable


Customizable and extensible


Secure


Tool support


8/22/2011

School of Computing, Department of IT

7


Web Forms


Web Services


Built on .NET Framework


Simple programming model


Maintains page state


Multibrowser

support


XML configuration


Complete object model


8/22/2011

School of Computing, Department of IT

8


Session management


Caching


Debugging


Extensibility


Separation of code and UI


Security


ASPX, ASP side by side


Simplified form validation


Cookieless

sessions


8/22/2011

School of Computing, Department of IT

9


Web controls appear in HTML markup as
namespaced

tags


Web controls have an
asp:

prefix





Defined in the
System.Web.UI.WebControls

namespace


This namespace is automatically mapped to the
asp:

prefix



8/22/2011

School of Computing, Department of IT

10

<asp:button onclick="button1_click“ runat=server>

<asp:textbox onchanged="text1_changed“
runat=server>


Web Controls provide extensive properties to
control display and format, e.g.


Font


BackColor
,
ForeColor


BorderColor
,
BorderStyle
,
BorderWidth


Style
,
CssClass


Height
,
Width


Visible
,
Enabled


8/22/2011

School of Computing, Department of IT

11


Four types of Web Controls


Intrinsic controls


List controls


Rich controls


Validation controls


8/22/2011

School of Computing, Department of IT

12


Correspond to HTML controls


Supported controls


<
asp:button>


<asp:imagebutton>


<asp:linkbutton>


<asp:hyperlink>


<asp:textbox>


<asp:checkbox>


<asp:radiobutton>


<asp:image>


<asp:label>

8/22/2011

School of Computing, Department of IT

13


TextBox
,
ListControl
,
CheckBox

and
their subclasses don’t automatically do a
postback when their controls are changed


Specify
AutoPostBack=true

to make
change events cause a postback



8/22/2011

Department of IT

14


Controls that handle repetition are


asp:dropdownlist>


<asp:listbox>


<asp:radiobuttonlist>


<asp:checkboxlist>


<asp:repeater>


asp:datalist>


<asp:datagrid>


8/22/2011

School of Computing, Department of IT

15


Repeater
,
DataList

and
DataGrid

controls


Powerful, customizable list controls


Expose templates for customization


Can contain other controls


Provide event bubbling through their
OnItemCommand

event


More about these controls and templates later


8/22/2011

School of Computing, Department of IT

16


Provides a collection of check box or

radio button controls


Can be populated via data binding


<asp:CheckBoxList id=Check1 runat="server">



<asp:ListItem>Item 1</asp:ListItem>



<asp:ListItem>Item 2</asp:ListItem>



<asp:ListItem>Item 3</asp:ListItem>



<asp:ListItem>Item 4</asp:ListItem>



<asp:ListItem>Item 5</asp:ListItem>


</asp:CheckBoxList>


8/22/2011

School of Computing, Department of IT

17


Custom controls with rich functionality


Supported Controls


<
asp:calendar>


<asp:adrotator>


8/22/2011

School of Computing, Department of IT

18


Data Source
Controls


There are several new data source controls in ASP.NET
2.0, such as the
SqlDataSource
,
ObjectDataSource
,
XmlDataSource
,
AccessDataSource
, and
SiteMapDataSource



They

all

can

be

used

to

retrieve

data

from

their

respective

types

of

data

sources

and

can

be

bound

to

various

data
-
bound

controls
.



SQL

Data

source

control

is

used

to

retrieve

the

data

from

SQL

database
.


8/22/2011

School of Computing, Department of IT

19


DATA BINDING CONTROL


Data
-
bound Web server controls are controls that can
be bound to a data source control to make it easy to
display and modify data in your Web application


Grid view control


It control displays data as a table
and provides the capability to sort columns, page
through data, and edit or delete a single record



Details View control


It can bind to a set of results such
as a table of employees containing each employee's
name, address, job title, and so on.



FormView

Control
-

It renders a single record at a time
from a data source and provides the capability to page
through multiple records.



8/22/2011

School of Computing, Department of IT

20



A

Validation

server

control

is

used

to

validate

the

data

of

an

input

control
.

If

the

data

does

not

pass

validation,

it

will

display

an

error

message

to

the

user
.


RequiredFieldValidator


CompareValidator


RangeValidator


RegularExpressionValidator


CustomValidator


ValidationSummary

8/22/2011

School of Computing, Department of IT

21


ControlToValidate



Display



ErrorMessage



Text



Enabled



EnableClientScript



ValidationGroup



IsValid

8/22/2011

School of Computing, Department of IT

22


It Ensures that a value is entered


EXAMPLE CODE


<
asp:TextBox

ID="
txtName
"

runat
="server"></
asp:TextBox
>&
nbsp
;

<
asp:RequiredFieldValidator

ID="RequiredFieldValidator1"

runat
="server"

ControlToValidate
="
txtName
"

ErrorMessage
="You must enter a name.">

</
asp:RequiredFieldValidator
>


8/22/2011

School of Computing, Department of IT

23


A compare
validator compares the two value.


EXAMPLE
CODE


<
asp:CompareValidator

ID
="CompareValidator1"

runat
="server"

ControlToValidate
="
txtQuantity
" Type="Integer"

Operator="
GreaterThan
"
ValueToCompare
="0"

ErrorMessage
="Quantity must be greater than zero.">

</
asp:CompareValidator

8/22/2011

School of Computing, Department of IT

24


A range validator that checks for a numeric
range


EXAMPLE
CODE

<
asp:RangeValidator

ID="RangeValidator1"
runat
="server"

ControlToValidate
="
txtDays
" Type="Integer"

MinimumValue
="1"
MaximumValue
="14"

ErrorMessage
="Days must be between 1 and
14.">

</
asp:RangeValidator
>

8/22/2011

School of Computing, Department of IT

25


Ensures that the value of an input control
matches a specified
pattern


EXAMPLE CODE


<
asp:RegularExpressionValidator

runat
="server"
id="
ZipCodeValidator
"
ControlToValidate
="
ZipCodeTextBox
"
ErrorMessage
="Invalid ZIP code format; format
should be either 12345 or 12345
-
6789."
ValidationExpression
="(
\
d{5}(
-
\
d{4})?" />

8/22/2011

School of Computing, Department of IT

26


Custom validator lets you create custom client
-

or server
-
side validation function


Validation summary control displays list of
validation errors in one place



8/22/2011

School of Computing, Department of IT

27


Masters

define

common

content

and

placeholders

(<asp
:
ContentPlaceHolder>)


Content

pages

reference

masters

and

fill

placeholders

with

content

(<asp
:
Content>)


ContentPlaceHolder

controls

can

define

content

of

their

own

("default

content")


Default

content

is

displayed

ONLY

if

not

overridden

by

content

page



8/22/2011

School of Computing, Department of IT

28

1.Create a master page with .master extension

2. Define a master directive:

<%@ master .. %>

3. Add content:

I.
Can contain any html or control page content

II.
Define replaceable place
-
holder regions:

Use an <
asp:contentplaceholder
> control

Add default content within it (optional)


8/22/2011

School of Computing, Department of IT

29

1.Create an ASP.NET page (.aspx extension)


2. On the page directive:

<%@ page masterpagefile= %> attribute to reference
master

Set the title attribute <%@ Page title=“jeff” %>


3. Optionally add content to override the master:

a. Only <asp:content> controls or server
-
side script
allowed

b. <asp:content> controls replace regions in the master:

The contentplaceholderid identifies master’s region

<asp:content> controls can contain any page content


8/22/2011

School of Computing, Department of IT

30


Authentication


Windows Authentication (via IIS)


Basic, Digest, NTLM, Kerberos, Certificate
Support


Forms
-
based (Cookie) Authentication


Application credential verification


Certificate
Authentication


Supports
Microsoft
®

Passport Authentication



8/22/2011

School of Computing, Department of IT

31


Easy to implement


ASP.NET provides redirection


Steps


Configure IIS to allow anonymous users
(typically)


Configure ASP.NET cookie authentication


Write your login page


Secures not all


Only Files with named extensions


8/22/2011

School of Computing, Department of IT

32

authentication mode= "Forms">


<forms



name=".ASPXAUTH"


loginUrl="login.aspx"


protection="all"


timeout="30"


path="/"


/>

</authentication>


8/22/2011

School of Computing, Department of IT

33


Authenticate

users

with

Windows

user

accounts

by

combining

IIS

authentication

and

the

Windows

authentication

provider

for

ASP
.
NET


No

authentication
-
specific

code

needs

to

be

written

with

this

approach


ASP
.
NET

constructs

and

attaches

a

WindowsPrincipal

object

to

the

application

context


8/22/2011

School of Computing, Department of IT

34


A certificate is a digital "key" installed on a
computer


Certificates can be mapped to user accounts


Consider Certificate authentication when:


Data

is

considered

very

sensitive

and

you

require

a

very

secure

solution


Mutual

authentication

is

required


Third

parties

will

manage

the

relationship

between

the

server

and

the

certificate

holder


Client

interaction

must

be

seamless
;

for

example,

automated

B
2
B

exchanges

8/22/2011

School of Computing, Department of IT

35


Do not use Certificate authentication when:


The

cost

of

issuing

and

managing

client

certificates

outweighs

the

value

of

the

added

security


Client certificates must be deployed to the
client workstations


Map certificates to:


Individual user accounts (one
-
to
-
one mapping)


Any user from a single company (many
-
to
-
one
mapping)



8/22/2011

School of Computing, Department of IT

36


Configure IIS for Certificate authentication


Configure the ASP.NET
Web.config

file


<!
--

web.config

file
--
>

<
system.web
>


<authentication
mode="Windows" />

</
system.web
>


8/22/2011

School of Computing, Department of IT

37


A

centralized

authentication

service

provided

by

Microsoft



Consider

Passport

authentication

when
:



Your

site

will

interact

with

other

Passport
-
enabled

sites



Single

sign
-
on

capability

is

required


External

maintenance

of

user

names

and

passwords

is

useful


Do

not

use

Passport

authentication

when
:



You

want

to

use

user

names

and

passwords

already

stored

in

your

own

database

or

Active

Directory


8/22/2011

School of Computing, Department of IT

38


Requires

registration

with

the

Passport

service

and

installation

of

the

Passport

SDK

on

the

server


Delegation

is

not

possible

on

Windows

2000


Passport

User

ID

(PUID)

is

an

identity

only


Implement

code

to

map

PUID

to

users

in

Active

Directory

or

custom

database


Passport

uses

encrypted

cookies

making

system

secure


Combine

Passport

with

SSL

to

prevent

replay

attacks

for

highest

level

of

security


8/22/2011

School of Computing, Department of IT

39


Install Passport SDK on server


Register with Passport service


Configure IIS for Anonymous authentication


Configure the ASP.NET
Web.config

file


<!
--

web.config

file
--
>


<
system.web
>



<authentication
mode="Passport" />


</
system.web
>


8/22/2011

School of Computing, Department of IT

40


Web.Config


Each

Web
.
config

file

applies

configuration

settings

to

its

own

directory

and

all

child

directories

below

it
.



Configuration

files

in

child

directories

can

supply

configuration

information

in

addition

to

that

inherited

from

parent

directories,

and

the

child

directory

configuration

settings

can

override

or

modify

settings

defined

in

parent

directories


Machine
.
config


The

machine
.
config

file

is

at

the

top

of

the

hierarchy

and

its

setting

apply

to

all

applications

running

on

the

machine
.

8/22/2011

School of Computing, Department of IT

41


Caching is the most critical factor in creating
scalable, high performance Web applications


Caching locations


Web server, proxy server, and client browsers


Types of caching


Output caching


Data caching


8/22/2011

School of Computing, Department of IT

42


What is output caching?


@ OutputCache directive and the cache
object


Output caching attributes:


Duration


Location


VaryByParam


VaryByHeader


VaryByCustom


8/22/2011

School of Computing, Department of IT

43


Pages that use the output cache are
executed one time, and the page results are
cached


The pre
-
executed page is then served to
later requests


Performance and scalability both benefit


Server response times reduced


CPU load reduced


Appropriate caching of pages affects site
performance dramatically


8/22/2011

School of Computing, Department of IT

44


@
OutputCache

declaratively controls caching
behavior


For .
aspx
, .
asmx
, or .
ascx



The cache object programmatically controls
caching behavior

<%@
OutputCache

Duration="600“ Location="Any“
VaryByParm
=“none” %>

Is equivalent to

Response.Cache.SetExpires
(
DateTime.Now.AddSeconds
(600)
);

Response.Cache.SetCacheability
(
HttpCacheability.Public
);



8/22/2011

School of Computing, Department of IT

45


Duration sets the time to cache the output


In seconds


Required


Location sets the location to cache the output


Server: The output is held in memory on the Web server
and is used to satisfy requests


Downstream: A header is added to the response to
indicate to proxy servers to cache the page


Client: A header is added to the response indicating to
browsers to cache the page


Any: Output cache can be located on any of these
locations


None: No output caching is turned on for the item


8/22/2011

School of Computing, Department of IT

46


VaryByParam


The cache stores multiple copies of a page based on
specific Querystring or Form parameters and any
combinations thereof


VaryByHeader


The cache stores multiple copies of a page based on
HTTP headers


VaryByCustom


If the value is “Browser,” cache varies by browser type
and major version


If the value is a custom string, you must override
HttpApplication.GetVaryByCustomString in the
Global.asax and implement your own caching logic




8/22/2011

School of Computing, Department of IT

47


The data cache holds application data such as
strings, datasets, and other objects


Adding items to the data cache is
easy


Cache(“Counter”) =
Mycount.text



Although similar to the familiar application
variables model, it is much more
powerful



Application(“Counter”)

=

Mycount
.
text


8/22/2011

School of Computing, Department of IT

48


Cache object features


Dependencies allow logic to invalidate cached
items


Scavenging (automatic expiration)


Callbacks when an item is removed

8/22/2011

School of Computing, Department of IT

49


penguin.ewu.edu/cscd306


www.slideshare.net


Core C# and
.Net
, Stephen
C.perry
, Pearson
Education


8/22/2011

School of Computing, Department of IT

50


Differentiate ASP and
ASP.Net


List the web controls


Create the On line registration form and validate
all the fields using validation controls


Explain in detail about application security and
configuration files


What are the data bound data source controls


Differentiate master and content pages


Explain in detail about caching


Write the use of passport authentication


8/22/2011

School of Computing, Department of IT

51


What is meant by certificate authentication


Define
ASP.Net

forms


List the type of
ASP.Netn

controls


Differentiate data and
output caching


8/22/2011

School of Computing, Department of IT

52