session 14

Building Applications using ASP.NET and C# / Session 14 / 1 of 18

Session 14Session 14


Session ObjectivesSession Objectives

Discuss:

Machine.Config

Secure your web pages using Authentication

Web.Config

Structure of a configuration file


Web Pages – Web Pages – Web ApplicationWeb ApplicationWeb PageWeb PageWeb PageWeb PageWeb Page

------------------

WEB APPLICATION


ConfigurConfiguration ation FilesFiles

<configuration><system.web>

<sessionState timeout=”10” /></system.web>

</configuration>

Stored in plain text format

No need to restart server in case of changes to file

Written in XML. Rules for naming tags and attributes

Clients cannot view the file from browser

Each directory can have its own file Each directory overrides earlier configuration file

Tag and attribute names

Attribute values

FEATURES


Types of Types of Configuration Configuration Files - 1Files - 1

Machine.config Settings are applied to all the applications residing on the server

Settings are applied to single application residing on the server

XML based file

Stored in C:\WinNT\Microsoft.NET\Framework\v.1.xxxx\config

Build number of .net CLR

Web.config

Only one file per ASP.net installation on a machine

XML based file

One file per each directory of the web application


Types of Types of Configuration Configuration Files - 2Files - 2

Web Applicatio

ns

One per machine

One per applicationOverride settings of machine.config


Typical Typical Web.config Web.config FileFile

<configuration> <configSections> <section name="sectionSettings" type="Class" /> <sectionGroup name="sectionGroup"> <section name="sectionSettings" type="Class" /> </sectionGroup> </configSections> <section name=”sectionSettings” type=<Class>” /> <sectionGroup> <sectionSettings attribute="someValue" />

<sectionSettings SomeAttribute=”SomeValue”> <element attribute=”value”>

</sectionSettings> </sectionGroup></configuration>

Configuration section Handler Declaration Area

Configuration section Settings Area


Page Page ConfiguratioConfiguration Settingn Setting<configuration>

<system.web> <pages buffer=”false”

enableViewState=”true” /></system.web>

</configuration>

Response to the client can be buffered

View state can be set


ApplicatioApplication Settingn Setting

<configuration> <appSettings> <add key=”MyQuery” value=”Select * FROM MyTable”/> </appSettings></configuration>

Configuration settings in form of key-value pair

The settings are read in ASP.NET page

...String GetQuery = Configuration.AppSettings(“MyQuery”);...


CompilatiCompilation on SettingSetting<configuration>

<system.web> <compilation debug="true" defaultLanguage=”C#”/> </system.web></configuration>

Specifies whether to compile retail binaries or debug binaries.

Provides a semicolon-separated list of language names to use in dynamic compilation of files


Sub-tags of Sub-tags of Compilation Compilation tag -1tag -1

<configuration> <system.web> <compilation debug="true"defaultLanguage=”C#”/> <assemblies> <add assembly="System.Net" /> </assemblies></system.web></configuration>

add remove clear


Sub-tags of Sub-tags of Compilation Compilation tag - 2tag - 2<configuration> <system.web> <compilation debug="true" defaultLanguage=”C#”/> <namespaces> <add namespace="System.Web.UI" /> </namespaces></system.web></configuration>


customErrcustomErrors ors Setting Setting

<customErrors defaultRedirect="url" mode="On|Off|RemoteOnly"> <error statusCode="statuscode" redirect="url“/></customErrors>

<configuration> <system.web> <customErrors defaultRedirect="http://localhost/allError.aspx" mode="RemoteOnly"> <error statusCode="404" redirect=“http://localhost/Error404.aspx"/> </customErrors> </system.web></configuration>


Authentication Authentication and Authorization and Authorization -1-1

<configuration> <system.web> <authentication mode="Windows|Forms|Passport|None"> <forms name="name" loginUrl="url" protection="All|None|Encryption " timeout="xx" path="/" > <credentials passwordFormat="Clear|SHA1|MD5"> <user name="username" password="password" /> </credentials> </forms> <passport redirectUrl="internal"/> </authentication> </system.web></configuration>


Authentication Authentication and Authorization and Authorization - 2- 2

Authentication Type Description

Windows authentication as default authentication mode. Used for any form of IIS authentication

ASP.NET forms-based authentication as default authentication mode

Microsoft Passport authentication as default authentication mode

No authentication. Used by anonymous users and applications providing own authentication


Attributes of Attributes of <forms> tag<forms> tagAttribut

e Option

Description

Name None Cookie name used for authentication

LoginUrl None Login page URL. The client is redirected to this URL if no authentication cookie

protection ALL Application uses both data validation and encryption to protect the cookie.

None Both encryption and validation are disabled

timeout The amount of time, in minutes, after which the authentication cookie expires. Default value is 30.

path Path for cookies issued by the application. Default value is a backslash (/)


Forms Forms AuthenticaAuthenticationtion

<configuration> <system.web> <authentication mode="Forms"> <forms name="form1" loginUrl="login.aspx" protection="None" timeout="60"> <credentials passwordFormat="Clear">

<user name="zeal" password="SaysYahoo"/> <user name="scooby" password="doo"/> <user name="cow" password="moo"/>

</credentials> </forms> </authentication> </system.web></configuration>


AuthorAuthorizationization<configuration>

<system.web> <authentication mode="Forms"> <forms name="form1” loginUrl="login.aspx" protection="None" timeout="60"> <credentials passwordFormat="Clear">

<user name="zeal" password="SaysYahoo"/> <user name="scooby" password="doo"/> <user name="cow" password="moo"/>

</credentials> </forms> </authentication><authorization>

<allow users=”scooby, cow” /><deny users=”zeal” />

</authorization> </system.web></configuration>

session 14

Documents