Contents Overview 1 Requirements of a Web Application 2 What is New in ASP.NET? 3 Sharing Information Between Pages 14 Securing an ASP.NET Application 24 Deployment 37 Lab 7: Creating an ASP.NET Web Application 38 Review 39 Module 7: Creating an ASP.NET Web Application BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. The publications specialist replaces this example list with the list of trademarks provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor> Other product and company names mentioned herein may be the trademarks of their respective owners. Module 7: Creating an ASP.NET Web Application iii BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes This module describes how to enhance the functionality of a Web application by using ASP.NET. The modules covers technologies like state maintenance, caching, and authentication. You will also learn how to deploy an ASP.NET application. In the lab, students will use cookie authentication, use ASP.NET caching, and maintain the state of an application by saving data in a database. After completing this module, students will be able to: ! Describe cookie-less sessions. ! Set up cookie-less sessions in the config.web file. ! Use event procedures in global.asax. ! Describe page caching. ! Describe the various methods for maintaining state. ! Maintain session state using session variables. ! Share information between pages. ! Describe how authentication works. ! Set up authentication for an application in config.web. ! Describe deployment in ASP.NET applications. Materials and Preparation This section provides the materials and preparation tasks that you need to teach this module. Required Materials To teach this module, you need the following materials: ! Microsoft ® PowerPoint ® file 2063A_07.ppt ! Module 7, “Creating an ASP.NET Web Application” (2063A_07.doc) ! Lab, “Creating an ASP.NET Web Application” (2063A_L07.doc) Preparation Tasks To prepare for this module, you should: ! Read all of the materials for this module. ! Complete all the demonstrations. ! Complete the lab. Presentation: 120 Minutes Lab: 30 Minutes iv Module 7: Creating an ASP.NET Web Application BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module Strategy Use the following strategy to present this module: ! Requirements of a Web Application Discuss the requirements of a Web application. You could also ask students who have experience in Web development to talk about what they think are the major requirements for a Web application. ! What is New in ASP.NET? This section focuses on the new features in ASP.NET as compared to ASP. It talks about cookie-less sessions, sections in config.web, new events and directives in global.asax, and page caching. Since these are totally new concepts, go through it slowly, and spend time to explain the need and advantages of each of these. ! Maintaining State This section talks about the various methods used for maintaining state. ASP.NET cache and sharing information between pages are the new concepts. There is a demonstration on sharing information between pages to reinforce this concept. Students will be more familiar with session and application variables, and saving state in a database. The section also includes a demonstration on using session variables for saving state. ! Security Talk about the authentication, authorization, and impersonation. Tell students about the difference between these. Cookie-based authentication is totally new for students. Spend a lot of time explaining the architecture and the data flow in cookie-based authentication. ! Deployment This is mostly a reinforcement of what they learned in Module 04, "Separating Code from Content" about deploying components. Module 7: Creating an ASP.NET Web Application 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! Requirements of a Web Application ! What is New in ASP.NET? ! Sharing Information Between Pages ! Securing an ASP.NET Application ! Deployment Just like ASP, ASP.NET also supports the concept of a Web application along with application specific settings and services. An ASP.NET application is defined as all the files, pages, handlers, modules, and executable code that can be invoked from a virtual directory and its sub-directories on a Web application server. In this module, you will learn about some of files used for building Web applications, and also about some of the features of an ASP.NET application, such as maintaining state and authentication. You will also learn how to configure and deploy an ASP.NET application. After completing this module, you will be able to: ! Describe cookie-less sessions. ! Set up cookie-less sessions in the config.web file. ! Use event procedures in global.asax. ! Set up page output caching for ASP.NET pages. ! Share information between pages of an ASP.NET application using the ASP.NET cache, config.web, session variables, and a database. ! Describe how authentication works. ! Set up authentication for an application in config.web. ! Describe deployment in ASP.NET applications. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about the different aspects of creating an ASP.NET application. 2 Module 7: Creating an ASP.NET Web Application BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Requirements of a Web Application ! State maintenance ! Security ! Performance and scalability ! Easy configuration ! Easy deployment A good Web application has the following requirements: ! State maintenance Web applications should be able to maintain state across pages. If state is maintained between pages, information supplied by users can be reused and they don't have to enter the same information several times. ! Security A good Web application should have security features. Most importantly, it should be able to authenticate and authorize users who can access the application. ! Performance and scalability All Web applications should be built with high-performance and scalability in mind. Caching is an extremely important technique for building high- performance and scalable Web server applications. ! Easy configuration Configuration is a very important aspect of any application. A central requirement of any web application server is a rich and flexible configuration system – one that enables developers to easily associate settings with an installable application without having to embed values into code, and enables administrators to easily adjust or customize these values post-deployment. ! Easy deployment One of the biggest problems with applications has been their deployment. A good Web application should be easy to deploy and should require minimum effort. Topic Objective To describe the requirements of a Web application. Lead-in When designing a Web application, you should keep in mind some of the basic requirements of a good Web application. Module 7: Creating an ASP.NET Web Application 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # What is New in ASP.NET? ! Cookie-less Session IDs ! Configuration File (Config.web) ! Setting Up Cookie-less Sessions in Config.web ! Global Application File (global.asax) ! Demonstration: Using Event Procedures in Global.asax ! Page Caching In addition to all the features provided by ASP, ASP.NET provides several additional features to enhance the functionality of an application. This section focuses on the additional features in ASP.NET. Topic Objective To describe what is new in ASP.NET application files. Lead-in ASP.NET provides many new features for Web applications as opposed to ASP. 4 Module 7: Creating an ASP.NET Web Application BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Cookie-less Session IDs ! Each active session is identified and tracked using Session IDs ! SessionIDs are communicated across client-server requests using an HTTP cookie or a "Munged URL “ ! Using a cookie $ Default mechanism for storing SessionIDs ! Cookie-less sessions $ Information is encoded into URLs http://server/(h44a1e55c0breu552yrecobl)/page.aspx http://server/(h44a1e55c0breu552yrecobl)/page.aspx Each active session within ASP.NET is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness and randomness. SessionIDs are communicated across client-server requests using either an HTTP cookie or a "Munged URL". Using Cookies Cookies are a mechanism by which data can be maintained in a file on the user's computer. By default, SessionIDs are stored in cookies. However, users can turn off cookies through a setting in their browser. Thus, there is a risk that your Web application will not work if it requires session information and a user has turned off cookies. Using Cookie-less Sessions The use of cookie-less sessions is a new concept in ASP.NET. This method uses URLs as opposed to cookies to pass the SessionID to an ASP.NET page. It involves encoding data into a URL, which is done automatically by the browser. This enables you to now use session state even with browsers that have cookie support disabled. For example, the browser would generate the following URL for a request to the ShoppingCart.aspx page on the http://localhost/conference web site: http://localhost/conference/(h44a1e55c0breu552yrecobl)/ShoppingCart.aspx To enable cookie-less sessions, add the following to the config.web configuration file: <sessionstate cookieless="true" /> Topic Objective To describe cookie-less sessions. Lead-in In ASP, a sessions was identified by a cookie kept on the user's computer. In ASP.NET, sessions can be cookie-less. Module 7: Creating an ASP.NET Web Application 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Configuration File (Config.web) ! All configuration information for an ASP.NET application is contained in config.web ! Config.web can be placed in the same folder as the application files ! Contains sections for each major category of ASP.NET functionality $ <sessionstate>, <security>, <appsettings> , <trace> <configuration> <trace enabled="true" requestlimit="40" pageoutput="true"/> </configuration> <configuration> <trace enabled="true" requestlimit="40" pageoutput="true"/> </configuration> ASP.NET configuration uses hierarchical configuration architecture. All configuration information for an ASP.NET application is contained in configuration files named config.web that can be placed in the same directories as the application files. Child directories inherit the parent's settings unless overridden by a config.web file in the child directory. If a config.web file is present at the root directory of a Web server, for example "Inetpub\wwwroot", the configuration settings will apply to every application in that server. Presence of a config.web file within a given directory or application root is completely optional. If a config.web file is not present, then all configuration settings for the directory are automatically inherited from the parent directory. Topic Objective To describe the config.web file. Lead-in All configuration information for ASP.NET is contained in configuration files named config.web. Note 6 Module 7: Creating an ASP.NET Web Application BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY In a config.web file, there are sections for each major category of ASP.NET functionality, as shown in the following table. Section name Description <browsercaps> Responsible for controlling the settings of the browser capabilities component. <compilation> Responsible for all compilation settings used by ASP.NET. <globalization> Responsible for configuring the globalization settings of an application. <httpmodules> Responsible for configuring Http Modules within an application. Http Modules participate in the processing of every request into an application, and common uses include security and logging. <httphandlers> Responsible for mapping incoming URLs to IHttpHandler classes. Sub-directories do not inherit these settings. Also responsible for mapping incoming URLs to IHttpHandlerFactory classes. Data represented in <httphandlerfactories> sections are hierarchically inherited by sub-directories. <iisprocessmodel> Responsible for configuring the ASP.NET process model settings on IIS Web Server Systems. <security> Responsible for all security settings used by the ASP.NET security HttpModule. <sessionstate> Responsible for configuring the session state HttpModule. <trace> Responsible for configuring the ASP.NET trace service. ASP.NET configuration settings are represented within these configuration sections. For example, as you saw in Module 5: Using Trace in ASP.NET Pages, you can turn the trace feature on for an entire application in the <trace> configuration section as follows: <configuration> <trace enabled="true" requestlimit="40" pageoutput="true"/> </configuration> [...]... CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 7: Creating an ASP.NET Web Application 15 Using ASP.NET Cache Topic Objective To describe how to use ASP.NET cache ! $ Lead-in ASP.NET cache allows you to store components to be used between calls to an ASP.NET page ASP.NET cache: ! Stores objects and values for reuse in an application Placing objects in ASP.NET cache Cache.Insert("mykey", myValue,... ONLY Module 7: Creating an ASP.NET Web Application 19 Demonstration: Using Config .Web Variables Topic Objective To demonstrate how defining a constant in config .web Lead-in In this demonstration, you will see how to create a constant in config .web and use it from different ASP.NET pages Delivery Tip 1 Create a new config .web file in the \DemoCode\Mod07 folder 2 Add the tag with an ... CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 7: Creating an ASP.NET Web Application 17 Using Config .Web Variables Topic Objective To explain how to share information between pages by storing values in config .web Lead-in In ASP.NET, you can share information between pages by storing application variables at a central location ! Store application variables in config .web ... MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 20 Module 7: Creating an ASP.NET Web Application Using Session and Application Variables Topic Objective To learn how to use session and application variables to share information between pages Lead-in Like ASP, ASP.NET allows you to share information using session and application variables ! Session object stores information for a particular... information among all users of a Web application An Application object is created when the first user of the application requests an aspx file It is destroyed when all users have exited the application and the application is unloaded For example, you might store the total number of visitors to a Web site in an application- level variable Sub Application_ Start(s As Object, e As EventArgs) Application( "NumberofVisitors")... "black" End Sub End Sub ! Application object shares information among all users of a Web application Sub Application_ Start(s As Object, e As EventArgs) Sub Application_ Start(s As Object, e As EventArgs) Application( "NumberofVisitors") = 0 Application( "NumberofVisitors") = 0 End Sub End Sub You can use session and application variables to share information between pages of an ASP.NET application You generally... PREPARATION PURPOSES ONLY 8 Module 7: Creating an ASP.NET Web Application For example, to double the default timeout of 20 minutes the following can be added to the config .web of an application: Setting Up Cookie-less Session By default ASP.NET uses cookies to identify requests, which belong to one session If cookies are not available, a session can be tracked by adding a... users who get assigned temporary IDs and then decide not to log in or register themselves For such instances, you should have a mechanism that flushes out these unused temporary IDs from your database on a regular basis BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 24 Module 7: Creating an ASP.NET Web Application # Securing an ASP.NET Application Topic Objective To introduce... don’t change often or for a given time period BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 14 Module 7: Creating an ASP.NET Web Application # Sharing Information Between Pages Topic Objective To introduce the topics included in this section Lead-in In this section, you will learn about maintaining the state of a Web application ! Using ASP.NET Cache ! Using Config .Web Variables.. .Module 7: Creating an ASP.NET Web Application 7 Setting Up Cookie-less Sessions in Config .web Topic Objective To learn how to set up cookie-less sessions in config .web ! ! Lead-in As you learned in the previous topic, config .web has a section for major application functionalities Session state is configured in the section of Config .web supports . you will learn about the different aspects of creating an ASP. NET application. 2 Module 7: Creating an ASP. NET Web Application BETA MATERIALS FOR MICROSOFT. use ASP. NET cache. Lead-in ASP. NET cache allows you to store components to be used between calls to an ASP. NET page. 16 Module 7: Creating an ASP. NET Web