Professional Documents
Culture Documents
NET
ARCHITECTU
Web Se
• Inet_info.exe à identifies the request and submits the request to the
•
aspnet_isapi.dll.
(.aspx)
Aspnet_isapi.dll à is a script engine which process the .aspx page
•
• HTTP
Then the script engine will submit the request to the ASP.NET runtime env.Aspnet_isa
After verifying all the security issues of both machine.config and web.config
REQUEST
then an AppDomain will be defined for the request and after processing the
request the response will be given to the client as HTTP response.
• (.asp)
Machine.Config à it is used to maintain the complete configuration details
of all the web applications registered on to the web server of ASP.net
• Web.Config à It is used to maintain the config details about a single web Asp.dl
application.
• Where configuration details includes security,database connectivity,state
management,trace details of the web application,,authentication and
authorization of the applications and globalizations
• AppDomain:All windows appns run inside a process and these process own
resources such as memory and kernel objects and the threads execute code
loaded into a process.Process are protected from each other by the OS. All
these appns are run on high isolation mode to work safely.The disadvantage
of this is memory resources are blocked.So to achieve this in a single process
all the applications should be made to run which is good to an extent but the
draw back is if one crashes all other are effected. So in .net the code
HTTP
verification feature takes care that the code is safe to run.
so asp.net each application runs its own application domain and therefore it is
RESPONSE
protected from other asp.net applications on the same machine so it ignores
the process isolation specified on IIS.
• HTTPHandlers:ASP.net builds upon a extensible architecture known as HTTP
runtime.This is responsible for handling the requests and sending the
response.It is upto an individual handlers such as asp.net or web service to
inet_info
1
implement the work done on a request.IIS supports a low level API known as
ISAPI. ASP.net implements a similar concept with HTTP handlers.A request is
assigned to ASP.net from IIS then ASP.net examines entries in the
<httphandlers> section based on the extension of the request to determine
which handler the request should be send to.
Features of asp.net
• ASPX,ASP
Up gradation of ASP to ASPX is not required it supports side by side
execution and hence a request can be given from ASP to ASPX and vice
versa.
• Simplified Programming Model
ASP.Net is a technology which can be implemented using any dot net
language such as VB.net,C# etc and hence there is no requirement of
HTML,JavaScript or VBScript to implement ASP.NET
• Simplified deployment
ASP.Net supports setup and deployment and hence the web app can be
defined with a web set up project which can be easily deployed on to the
web server. Where as for ASP CUTE FTP is used for deploying manually we
have to upload.
• Better Performance
As the ASPX pages are complier based the performance of the web
application will be faster then the ASP pages (as they are interpreter
based)
• Caching
It is a process of maintaining the result or output of a web page
temporarily for some period of time .ASP supports Client Side caching
where as ASP.Net supports both client side and server side.
• Security
In ASP security is done by IIS or writing the code manually. Where as
ASP.Net is defined with built in security features such as
à windows authentication
à Forms Authentication
à Passport Authentication
à Custom Authentication
• More powerful data access
ASP.net supports ADO and ADO.Net as its database connectivity model
which will be implemented using the most Powerful OOP’S languages like
VB.Net and C# and hence the database access using ASPX pages will be
very powerful.
• Web services
It is a code which will be published on the web which can be used by any
applications written using any language for an platform or device.
• Better session Management
Session Management in ASP.Net can be maintained using the database
and as well cookieless sessions are also supported.It also supports
enabling and disabling of session info within a web application.
• Simplified Form Validations
ASP.Net provides validation controls using which any type of client side
validations are performed without writing any code.
2
• A web page is in 2 parts
1} Designing part (HTML Content,Flash,Dreamweaver etc)
2} logic Part (sub programs and event procedures and it has also your
database interaction)
• ASP.Net supports 2 techniques for creating web page
1) In Page Technique
when you place design part code and logic part code with in a single
file called as ASPX then it is called as inPage Technique.
2) Code Behind Technique
when design part code is represented with in ASPX file and logic part code
is represented with in dll file then it is called as code behind technique.
• ASP Supports only In Page technique.
• DLL file is not a readable file so it is secured.
3
Memory Garbage Collector. Garbage collector,
Manag. Automatic releasing of destructor,dispose.Automatic
resources is available. releasing of resources is not
It Boosts the performance. available.You have to explicitly use
dispose method
4
Standard List Controls Validation Data Misc
Controls à Radio Controls bound Controls
àlabel Button List àRequired Controls
àTextbox à Check Box field Validator àData Grid àCrystal
àButton List àRange àData List Report
àLink Button àDropdown Validator àRepeater Viewer
àImage List àCompare control
Button àList Box Validator
àCalendar àRegular
àAdRotator Expression
àPanel Validator
àPlace Holder àCustom
àTable Validator
àLiteral àValidation
Control Summary
àRadio Button
àCheck Box
àXML
Common Syntax for any web server control
• <asp:controltype id=“name of the control” runat=“server”
----------------
----------------
//additional properties
></asp:controltype>
• To close syntax is “ / “ .
• In order to set or get the value from any standard control text property
should be used.
• Eg:
• <asp:label id=“lb1” runat=“server” text=“user name”></asp:label>
• <asp:button id=“lb1” runat=“server” text=“Login” />
Calendar Control
Usage: It is used to place the calendar on the webform
– Note: Place the calendar control and right click on it and select
autoformat to provide a better look and feel for the control
– Calendar control can be considered as a collection of table cells
– Where every table cell will maintain the information about the days as a
calendar day in the format of a link button control
– When ever the calendar days has to be customized based on the requirement
of the user DAYRENDER event should be used.
– Every event handler in the dot net tech will accept two arguments 1st one
being object and the 2nd one is eventArguements
– I.e. DayRender(Object,eventArguements)
– Event Arguments of DayRender event will provide
– e.cell -> to refer table cell
– e.day -> to refer calendar day
– In order to add a string value as a control to any other control “Literal
Control” Should be used.
ADO.NET
CONNECTION ORIENTED MODEL
5
DISCONNECTED ORIENTED MODEL
CONNECTION ORIENTED MODEL
Whenever an application uses the connection oriented model to interact with
the db then the connectivity between the application and the database has to
be maintained always.
Whenever an user executes any statement other than a select then command
object can be binded directly to the application
If the user executes a select statement then dataReader is used to bind the
result to the application.
Disconnected Oriented Model
When the user interacting with the db using this model then while performing
the manipulations or navigations on the data connectivity between the
application and the database is not required
Note: When ever the data is been updated on to the database then the connectivity
is required in the disconnected model.
DISCONNEC
Application Dat
Discon
Connection
This is available in à it is
connection between the
client system
Data Adap
DataAdapter àit i
DataAdapter
like a bridge between th
DataAdapter can always be binded to a single table at a time.
Whenever the dataAdapter is used then implicit opening and closing of
connection of closing object will take place.
Commands in DataAda
6
DataAdapter
If the dataAdapter is defined using a tool or a control then all the commands
for the adapter will be defined implicitly provided the base table with a
primary key.
If the base table is not defined with a primary key then the commands
relevant for update command and Delete command will not be defined.
Fill Method
It is used to fill the data retrieved by the select command of DataAdapter to
the dataset.
Update Method
It is used to update the dataAdapter with the data present in the dataMember
of the dataSet. In other words used to the update the database.
DataSet
It is an in memory representation of the data in the format of XML at the
client system.
Points to remember about DataSet:
– It contains any no of datatables which may belong to the same or
different databases also.
– If any manipulation are performed on the database it will not be
reflected on to the database.
– Dataset is also considered as a collection of datatables where a
datatable can be considered as a DataMember.
– Dataset will not be aware of from where the data is coming from and
where the data will be passed from it.
– Dataset supports establishing the relationship between the datatables
present in the dataset where the datatables might belong to different
databases also.
DataSet is of 2 types à
– Typed DataSet à when ever the dataset is defined with the support of
XML schema definitions then it is said to be typed dataSet.
– UnTyped DataSet à if the dataset is defined without the XML Schema
Definition then it is said to be UnTyped DataSet.
DataView
It is logical representation of the data present in the datamember of dataSet.
Usage à It is used to sort the data,filter the data or if the data has to be
projected in the pagewise then the dataView should be used.
Command
It is used to provide the source for executing the statement I.e it used to
specify the command to be executed.
Data Reader
It is a forward and read only record set which maintains the data retrieved by
the select statement.
7
DISCONNECTEDMO
DEL
CONNECTION
DATAA
D AP
T ER
DATASET
DATAVIEW
SQL -SERVER
can be either SQL,Oracle,Oledb or ODBC
Provider Info ORA
– To connect to MS-Access 2000 above versions à
• Provider=microsoft.jet.oledb.4;datasource=databaseName.mdb
– To connect to SQL-Server db à System.data.SqlClient System.d
• Provider=sqloledb.1;userid=sa;password=;database=database
name;datasource=servername
• Note if SQL Connection is used then provider=providername is
not required. SQL Connection Ora
– To Connect to ORACLE à
• Provider =
oracleoledb.oracle;userid=scott;pwd=tiger;datasource =
servername
• OR
SQL Command Or
• Provider = msdaora.1;…….
SQL Datareader 8 Or
• Note if oracle connection is used then provider= provider name
is not required.
9
In order to support Forms Authentication in ASP.Net the Dot Net Framework
provides a base class library called as
“System.web.security.Formsauthentication”
Methods to support Forms Authentication
Authenticate :àIt is used to authenticate if the provided information belongs
to a valid user credentials or not.It returns True if user info is valid else
returns false.
Syntax à authenticate(username,password)
RedirectFromLoginPage à It is used to redirect to the requested webform
from the login page if the provided user credentials belongs to a valid user.
Syntax :- redirectFromLoginPage(username,booleanvalue)
If specified TRUE then the user info will be maintained as a permanent HTTP
Cookie at the client system and if FALSE is specified then user info will be
maintained temporarily till the browser is closed.
HashPasswordForStoringInConfigFileàit is used to encrypt the data using
either SHA1 or md5 hash algorithms.
Syntax à HashPasswordForStoringInConfigFile
(original Text,”md5/sha1”)
SignOut à It is used to clear the session of the user which has been set the
application
User.identity.name à returns the name of the user who has currently logged
in.
Windows Authentication
It is used to authenticate the user information based on the users registered
on the network.
Note it is used to validate the users on the intranet environment.
In web.config file à
– <authentication mode=“windows” />
– <authorization>
<allow users/role =“DomainName/UserName,---” / roleName />
<deny users/role = “DomainName/UserName,---” / roleName />
– </authorization>
– Whenever the user who has been currently logged in is present in the allow
users list then all the webforms can be accessed directly present in the web
application.Else implicilty the webserver will project a dialog box to provide
the user credentials and allow the user to access the webforms provided the
information belongs to a valid user credentials.
Types of Windows Authentication
Basic Authentication à if used as authentication type then the user
credentials will be passed across the n/w in cleartext Format.
DigestAuthentication à it is a special authentication type used to
authenticate the Domain server users.
– Note if the OS is not a domain server then the Digest authentication
type will be disabled in that system
NTLM authentication à it is a default authentication type used by the
windows authentication where NTLM stands for Integrated Windows
Authentication
10
Start > RUN > inetmgr
Right click on default web site and select properties
Click on Directory Security tab
Click on the Edit button present in the anonymous access and authentication
control
Check on the different authentication types to be used
To know the domain name of the system
– [ In command prompt ]
• C:\host Name
– This gives the domain name
Passport Authentication
If the same user credentials has to be maintained across multiple websites
then passport authentication can be used.
To achieve this à
– Install Microsoft Passport SDK
– In web.config file
• <authentication mode =“passport”>
– <passport redirectUrl =“internal /URL ‘ />
</authentication>
Custom Authentication
It is used to Validate the user credentials as per the requirement of the
application.
View State
• It is the concept of persisting controls properties between requests under post
back implementation.
• The view state will be implemented based on hidden field.
• The main advantage of view state will be 2 things
• There is no programming required from the developer so less burden on the
developer.
• The memory will not be allocated in the client system nor at in the webserver
system.It will be maintained as the part of the web page itself.
• The problem with a view state is there will be more amount of data transfer
between client and web server.
• The view state can be controlled at the 3 levels à
1 } Control Level à
<Input = ….Enable viewstate=“true/false”>
11
Note :à when it comes to sensitive data it is not recommended to implement
view state the sensitive data can be password,credit card no, etc.
• When you go with password type textbox the view state will not be applicable
implicitly.
• 2} Page Levelà
<%@ Pagedirective …..enable viewstate=“true/false” >
• 3 }Application Level à
It requires web config
It will be applicable to all the web pages
COOKIES
• It is used to maintain the server side information at the client system. { OR }
A cookie can be defined as a small amount of memory used by the web server
on the client system.
Usage :à The main purpose of cookies will be storing perosonal information
of the client,it can be username,pwd,no of visits,session id.
• Cookies can be of 2 types:-
• Client Side Cookiesà If the cookie information is set using Javascript /
VbScript within an HTML page then it is said to be a client Side Cookies.
• Server Side CookiesàIf the cookie information is set using server side
technology then it is said to be server side cookies.They are of 2 types:
1] Persistant Cookies ( Permanent Cookies )
2] nonPersistant Cookies ( Temporary Cookies )
• 1] Persistant Cookies ( Permanent Cookies )
• When the cookie is stored on to the hard disk memory then it is called
as persistant cookie.
• When you provide expires than the cookie will be considered as
persistent.
• 2] nonPersistant Cookies ( Temporary Cookies )
• When the cookie is stored with in the process memory of the browser
then it is called temporary cookies.
Syntax
• To set the cookies information
Response.cookies(“cookie name”).value = value
• To get or read the value from a cookie
variable =
request.cookies(“cookie name”).value
12
• The browser will support 20 cookies towards a single website . If we add 21st
cookie then automatically the first cookie will be deleted.
• A cookie can represent maximum of 4kb of data.
• To bind the cookie information to a specific domain à
response.cookies(“cookie name”).Domain = DomainName
• To allow the different paths of the same domain to access the cookie
information à
response.cookies(“cookie name”).path = “/path….”
• note àthe default expiration time for the cookies is 30 min.
• To set the expiration time for the cookie info à
response.cookies(“cookie name”).expires = dateTime
• To secure the cookie information à
response.cookies(“cookie Name”).secure = booleanValue
Session
When client makes a first request to the application,ASP.net runtime will create a
block of memory to the client in the web server machine.This Block of memory is
called as session memory.This memory will be unique to the client with the Time Out
of 20 min by default.Here timeout indicates from the last access of client request not
from creation of cookies.Cookie can represent only plain text not an object but
session memory has an object.
Differences between Session & Cookies
Session Cookies
It will be maintained in the It will be maintained in the
web server system.So it is client system. So it is called
called as server side as client side state
management management.
Session can represent Cookie can represent plain
objects text
More security for data Less security for data.
Accessing will be slow Accessing would be faster.
13
• If the value assigned to the session variable is an object then that information
will be maintained in the static object collection of session object.
• By default session state for the application will be true and hence the contents
of the session object can be used.
• In order to disable the session object usage in the web form then “enable
session state” attribute of the page directive should be set as false.
• In the page directive I.e go to the HTML view and in that page directive at the
start of the page make the enable session state as = false.
• Syntax à
<% @ page language =“vb” enablesessionstate=“false”…….%>
Session Object
• Session Object à this object can be used to access session memory from
asp.net web page.
The following are the methods à
1. Add(key,value) where key à String and value à object
2.Remove(key)
3.Abandon() à to close the session
4.SessionId
5.TimeOut
Application
14
It is used to maintain the state of all the users accessing the web
applications.
When the first client,first request comes to the application web server will
allocate a block of memory this is called as application memory.
The application memory will not have any life time.
Application object can be used to access application memory from asp.net
web page
Application object consists the following methods à
1} Add (key,value) {or} Application(“var”) = value
2} Remove(key)
3} lock()
4} unLock()
note à the lock and unlock are not available in session,but available in
application .
To set:à
Application (“variable”) = value
To read:à
variable = application(“variable”)
ProblemàIf the application object is not maintained properly then it will result
in Data Inconsistency.
When ever the application variables are used in the webform then it is
mandatory to Lock the application contents.
To do:à Application.Lock()
If application.lock() method is encountered while processing the webform
then all the other requests which uses the application contents will not be
blocked till the webform processing is completed.
Lock is used to allow only one client at a particular time.
Each client requests to the webserver is considered as thread.webserver will
allocate equal processor time to all the threads.In this aspect more then one
thread can manipulate application memory data,this may lead to improper
result to avoid this it is recommended for synchronisation of threads.
Synchronisation is nothing but allowing user one at a particular time.
The synchronisation of threads can be implemented using lock and unlock
methods.
Global.asax
It’s a collection of events where the code written in those events will be
executed implicitly whenever the relevant event takes place.
In order to work with the application and the session objects and to handle
the events in a proper manner “global.asax” file should be used.
Application_Start à the code written in this event will be executed only once
whenever the application has been encountered with the first request
Session_Start à the code written in this event will be executed when ever a
new session for the user starts.
Application_BeginRequest à the code written in this event will be fired when
ever any webform present in the webapplication is loaded.
Application_Authenticate à the code written in this event will be executed
when even the authentication takes place.
Application_error à the code written in this event will be executed when ever
any error or exceptions occurs at webforms present in the web application.
15
Note à in order to get the last error which has been generated on the
webform “server.getLastError()” should be used.
Session_End à the code written in this event will be executed whenever the
session of the user ends
Application_End à the code written in this event will be executed whenever
the web application is closed.
Caching
• It is used to maintain the result of the webform temporarily for a specific
period of time.
• ASP supports client side caching.
• Where as ASP.net supports both client side caching and server side caching.
Client Side
• To Set this :à
• If the cache page is m
client side it is said c
Response.cachecontrol = public
• Advantage :à only the people who are connected in the network they will be
getting the page faster.
Server
• Caching should be used if and only if the following properties are satisfied
1} The contents of the webform should not be modified at least for a specific
period of time.
C1
2} The no of clicks for the webform present in the web application should be
more.
C3
maintained as a cache page at the webserver then it is said to be a page-output
cache.
• To Setà
<% @ outputcache duration=“seconds”
varybyparam=“none/controlName/VariableName” %>
• VaryByParam à it is used to set an individual cache page for every distinct
value assigned for the control or the variable assigned to the varybyparam.
{example 1}
• Page Fragmentation Cache à It is used to maintain only a partial page
contents as a cache contents on the web server
• To achieve this Page Fragmentation à
à Define a web custom control
à Set the cache for the custom control
à use the web custom control on the web form.
Data Cache
• It is used to maintain the data present in an object as a cache information
,where the object can be dataset,datview or datareader.
• Note:à once the data is been set as a cache then if the data is modified or
manipulated at the database level there wont be any reflection at the data
present in the cache.
Tracing
It is used to trace the flow of the application.
It is of 2 types à
Application level tracing à If this is used then for all the webforms present in
the web application the trace details or information will be provided.
Page level tracing à if used then only specific web form the trace details will
be set.
Note à if the application level and page level tracing information is set then
the preference will be given to the page level tracing only.
To set application level tracing à
in web.config à <trace enabled=“true” requestlimit=“10”
pageoutput=“true”…../>
17
Methods to support tracing
Trace.write à It is used to write the data on to the trace information.
Trace.warn à it is used to write the data on to the trace information using red
as its fore color such that the information will be highlighted at the trace info
section.
To set page level trace info in page directive tag :à
<% @ pagelanguage=“vb” trace=“true” %>
18