Académique Documents
Professionnel Documents
Culture Documents
AppSetting section is used to set the user defined values. For e.g.: The
ConnectionString which is used through out the project for database connection.
<configuration>
<appSettings>
<BR>
Server.Transfer
Response.Redirect
Server.Transfer
The Transfer method transfers from inside of one ASP page to another ASP page.
Transfer passes the context information to the called page.
The state information that has been created for an ASP page gets transferred to the
other ASP page which comprises of objects and variables within an Application or
Session scope, and all items in the Request collections.
Response.Redirect
The redirect message issues HTTP 304 to the browser and causes browser to go to
the specified page. There is round trip between client and server.
Redirect doesn’t pass context information to the called page.
Authorization is process of checking whether the user has access rights to the
system.
To enable impersonation:
The passing of the control from the child to the parent is called as bubbling.
Controls like DataGrid, Datalist, Repeater, etc can have child controls like Listbox,
etc inside them. An event generated is passed on to the parent as an ItemCommand.
ASP.NET runs inside the process of IIS due to which there are two authentication
layers which exist in the system.
First authentication happens at the IIS level and the second at ASP.NET level per
the WEB.CONFIG file.
Working:
At first, IIS ensures that the incoming request is from an authenticated IP address.
Otherwise the request is rejected.
By default IIS allows anonymous access due to which requests are automatically
authenticated.
However, if this is changed, IIS performs its own user authentication too.
Finally the OS resources are requested by the identity obtained from previous step.
The user is granted the resources if the authentication is successful else the
resources are denied.
Resources can include ASP.net page, code access security features to extend
authorization step to disk files, registry keys, etc.
b. Form Authentication: It’s a custom security based on roles and user accounts
created specifically for an application.
<authentication mode=”windows”>
<authentication mode=”passport”>
<authentication mode=”forms”>
Passport authentication
Basic: users must provide a windows username and password to connect. This
information is plain text which makes this mode insecure.
Digest: Users need to provide a password which is sent over the network. However
in this case the password is hashed. It also requires that all users be using IE 5 or
later versions.
Windows integrated: passwords are not sent over the network. The application uses
either the Kerberos or challenge/response protocols authenticate the user. Users
need to be running IE 3.01 or later.
Forms authentication
Using form authentication, ones own custom logic can be used for authentication.
ASP.NET checks for the presence of a special session cookie when a user requests a
page for the application. Authentication is assumed if the cookie is present else the
user is redirected to a web form
<identity impersonate=”false”/>
With ASP.NET won’t perform any authentication and would run with its own
privileges. The default is an unprivileged account named ASPNET. It can be
changed a setting in the processModel section of the machine.config file.
Disabling impersonation runs the entire request in the context of the account
running ASP.NET (ASPNET account or the system account).
Here, ASP.NET takes on the identity IIS passes to it. If anonymous access is allowed
in IIS, then the IUSR_ComputerName account will be impersonated otherwise
ASP.NET will take the authenticated user credentials and make requests for
resources.
With this, the requests are made as the specified user. The password is assumed to
be correct. The drawback is that you must embed the user’s password in the
web.config file in plain text which is a security risk.
URL authorization:
File authorization:
File authorization is performed by the FileAuthorizationModule.
It checks the access control list of the .aspx or .asmx handler file to determine
whether a user should have access to the file.
Similarities:
DataSource Property
DataBind Method
ItemDataBound
ItemCreated
Difference:
Datagrid
Datalist
an Array of Rows and based on the Template Selected and the
RepeatColumn Property value the number DataSource records
that appear per HTML
Repeater Control
The Datarecords to be displayed depend upon the Templates
specified and the only HTML generated accordingly. Repeater
does not have in-built support for Sort, Filter and paging the
Data.
Difference between Datagrid, Datalist and repeater
Datagrid:
Application_Init
Fired when an application initializes or is first called. It is invoked for
all HttpApplication object instances.
Application_Disposed
Fired just before an application is destroyed. This is the ideal location
for cleaning up previously used resources.
Application_Error
Fired when an unhandled exception is encountered within the
application.
Application_Start
Fired when the first instance of the HttpApplication class is created.It
allows you to create objects that are accessible by all HttpApplication
instances.
Application_End
Fired when the last instance of an HttpApplication class is destroyed. It
is fired only once during an application's lifetime.
Application_BeginRequest
Fired when an application request is received. It is the first event fired
for a request, which is often a page request (URL) that a user enters
Application_EndRequest
The last event fired for an application request.
Application_PreRequestHandlerExecute
Fired before the ASP.NET page framework begins executing an event
handler like a page or Web service.
Application_PostRequestHandlerExecute
Fired when the ASP.NET page framework has finished executing an
event handler
Applcation_PreSendRequestHeaders
Fired before the ASP.NET page framework sends HTTP headers to a
requesting client (browser)
Application_PreSendContent
Fired before the ASP.NET page framework send content to a requesting
client (browser).
Application_AcquireRequestState
Fired when the ASP.NET page framework gets the current state
(Session state) related to the current request.
Application_ReleaseRequestState
Fired when the ASP.NET page framework completes execution of all
event handlers. This results in all state modules to save their current
state data
Application_ResolveRequestCache
Fired when the ASP.NET page framework completes an authorization
request. It allows caching modules to serve the request from the cache,
thus bypassing handler execution.
Application_UpdateRequestCache
Fired when the ASP.NET page framework completes handler execution
to allow caching modules to store responses to be used to handle
subsequent requests
Application_AuthenticateRequest
Fired when the security module has established the current user's
identity as valid. At this point, the user's credentials have been validated
Application_AuthorizeRequest
Fired when the security module has verified that a user can access
resources
Session_Start
Fired when a new user visits the application Web site
Session_End
Fired when a user's session times out, ends, or they leave the application
Web site
Find :
DataView method:
Dataset
DataSet object can contain multiple rowsets from the same data source
as well as from the relationships between them
Datareader
A master page is a template for other pages, with shared layout and
functionality. The master page defines placeholders for content pages.
On the other hand the content pages contains the content you want to
display.
Not only strings are immutable reference types. Multi-cast delegates too.
That is why it is safe to write
I suppose that strings are immutable because this is the most safe
method to work with them and allocate memory.