book

Programming ASP.NET, 3rd Edition

by Jesse Liberty, Dan Hurwitz

October 2005

Intermediate to advanced

956 pages

27h 19m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Programming ASP.NET, 3rd Edition
Dedication
A Note Regarding Supplemental Files
Preface
About This Book
How This Book Is Organized
Who This Book Is For
Conventions Used in This Book
Support: A Note from Jesse Liberty
Using Code Examples

We’d Like to Hear from You
Safari Enabled
Acknowledgments
From Jesse LibertyFrom Dan Hurwitz
1. ASP.NET 2.0
1.1. .NET Framework 2.0
1.2. ASP.NET 2.0
1.3. New Features
1.3.1. Special Folders Make Integration Easier1.3.2. Security1.3.3. Personalization1.3.4. Master Pages1.3.5. Navigation1.3.6. Web Sites Without IIS1.3.7. Improved Controls1.3.8. New Controls1.3.9. Visual Studio 2005 (VS2005)1.3.10. Mobile Devices
1.4. On to VS2005
2. Visual Studio 2005
2.1. Start Page
2.1.1. File System2.1.2. HTTP2.1.3. FTP2.1.4. Creating Your First Web Page
2.2. Projects and Solutions
2.2.1. Solutions2.2.2. Projects and Files2.2.3. Templates2.2.4. Project Names
2.3. The Integrated Development Environment (IDE)
2.3.1. Layout2.3.2. Building and Running2.3.3. Menus and Toolbars2.3.4. File Menu2.3.4.1. New2.3.4.2. Open2.3.4.3. Add2.3.4.4. Advanced Save Options...2.3.4.5. Source Control2.3.5. Edit Menu2.3.5.1. Cycle Clipboard Ring (Ctrl-Shift-V)2.3.5.2. Finding and replacing2.3.5.3. Go To...2.3.5.4. Insert File As Text...2.3.5.5. Advanced2.3.5.6. Incremental search (Ctrl-I)2.3.5.7. Bookmarks2.3.5.8. Outlining2.3.5.9. IntelliSense2.3.6. View Menu2.3.6.1. Solution Explorer (Ctrl-Alt-L)2.3.6.2. Server Explorer (Ctrl-Alt-S)2.3.6.3. Properties Windows (F4)2.3.6.4. Visible Borders (Ctrl-Q)2.3.6.5. Details (Ctrl- Shift-Q)2.3.6.6. Non Visual Controls (Ctrl- Shift-N)2.3.6.7. Object Browser (Ctrl-Alt-J)2.3.6.8. Document Outline (Ctrl- Alt-T)2.3.6.9. Error List (Ctrl-W, Ctrl-E)2.3.6.10. Task List (Ctrl-W, Ctrl-T)2.3.6.11. Toolbox (Ctrl-Alt-X)2.3.6.12. Command window (Ctrl-Alt-A)2.3.6.13. Other windows2.3.7. Refactor Menu2.3.8. Website Menu2.3.8.1. Start Options2.3.8.2. Copy Web Site2.3.8.3. ASP.NET Configuration2.3.9. Project Menu2.3.9.1. Add New Item... (Ctrl-Shift-A)2.3.9.2. Add Existing Item... (Shift-Alt-A)2.3.9.3. Add New Solution Folder2.3.9.4. Set StartUp Projects...2.3.9.5. Project Dependencies... / Project Build Order...2.3.10. Build Menu2.3.11. Debug Menu2.3.12. Data Menu2.3.13. Format Menu2.3.14. Tools Menu2.3.14.1. Connect to Device...2.3.14.2. Connect to Database...2.3.14.3. Code Snippets Manager (Ctrl-K, Ctrl-B)2.3.14.4. Choose Toolbox Items...2.3.14.5. Macros2.3.14.6. External Tools...2.3.14.7. Import and Export Settings...2.3.14.8. Customize...2.3.14.9. Options...2.3.15. Window Menu2.3.16. Help Menu2.3.16.1. Dynamic Help (Ctrl-Alt-F4)2.3.16.2. Contents... (Ctrl-Alt-F1) / Index... (Ctrl-Alt-F2) / Search... (Ctrl-Alt-F3)2.3.16.3. Index Results... (Shift-Alt-F2)2.3.16.4. Check for Updates
3. Controls: Fundamental Concepts
3.1. Events
3.1.1. ASP.NET Events3.1.2. Event Arguments3.1.3. Application and Session Events3.1.4. Page and Control Events3.1.5. Postback Versus Non-Postback Events3.1.6. IsPostBack3.1.7. Events in Visual Studio 20053.1.8. Multiple Controls to One Event Handler
3.2. ASP.NET Server Controls
3.2.1. ASP.NET and Browsers3.2.2. ASP.NET Server Control Class Hierarchy3.2.3. CSS Styles
3.3. HTML Server Controls
3.4. Client-Side Processing
4. Basic Controls
4.1. The Basics
4.2. Label Control
4.3. TextBox Control
4.4. HiddenField Control
4.5. Button Controls
4.6. HyperLink Control
4.7. Selecting Values
4.7.1. CheckBox Control4.7.2. RadioButton Control
4.8. Selecting from a List
4.8.1. ListItem Object4.8.2. CheckBoxList Control4.8.2.1. Adding items declaratively4.8.2.2. Adding items programmatically from an array4.8.2.3. Adding items from a data source4.8.2.4. Responding to user selections4.8.3. RadioButtonList Control4.8.4. DropDownList Control4.8.5. ListBox Control4.8.6. BulletedList Control
4.9. Tables
4.9.1. Table Rows4.9.2. Table Cells4.9.3. Cell Width
4.10. Panel Control
4.11. Images
4.11.1. Image Control4.11.2. ImageMap Control
5. Advanced Controls
5.1. MultiView and View Controls
5.2. Wizard Control
5.3. FileUpload Control
5.4. AdRotator Control
5.4.1. Advertisement File5.4.2. Using AdRotator
5.5. Calendar
5.5.1. Selecting Dates in the Calendar5.5.2. Controlling the Calendar’s Appearance5.5.3. Programming the Calendar Control5.5.3.1. SelectionChanged Event5.5.3.2. DayRender Event5.5.3.3. VisibleMonthChanged event
6. Web Site Fundamentals
6.1. The Page
6.2. Code-Behind
6.3. Moving to Another Page
6.3.1. HyperLink6.3.2. Server.Transfer6.3.3. Response.Redirect6.3.4. Cross-Page Posting6.3.4.1. Retrieving data from the previous page6.3.4.2. How did I get here?
6.4. State
6.4.1. Session State6.4.1.1. Session state configuration6.4.1.2. Session scoped application objects6.4.2. View State6.4.3. State Bag6.4.4. Application State
6.5. Lifecycle
6.6. Directives
6.6.1. Application Directive6.6.2. Assembly Directive6.6.3. Control Directive6.6.4. Implements Directive6.6.5. Import Directive6.6.6. Master Directive6.6.7. MasterType Directive6.6.8. OutputCache Directive6.6.9. Page Directive6.6.10. Reference Directive6.6.11. Register Directive
7. Tracing, Debugging, and Error Handling
7.1. Creating the Sample Application
7.2. Tracing
7.2.1. Page-Level Tracing7.2.2. Inserting into the Trace Log7.2.3. Application-Level Tracing7.2.4. Trace Viewer
7.3. Debugging
7.3.1. The Debug Toolbar7.3.2. Breakpoints7.3.2.1. Setting a breakpoint7.3.2.2. Breakpoint window7.3.2.3. Breakpoint properties7.3.2.3.1. Location7.3.2.3.2. Condition7.3.2.3.3. Hit count7.3.2.3.4. Filter7.3.2.3.5. When Hit...7.3.2.4. Breakpoint icons7.3.3. Stepping Through Code7.3.4. Examining Variables and Objects7.3.5. Debug Windows7.3.5.1. Immediate window7.3.5.2. Autos window7.3.5.3. Locals window7.3.5.4. Watch window7.3.5.5. Call Stack window7.3.5.6. Threads window7.3.5.7. Modules window7.3.5.8. Disassembly window7.3.5.9. Registers window7.3.5.10. Memory windows
7.4. Error Handling
7.4.1. Unhandled Errors7.4.2. Application-Wide Error Pages7.4.3. Page-Specific Error Pages
8. Validation
8.1. The RequiredFieldValidator
8.2. The Summary Control
8.3. The Compare Validator
8.3.1. Checking the Input Type8.3.2. Comparing to Another Control
8.4. Range Checking
8.5. Regular Expressions
8.6. Custom Validation
8.7. Validation Groups
9. Web Data Access
9.1. Getting Data from a Database
9.2. Data Source Controls
9.3. GridView Control
9.3.1. Adding Insert, Update, and Delete Statements
9.4. Multiuser Updates
9.4.1. Optimistic Concurrency9.4.2. Displaying and Updating the Grid9.4.3. Take It for a Spin9.4.4. Tracking the Update with Events9.4.5. Modifying the Grid Based on Events9.4.6. Passing Parameters to the Select Query
9.5. DataList Control
9.5.1. Editing Items in List Controls9.5.2. Deleting Items from a List Control
9.6. Repeater Control
9.7. DetailsView Control: Examining One Record at a Time
9.8. FormView Control: Examining Single Records as Master/Detail
9.8.1. Editing with FormView9.8.2. Inserting New Records9.8.3. DetailsView and FormView Events
10. ADO.NET
10.1. The ADO.NET Object Model
10.1.1. The DataSet Class10.1.1.1. The DataTable class10.1.1.2. The DataRow class10.1.2. DbCommand and DbConnection10.1.3. The DataAdapter Object10.1.4. The Data Reader Object
10.2. Getting Started with ADO.NET
10.2.1. Using a DataReader10.2.2. Creating Data Relations Within DataSets
10.3. Creating Data Objects by Hand
10.3.1. Bug Database Design10.3.2. Creating the DataTable by Hand10.3.2.1. Setting column properties10.3.2.2. Setting constraints10.3.2.3. Adding data to the table10.3.2.4. Adding additional tables to the DataSet10.3.2.5. Adding rows with an array of objects10.3.3. Creating Primary Keys10.3.4. Creating Foreign Keys10.3.5. Creating Data Relations
10.4. Stored Procedures
10.4.1. Creating a Simple Stored Procedure10.4.2. Stored Procedures with Parameters
10.5. Updating with SQL and ADO.NET
10.6. Updating Data with Transactions
10.6.1. The ACID Test10.6.2. Implementing Transactions10.6.2.1. Data Base transactions10.6.2.2. Connection transactions
10.7. Binding to Business Objects
11. Forms-Based Security
11.1. Authentication
11.1.1. Anonymous Access11.1.2. Windows Authentication11.1.2.1. Basic authentication11.1.2.2. Digest authentication11.1.2.3. Integrated Windows authentication11.1.2.4. Role-based security11.1.3. Passport Authentication11.1.4. Forms Authentication
11.2. Forms-Based Authentication in Detail
11.2.1. Create the Application11.2.1.1. Creating accounts11.2.1.2. Creating the welcome page11.2.1.3. Creating the Login page11.2.2. Adding a Password Reminder
11.3. Add Roles to ASP.NET Accounts
11.3.1. Using the Web Administrator Tool to Set Up Roles11.3.2. Restricting Access to Pages Based on Roles
12. Master Pages and Navigation
12.1. Master Pages
12.1.1. Adding Content Pages12.1.2. Using Nested Master Pages12.1.3. Dynamically Editing the Master
12.2. Navigation
12.2.1. Getting Started with Site Navigation12.2.2. Setting Up the Pages12.2.3. Customizing the Look and Feel12.2.4. Populating on Demand12.2.5. Using a Menu for Navigation12.2.6. Enumerate Site Map Nodes Programatically
12.3. Filtering Based on Security
12.3.1. Enable Membership12.3.2. Adding Roles12.3.3. Add a Login Page12.3.4. Create Access Rules12.3.5. Creating a Permission-Driven Site Map
13. Personalization
13.1. Creating Personalized Web Sites
13.1.1. Recording Personalization Information13.1.2. Setting Up Profile Handling13.1.3. Exploring the Profile Tables
13.2. Personalizing with Complex Types
13.3. Anonymous Personalization
13.4. Themes and Skins
13.4.1. Create the Test Site13.4.2. Organize Site Themes and Skins13.4.3. Enable Themes and Skins13.4.4. Specify Themes for Your Page13.4.5. Setting Stylesheet Themes13.4.6. Setting Customization Themes13.4.7. Using Named Skins
13.5. Web Parts
13.5.1. Web Parts Architecture13.5.2. Creating Zones13.5.3. Adding Controls to Zones13.5.4. Minimizing and Restoring
13.6. Enabling Editing and Layout Changes
13.6.1. Creating a User Control to Enable Changing Page Layout13.6.1.1. Moving a Part13.6.1.2. Editing a Part13.6.2. Adding Parts from a Catalog
14. Custom and User Controls
14.1. User Controls
14.1.1. User Controls with Code14.1.2. @Control Directive14.1.3. Properties14.1.3.1. Creating a property14.1.3.2. Providing an underlying value for the property14.1.3.3. Integrating the property into your code14.1.3.4. Setting the property from the client14.1.4. Handling Events
14.2. Custom Controls
14.2.1. Properties14.2.2. The Render Method14.2.3. Updating the Control14.2.4. Maintaining State14.2.5. Creating Derived Controls14.2.6. Creating Composite Controls14.2.6.1. Modifying the CountedButton derived control14.2.6.2. Creating the BookCounter composite control14.2.6.2.1. INamingContainer14.2.6.2.2. Containing CountedButton214.2.6.3. Creating the BookInquiryList composite control14.2.6.3.1. ControlBuilder and ParseChildren attributes14.2.6.3.2. Render14.2.6.3.3. Rendering the output14.2.6.3.4. Rendering the summary
15. Creating Web Services
15.1. How Web Services Work
15.1.1. Developing a Web Service15.1.2. The Proxy15.1.3. Creating the Consumer
15.2. Protocols and Standards
15.2.1. HTTP15.2.1.1. HTTP-GET15.2.1.2. HTTP-POST15.2.2. XML15.2.3. SOAP15.2.4. Web Services Enhancements (WSE)
15.3. Creating a Simple Web Service
15.3.1. In-Line with a Text Editor15.3.2. Code-Behind with Visual Studio 2005
15.4. WebService Directive
15.5. Deriving from the WebService Class
15.6. Application State via HttpContext
15.7. WebServiceBinding Attribute
15.8. WebMethod Attribute
15.8.1. The BufferResponse Property15.8.2. CacheDuration Property15.8.3. Description Property15.8.4. EnableSession Property15.8.5. MessageName Property15.8.6. TransactionOption Property
15.9. WebService Attribute
15.9.1. Description Property15.9.2. Name Property15.9.3. Namespace Property
15.10. Data Types
15.10.1. Arrays15.10.2. Classes and Structs15.10.3. DataSets
15.11. StockTickerComplete
15.12. Creating Discovery Documents
15.12.1. Discovery via Query String15.12.2. Static Discovery Files
15.13. Deployment
15.13.1. Pre-Compiled Assemblies15.13.2. Dynamically Compiled Assemblies
16. Consuming Web Services
16.1. Discovery
16.2. Creating the Client with VS2005
16.3. Creating the Client Manually
16.3.1. Creating the Consumer Web Page Content16.3.2. Creating the Proxy16.3.2.1. Manually generating the proxy class source code16.3.2.2. Proxy class details16.3.3. Compiling the Proxy Class16.3.3.1. Automatic compilation in the App_Code folder16.3.3.2. Manual compilation16.3.4. Finishing the Consumer App
16.4. Using Asynchronous Method Calls
17. Caching and Performance
17.1. Types of Caching
17.1.1. Class Caching17.1.2. Configuration Caching17.1.3. Data Caching17.1.4. Output Caching17.1.5. Object Caching
17.2. Data Caching
17.2.1. DataSourceControl Caching17.2.2. SQL Cache Dependency17.2.2.1. Polling-based cache invalidation17.2.2.2. Notification-based cache invalidation
17.3. Output Caching
17.3.1. The OutputCache Directive17.3.1.1. Duration17.3.1.2. VaryByParam17.3.1.3. CacheProfile17.3.1.4. DiskCacheable17.3.1.5. Location17.3.1.6. SqlDependency17.3.1.7. VaryByControl17.3.1.8. VaryByCustom17.3.1.9. VaryByHeader17.3.2. Fragment Caching: Caching Part of a Page
17.4. Object Caching
17.4.1. Cache Class Functionality17.4.2. Dependencies17.4.2.1. File change dependency17.4.2.2. Cached item dependency17.4.2.3. Time dependency17.4.3. Scavenging17.4.4. Callback Support
17.5. The HttpCachePolicy Class
17.6. Performance
17.6.1. ASP.NET-Specific Issues17.6.1.1. Session state17.6.1.2. View state17.6.1.3. Caching17.6.1.4. Server controls17.6.1.5. Web gardening and web farming17.6.1.6. Round trips17.6.2. General .NET Issues17.6.2.1. String concatenation17.6.2.2. Minimize exceptions17.6.2.3. Use early binding17.6.2.4. Use managed code17.6.2.5. Disable debug mode17.6.3. Database Issues17.6.3.1. Stored procedures17.6.3.2. Use DataReader class17.6.3.3. Use SQL or Oracle classes rather than OleDB classes
17.7. Benchmarking and Profiling
18. Application Logic and Configuration
18.1. Internet Information Server (IIS)
18.1.1. IIS Versions18.1.2. Virtual Directories
18.2. Understanding Web Applications
18.3. Application-Wide Logic
18.3.1. HttpApplication Object18.3.2. global.asax18.3.2.1. Directives18.3.2.2. Script blocks18.3.2.3. Events18.3.2.4. Server-side includes18.3.2.5. Object declarations18.3.3. Global Members
18.4. Configuring the Application
18.4.1. Hierarchical Configuration18.4.2. Format18.4.2.1. Configuration section handler declarations18.4.2.2. Configuration sections18.4.3. Configuration Settings UI18.4.3.1. General18.4.3.2. Custom errors18.4.3.3. Authorization18.4.3.4. Authentication18.4.3.5. Application18.4.3.6. State Management18.4.3.7. Locations18.4.4. Web Site Administration Tool18.4.4.1. Security18.4.4.2. Application18.4.4.3. Provider18.4.5. Other Configuration Settings18.4.5.1. system.net18.4.5.2. system.web18.4.6. Custom Configuration Sections18.4.6.1. Name/value pairs18.4.6.2. Objects
19. Deployment
19.1. Assemblies
19.1.1. Microsoft Intermediate Language (MSIL)19.1.2. ILDASM19.1.3. Manifests19.1.4. Versioning19.1.5. Private Versus Shared Assemblies19.1.6. Strong Names19.1.6.1. Creating a strong name19.1.6.2. Delayed signing
19.2. Local Deployment
19.2.1. Full Runtime Compilation19.2.2. Manual Compilation of Assemblies19.2.3. Full Pre-Compilation19.2.4. Pre-Compilation of Code Only
19.3. Global Deployment
19.4. Windows Installer
19.4.1. Build Configurations19.4.2. Adding a Setup Project with the Setup Wizard19.4.3. Adding a Setup Project Manually19.4.4. Further Customizations19.4.4.1. File System19.4.4.2. Registry19.4.4.3. File Types19.4.4.4. User Interface19.4.4.5. Custom Actions19.4.4.6. Launch Conditions19.4.5. Deploying the Web Site
A. Keyboard Shortcuts
B. Relational Database Technology: A Crash Course
B.1. Tables, Records, and Columns
B.2. Table Design
B.2.1. NormalizationB.2.2. Declarative Referential Integrity
B.3. SQL
B.3.1. Joining TablesB.3.2. Using SQL to Manipulate the Database
About the Authors
Colophon
Copyright

Content preview from Programming ASP.NET, 3rd Edition

Chapter 11. Forms-Based Security

Back in the primitive days of personal computing, when each user’s computer stood alone and isolated, security was not such a big deal. Until computers became networked and viruses were let loose as a scourge on the Internet, security for most PCs meant screen-saver passwords and a lock on the office door.

All that has changed. Today’s computers are interconnected in myriad ways, on local networks and over the Internet. The pipes of data that connect your machine to the rest of the world are tremendously beneficial, but at the same time potentially harmful, opening your machine to outsiders. Some of those outsiders are malicious or just plain unwelcome. In any case, it is the job of security to let the good stuff in and keep the bad stuff out.

As part of the .NET Framework, ASP.NET 2.0 has a robust security infrastructure. ASP.NET is designed to work with Microsoft Internet Information Server (IIS), Windows 2000/XP/2003, and the NTFS filesystem . Consequently, there is tight integration with the security provided inherently in those environments. If you are on an intranet and are certain that all your clients will be using Windows and Internet Explorer , there are features you can use to make your job as software developer easier. Alternatively, you can implement your security system independent of Windows and NTFS using the new forms-based security controls.

The fundamental role of security in ASP.NET is to restrict access to portions of a web site. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 059600916XErrata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Programming ASP.NET, 3rd Edition

by Jesse Liberty, Dan Hurwitz

Chapter 11. Forms-Based Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Programming ASP.NET Core, First edition

Programming ASP.NET, Second Edition

Software Architecture with C# 10 and .NET 6 – Third Edition - Third Edition

High-Performance Programming in C# and .NET

Publisher Resources