asp.net programming - student workbook

8/8/2019 ASP.net Programming - Student Workbook

1/96

ASP.NET ProgrammingCustom Workshop

Student Workbook


2/96

2

Microsoft | Services


3/96

3


TABLE OF CONTENT

SLIDE 1: WORKSHOP AGENDA ................................................ 4

SLIDE 169 - MODULE 1: INTRODUCTION TO ASP.NET .............. 8

SLIDE 176 - MODULE 2: WEB PAGES, MASTER PAGES AND

NAVIGATION ........................................................................ 11

SLIDE 219 MODULE 3: SERVER CONTROLS .......................... 33

SLIDE 233 MODULE 4: ADO.NET ......................................... 41

SLIDE 256 MODULE 5: LINQ ................................................ 53

SLIDE 265 MODULE 6: ASP.NET AJAX ................................. 58

SLIDE 277 MODULE 7: ADDITIONAL TOPICS ....................... 65


4/96

4


Slide 1: Workshop Agenda

ASP.NET programming

Custom Workshop

Slide 2

Introduction

Meet your trainer

About You:Name

Title/Function/Area of Responsibility

Programming Experience

.NET Framework Experience

Expectations for this Course

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


5/96


6/96

6


Slide 5

Course Outline

Introduction to ASP.NET

Web Pages, Master Pages and Navigation

Server Controls

ADO.NET

LINQ

AJAX

Additional Topics (e.g. State management, Caching,Security, Performance Best Practices)

Slide 6

Setup

Software

Course Files

Classroom Setup

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


7/96

7


Slide 7

Questions?


8/96

8


Slide 169 - Module 1: Introduction to ASP.NET

Module 1:Introduction to

ASP.NET

Slide 170

Overview

ASP.NET high level overview

ASP.NET Execution model

Features

Build a web site

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


9/96

9


Slide 171

ASP.NET

Base Class Library

Common Language Specification

Common Language Runtime

ADO.NET: Data and XML

Visual Studio

ASP.NETWindows

Forms

Visual Basic

C++ C# JScript

Slide 172

Execution Model

Visual BasicSource code

Compiler

C++C#

Compiler Compiler

AssemblyIL Code

AssemblyIL Code

AssemblyIL Code

Operating System Services

Common Language Runtime

JIT Compiler

Native Code

Managedcode

UnmanagedComponent

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


10/96

10


Slide 173

ASP .NET Request Processing

. N E T

C o

d e

Application

Host (IIS)

ASP.NETPage

ASP.NET Runtime

ASP.NETService

HTTPHandler

HTTP Module

Global.asax

HTTP Module

HttpContext

N a

t i v e

C o

d e

Module Per Request Events:

BeginRequestAuthenticateRequestAuthorizeRequestResolveRequestCacheAcquireRequestStatePreRequestHandlerExecutePostRequestHandlerExecuteReleaseRequestStateUpdateRequestCacheEndRequest

Slide 174

Some examples of ASP.NET Features

Simplified programming model

Simplified deployment

Better performance

Caching

Security

Powerful controlsSimplified browser support

Simplified configuration

Code behind pages

More powerful data access

Web services

Better session management

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


11/96

11


Slide 175

Lab: Building web site

Exercise 2: Creating a simple web site

Slide 176 - Module 2: Web Pages, Master Pages and Navigation

Module 2:

Web Pages, MasterPages and Navigation

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


12/96

12


Slide 177

Overview

ASP.NET PagesMaster Pages

Navigation

Slide 178

ASP.NET Pages

Introduction

Web Forms

Run Time Compilation

Page class

Page events

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


13/96

13


Slide 179

Introduction

ASPX files

Inherits from Page class

Partial class (generated by you and ASP.NET whilecompiling)

Contains Directives

Located anywhere in the page

@Assembly, @Control, @Import, @Implements, @Page,etc.

Single form model

Slide 180

Web Forms

Combines declarative tagsHTML, XML, WML, ASP directives, server controlsand static text with code

Clean separation between code and tags

Form1.aspx

code

Form1.aspx

code

Form1.cs

single file separate files

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


14/96

14


Slide 181

Web Forms (continue)

The parsed file is representedas a tree of controlsThe Page is the root of the treeWeb form is declared by the runat =serverattribute

Ensures that the form is executed at the server

Static text (eg HTML withoutrunat =server ) isrepresented as a LiteralControl in the hierarchy

Slide 182

Runtime Compilation

ASPX

File

Request

ASPX

EngineParse

GendPage

Class

Generate

Response

Request

Instantiate

Response

Code-behindclass

Page

DLLInstantiate, Process

and Render

Compile

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


15/96

15


Slide 183

Page class

Intrinsic Objects

Application, Cache, Request, Response, Server,Session, etc.

Worker properties

ClientScript, Controls, ErrorPage, Form, Master,IsPostBack, MasterPageFile, PreviousPage, etc.

Context properties

Title, ClientQueryString, ClientTarget, etc.

Metods

DataBind, RenderControl, FindControl, LoadTemplateetc.

Slide 184

Page Events

AbortTransaction - Occurs for ASP.NET pages marked to participate in an automatic transaction w hen atransaction aborts.

CommitTransaction - Occurs for ASP.NET pages marked to participate in an automatic transaction w hen atransaction commits.

DataBinding - Occurs when the DataBind method is called on the page to bind all the child controls to their respective data sources.

Disposed - Occurs when the page is released from memory, which is the last stage of the page life cycle.

Error - Occurs when an unhandled exception is thrown.

Init - Occurs when the page is initialized, which is the first step in the page life cycle.

InitComplete - Occurs when all child controls and the page have been initialized. Not availabl e in ASP.NET 1.x.

Load - Occurs when the page loads up, after being initialized.LoadComplete - Occurs when the loading of the page is completed and server events have been raised. Notavailable in ASP.NET 1.x.

PreInit - Occurs just before the initialization phase of the page begins. Not available in ASP.NET 1.x.

PreLoad - Occurs just before the loading phase of the page begins. Not available in ASP.NET 1.x.

PreRender - Occurs when the page is about to render.

PreRenderComplet e- Occurs just before the pre-rendering phase begins. Not available in ASP.NET 1.x.

SaveStateComplete - Occurs when the view state of the page has been saved to the persistence medium. Notavailable in ASP.NET 1.x.

Unload - Occurs when the page is unloaded from memory but not yet disposed.

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


16/96

16


Slide 185

Master Pages

Introduction & Basics

Defining a Master Page

Applying a Master Page to the page and site

Default Content

Page.Master

Tips & Tricks

Slide 186

Introduction

Master Page

Content Page

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


17/96

17


Slide 187

Master Page Basics

Masters define common content and placeholders()

Content pages reference masters and fill placeholderswith content ()

Site.master default.aspx http://.../default.aspx

Slide 188

Defining a Master Page

ACME Inc.

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


18/96

18


Slide 189

Applying a Master Page

This content f i l ls the place holder "Main" defined in the master page

Slide 190

Applying a Master Page to a Site

< / sys t em.web>

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


19/96

19


Slide 191

Default Content

ContentPlaceHolder controls can define content of their own ("default content")

Default content is displayed ONLY if not overriddenby content page

...

Thi s i s de fau l t con ten t t ha t w i l l appea r i n the absence o f ama tch ing Con ten t con t ro l i n a con ten t page

Slide 192

The Page.Master Property

Retrieves reference to master page

Instance of class derived fromSystem.Web.UI.MasterPage

Null if page doesn't have a master

Used to programmatically access content defined inthe master page

Use FindControl for weak typing

Use public property in master page for strong typing(preferred)

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


20/96

20


Slide 193

Tips & Tricks

Title of a page

Nested master pages

Exposing Master Properties

You can change a master page dynamically

PreInit event

this.MasterPageFile

Slide 194

Lab: Master Pages

Exercise 3: Creating and Using Master Pages

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


21/96

21


Slide 195

Site Navigation

Introduction

Schema

TreeView

SiteMapDataSource

SiteMapPath

Site Map Providers & API

Slide 196

Site Navigation

Navigation UIs are tedious to implement

Especially if they rely on client-side script

New controls simplify site navigation

TreeView and Menu - Navigation UI

SiteMapDataSource - XML site maps

SiteMapPath - "Bread crumb" controls

Public site map API provides foundation

Provider-based for flexibility

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


22/96

22


Slide 197

Site Navigation Schema

Provider Layer

Server Controls SiteMapDataSourceTreeView SiteMapPath

Site NavigationAPI

SiteMapNode SiteMapNode SiteMapNode SiteMap class

XmlSiteMapProvider (SiteMapProvider)

RelationalStoreweb.sitemap User Defined

Menu

Slide 198

TreeView Controls

Render hierarchical data as trees

Expandable and collapsible branches

Nodes are navigable, selectable, or static and caninclude check boxes

Content defined by TreeNode objectsTreeNodes can be added declaratively,programmatically, or through data binding

TreeNodes can also be demand-loaded

Highly customizable UI

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


23/96

23


Slide 199

Declaring a TreeView


24/96

24


Slide 201

SiteMapDataSource

Data source control representing site mapsSite map = List of pages and URLs

Nodes can include descriptive text

Permits TreeViews and Menus to be populated withlinks through data binding

Supports "security trimming"

Specified nodes visible only to specified roles

Provider-based for flexible data storage

Slide 202

XML Site Map

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


25/96

25


Slide 203

TreeViews and Site Maps

Web.sitemap

Slide 204

Changing the File Name

< /p rov ide r s>

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


26/96

26


Slide 205

Attributes

Name Description

description Description of node

roles Role or roles for which this node is visible*

title Title of this node

url URL of this node

*Multiple roles can be specified using comma- or semicolon-delimited lists

Slide 206

Security Trimming

Visible only to Managersand CEOs

Visible to everyone

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


27/96

27


Slide 207

Enabling Security Trimming

Slide 208

SiteMapDataSource Properties

Name Description

SiteMapProvider Name of provider used to obtain site map data

StartingNodeOffset Starting node identified by level (d efault = 0)

StartingNodeUrl Starting node identified by URL

S ta rt Fr om Cu rr en tN od e S pe ci fi es w he th er s ta rt in g n od e s ho ul d b e t he r oo t n od e(false) or the current node (true). Default = false

Provider Provider used to obtain site map data

ShowStartingNode Specifies whether to show the root node

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


28/96

28


Slide 209

Hiding the Root Site Map Node

Web.sitemap

Slide 210

SiteMapPath Controls

"Bread crumbs" showing path to page

By default, renders current node as static text

By default, renders parent nodes as hyperlinks

Highly customizable UI

Nodes can be stylized and templatized

Separators can be stylized and templatized

Integrates with site map providers to acquire path info

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


29/96

29


Slide 211

Using SiteMapPath

Slide 212

Key SiteMapPath Properties

Name Description

CurrentNodeStyle Style used to render the current node

CurrentNo deTemplate HTML temp late used to ren der the current node

NodeStyle

NodeStyleTemplate

PathSeparatorStyle Style used to render node separators

PathSeparatorTemplate

Style used to render non-current nodes

HTML template used to render non-current nodes

HTML template used to render node separators

PathSeparator Text used for node separators (default = ">")

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


30/96

30


Slide 213

Stylizing SiteMapPath

< / I t emTempla te>

Slide 214

Site Map Providers

Site maps are provider-based

Provider interprets site map data and provides it toSiteMapDataSource controls

Provider also tracks current position and provides it to

SiteMapPath controlsASP.NET 2.0 ships with one provider

XmlSiteMapProvider

Use custom providers for other data stores

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


31/96

31


Slide 215

Site Map API

System.Web.SiteMap represents site mapsRootNode property identifies root node

CurrentNode property identifies current node

SiteMapNode represents nodes

Interrogate properties of node

Walk up, down, and sideways in the hierarchy

The magic underlying SiteMapPath controls

Great for customizing SiteMapPaths

Slide 216

Using the Site Map API

/ / Wr i t e t he t i t l e o f t he cu r ren t node to a Labe l con t ro lLabe l1 .Tex t = S i t eMap .Cur ren tNode .Ti t le ;

// Write the path to the current node to a Label controlSi t eMapNode node = S i t eMap .Cur ren tNode ;S t r ingBui lde r bu i lde r = new S t r ingBui lde r (node .Ti t l e ) ;

while (node.ParentNode != null) {node = node .Pa ren tNode ;bu i lde r. Inse r t (0 , " > " ) ;bu i lde r. Inse r t (0 , node .Ti t l e ) ;

}

Labe l1 .Tex t = bu i lde r.ToS t r ing ( ) ;

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


32/96

32


Slide 217

SiteMap.ResolveSiteMap

Fired by SiteMapPath controlsUsed to perform on-the-fly customization of pathsdisplayed by SiteMapPath controls

Add nodes to site map for pages that don't appear in thesite map

Change the properties of the current node

Register handler in Application_Start

Slide 218

Lab: Navigation

Exercise 4: Adding Site Navigation to a WebSite

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


33/96

33


Slide 219 Module 3: Server Controls

Module 3:Server Controls

Slide 220

Overview

ASP.NET Controls overview

HTML Controls

Web Controls

Validation controls

User Controls

_____________________________________________________________________________________

_____________________________________________________________________________________ _____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


34/96

34



35/96

35


Slide 221

ASP.NET Controls - Introduction

Descend from System.Web.UI.Control class

The class defines minimum set of functionalities, suchas:

Properties: Controls, ID, Page, Parent, Visible, etc.

Methods: DataBind, Dispose, Focus, FindControl,RenderControl, etc.

Events: DataBinding, Disposed, Init, Load, PreRender,Unload

Control State

Slide 222

HTML Controls

All controls derived fromSystem.Web.UI.HtmlControls.HtmlControl

Map directly to HTML elements supported by mostbrowsers

Can run on client or server usingrunat=server

Controls are lightweight and fast to load

Support databinding

void Page_Load(object sender, EventArgs e) {

lastName.Value = Esposito;

}

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


36/96

36


Slide 223

HTML Controls - examples

HtmlInputControlHtmlInputButtonBoxHtmlInputFile

HtmlInputImage

HtmlInputHidden

HtmlInputRadioButton

HtmlContainerControlHtmlAnchor

HtmlForm

HtmlSelect

HtmlButton

HtmlTable

Slide 224

Example: Uploading a file

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


37/96

37


Slide 225

Web Controls

Defined in System.Web.UI.WebControls

WebControl is the base class

Use runat=server

More abstract in API design and richer in functionalitythan HTML controls

On ASPX page, they use ASP namespace prefix

Almost the same markup as HTML controls

Slide 226

Web Controls: examples

Button

CheckBox

FileUpload

HiddenField

HyperLinkImage

Panel

TextBox

Table

Calendar

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


38/96

38


Slide 227

Validation controls

All vaidators on a page are grouped in the ValidatorscollectionPage.Validate() and control.Validate()

Types of validators:

CompareValidator

CustomValidator

RangeValidator

RegularExpressionValidator

RequiredFieldValidator

Slide 228

Validators (cont.)

BaseValidator class

Properties: ControlToValidate, ErrorMessage, ForeColor,ValidationGroup

Examples:

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


39/96

39


Slide 229

Validators: Examples (cont.)

Slide 230

User Controls

Derives from System.Web.UI.UserControl class

Web form saved to a distinct file with ASCX extention

Easy to implement and reuse

Build visually in Visual Studio

Support @OutputCache to take advantage of outputcaching:

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


40/96

40


Slide 231

An example

Message.ascx

Message.ascx.cspublic partial class Message : System.Web.UI.UserControl {

public string ForeColor;public string Text;

}

ASPX file

Slide 232

Lab: Validation

Exercise 5: Validate user input

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


41/96

41


Slide 233 Module 4: ADO.NET

Module 4:ADO.NET

Slide 234

Overview

Introduction

Data Providers

Data Containers

Data Controls

_____________________________________________________________________________________

_____________________________________________________________________________________ _____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


42/96

42



43/96

43


Slide 235

ADO.NET Data Providers

Principal components

Main features

Type of providers

Main classes:

SqlConnection

SqlCommand

SqlDataReader

Connection String

Slide 236

Principal components

Connection

Transaction

Command

Parameter

DataAdapter CommandBuilder

DataReader

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


44/96

44


Slide 237

Main features

Disconnected data

Connected data access

Slide 238

Types of providers

Types of providers

Managed ProvidersSystem.Data.SqlClientMicrosoft.SqlServerCe.Client

OLE DB Providers

ODBC drivers (System.Data.Odbc)

Oracle (System.Data.OracleClient)

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


45/96

45


Slide 239

SqlConnection

string connString = SERVER=... ; DATABASE=... ; UID=. ..;PWD=...;SqlConnection conn = new SqlConnection(connString);conn.Open();...conn.Close(); //or conn.Dispose();

Properties: ConnectionString, ConnectionTimeout, etc.

Methods: BeginTransaction, Open, Close,CreateCommand

Use try / catch / finally !

Slide 240

Connection String

Contains keywords, for example: Application Name, Connection Timeout (15 sec default), Database,Password, Server, User ID

Should be configurable for entire web site in one placeConfigurationManager.ConnectionStrings

Web.config file:

Should be protected

Connection Pooling is enabled by default

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


46/96

46


Slide 241

SqlCommand

Properties:CommandText, CommandTimeout, CommandType, Connection,Transaction, etc.

Methods:ExecuteNonQuery, ExecuteReader, ExecuteScalar, Cancel,CreateParameter, etc.

Synchronously or asynchronously

An example:using (SqlConnection conn = new SqlConnection(ConnStri ng)){

SqlCommand cmd = new SqlCommand(sprocName, conn);cmd.CommandType = commandType.StoredProcedure;cmd.Connection.Open();cmd.ExecuteNonQuery();

}

Slide 242

SqlDataReader

Works like a cursor

Reads one or more results generated by a command

SqlCommand.ExecuteReader

Can read multiple results set

Very effective metodProperties:

FieldCount, HasRows, IsClosed, Item, etc.

Methods:

Close, IsDbNull, NextResult, GetValues, Read, GetByte,GetChar, GetInt32, etc.

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


47/96

47


Slide 243

SqlDataReader: an example

An example:using (SqlConnection conn = new SqlConnection(connString) ) {

string cmdText = SELECT * FROM customers;

SqlCommand cmd = new SqlCommand(cmdText, conn);

cmd.Connection.Open();

SqlDataReader reader = cmd.ExecuteReader();

while (reader.Read())

CustomerList.Items.Add(reader[companyname].ToStri ng());

reader.Close();

}

Slide 244

ADO.NET Data Containers

Data Adapters

Data Sets

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


48/96

48


Slide 245

Data Adapters

Acts as a two-way bridge between a data source and theDataSet objectFills DataSet

Submit DataSets data back to a data source

SqlDataAdapter class

Slide 246

SqlDataAdapter

Properties:

DeleteCommand, SelectCommand, UpdateCommand

AcceptChangesDuringFill, AcceptChangesDuringUpdate,TableMappings

Methods:

Fill, Update, GetFillParameters

An example:DataSet ds = new DataSet() ;adapter.Fill(ds); Adapter.Fill (ds, MyTable);

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


49/96

49


Slide 247

DataSet

In-memory object with data retrieved through a query

In-memory counterpart of a DBMS databasemay contain multiple tables (DataTable objects)

may contain relationships

may contain constraints between tables

Filling a DataSet = filling a table in DataSet

TableMappings maps a result set into a DataSet table

Properties:EnforceConstraints, HasErrors, Relations, Tables

Methods: AcceptChanges, Clear, Copy, GetChanges, GetXml, ReadXml,RejectChanges

Slide 248

DataSet Batch Update

adapter.Update(ds, MyTable);

Executes Insert, Update, Delete statement for eachmodified row

ContinueUpdateOnError

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


50/96


51/96

51


Slide 251

Data Controls

Binding Model

Data-bound controls

Data source components

Slide 252

Binding model

Data-bound controls:

List and iterative controls

Implements DataBoundControl class

Data-Binding Properties:

DataSource, DataSourceIDDataMember

DataTextField, DataTextFormatString, DataValueField

DataKeyField

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


52/96

52


Slide 253

Useful Data-bound controls

List Controls:

DropDownList

CheckBoxList

RadioButtonList

ListBox

BulletedList

Iterative Controls

Repeater

DataList

DataGrid

Slide 254

Data Source components

SqlDataSource

ObjectDataSource

GridView

DetailsView

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


53/96

53


Slide 255

Lab: Data Access and Data Controls

Exercise 6: Basic Data Access

Exercise 7: Creating Master-Detail WebPages

Exercise 8: Using the ListView Web Server Control

Slide 256 Module 5: LINQ

Module 5:LINQ

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


54/96

54


Slide 257

Overview

IntroductionExamples

LINQ to XML

LINQ to SQL

LINQ to DataSet

Slide 258

LINQ: Introduction

LINQ = Language Integrated Query

Query, Set and Transform Operations for .NET

Makes querying data a core programming concept

Works with all types and shapes of data, for example:

Relational databasesXML

DataSets

Even available for SharePoint 2010!

Works with all .NET languages

New VB and C# have integrated language support

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


55/96

55


Slide 259

Some examples:

Query expression:var contacts =

from c in customerswhere c.City == Warszawa"select new { c.Name, c.Address };

Lambda expression:var contacts =

customers.Where(c => c.City == Warszawa").Select(c => new { c.Name, c.Address });

Slide 260

LINQ to XML

Creating XML

Constructors lend themselves to nesting

Can use LINQ (over anything) to build XML

Querying

Use normal axes from XML infosetGet full power of query expressions over XML

Select, where, group by, etc.

Xml Namespaces

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


56/96


57/96

57


Slide 263

LINQ to DataSet

Query expressions over in-memory data

Works with untyped or typed DataSets

If query returns some kind of DataRow: -

Can yield results as a DataView

...and therefore databind to those results

Slide 264

Lab:LINQ

Exercise 9: LINQ in Object Model

Exercise 10: LinqDataSource andDetailsView controls

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


58/96

58


Slide 265 Module 6: ASP.NET AJAX

Module 6:ASP.NET AJAX

Slide 266

Overview

Introduction

Visual Studio 2008 AJAX Support

Developer scenarious

Update Panel

ASP.NET AJAX Control Toolkit

Control Extenders

_____________________________________________________________________________________

_____________________________________________________________________________________ _____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


59/96

59



60/96

60


Slide 267

Introduction

AJAX = Asynchronous JavaScript and XML

clever use of DHTML + JavaScriptA framework for building richer, moreinteractive, more personalized webexperiencesExchange data and not pages with serverv1.0 works on ASP.NET 2.0 and VS 2005

Shipped in Jan as separate downloadAll ASP.NET AJAX 1.0 features in .NET 3.5

Slide 268

Introduction (cont.)

XMLHttpRequest

Sends HTTP request synchronously or asynchronously

Microsoft AJAX JavaScript library

ASP.NET AJAX assembly: system.web.extensions

JavaScript files are resource files in the assemblyDefines:

Core framework clases (Sys.WebForms, Sys.Net, Sys.Services,Sys.Serialization, Sys)User-interface framework classes (Sys.UI)

Script Manager and Script Manager Proxy controls

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


61/96

61


Slide 269

Visual Studio 2008 AJAX Support

JavaScript Intellisense

Code intellisense for client-side JavaScript

Integrated editor support for ASP.NET AJAX JS Library

Intellisense against JSON enabled .asmx web services

JavaScript Debugging

Improved discoverability

ASP.NET AJAX Extender Control Support

Easy design-time to attach extenders

Slide 270

Page Developer Scenario

.NET Framework 2.0

Browser Application

Rendered Page

(HTML/CSS)

ASP.NET Application

ASPX Page

Postback

Updated Rendering

Initial Rendering(UI + Behavior)

protected void Handler(){}

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


62/96

62


Slide 271

Page Developer Scenario with ASP.NET AJAX

.NET Framework 2.0Microsoft AJAX Library

Browser Application

Rendered Page

ASP.NET Application

ASPX Page

Async Postback

Updated Rendering(only region in

UpdatePanel)

Initial Rendering(UI + Behavior) Some non-updatable content and controls...

This content can be dynamically updated!


63/96

63


Slide 273

Showing Progress

UpdateProgress control provides feedback on theprogress of partial-page rendering


64/96

64


Slide 275

Control Extenders

Extend ASP.NET controls with ASP.NET AJAX clientbehaviorsEncapsulate both client and server behavior

Same familiar programming model as ASP.NET server controls


65/96

65


Slide 277 Module 7: Additional Topics

Module 7:Additional Topics

Slide 278

Overview

Error Handling

State Management

Security

Membership and Role Managers

Performance Best Practices

_____________________________________________________________________________________

_____________________________________________________________________________________ _____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


66/96

66



67/96

67


Slide 279

Error handling

In code: try, catch, finally

On Page level: Error eventOn Web Application Level:

global.asax Application_Error eventServer.GetLastError() to obtain info about the error

Web.config

Custom error page

Should be logged, e.g.:

Event Log class (System.Diagnostics namespace)

SQL table

Slide 280

Best Practices

Do not reveal exception details to the client

Use a global error handler to catch unhandledexceptions

Monitor application exceptions.

Consider using an application-specific event source

Protect audit and log files

Use try/finally on disposable resources

Write code that avoids exceptions

Set timeouts aggressively

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


68/96


69/96

69


Slide 283

Application

Global setting for web application

Thread safe

Objects will stay permanently in memory

// This operation is thread-safe Application[MyValue] = 1;

Application.Lock();int val = (int) Application[MyValue];if (val < 10)

Application[MyValue] = val + 1; Application.UnLock();

Slide 284

Session State

For the same session made by a user

Available accross multiple web pages

Different State Client Managers: section in web.config

InProc in memory of w3wp process (detault option)

Off disabled

SQLServer SQL Server table

StateServer in memory of aspnet_state.exe process

Session ID

Session Cookies

Cookless sessions Be careful: session hijacking!

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


70/96

70


Slide 285

Session State: Best Practices

Do not rely on client-side state management options.

Protect your out-of-process state service.

Protect SQL Server session state.

Slide 286

View State

By default, maintained as a hidden feld added to thepage

StateBag class

Remember about security and performance!

Can be disabled for a web page:

Or controls:

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


71/96

71


Slide 287

Caching

Cache class

Can be confgured to expire after a specifed number of seconds

Globally visible class which works in current ApplicationDomain

Dont work in web garden or web farm scenario

Cache[MyData] = value;

Slide 288

Caching Web Pages and sections

ASP.NET output caching

Location of a cache

Any, Client, None, DownStream, Server, ServerAndClient

Can be used on page and custom control level

Caching profiles

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


72/96

72


Slide 289

Security

ASP.NET Processing

Authentication vs. AuthorizationAuthentication methods

IIS Authentication and Authorization Process

ASP.NET web site configuration

Application pool account and permissions

IIS Built-in accountsCode Access Security

Global Assembly Cache

Attack Methods

Best Practices

Slide 290

ASP.NET Processing

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


73/96

73


Slide 291

Authentication vs. Authorization

Authentication is the process of identification andvalidation of a user's credentials.Authorization provides access controls for a user

Slide 292

IIS: Authentication and autorization process

1. Is IP address permitted?

2. Is user permitted?

Valid credentials

Account restrictionsTime, Lockout, Password expired, Privileges

3. Does IIS allow access?

4. Does NTFS allow access?

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


74/96

74


Slide 293

Authentication methods

Authentication methods in IISBasic

Digest

Integrated WindowsProtocols: NTLM or Kerberos

Passport

Anonymous

Certificates

Authentication is defined in web.config file

Forms

Windows

Passport

Slide 294

Configuration Files and the .NET Framework

The Web server has a Web.config file for ASP.NET Webapplication settings

Each ASP.NET Web application also has its ownWeb.config file

Within the Web.config file, you can control access toindividual pages or the entire Web site:


75/96

75


Slide 295

Web.config: some examples:

Internet web site


76/96

76


Slide 297

Default permissions of the Application Pool account

Access this computer from the network

Deny logon locally

Deny logon through

Terminal Services

Log on as a batch job

Log on as a service

Some NTFS permissions

Slide 298

IIS: Built-in accounts

Account Description

LocalSystemA built-in account that has a high level of access rightsAvoid assigning LocalSystem as an application poolidentity

Network Service

A built-in IIS account with low privilegesInteracts throughout the network with the computeraccountThe default application pool i dentity (recommended)

Local Service

A built-in IIS account with lowest privileges

Connects anonymously over the networkUse for local Web applications only

IIS_WPG An IIS group account, application pool identity accountsmust be a member of this group

IUSR_computername An IIS account for anonymous IIS access

IWAM_computernameAn IIS account for starting out-of-process applications inIIS 5.0 isolation mode

ASPNETA built-in account for running Microsoft ASP.NET workerprocess in IIS 5.0 isolation mode

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


77/96

77


Slide 299

Code Access Security

Define what your code can do

Fine-grained policyFine-grained permissions

Multiple levels of trust

Different apps in the same process can run at different trust levels

Range of named trust levelsFulltrust: do anything the process can

Hightrust: no unmanaged code, still have broad permissions

Mediumtrust: recommended default

Lowtrust: basic set of rights

Minimaltrust: execute only

in Web.config

Slide 300

Code Access Security: Best Practices

Consider code access security for partial trustapplications.

Choose a trust level that does not exceed your application's requirements.

Create a custom trust policy if your application needs

additional permissions.Use Medium trust in shared hosting environments.

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


78/96

78


Slide 301

Global Assembly Cache

Registry for .NET assemblies

Add an assembly to the GAC:Generate a strong name, assembly: 1) name, 2) version, 3) 64 bitpublic key hash -sn.exe , 4) culture

Add to the GAC -gacutil.exe , .NET Configuration x.x(MMC Snap-in)

Viewing the contents of the GAC:gacutil /lstart explorer %windir%\assembly

Security: all GACed assemblies (for ASP.NET apps):Run as Full Trust

Are accessible to all ASP.NET apps

Slide 302

Attack methods

Cross-site scripting - Untrusted user input is echoed to the page.

Denial of service (DoS) - The attacker foods the network with fakerequests, overloading the system and blocking regular traffc

Eavesdropping - The attacker uses a sniffer to read unencryptednetwork packets as they are transported on the network

Hidden-feld tampering - The attacker compromises unchecked (andtrusted) hidden felds stuffed with sensitive dataOne-click - Malicious HTTP posts are sent via script

Session hijacking - The attacker guesses or steals a valid sessionID and connects over another users session

SQL injection - The attacker inserts malicious input that the codeblissfully concatenates to form dangerous SQL commands

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


79/96

79


Slide 303

Security: Best Practices

Use Run As...never log on as an Administrator

Disable NetBIOS

Do not put Web files on C:

Use the highest level of authentication you can, based on theclients used

Always encrypt sensitive information using SSL or IPSec

Always use SSL when using basic authentication

Do not issue a request for a certificate on a production server

Never leave certificates on the server

Use URL Scan

Do not install the Resource Kit on a production server

Slide 304

Data Access: Best Practices

Encrypt your connection strings.

Use least-privileged accounts for database access.

Use Windows authentication where possible.

If you use Windows authentication, use a trusted service account.

If you cannot use a domain account, consider mirrored accounts.

When using SQL authentication, use strong passwords.When using SQL authentication, protect credentials over thenetwork.

When using SQL authentication, protect credentials in configurationfiles.

Validate untrusted input passed to your data access methods.

When constructing SQL queries, use type safe SQL parameters.

Avoid dynamic queries that accept user input.

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


80/96

80


Slide 305

Sensitive Data: Best Practices

Avoid plaintext passwords in configuration files.

Use platform features to manage keys where possible

Do not pass sensitive data from page to page

Protect sensitive data over the wire

Do not cache sensitive data

Slide 306

Parameter Manipulation: Best Practices

Do not make security decisions based on parametersaccessible on the client-side

Validate all input parameters

Avoid storing sensitive data in ViewState

Encrypt ViewState if it must contain sensitive data

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


81/96

81


Slide 307

Membership and Role Management

Membership service

Login controls

Role Management service

FBA: Best Practices

Slide 308

Membership Service

Service for managing users and credentials

Declarative access via Web Site Admin Tool

Programmatic access via Membership andMembershipUser classes

Membership class provides base servicesMembershipUser class represents users and providesadditional services

Provider-based for flexible data storage

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


82/96

82


Slide 309

Membership Schema

Membership API

MembershipData

OtherData Stores

Controls

Login LoginStatus LoginView

Other MembershipProviders

Membership Providers

M em bership M em bershipUser

SqlMembershipProvider

SQLServer

Other LoginControls

AD/AzMan

Windows Auth Provider

Slide 310

The Membership Class

Provides static methods for performing keymembership tasks

Creating and deleting users

Retrieving information about users

Generating random passwordsValidating logins

Also includes read-only static properties for acquiringdata about provider settings

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


83/96

83


Slide 311

Key Membership Methods

Nam e Description

C re ateU ser Ad ds a us er to th e m embership da ta s tore

De le teUser R em o ves a us er from the m em bersh ip d ata sto re

G en e rateP asswo rd G en er ates a ran do m p asswo rd of a specified length

G etAllUsers R et rieves a c ollec tion o f M em bership User o bjectsrepresenting all currently registered users

G e tU ser R etr ieves a M em bersh ipUse r o bject r epresentin g a u ser

U p d at eUser U pd at es information f or a s pecified u ser

Va lidate User Validates login s based on user n am es and passwo rds

Slide 312

The MembershipUser Class

Represents individual users registered in themembership data store

Includes numerous properties for getting and settinguser info

Includes methods for retrieving, changing, andresetting passwordsReturned by Membership methods such as GetUser and CreateUser

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________


84/96

84


Slide 313

Key MembershipUser Properties

Name Description

C om m ent S to rag e f or u ser-d efined d ata

C re a tio nDate Da te us er w as ad ded to th e m em ber ship d a ta

asp.net programming - student workbook

Documents