END TERM EXAMINATIONWEB TECHNOLOGIES(210)

MCA IV

Unit -I

Q1 Attempt any ten from the following:

(a) What is the difference between static and dynamic web pages?

Basis of Difference Static web page Dynamic web page1. Meaning A static web page

shows the required information to the viewer, but do not accept any information from theviewer.

A dynamic web page displays the information to the viewer and also accepts the information from theuser

2. Programming It require basic (HTML) web programming skills

It require in-depth web programming knowledge such as ASP or PHP

3. Working

(b) Explain the AutoPostBack property of web server controls with an example.

The AutoPostBack property is used to set or return whetheror not an automatic post back occurs when the user presses"ENTER" or "TAB" in the TextBox control. If this property isset to TRUE the automatic post back is enabled, otherwiseFALSE. Default is FALSE. For example:

form runat="server"><asp:TextBox id="tb1" runat="server" AutoPostBack="TRUE" /></form>

(c) Name different data binding controls in standard web server controls in ASP.NET.

The following are the data binding controls:

Repeater Control DataGrid Control DataList Control GridView Control DetailsView FormView DropDownList ListBox RadioButtonList CheckBoxList BulletList

(d) What is Document Object Model?

A document object model (DOM) is an application programminginterface (API) for representing a document (such as an HTMLdocument) and accessing and manipulating the various elements(such as HTML tags and strings of text) that make up thatdocument. JavaScript-enabled web browsers have always defineda document object model; a web-browser DOM may specify, forexample, that the forms in an HTML document are accessiblethrough the forms[] array of the Document object. HTMLdocuments have a hierarchical structure that is represented inthe DOM as a tree structure. Consider the following simpleHTML document:

<html> <head> <title>Sample Document</title> </head> <body> <h1>An HTML Document</h1> <p>This is a <i>simple</i> document. </body></html>

The DOM representation of this document is as follows:

(e) State different advantages of using XML.

Advantages of using XML are:

It is as easy as HTML. XML is fully compatible with applications like JAVA, and it

can be combined with any application which is capable of processing XML irrespective of the platform it is being usedon.

XML is an extremely portable language to the extent that it can be used on large networks with multiple platforms like the internet, and it can be used on handhelds or palmtops orPDAs.

XML is an extendable language, meaning that you can create your own tags, or use the tags which have already been created.

(f) What is SOAP?

SOAP is a simple XML-based protocol to let applicationsexchange information over HTTP or more simply: SOAP is aprotocol for accessing a Web Service. It provides a way tocommunicate between applications running on differentoperating systems, with different technologies andprogramming languages. It provides a simple and lightweightmechanism for exchanging structured and typed information

between peers in a decentralized, distributed environmentusing XML. It does not itself define any applicationsemantics such as a programming model or implementationspecific semantics; rather it defines a simple mechanism forexpressing application semantics by providing a modularpackaging model and encoding mechanisms for encoding datawithin modules.

(g) Discuss the life cycle of page in brief.

The first stage in the page life cycle is initialization.This is fired after the page's control tree has beensuccessfully created. All the controls that are staticallydeclared in the .aspx file will be initialized with thedefault values. Controls can use this event to initializesome of the settings that can be used throughout thelifetime of the incoming web request. Viewstate informationwill not be available at this stage. After initialization,page framework loads the view state for the page. Viewstateis a collection of name/value pairs, where control's andpage itself store information that is persistent among webrequests. It contains the state of the controls the lasttime the page was processed on the server. By overridingLoadViewState() method, component developer can understandhow viewstate is restored. Once viewstate is restored,control will be updated with the client side changes. Itloads the posted data values. The PostBackData event givescontrol a chance to update their state that reflects thestate of the HTML element on the client. At the end of theposted data changes event, controls will be reflected withchanges done on the client. At this point, load event isfired.

Key event in the life cycle is when the server-side codeassociated with an event triggered on the client. When theuser clicks on the button, the page posts back. Pageframework calls the RaisePostBackEvent. This event looks upfor the event handler and run the associated delegate.

After PostBack event, page prepares for rendering. PreRenderevent is called. This is the place where user can do theupdate operations before the viewstate is stored and outputis rendered. Next stage is saving view state, all the valuesof the controls will be saved to their own viewstatecollection. The resultant viewstate is serialized, hashed,base24 encoded and associated with the _viewstate hiddenfield.

Next the render method is called. This method takes theHtmlWriter object and uses it to accumulate all HTML text tobe generated for the control. For each control the pagecalls the render method and caches the HTML output. Therendering mechanism for the control can be altered byoverriding this render method.

The final stage of the life cycle is unload event. This iscalled just before the page object is dismissed. In thisevent, you can release critical resources you have such asdatabase connections, files, graphical objects etc

(h) What is IsPostBack property of a page?

IsPostBack property indicates that whether this is the firsttime user has requested fort the page or it is reloadedbased on any response on postback. This property checks for __VIEWSTATE or __EVENTTARGETparameter in Request object. if these parameters are absentthat means it is requested for the first time and if theseparameters are present then this request is not firstrequest.

(i) Why we use SqlCommandBuilder object in ADO.NET?

SqlCommandBuilder class in ADO.NET provides the feature ofreflecting the changes to a Dataset or an instance of the SQLServer data. When an instance of SqlCommandBuilder class iscreated, it automatically generates Transact-SQL statementsfor the single table updates that occur. The object of theSqlCommandBuilder acts as a listener for RowUpdating events,whenever the DataAdapter property is set. It automaticallygenerates the values contained within the SqlDataAdapter’sInsertCommand, UpdateCommand and DeleteCommand propertiesbased on the initial SelectCommand. For example:

DataSet ds=new DataSet();SqlConnection cn =new SqlConnection(“strSomeConnectionStr”);SqlDataAdapter da=new SqlDataAdapter(“Select t from Table1”, cn);SqlCommandBuilder scb=new SqlCommand(da);da.Fill(ds,”DataSet1”);

(j) Discuss the usage of SqlDataReader and SqlDataAdapter object in ADO.NET.

SqlDataAdapter acts a bridge between an in-memory databasetables and application. It is the SqlDataAdapter that managesconnections with the data source and gives us disconnectedbehavior.  The SqlDataAdapter opens a connection only whenrequired and closes it as soon as it has performed its task.The SqlDataAdapter holds the SQL commands and connectionobject for reading and writing data.

SqlDataReader is used to retrieve a read-only, forward-onlystream of data from a database. Results are returned as thequery executes, and are stored in the network buffer on theclient until you request them using the Read method of theSqlDataReader. Using the SqlDataReader can increaseapplication performance both by retrieving data as soon as itis available, rather than waiting for the entire results ofthe query to be returned, and (by default) storing only onerow at a time in memory, reducing system overhead.

(k) What is DISCO standard?

The abbreviation for disco is discovery, It is used to club orgroup the all Web services in the server, it provides schemadocumentation about Web services to the client. It is used tocreate discovery documents that provide links to multiple webservice endpoints. The DISCO standard creates a single filethat groups a list of related web services. A company canpublish a DISCO file on its server that contains links to allthe web services it provides. 

Unit-II

Q2 (a) State different advantages and disadvantages of using frames in our website?

Advantages of frames

1. Frames are one way to make our site easy to navigate becausewe can have a constantly visible navigation menu - and easynavigation is one of the most important aspects of websitedesign.

2. Frames can make the site faster because one can include thesite theme (images, logo, etc..) and the navigation menu inframes that do not have to download each time a visitorlooks at a new page. Only the contents page changes.

3. Using frames can make site maintenance easy, especially ifyou have a large site. If for example we want to add a newpage that is linked from the other pages on your site, yousimply add a link on your navigation menu; you do not haveto add links on each and every page.

Disadvantages of frames

1. The original argument was that not all browsers supportframes, but this must be a very small percentage now. We canget around this by including a <noframes></NOFRAMES> belowthe frameset. In this noframes area we can includeinformation such as a simple navigation menu and a "Sorryyour browser does not support frames" statement - OR if wewant to have a separate version of our website for non-frames browsers then we must be prepared to do twice as muchwork maintaining the site.

2. Search engines treat frames as hyperlinks to other pages, soif for example they manage to spider the frame containingthe menu, the pages they want to index will be indexed butwithout the surrounding frames. If someone finds one of ourpages on a search engine they will not be able to navigatearound the site.

3. The most important disadvantage is that it is difficult tolink to a particular page on the site other than the page

containing the frames (usually the homepage) - this is a bigdisadvantage if we use email to market our site and wewant to link to different parts of our web site.

(b) What are different types of cascading style sheets? Explain usage with an example.

There are three types of a style sheet:

1. External style sheet

An external style sheet is ideal when the style is appliedto many pages.

With an external style sheet, we can change the look of anentire Web site by changing one file.

Each page must link to the style sheet using the <link> tag. The <link> tag goes inside the head section.

For example<LINK REL=stylesheet HREF=“stylesheet file name”>

An external style sheet can be written in any text editor.The file should not contain any html tags. The style sheetshould be saved with a .css extension. An example of a style sheet file is shown below:

hr {color:sienna;}p {margin-left:20px;}body {background-image:url("images/back40.gif");}

Save the file with name style1.css

<head><link rel="stylesheet" type="text/css" href="style1.css" /></head>

2. Internal style sheet /embedded

An internal style sheet should be used when a single document has a unique style. We define internal styles in the head section of an HTML page, by using the <style> tag, like this:

<head><style type="text/css">h1 {color:sienna;}p {margin-left:20px;}body {background-image:url("images/back40.gif");}</style></head>

3. Inline style

To use inline styles you use the style attribute in the relevant tag. The style attribute can contain any CSS property. The example shows how to change the color and the left margin of a paragraph:

<p style="color:sienna;margin-left:20px">This is a paragraph.</p>

Q3(a) State different guidelines to create a website.

Make a great first impression

Design may not be the most important factor in a websiteoverall, and often-times folks put too much emphasis onhow a site looks instead of how it works, but it does playan important role in making a good first impression.

Maintain Consistency

It’s best to keep elements on the site fairly consistentfrom page to page. Elements include colors, sizes, layout,and placement of those elements. The site needs to have agood flow from page to page. This means colors areprimarily the same as well as fonts and layout structure.Navigation should remain in the same location of yourlayout throughout your website.

Use the right images

Images can be a powerful element to any website, but youneed to use them wisely. Every image is transmitting asubconscious message to your audience, and sometimes theresult is different from what you might expect. As aresult, take care to place meaningful images on your site.

Create a solid navigation system

Perhaps one of the biggest factors to keep visitors onyour website is having a good, solid navigation systemthat supports all search preferences. In fact, more thanthree-quarters of survey respondents from a recent HubSpotstudy say the most important element in website design isease of finding information. If people can’t find whatthey're looking for, they will give up and leave.

Limit Flash and Animation

Flash animation can grab someone’s attention, yes, but itcan also distract people from staying on your site. Notonly are mobile applications lacking the capability toview Flash animation, but many people also simply don'twant to be bothered with unexpected noises and animations.Keep the animation to a minimum, and only use whennecessary.

Make it Accessible

Make sure that anyone visiting your website can view it nomatter what browser or application they're using. In orderto gain significant traffic, your site needs to becompatible with multiple browsers and devices. With growthin mobile phones and tablet devices, people are surfingthe internet more than ever before. Make sure to get someof those views by allowing everyone to view your site, nomatter what kind of system they run or which browser theyuse.

Q3(b) Create a dynamic webpage using JavaScript to order Burger online and also confirm the order with the user before finally submitting it.

<html><head><title>WELCOME TO ONLINE BURGER STORE</title><p id ="demo"></p><script language="Javascript">

function caltotal(frm){

var order_total=0;

for(var i=0;i<frm.elements.length;++i){

form_field=frm.elements[i];

form_name=form_field.name;

if(form_name.substring(0,4)=="PROD"){

item_price = parseFloat(form_name.substring(form_name.lastIndexOf("_") + 1))

// Get the quantity item_quantity = parseInt(form_field.value)

// Update the order total if (item_quantity >= 0) { order_total += item_quantity * item_price

} }

}

document.getElementById("order_total").innerHTML=order_total;

}

function sub(form){

var x;var r = confirm("DO YOU CONFIRM THE ORDER AND PARCEL ADDRESS

MENTIONED");if(r==true) x=" YOUR ORDER IS PLACED.........WILL REACH YOU IN 30

MINUTES...ENJOY";elsex="CORRECT YOUR DETAILS";// alert(document.getElementById("demo").innerHTML=x);alert(x);

}</script></head>

<body>

<h1><center><FONT FACE="Arial" SIZE=30 COLOR="cornflowerblue">WELCOME TO BURGER ONLINE BAZAAR</FONT></center></h1>

<form name ="bur"><h3><center>PLACE ORDER </center></h3><br/><center><table border ="1"><tr><td><b> PRODUCT</b></td><td><b> AMOUNT</b></td><td><b>QUANTITY</b></td></tr><tr><td>Veg Burger </td> <td>Rs.25</td> <td><input type="text" name="PROD_SP_25"

onChange="caltotal(this.form)"/><br/></td></tr><tr><td>Chicken Burger</td><td> Rs.40 </td><td> <input type="text" name="PROD_SP_40"

onChange="caltotal(this.form)"/><br/></td></tr><tr><td> TOTAL ORDER AMOUNT : </td><td> </td><td><span id="order_total" style="text-align: right"></span>

</tr>

</center></table></form>

<form name="personalinfo"><h3><center>ORDER TO BE DELIVERED AT</center></h3><center><table border="1"><tr><td> NAME: </td><td><input type =text name =name/></td></tr><tr><td>Address 1:</td><td><input type=text name=add1/></td></tr><tr><td>Address 2:</td><td><input type=text name=add2/></td></tr><tr><td> City :</td><td><input type = text name =city/></td></tr><tr><td> State :</td><td><input type= text name=state/></td></tr><tr><td> Phone Number :</td><td><input type =text name =phno/></td></tr><tr><td> Email Address : </td><td><input type =text name =email/></td></tr></center></table>

</form>

<input type =button name =button1 value="SUBMIT" onClick="sub(form);"/></body>

</html>

Unit –III

Q4(a) What are the different ways to develop a web application inASP.NET? Explain with an example.

There are two major project types in Visual studio i.e. Websiteand Web Application that we can use to build the ASP.NETApplications. Web application projects use Visual Studio projectfiles (.csproj or .vbproj) to keep track of information about theproject. Among other tasks, this makes it possible to specifywhich files are included in or excluded from the project, andtherefore which files are compiled during a build. For Web siteprojects, all files in a folder structure are automaticallyconsidered to be included in the Web site. If you want to excludesomething from compilation, you must remove the file from the Web

site project folder or change its file-name extension to anextension that is not compiled and is not served by IIS.

For example:

We can add Website or Web application project to your VS solutionin VS 2010 as follows:

Two project types are added to the solution and it looks like thefollowing:

Q4(b) What are the different events associated to button Server control? Explain the usage with an example.

The Click event is raised when the Button control is clicked. This event is commonly used when no command name is associated with the Button control (for instance, with a Submit button).

The Command event is raised when the Button control is clicked. This event is commonly used when a command name, such as Sort, isassociated with the Button control. This allows you to create multiple Button controls on a Web page and programmatically determine which Button control is clicked.

Example

<head runat="server"> <title>Button CommandName Example</title><script runat="server">

void CommandBtn_Click(Object sender, CommandEventArgs e) {

switch(e.CommandName) {

case "Sort":

// Call the method to sort the list. Sort_List((String)e.CommandArgument); break;

case "Submit":

// Display a message for the Submit button being clicked. Message.Text = "You clicked the Submit button";

// Test whether the command argument is an empty string(""). if((String)e.CommandArgument == "") { // End the message. Message.Text += "."; } else { // Display an error message for the command argument. Message.Text += ", however the command argument is not recognized."; } break;

default:

// The command name is not recognized. Display an errormessage. Message.Text = "Command name not recogized."; break;

}

}

Q5(a) Write code to connect our web page to company database and also write code to read, insert, update and delete from “employee” table in SQL server.

SqlConnection con = new SqlConnection("Data Source=company;Integrated Security=true;Initial Catalog=MySampleDB");protected void Page_Load(object sender, EventArgs e){if (!IsPostBack){BindEmployeeDetails();}}protected void BindEmployeeDetails(){con.Open();SqlCommand cmd = new SqlCommand("Select * from Employee_Details", con);SqlDataAdapter da = new SqlDataAdapter(cmd);DataSet ds = new DataSet();da.Fill(ds);con.Close();if (ds.Tables[0].Rows.Count > 0){gvDetails.DataSource = ds;gvDetails.DataBind();}else{ds.Tables[0].Rows.Add(ds.Tables[0].NewRow());gvDetails.DataSource = ds;gvDetails.DataBind();int columncount = gvDetails.Rows[0].Cells.Count;gvDetails.Rows[0].Cells.Clear();gvDetails.Rows[0].Cells.Add(new TableCell());gvDetails.Rows[0].Cells[0].ColumnSpan = columncount;gvDetails.Rows[0].Cells[0].Text = "No Records Found";}}protected void gvDetails_RowEditing(object sender, GridViewEditEventArgs e){

gvDetails.EditIndex = e.NewEditIndex;BindEmployeeDetails();}protected void gvDetails_RowUpdating(object sender, GridViewUpdateEventArgs e){int userid = Convert.ToInt32(gvDetails.DataKeys[e.RowIndex].Value.ToString());string username = gvDetails.DataKeys[e.RowIndex].Values["UserName"].ToString();TextBox txtcity = (TextBox)gvDetails.Rows[e.RowIndex].FindControl("txtcity");TextBox txtDesignation = (TextBox)gvDetails.Rows[e.RowIndex].FindControl("txtDesg");con.Open();SqlCommand cmd = new SqlCommand("update Employee_Details set City='" +txtcity.Text + "',Designation='" + txtDesignation.Text + "' where UserId=" + userid, con);cmd.ExecuteNonQuery();con.Close();lblresult.ForeColor = Color.Green;lblresult.Text = username + " Details Updated successfully";gvDetails.EditIndex = -1;BindEmployeeDetails();}protected void gvDetails_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e){gvDetails.EditIndex = -1;BindEmployeeDetails();}protected void gvDetails_RowDeleting(object sender, GridViewDeleteEventArgs e){int userid = Convert.ToInt32(gvDetails.DataKeys[e.RowIndex].Values["UserId"].ToString());string username = gvDetails.DataKeys[e.RowIndex].Values["UserName"].ToString();con.Open();SqlCommand cmd = new SqlCommand("delete from Employee_Details where UserId=" + userid, con);int result = cmd.ExecuteNonQuery();

con.Close();if (result == 1){BindEmployeeDetails();lblresult.ForeColor = Color.Red;lblresult.Text = username + " details deleted successfully";}}protected void gvDetails_RowCommand(object sender, GridViewCommandEventArgs e){if(e.CommandName.Equals("AddNew")){TextBox txtUsrname = (TextBox)gvDetails.FooterRow.FindControl("txtftrusrname");TextBox txtCity = (TextBox)gvDetails.FooterRow.FindControl("txtftrcity");TextBox txtDesgnation = (TextBox) gvDetails.FooterRow.FindControl("txtftrDesignation");con.Open();SqlCommand cmd =new SqlCommand("insert into Employee_Details(UserName,City,Designation) values('" + txtUsrname.Text + "','" +txtCity.Text + "','" + txtDesgnation.Text + "')", con);int result= cmd.ExecuteNonQuery();con.Close();if(result==1){BindEmployeeDetails();lblresult.ForeColor = Color.Green;lblresult.Text = txtUsrname.Text + " Details inserted successfully";}else{lblresult.ForeColor = Color.Red;lblresult.Text = txtUsrname.Text + " Details not inserted"; }}}

Q5(b) Explain briefly the usage of different validation controls in ASP.NET.

RequiredFieldValidation Control

The RequiredFieldValidator control is simple validation control,which checks to see if the data is entered for the input control.We can have a RequiredFieldValidator control for each formelement on which you wish to enforce Mandatory Field rule.

CompareValidator Control

The CompareValidator control allows you to make comparison tocompare data entered in an input control with a constant value ora value in a different control. It can most commonly be used whenyou need to confirm password entered by the user at theregistration time. The data is always case sensitive.

RangeValidator Control

The RangeValidator Server Control is another validator control,which checks to see if a control value is within a valid range.The attributes that are necessary to this control are:MaximumValue, MinimumValue, and Type.

RegularExpressionValidator Control

Using RegularExpressionValidator server control, we can check auser's input based on a pattern that you define using a regularexpression. It is used to validate complex expressions. Theseexpressions can be phone number, email address, zip code and manymore.

CustomValidator Control

The CustomValidator Control can be used on client side and server

side. JavaScript is used to do client validation and we can useany .NET language to do server side validation.

ValidationSummary

The ValidationSummary control is reporting control, which is usedby the other validation controls on a page. We can use thisvalidation control to consolidate errors reporting for all thevalidation errors that occur on a page instead of leaving this upto each and every individual validation control. The validationsummary control will collect all the error messages of all thenon-valid controls and put them in a tidy list.

Q6(a) What is a session? Explain different modes of sessions and their usage in ASP.NET.

A session is defined as the period of time that a unique user interacts with a Web application. Active Server Pages (ASP) developers who wish to retain data for unique user sessions can use an intrinsic feature known as session state.

In ASP.NET, there are the following session modes available:

InProc mode, which stores session state in memory on the Webserver. This is the default.

StateServer mode, which stores session state in a separateprocess called the ASP.NET state service. This ensures thatsession state is preserved if the Web application isrestarted and also makes session state available to multipleWeb servers in a Web farm.

SQLServer mode stores session state in a SQL Serverdatabase. This ensures that session state is preserved ifthe Web application is restarted and also makes sessionstate available to multiple Web servers in a Web farm.

Custom mode, which enables you to specify a custom storageprovider.

Off mode, which disables session state.

For every session state, there is a Session Provider. The following diagram will show you how they are related:

Fig: Session state architecture

We can choose the session state provider based on which sessionstate we are selecting. When ASP.NET requests for informationbased on the session ID, the session state and its correspondingprovider are responsible for sending the proper information. Thefollowing table shows the session mode along with the providername:

Session StateMode

State Provider

InProc In-memory

object

StateServer Aspnet_state.exe

SQLServer Database

Custom Custom provider

Q6(b) Explain different aspects of error handling in ASP.NET.

Error handling in ASP.Net has three aspects:

1. Tracing - tracing the program execution at page level orapplication level. To enable page level tracing, you need tomodify the Page directive and add a Trace attribute as:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="errorhandling._Default" Trace ="true" %>

It provides the following information at the top:

Session ID Status Code Time of Request Type of Request Request and Response Encoding

Under the top level information is the Trace log, which providesdetails of page life cycle. It provides elapsed time in secondssince the page was initialized. The next section is control tree,which lists all controls on the page in a hierarchical manner.Last in the Session and Application state summaries, cookies and

headers collections, followed by list of all server variables.The Trace object allows you to add custom information to thetrace output. It has two methods to accomplish this: the Writemethod and the Warn method.

2. Error handling -Although ASP.Net can detect all runtimeerrors, still some subtle errors may still be there. Observingthe errors by tracing is meant for the developers, not for theusers. Hence, to intercept such occurrence, you can add errorhanding settings in the web.config file of the application. Itis application wide error handling. For example, you can addthe following lines in the web.config file:

<configuration><system.web><customErrors mode="RemoteOnly"

defaultRedirect="GenericErrorPage.htm"><error statusCode="403" redirect="NoAccess.htm" /><error statusCode="404" redirect="FileNotFound.htm" /></customErrors></system.web><configuration>

3. Debugging - Debugging allows the developers to watch how thecode works in a step-by-step manner, how the values of thevariables change, how the objects are created and destroyedetc.

Q7(a) Explain different ways of authentication in ASP.NET.

ASP.NET provides three ways to authenticate a user:

Windows authentication Forms authentication Passport authentication

Windows Authentication Provider

The Windows authentication provider is the default provider forASP .NET. It authenticates users based on the users' Windowsaccounts. Windows authentication in ASP.NET actually relies onIIS to do the authentication. IIS can be configured so that onlyusers on a Windows domain can log in. If a user attempts toaccess a page and is not authenticated, they'll be shown a dialogbox asking them to enter their username and password. Thisinformation is then passed to the Web server and checked againstthe list of users in the domain. If the user has supplied validcredentials, access is granted. The identity of the user is thenpassed to the ASP.NET engine. There are four different kinds of Windows authentication optionsavailable that can be configured in IIS:

Anonymous Authentication: IIS doesn't perform anyauthentication check. IIS allows any user to access theASP .NET application.

Basic Authentication: For this kind of authentication, aWindows user name and password have to be provided toconnect. However, this information is sent over the networkin plain text and hence this is an insecure kind ofauthentication. Basic Authentication is the only mode ofauthentication older, non-Internet Explorer browserssupport.

Digest Authentication: It is same as Basic Authenticationbut for the fact that the password is hashed before it issent across the network. However, to be using DigestAuthentication, we must use IE 5.0 or above.

Integrated Windows Authentication: In this kind ofauthentication technique, passwords are not sent across thenetwork. The application here uses either the kerberos orchallenge/response protocols to authenticate users.Kerberos, a network authentication protocol, is designed toprovide strong authentication for client-serverapplications. It provides the tools of authentication andstrong cryptography over the network to help to secureinformation in systems across entire enterprise.

Passport Authentication Provider

Passport authentication is a centralized authentication service.This uses Microsoft's Passport Service to authenticate the usersof an application. If the authentication mode of the applicationis configured as Passport and if the users have signed up withMicrosoft's Passport Service, then the authentication formalitiesare pushed over to Passport servers.

Passport uses an encrypted cookie mechanism to identify andindicate authenticated users. If the users have already beensigned into passport when they visit the application page,ASP.NET will consider them as authenticated. Otherwise, the userswill be redirected to Passport servers to login. Upon successfullogin, the user is redirected back to the ASP.NET Web page thatthey initially tried to access.

Forms Authentication Provider

The forms authentication provider uses custom HTML forms tocollect authentication information. As an ASP.NET developer usingforms authentication, you must write your own logic/code to checkthe user's supplied credentials against a database or some otherdata store. When a user is successfully identified via formsauthentication, the user's credentials are stored in a cookie foruse during the session.

The method of authentication to use is specified in the Webapplication's Web.config file:

<!-- For Windows Authentication... --><authentication mode="windows">

<!-- For Passport Authentication... --><authentication mode="passport">

<!-- For Forms Authentication... -->

<authentication mode="forms">

Q7(b) Briefly explain any two of the following:

(i) ViewState

View state is the method that the ASP.NET page framework uses to preserve page and control values between round trips. When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field or fields. View state can beused to do the following:

Keep values between postbacks without storing them in session state or in a user profile.

Store the values of page or control properties that you define.

Create a custom view state provider that lets you store viewstate information in a SQL Server database or in another data store.

(ii) QueryString

A query string is information sent to the server appended to the end of a page URL.

Following are the benefits of using query string for state management: -• No server resources are required. The query string containing in the HTTP requests for a specific URL.• All browsers support query strings.

Following are limitations of query string: -• Query string data is directly visible to user thus leading to security problems.• Most browsers and client devices impose a 255-character limit

on URL length.

(iii) Cookies

A cookie is a small bit of text that accompanies requests andpages as they go between the Web server and browser. The cookiecontains information the Web application can read whenever theuser visits the site. For example, if a user requests a page fromyour site and your application sends not just a page, but also acookie containing the date and time, when the user's browser getsthe page, the browser also gets the cookie, which it stores in afolder on the user's hard disk. Later, if user requests a pagefrom your site again, when the user enters the URL the browserlooks on the local hard disk for a cookie associated with theURL. If the cookie exists, the browser sends the cookie to yoursite along with the page request. Your application can thendetermine the date and time that the user last visited the site.You might use the information to display a message to the user orcheck an expiration date.

Unit-V

Q8 What is a Web Service? Explain the architecture and standardsin detail.

Web services are open standard ( XML, SOAP, HTTP etc.) based Webapplications that interact with other web applications for thepurpose of exchanging data. Web Services can convert yourexisting applications into Web-applications.

There are two ways to view the web service architecture.

The first is to examine the individual roles of each webservice actor.

The second is to examine the emerging web service protocolstack.

1. Web Service Roles

There are three major roles within the web service architecture:

Service provider:

This is the provider of the web service. The service provider implements the service and makes it available on the Internet.

Service requestor

This is any consumer of the web service. The requestor utilizes an existing web service by opening a network connection and sending an XML request.

Service registry

This is a logically centralized directory of services. The registry provides a central place where developers can publish new services or find existing ones. It therefore serves as a centralized clearinghouse for companies and their services.

2. Web Service Protocol Stack

A second option for viewing the web service architecture is to examine the emerging web service protocol stack. The stack is still evolving, but currently has four main layers.

Service transport

This layer is responsible for transporting messages between applications. Currently, this layer includes hypertext transfer protocol (HTTP), Simple Mail Transfer Protocol (SMTP), file transfer protocol (FTP), and newer protocols, such as Blocks Extensible Exchange Protocol (BEEP).

XML messaging

This layer is responsible for encoding messages in a common XML format so that messages can be understood at either end.Currently, this layer includes XML-RPC and SOAP.

Service description

This layer is responsible for describing the public interface to a specific web service. Currently, service description is handled via the Web Service Description Language (WSDL).

Service discovery

This layer is responsible for centralizing services into a common registry, and providing easy publish/find functionality. Currently, service discovery is handled via Universal Description, Discovery, and Integration (UDDI).

Web Services Standards

TransportsBEEP, the Blocks Extensible Exchange Protocol (formerly referredto as BXXP), is a framework for building application protocols.It has been standardized by IETF and does for Internet protocolswhat XML has done for data.

Blocks Extensible Exchange Protocol (BEEP)

MessagingThese messaging standards and specifications are intended to givea framework for exchanging information in a decentralized,distributed environment.

SOAP 1.1 (Note) SOAP 1.2 (Specification) Web Services Attachments Profile 1.0 SOAP Message Transmission Optimization Mechanism

Description and discoveryWeb services are meaningful only if potential users may findinformation sufficient to permit their execution. The focus ofthese specifications and standards is the definition of a set of

services supporting the description and discovery of businesses,organizations, and other Web services providers; the Web servicesthey make available; and the technical interfaces which may beused to access those services.

UDDI 3.0 WSDL 1.1 (Note) WSDL 1.2 (Working draft) WSDL 2.0 (Working Group)

SecurityUsing these security specifications, applications can engage insecure communication designed to work with the general Webservices framework.

Web Services Security 1.0 Security Assertion Markup Language (SAML)

ManagementWeb services manageability is defined as a set of capabilitiesfor discovering the existence, availability, health, performance,usage, as well as the control and configuration of a Web servicewithin the Web services architecture. As Web services becomepervasive and critical to business operations, the task ofmanaging and implementing them is imperative to the success ofbusiness operations.

Web Services Distributed Management

Q9 Write short notes on any two of the following:

(a) Grid Computing

Grid computing is a pattern for increasing of computingpower and storage capacity of a system and is based onhardware and software resources in a network with commonpurpose. One way to think about grid computing is as thevirtualization and pooling of IT resources—compute power,storage, network capacity, and so on—into a single set ofshared services that can be provisioned or distributed, and

then redistributed as needed. Just as an electric utilityuses a grid to deal with wide variations in power demandswithout affecting customer service levels, grid computingprovides IT resources with levels of control andadaptability that are transparent to end users, but that letIT professionals respond quickly to changing computingworkloads.

In most organizations, there are large amounts ofunderutilized computing resources. Most desktop machines arebusy less than 5% of the time. In some organizations, eventhe server machines can often be relatively idle. Gridcomputing provides a framework for exploiting theseunderutilized resources and thus has the possibility ofsubstantially increasing the efficiency of resource usage.

(b) Cloud Computing

Cloud computing is a computing paradigm, where a large pool ofsystems are connected in private or public networks, toprovide dynamically scalable infrastructure for application,data and file storage. With the advent of this technology, the

cost of computation, application hosting, content storage and

delivery is reduced significantly. The idea of cloudcomputing is based on a very fundamental principal of„reusability of IT capabilities'. The difference that cloudcomputing brings compared to traditional concepts of “gridcomputing”, “distributed computing”, “utility computing”, or“autonomic computing” is to broaden horizons acrossorganizational boundaries.

(c) Latest trends in Web Technology

The following are the latest trends in web technology:

Semantic Web

The Semantic Web is about two things. It is about commonformats for integration and combination of data drawn fromdiverse sources, where on the original Web mainlyconcentrated on the interchange of documents. It is alsoabout language for recording how the data relates to realworld objects. That allows a person, or a machine, tostart off in one database, and then move through anunending set of databases which are connected not by wiresbut by being about the same thing.

Personalization

A successful e-business Web site gives special treatmentto its repeat visitors who buy. Providing specialtreatment in the form of information and applicationsmatched to a visitor's interests, roles, and needs isknown as personalization. A personalized e-business site ismore likely to attract and retain visitors and to buildsales.

Websites as Web Services

As more and more of the Web is becoming remixable, theentire system is turning into both a platform and thedatabase. So bringing together Open APIs (like the Amazon E-Commerce service) and scraping/mashup technologies, gives usa way to treat any web site as a web service that exposesits information. The information, or to be more exact thedata, becomes open. In turn, this enables software to takeadvantage of this information collectively. With that, theWeb truly becomes a database that can be queried andremixed.

Online video/Internet TV

Internet TV is exactly what it sounds like: videodelivered over the Web. Specifically, it refers to the

variety of Internet-delivered video-on-demand andsubscription services that offer movies, TV shows, andsports.