IP Final Review

8/8/2019 IP Final Review

http://slidepdf.com/reader/full/ip-final-review 1/48

Validating User Input



Overview

Overview of User Input Validation

Using Validation Controls

Page Validation



Lesson: Overview of User Input

Validation What Is Input Validation?

Client-Side and Server-Side Validation

ASP.NET Validation Controls



What Is Input Validation?

Verifies that a control value is correctly

entered by the user

Blocks the processing of a page until all

controls are valid

Avoids spoofing

or the addition of

malicious code



Client-Side and Server-Side Validation

ASP.NET can createboth client-side andserver-sidevalidation

Client-side

validation ± Dependent on browser

version ± Instant feedback ± Reduces postback cycles

Server-side

validation ± Repeats all client-side

validation ± Can validate against stored

data

Valid?

Valid?

User Enters

Data

No

No

Yes

Yes

Error

Message

Client

Server

Web Application

Processed



ASP.NET Validation Controls

ASP.NET provides validation controls to:

Compare values

Compare to a custom formula Compare to a range

Compare to a regular expression pattern

Require user input

Summarize the validation controls on a page



Lesson: Using Validation Controls Adding Validation Controls to a Web

Form

Positioning Validation Controls on a

Web Form Combining Validation Controls

Input Validation Controls



Adding Validation Controls to a Web

Form1. Add a validation control2. Select the input control to validate

3. Set validation properties

<asp:Type_of_Validator id="Validator_id "runat="server"

ControlToValidate="txtName"ErrorMessage="Message_for_error_summary "Display="static|dynamic|none"Text="Text_to_display_by_input_control">

</asp:Type_of_Validator>

<asp:TextBox id="txtName" runat="server" />

11

22

33



Positioning Validation Controls on a

Web Form Create error

messages Select display

mode ±

Static

± Dynamic



Combining Validation Controls

Can have multiple validation controls on a single input control

Only the RequiredFieldValidator checks empty controls



Input Validation Controls

RequiredFieldValidator ± InitialValue

CompareValidator ± ValueToCompare or ControlToCompare ± Type ± Operator

RangeValidator ± MinimumValue

± MaximumValue ± Type



Lesson: Page Validation

Using the Page.IsValid Property

Using the ValidationSummary Control

Demonstration: Using the Page.IsValid

Property and the ValidationSummary

Control



Using the Page.IsValid Property

Polls all validation controls

private void cmdSubmit_Click(object s, System.EventArgs e)

{ if (Page.IsValid)

{ Message.Text = "Page is Valid!";

// Perform database updates or other logic here

}

}



Using the ValidationSummary Control

Collects error messages from all validation

controls on the page

Can display text and error messages Use Text="*" to indicate the location of the

error

<asp:ValidationSummary id="valSummary"runat="server"HeaderText="These errors were found:"ShowSummary="True" DisplayMode="List"/>





Managing State



Overview

State Management

Application and Session Variables



Lesson: State Management

What is State Management?

Types of State Management

Server-Side State Management

Client-Side State Management

The Global.asax File



What is State Management?

First Name

Last Name

Please enter yourlogon information:

John

Submit

Chen

Web Server

Login.aspx Login.aspx

Web Server

Hello John Chen

Greetings.aspx

Please enter yourlogon information:

John

Submit

Chen

Hello

Greetings.aspx

I forget who you

are!!

First Name

Last Name

Without StateManagement

With StateManagement



Types of State Management

Server Server--Side StateSide StateManagementManagement

ClientClient--Side StateSide StateManagementManagement

Application state

Information is available to allusers of a Web application

Cookies

Text file stores information tomaintain state

Session state

Information is available only to auser of a specific session

The ViewState property

Retains values between multiplerequests for the same page



Server-Side State Management

Application state is a global storage mechanismaccessible from all pages in the Web application

Session state is limited to the current browser

session

± Values are preserved through the use of application and

session variables

± Scalability

ASP.NET session is identified by the SessionID string

Web Server Client Computer

Application and Session

variables

SessionI

D



Client-Side State Management

Uses cookies to maintain state ± Persistent cookies

± Temporary/ Non-persistent cookies

Less reliable than server-side state management options

± User can delete cookies

Less secure than server-side state management options

Limited amount of information

± Client-side restrictions on file sizes

Web Server Client Computer

Cookies



The Global.asax File

Only one Global.asax file per Web application

Stored in the virtual root of the Web

application Used to handle application and session events

The Global.asax file is optional



The Global.asax File (continued )

ASP.NET Web Server

Client

ASP.NET HTTP Runtime

IIS

Application_BeginRequest

Application_AuthenticateRequest

Application_AuthorizeRequest

Application_ResolveRequestCache

Application_AquireRequestState

Application_PreRequestHandlerExecute

Application_EndRequest

Application_UpdateRequestCache

Application_ReleaseRequestState

Application_PostRequestHandlerExecute

Page execution

Request Response



Lesson: Application and Session

Variables Initializing Application and Session

Variables

Using Application and Session Variables

Demonstration: Using Session Variables

Application and Session Variable Duration

Scalable Storage of Application and

Session Variables Saving Application and Session Variables

in a Database



Initializing Application and Session Variables

Variables are initialized in Global.asax ± The Application object shares information

among all users of a Web application

±

The Session object stores information for aparticular user session

protected void Application_Start(Object sender,EventArgs e){Application["NumberofVisitors"] = 0;

}



Using Application and Session

Variables Set session and application variables

Read session and application variables

Session["BackColor"] = "blue";Application.Lock();Application["NumberOfVisitors"] =

(int)Application["NumberOfVisitors"] + 1;

Application.UnLock();

strBgColor = (string)Session["BackColor"];lblNbVisitor.Text = Application["NumberOfVisitors"].ToString();



Application and Session Variable

Duration

Session variables have a set duration afterlast access ± Default is 20 minutes

Session duration can be changed in

Web.config:

Application variables persist until theApplication_End event is fired

<configuration><system.web>

<sessionState timeout="10" /></system.web>

</configuration>



Scalable Storage of Application and

Session Variables

By default, the session state is managed in process Disadvantage of in process storage:

± Not Scalable ASP.NET provides out of process storage of session state

± State can be stored in a SQ L Server database or a stateserver

Advantages of out of process storage: ± Scalable

SQL

Session and Application

variables

Client

Web

farm

Session and Application

variables

-Or-

State

server



Securing aMicrosoftASP.NET Web

Application



Overview

Web Application Security Overview

Working with membership Security.



Lesson: Web Application Security

Overview

Authentication vs. Authorization

What Are ASP.NET Authentication Methods?

Multimedia: ASP.NET Authentication Methods Comparing the ASP.NET Authentication Methods

What Are the IIS Authentication Mechanisms?

Demonstration: Using IIS Authentication

Mechanisms

What Is Secure Sockets Layer?



Authentication vs. Authorization

Authentication

± Accepts credentials from a user

± Validates the credentials

Authorization ± Given the authentication credentials supplied,

determines the right to access a resource

± Can be assigned by user name or by role



What Is Secure Sockets Layer?

SSL is a protocol used for transmitting datasecurely across a network. SSL secures datathrough:

± Data encryption -Ensures that the data sent is read only by a secure target

server

± Server authentication -Ensures that data is sent to the correct server

-Uses the server and client certificates

± Data integrity -Protects the integrity of the data -Includes a message authentication code that detects whether

a message is altered

Uses Hypertext Transfer Protocol Secure to retrieve an ASP.NET Webpage



Reading User Information

After authentication, the Web server can read

the user identity

lblAuthUser.Text = User.Identity.Name;lblAuthType.Text = User.Identity.AuthenticationType;lblIsAuth.Text = User.Identity.IsAuthenticated;



Overview of Forms-Based Authentication

Client requests page

Authorized

ASP.NET FormsAuthentication

NotAuthenticated

Authenticated

Logon Page(Users entertheir credentials)

Authenticated

Authentication

Cookie

Authorized

NotAuthenticated

Access Denied

RequestedSecure Page

IIS

Username

Password

Someone

***********

Submit

11 22

33

4466

55

77



Accessing Relational Data

UsingMicrosoft .NET



Overview

Overview of ADO.NET

Creating a Connection to a Database

Displaying a DataSet in a List-Bound Control



Lesson: Overview of ADO.NET

What is ADO.NET?

Using Namespaces

The ADO.NET Object Model What is a DataSet?

Accessing Data with ADO.NET

Practice: Identifying ADO.NET Components



ADO.NET provides a set of classes for working withdata. ADO.NET provides:

An evolutionary, more flexible successor to ADO

A system designed for disconnected environments A programming model with advanced XML support

A set of classes, interfaces, structures, andenumerations that manage data access from within

the .NET Framework

What is ADO.NET?



Using Namespaces

Use the Imports or using statement toimport namespaces

Namespaces used with ADO.NETinclude: ±

System.Data ± System.Data.SqlClient ± System.Data.OleDb

using System.Data;using System.Data.SqlClient;



DataSet

SQL Server .NET

Data Provider

OLE DB .NET

Data Provider

SQL Server 7.0

(and later)

OLEDB sources

(SQL Server 6.5)

OleDbConnection

OleDbDataAdapter

SqlDataAdapter

SqlConnection

DataTableDataTable

The ADO.NET Object Model



SQL Server 2000

DataSet

DataTable

DataTable

Physical storage

OleDb Database

SqlDataAdapter

SqlConnection

DataTable

Web server memory

OleDbDataAdapter

OleDbConnection

What is a Dataset?



Accessing Data with ADO.NET

DatabaseDatabase

4. Return the DataSet to the Client

5. Client manipulates the data

2. Create the SqlConnection and SqlDataAdapter objects

Fill the DataSet from the

DataAdapter and close the

connectionSqlDataAdapte

r

SqlConnection

List-Bound

Control

1. Client makes request11

22

33

44

55

6. Update the DataSet

7. Use the SqlDataAdapter to

open the SqlConnection,

update the database, and

close the connection

66

77

Client

Web

server

DataSet



The DataAdapter Object Model

sp_SELECT

Command

SelectCommand UpdateCommand InsertCommand DeleteCommand

DataAdapter

Command Command Command

Connection

sp_UPDATE sp_INSERT sp_DELETE

Database

DataSet

DataReader



What are List-Bound Controls?

Controls that connect to a data source and displaythe data

List-bound controls include the following:

DropDownList

ListBox

CheckBoxList

RadioButtonList

DataGrid

DataList

Repeater



Multimedia: The ADO.NET Object

Model



Creating the Connection

Using SqlConnection

Setting connection string parameters ± Connection timeout

± Data source

± Initial catalog

± Integrated security

Password

Persist security info

Provider

User ID

string strConn = "data source=localhost; " +

"initial catalog=northwind; integrated security=true";

SqlConnection conn = new SqlConnection(strConn);

IP Final Review

Documents