Useful Articles in ASP.NET

There are number of important settings that can be stored in the configuration file. Here are some of the most frequently used configurations, stored conveniently inside Web.config file..

1. Database connections
2. Session States
3. Error Handling
4. Security

Authentication:- For setting our web application authentication inside tag. There are four different type of authentication “None”, “Windows”, “Forms”, “Passport”.
If you do not require any authentication, then use “None” inside mode.        <authentication mode="None"/> Basically we are using Windows authentication as a default authentication. This authentication is handled by Internet Information Server(IIS). This provider uses IIS to perform the authentication and then passes the authenticated identity to your code.        <authentication mode="Windows"/>

IIS gives you a choice for four different authentication methods: Anonymous, basic, digest, and windows integrated

If user select anonymous authentication, IIS doesn’t perform any authentication on that web application.

If user select basic authentication, users must provide a windows username and password to connect. How ever this information is sent over the network in clear text, which makes basic authentication very much insecure over the internet.

If user select digest authentication, users must still provide a windows user name and password to connect. This information requires that all users be running Internet Explorer 5 or later and that windows account to stored in active directory.

If you select windows integrated authentication, passwords never cross the network. Users must still have a username and password, but the application uses either the Kerberos or challenge/response protocols authenticate the user.

Forms authentication uses web application forms to collect the user credential and on the basis of his credential, it takes action on web application

    <authentication mode="Form">
         <Form name="Form" LoginUrl = “index.aspx”>
    authentication> Passport authentication is provided by the Microsoft. RedirectUrl specifies the page to redirect to if the page requires authentication and the user has not signed on with passport.     <authentication mode="Passport">
        <passport redirectUrl="internal"/>
    authentication>

Passport authentication uses an encryption mechanism to indicate that login user is valid user or not. If user successfully login then it is a valid user otherwise is will be redirected back to your site mentioned in redirectUrl attribute tag.

For using Passport authentication, you first install Passport Software Development Kit (SDK) on your server. The SDK can be found at http://msdn.microdoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.It includes full details of implementing passport authentication in your own applications.

Authorization:- The tag controls client access to web pages resources. This element can be declared at any level (machine, site, application, subdirectory, or page).

   <authorization>
       <allow users="comma-separated list of users"
                roles="comma-separated list of roles"
                verbs="comma-separated list of verbs"/>
      <deny users="comma-separated list of users"
               roles="comma-separated list of roles"
              verbs="comma-separated list of verbs"/>
   authorization>

tag access to a resource based on the following:
users attribute: A comma-separated list of user names that are granted access to the resource. A question mark (?) allows anonymous users; an asterisk (*) allows all users.
roles attribute: A comma-separated list of roles that are granted access to the resource.
verbs attribute: A comma-separated list of HTTP transmission methods that are granted access to the resource. Verbs registered to ASP.NET are GET, HEAD, POST, and DEBUG.

tag access to a resource based on the following:
users: A comma-separated list of user names that are denied access to the resource. A question mark (?) indicates that anonymous users are denied access; an asterisk (*) indicates that all users are denied access.
roles: A comma-separated list of roles that are denied access to the resource.
verbs: A comma-separated list of HTTP transmission methods that are denied access to the resource. Verbs registered to ASP.NET are GET, HEAD, POST, and DEBUG.

CustomErrors:- This tag contain the information about the custom error setting. In case any error is coming to your web application then it is redirected to defaultRedirect Url. For enabling and disabling custom error, we specify value inside mode attribute.

    <customErrors defaultRedirect="url" mode="On|Off|RemoteOnly">
         <error statusCode="statuscode" redirect="url"/>
    customErrors>

“On” indicate then custom error setting is on. In case of error, it will redirected to default url.
“Off” specify that custom error is disable.
“RemoteOnly” specifies that custom errors are shown only to remote clients

Compilation:- Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to false will improve runtime performance of this application. Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files.

<compilation defaultLanguage="c#" debug="true" />

Trace:- It is used for tracing of execution of your web application. There are two level of tracing, individual page level and application Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application root.

For setting for application level trace, we put this code inside web.config file.

    <trace
      enabled="false"
      requestLimit="10"
      pageOutput="false"
      traceMode="SortByTime"
      localOnly="true"
    />

And for page level tracing, we put trace=”true” inside aspx page.

<%@ Page language="c#" Codebehind="EmployDetails.aspx.cs" AutoEventWireup="false" Inherits="Salary.Employ" Trace=”True” %>

Identity:- This tag control the identity of web application. Impersonation is disabled by default. When using impersonation, ASP.NET applications can optionally execute with the identity of the client on whose behalf they are operating

<identity impersonate="true|false" userName="domain\username" password="password"/>
You can programmatically read the identity of the impersonated user, as shown in the following example.
[Visual Basic]
Dim username As String = System.Security.Principal.WindowsIdentity.GetCurrent().Name
[C#]
String username = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

SessionState:- SessionState is used for specify which option you choose for storing the session for your web application. There are four mode option regarding session state.

“Off” Indicates that session state is not enabled.
“InProc” Indicates that session state is stored locally. Web application in this mode run faster as compared to other session state mode. But problem is that if IIS restart then loss of session data take place.
“StateServer” Indicates that session state is stored on a remote server.
“SQLServer” Indicates that session state is stored on the SQL Server. For this you first run the InstallSQLState.sql script on the SQL Server. The advantage of SQL Server session state is that we can share session state among the different processors in the web garden or Web farm. And disadvantage is slow as compared to InProc mode.
“Cookieless = true” specifies that session is without cookieless should used. And false is the reverse of that.
“Timeout” specifies that session is activated for how much time, if not hit is coming within that time periods then session is expired.
“stateConnectionString” require when you specify mode = StateServer.
“sqlConnectionString” attribute store the connection string of database. And we specify mode = SQLServer.
“stateNetworkTimeout” attribute using StateServer mode to store session state, specifies the number of seconds the TCP/IP network connection between the Web server and the state server can be idle before the session is abandoned. The default is 10.

<sessionState mode="Off|InProc|StateServer|SQLServer"
cookieless="true|false"
timeout="number of minutes"
stateConnectionString="tcpip=server:port"
sqlConnectionString="sql connection string"
stateNetworkTimeout="number of seconds"/>

Globilization:- This section sets the globalization settings of the application.

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

appSettings:- The element stores custom application configuration information such as database connection strings, file paths, XML Web service URLs, or any information stored in an application's .ini file. The key/value pairs specified in the element can be accessed in code using the System.Configuration.ConfigurationSettings class.

<appSettings>
<add key="EmailFrom" value="rajshekhar@gmail.com" />
<add key="cssFile" value="CSS/text.css"/>
<add key="jsFilePath" value="JavaScript/MenuFunctions.js"/>
appSettings>

For accessing the value of appSettings is
strEmail = System.Configuration.ConfigurationSettings.AppSettings[“EmailFrom”];

Labels: configration file in asp.net, Web.Config

# posted by CHANDU @ 3:09 AM