Pre-Assessment Questions: Configuring and Securing Web Applications

Configuring and Securing Web Applications
Pre-Assessment Questions
1. To implement fragment caching the page should contain________.
a. Applet
b. Custom Web server control
c. User control
d. HTML Web server control
©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 1 of 34

Pre-Assessment Questions (Contd.)

2. In Unicode every character is represented using:
a. 32 bits
b. 8 bits
c. 16 bits
d. 7 bits
3. The Duration attribute of @ OutputCache directive is used to specify:

a. Time after which a file will be cached
b. Time before which a file will not be cached
c. Time for which a cache can be accessed
d. Time after which cache will expires

Pre-Assessment Questions (Contd.)

4. _______ utility is used to generate resource file.
a. ResGen.exe
b. ResGenerator.exe
c. ResGen.dll
d. ResGen.msi
5. Process of ensuring that an application is ready for localization is called

_______.
a. Localization
b. Globalization
c. Localizability
d. Internationalization

Solutions to Pre–Assessment
Questions
1. d. HTML Web server control
2. a. 32 bits
3. c. Time for which a cache can be accessed
4. a. ResGen.exe
5. c. Localizability

Objectives
In this lesson, you will learn to:
• Configure ASP.NET Web application

• Add and retrieve custom configuration information from the Web.config
file
• Configure IIS for implementing security
• Configure ASP.NET Web applications for authentication
• Configure ASP.NET Web applications for authorization
• Configure ASP.NET Web applications for impersonation

Configuring ASP.NET Web Applications

• Deploying an application includes installing and configuring a Web application
on IIS.
• ASP.NET provides a rich and flexible configuration system for Web applications.
• The configuration information for ASP.NET applications is defined and
contained in the configuration file named web.config.
• Configuration files enable to set and access configuration settings in a
convenient manner without the need for writing scripts for configuration
settings and embedding values into the code.
• Administrators can easily customize configuration-setting values after the
deployment of the Web application on the application Web server.

Configuring ASP.NET Web Applications

(Contd.)
• The ASP.NET configuration system provides the following features that help in
deploying a Web application efficiently:
• Configuration information is stored in XML.
• The default location of the configuration file is the application’s root
directory.
• The system is highly flexible and allows developers to store customized
configuration settings in the configuration system.
• When a configuration setting is changed in the web.config file, ASP.NET
automatically detects it and applies the changes in the Web application.

Hierarchical Configuration System

• The two types of configuration files supported by ASP.NET are as follows :
• machine.config
• web.config

Structure of a Configuration File

• A web.config file:
• Contains standard XML document elements
• Can be viewed as an application in the Solution Explorer window
• The following figure displays the web.config file in the Solution Explorer
Window:


(Contd.)
• All the elements are encapsulated within the root <configuration> element.
• The basic structure of a configuration file is as follows:
<configuration> <configSections>
<section name="(sectionName)" type="(Class)"/>
more section declarations, if any
<sectionGroup name="(sectionGroup)">
<section name="(sectionName) type="(Class)"/>
more section declarations, if any
</sectionGroup> more section declarations, if any
</configSections> <system.web>
<(sectionName) attribute="(value)"/> more sections, if any
<(sectionGroup)>
<(sectionName) attribute="(Value)"/> more sections, if any
</(sectionGroup)> </system.web> </configuration>

(Contd.)
• The three types of elements included within the root <configuration>
element are as follows:
• Configuration section handler declarations

• Configuration section groups
• Configuration section settings

Configuration Sections
• The configuration sections control and manage the behavior of a Web
application.
• The various configuration sections available in ASP.NET are as follows:
• <configSections> Element
• <appSettings> Element
• <customErrors> Element
• <trace> Element
• <compilation> Element
• <browserCaps> Element
• <globalization> Element
• <httpHandlers> Element
• <location> Element
• <processModel> Element

Adding and Retrieving Custom

Configuration Information
• The two methods to store custom configuration in the configuration file are as
follows:
• Key/Value pair method
• A key/value pair is added to the <appsettings> section.
• Custom section method
• A custom configuration section is added to the configuration file.


Configuration Information (Contd.)
• Custom section method:
• Enables to store a set of interrelated values.
• Helps to organize the custom information stored in the configuration
file. A custom section handler is defined within the
<configSections> tag for the custom section that is added.


• The following code snippet shows how a custom handler and a custom section is
added to the configuration file:
<configuration> <configSections>
<sectionGroup name="myConfigSettings.group">
<section name="tableSettings“
type="System.Configuration.NameValueFileSectionHandler, System"/>
</sectionGroup> </configSections>
<myConfigSettings.group>
<tableSettings>
<add key="tableBackgroundColor“ value="Aqua“ />
<add key="tableBorder“ value="2“ />
</tableSettings>
</myConfigSettings.group>
</configuration>

• Retrieving Custom Configuration Information
• The retrieval method used depends on the method used to store the custom
information in the configuration file.
• The two different methods to retrieve configuration information are as
follows:
• ConfigurationSettings.AppSettings method
• ConfigurationSettings.GetConfig method

Securing ASP.NET Web Applications

• Web applications:
• Are prone to security breaches.
• Can be secured by using the various security mechanisms in ASP.NET as
follows:
• Authentication
• Authorization
• Impersonation


(Contd.)
• Authentication
• Is the process of validating the identity of the user before granting access
to a restricted resource.
• Authorization
• Is the process of verifying if the authenticated user has permission for
accessing the requested resource.
• Impersonation
• Is the process of assuming the identity of the user while requesting for a
resource.


(Contd.)
• ASP.NET addresses the security needs of Web applications by using:
• Microsoft .NET Framework security

• Internet Information Service (IIS)

Microsoft .NET Framework security

• Microsoft .NET Framework:
• Has a built-in security system that enables administrators to make
decisions about what a specified code is allowed to do.
• Provides tools that an administrator can use to set the enterprise-wide
policy, the machine‑wide policy, the per-user policy, and the application
domain-level security policy.

Microsoft .NET Framework security

(Contd.)
• Security policy is a set of rules that map a security requirement to a set of
permissions.
• Some actions defined by the security policy are as follows:
• Which code is granted or denied permissions to run
• What the code is allowed to do
• What the users are permitted to do
• What resources the code can access

Configuring IIS for Implementing

Security
• IIS provides a Microsoft Management Console (MMC)-based interface, called
Internet Services Manager, to manage Web sites that are deployed on IIS.
• By using Internet Services Manager, you can configure the following
authentication mechanisms in a Web application:
• Anonymous
• Basic
• Digest
• Integrated Windows

Configuring an ASP.NET Application

for Security
• The web.config file provides various sections for implementing security.
• Some of the common tags used to configure security are as follows:
• <Authentication>
• <Authorization>
• <Impersonation>


for Security (Contd.)
• Configuring an ASP.NET Web Application for Authentication
• <Authentication> specifies the method used by an application to
authenticate a user requesting access to a restricted resource.
• <Authentication> uses the MODE attribute to specify the
authentication type to be used.
• Various options available with the MODE attribute are:
• Windows
• Forms
• Passport
• None


• Overview of Authorization:
• The <Authorization> verifies if the authenticated user has the
privilege to access the requested resource.
• ASP.NET provides the following two mechanisms to authorize a user:
• File Authorization
• URL Authorization


• Configuring an ASP.NET Web application for Impersonation:
• The <Impersonation> decides whether the user requests should be
executed under a user account or a local system process account that
ASP.NET uses for anonymous requests.
• When impersonation is enabled, IIS uses the client token to
impersonate the client to access resources.


• Configuring an ASP.NET Web Application for Authorization
• The <authorization> element is specified in the web.config file.
• The <authorization> element includes two child elements:
• <allow>
• <deny>

Implementing Form Authentication

• Problem Statement
• Create a Web application, which uses Form authentication. The

application will have a login page with two text boxes for
entering username and password. To login, the user is required
to enter the username and password in the respective
textboxes and click the Login button. The user credentials
should be verified with the entries made in the Web.config file.
If the user passes the authentication, a message should appear
on the form to welcome the user, else a message should be
displayed to the user indicating, that the authentication
process has failed. If the authentication is successful, the
Logout button should be displayed. The user should be able to
click the Logout button to logout.

Implementing Form Authentication

(Contd.)
• Solution
1. Create an ASP.NET Web application.

2. Design a Login form.
3. Configure the application for authentication.
4. Write codes for performing authentication and signing off.
5. Run the program.

Summary
• In this lesson, you learned that:
• The configuration information for ASP.NET applications is defined and
contained in the configuration file named web.config.
• ASP.NET supports two types of configuration files:
• machine.config
• web.config
• Any configuration setting defined in configuration file lower in the
hierarchy will override the setting defined in a file higher in the order.
• All the elements in a web.config file are encapsulated within the root
<configuration> element.
• There are three types of elements included within the root
<configuration> element:
• Configuration section handler declarations
• Configuration section groups
• Configuration section settings
Summary (Contd.)
• The various configuration sections available in ASP.NET are as follows:
• <configSections> Element
• <appSettings> Element
• <customErrors> Element
• <trace> Element
• <compilation> Element
• <browserCaps> Element
• <globalization> Element
• <httpHandlers> Element
• <location> Element
• <processModel> Element

Summary (Contd.)
• There are two methods to store custom configuration in the configuration
file. The methods are:
• Key/Value pair method
• Custom section method
• There are two different methods to retrieve configuration information:
• ConfigurationSettings.AppSettings method
• ConfigurationSettings.GetConfig method
• The three fundamental security mechanism in ASP.NET:
• Authentication
• Authorization
• Impersonation
• ASP.NET addresses the security needs of Web applications by using:
• Microsoft .NET Framework security
• Internet Information Service (IIS)

Summary (Contd.)
• Authentication mechanisms available with IIS are:
• Anonymous
• Basic
• Digest
• Integrated Windows
• The <authentication> tag is used to configure the authentication
mechanism of a Web application
• The mode attribute is used to specify the authentication mechanism to
be implemented
• The mode attribute can have the following values:
• Windows
• Forms
• Passport
• None

Summary (Contd.)
• ASP.NET provides the following two mechanism to authorization an user:
• File Authorization
• URL Authorization
• The <authorization> tag is used to implement authorization in a Web
application.
• The <authorization> tag includes two child elements:
• <allow> tag
• <deny> tag
• When impersonation is enabled, IIS uses the client token to impersonate the
client to access resources.

Pre-Assessment Questions: Configuring and Securing Web Applications

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Pre-Assessment Questions: Configuring and Securing Web Applications

Загружено:

Авторское право:

Доступные форматы

Configuring and Securing Web Applications

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 1 of 34

Pre-Assessment Questions (Contd.)

3. The Duration attribute of @ OutputCache directive is used to specify:

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 2 of 34

Pre-Assessment Questions (Contd.)

5. Process of ensuring that an application is ready for localization is called

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 3 of 34

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 4 of 34

• Configure ASP.NET Web application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 5 of 34

Configuring ASP.NET Web Applications

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 6 of 34

Configuring ASP.NET Web Applications

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 7 of 34

Hierarchical Configuration System

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 8 of 34

Structure of a Configuration File

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 9 of 34

Structure of a Configuration File

Structure of a Configuration File

• Configuration section handler declarations

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 11 of 34

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 12 of 34

Adding and Retrieving Custom

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 13 of 34

Adding and Retrieving Custom

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 14 of 34

Adding and Retrieving Custom

Adding and Retrieving Custom

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 16 of 34

Securing ASP.NET Web Applications

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 17 of 34

Securing ASP.NET Web Applications

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 18 of 34

Securing ASP.NET Web Applications

• Microsoft .NET Framework security

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 19 of 34

Microsoft .NET Framework security

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 20 of 34

Microsoft .NET Framework security

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 21 of 34

Configuring IIS for Implementing

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 22 of 34

Configuring an ASP.NET Application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 23 of 34

Configuring an ASP.NET Application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 24 of 34

Configuring an ASP.NET Application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 25 of 34

Configuring an ASP.NET Application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 26 of 34

Configuring an ASP.NET Application

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 27 of 34

Implementing Form Authentication

• Create a Web application, which uses Form authentication. The

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 28 of 34

Implementing Form Authentication

1. Create an ASP.NET Web application.

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 29 of 34

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 31 of 34

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 32 of 34

©NIIT Developing Web Applications Using ASP.NET Lesson 5A / Slide 33 of 34