-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
1/14
Website Security
ASP.NET is compiled to managed code beforeexecuting, so web
pages can utilize the samerole-based features as other .NET
applications.
Web.config can define built-in ASP.NET securityproviders such as
Forms, Windows or setevent handlers for custom providers.
Web.config is an application level security policyfile. Settings
in higher level policy files takeprecedent, so administrators of
shared webservers can breath.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
2/14
Security & Managed Code
Evidence-based security means that there is noguarantee your
code has sufficient permission to
run when the user executes it!
.NET classes are free-threaded.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
3/14
ASP.NET
Programming model can handle client-side events onthe server as
if they happened on the server.
Design-time provides GUI configuration of controlson the page.
Microsoft provides controls that are
fast and scalable for .NET (vs. VS6).
Compiled code means 2-5 times faster execution.
Session State is now fast and scalable.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
4/14
ASP.NET Change Management
Version code just like any other .NET application! Debug Using
Trace! (instead of Response.Write)
Automated Unit Testing!
Deploy Assemblies Without Source Code!
Protect your Intellectual Property! Publish web applications
with simple XCopy!
Goodbye FrontPage Extensions!
Dynamic Code Replacement - Without Rebooting!
Concurrently Run Different Versions of BusinessObjects
Side-By-Side!
Script Builds from Source Control
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
5/14
ASP.NET Cool Features
Output Caching is automatic, but configurable byuser, query,
time or underlying data source AND ateither the page or control
level.
ASP and ASP.NET can run in the same directory butdo not share
state.
Use any .NET language. Use structured exceptionhandling as
implemented in the language.
Debug from web pages down into business objects.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
6/14
Writing XML Web Services
Use the WebService directive in .ASMX pages. Code behinduses the
WebMethod attribute and inherits
fromSystem.Web.Services.WebService.
.NET will use reflection to automatically generate a WSDL anda
simple human-readable testing and documentation page.
Also, you can publish any COM+ object or .NET assembly
byregistering it in COM+ and checking a box. COM+ can use.NET
remoting instead of HTTP for .NET to .NET calls.
SQL and Exchange 2000 both provide XML Web Servicesaccess
methods to their data.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
7/14
Web Services
Imports System.Web.Services
_
Public Class Service1
Inherits System.Web.Services.WebService
Public Function HelloPerson(ByValYourName As String) As
String
HelloPerson = "Hello, " & YourName & "."End Function
End Class
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
8/14
Consuming XML Web Services
All Web Services are late-binding.
Static bindings are Web References. Use them justlike a
referenced assembly. IntelliSense works!
Dynamically bind to services at run-time by usingUDDI and/or
Disco.
If necessary, configure proxy server and credentialsin
machine.config.
Consume .NET Web Services from any platform.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
9/14
Consuming Web Services
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
10/14
ASP.NET Web Form
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
11/14
Web Services
Private Sub Button_Click(ByVal sender AsSystem.Object, ByVal e
As System.EventArgs)
Handles Button.Click
Dim ws As New HelloService.Service1()
Results.Text &= ws.HelloPerson(strName.Text)
& "
"
End Sub
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
12/14
Touchless Desktop Deployment
DEMO
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
13/14
Issues
Only Windows 2000 and XP as servers.Windows 98 or better as
clients. CE support
is in beta and will be a subset.
Transparency of Source CodeMSIL isrelatively easy to reverse
engineer to source
code. Obfuscators and encryption will solve
this in the future.Security of .NET is still questioned based
on
past experience with Microsoft.
-
8/10/2019 SynapseIndia DOTNET Website Security
Development.ppt
14/14
.NET Myths
Myth: Passport is required for authentication in .NET. BizTalkis
required for XML Web Services. Windows CALs arerequired for access
to authenticated IIS applications.
Myth: J# is another Microsoft attempt to corrupt Java.
Myth: The Microsoft .NET Pet Store benchmark provesASP.NET is
15-28 times faster, requires the CPU, thecode and supports 6-8x as
many users as J2EE.
Related Myth: Oracles latest Java Pet Store proves J2EE onOracle
is faster than .NET
Myth: .NET is a huge mental leap for VB developers.
