SynapseIndia DOTNET

Development Platform Overview

Outline

• What is .NET? - Microsoft’s Strategy• Under the Hood• Security & Managed Code• ASP.NET• Cross-Language Debugging• Zero-Footprint Desktop Deployment

Vis

ual

Stu

dio

Vis

ual

Stu

dio

Windows Server, Enterprise ServersWindows Server, Enterprise Servers

Passport, Alerts, .NET My ServicesPassport, Alerts, .NET My Services

Windows XP, Windows CE, Pocket PC, OfficeWindows XP, Windows CE, Pocket PC, Office

What is .NET?A comprehensive XML Web Services platform

Under the HoodCommon Language RuntimeCommon Language Runtime (CLR) (CLR)

The execution environment for IL. Provides security, garbage The execution environment for IL. Provides security, garbage collection, exception handling, inheritance and support for collection, exception handling, inheritance and support for Base Class Libraries. Comparable to JVM.Base Class Libraries. Comparable to JVM.

Common Language SpecificationCommon Language Specification (CLS) (CLS)A subset of the Common Type Specification which all language A subset of the Common Type Specification which all language

compilers targeting CLR must adhere to.compilers targeting CLR must adhere to.

Intermediate LanguageIntermediate Language (IL) (IL)Compilers generate “platform” independent IL which the JIT Compilers generate “platform” independent IL which the JIT

will compile for execution by the CLR. For equivalent will compile for execution by the CLR. For equivalent functionality, the IL should be exactly the same for different functionality, the IL should be exactly the same for different languages! Performance is same.languages! Performance is same.

Language NeutralityCLR doesn’t know what language it is running. There

are more than 25 languages for .NET, including COBOL, PERL, Eiffel and Java!

CLS objects are cross-language. A VB.NET class can be created as an object in PERL and then passed to a COBOL method!

Java is language specific and platform neutral. .NET is language neutral, but platform specific.

.NET Base Classes

Object Oriented

Over 4,500 classes provide most of the features that most applications ever need.

Much of the implementation of data is XML inside (ADO.NET)

.NET support for Web Services leads industry.

.NET Assembly - The New .DLL

Combines MSIL with metadata for code management.

Strong Typing allows side-by-side, concurrent execution of different versions of the same assembly! Determination of which version to run can be made through application settings or by administrators of the machine.

Global Assembly Cache (GAC) allows commonly shared assemblies to be pre-compiled and stored in one place.

No Registry Required! “DLL Hell” is gone.

Security & Managed CodeManaged Code is type-safe and has execution

boundaries, called Domains.

Application Domains can execute in the same process.

Unmanaged code in an Assembly is identified by metadata, letting the CLR treat it differently.

Policies at the Enterprise, Machine, User and Application levels define permissible actions for execution, and configuration settings.

Role-Based SecurityProgrammers can use role-based security to control access to

methods or properties at run-time.

Isolate security from code logic by applying attributes defined in System.Security or EnterpriseServices

System.Security is feature-rich, but is limited to Windows user groups.

EnterpriseServices uses COM+ roles for more flexibility but classes must inherit from EnterpriseServices

You can implement your own security provider for databases, LDAP, …

Example: Security Using Attributesusing System.Security.Permissions;public class Car{

[PrincipalPermission(SecurityAction.Demand,Role=“Parent")]public long StartEngine(){...}

[PrincipalPermission(SecurityAction.Demand,Role=“Parent")][PrincipalPermission(SecurityAction.Demand,Role=“Child")]public long OpenDoor(){...}

}

Evidence-Based SecurityEvidence is the characteristics of the code such as its

directory or digital signature.

Code Groups are logical groupings of code with evidence that satisfies certain conditions like <Directory=“c:\winnt\”> or <URL=“UseDotNet.com”>.

Named Permission Sets define the permissions applied to Code Groups.

Application Domain Hosts such as browsers or the shell can enforce more restrictive permissions and, if trusted, provide evidence about the hosted assembly to the CLR.

Evidence-Based SecurityEffective PermissionsEffective Permissions are determined by calculating the are determined by calculating the intersectionintersection

of Named Permissions granted at each Policy Level.of Named Permissions granted at each Policy Level.

Each Policy Level grants permissions based on the Each Policy Level grants permissions based on the unionunion of Named of Named Permissions for all matching Code Groups defined at that level. Permissions for all matching Code Groups defined at that level. AttributesAttributes can be applied to Code Groups in each policy level to can be applied to Code Groups in each policy level to modify the default determination.modify the default determination.

The effect is for least restrictive permissions within a Policy Level The effect is for least restrictive permissions within a Policy Level (unless “nothing” is specified) but most restrictive permissions (unless “nothing” is specified) but most restrictive permissions when Policy Levels are combined.when Policy Levels are combined.

Enterprise, Machine, User and Application policies are adhered to Enterprise, Machine, User and Application policies are adhered to but defined independently.but defined independently.