Webmaster''''s Guide to the Wireless Internet part 46 potx

In partic-ular we have introduced you to how ASP.NET works and how you can use the Microsoft Mobile Internet Toolkit and ADO.NET to develop compelling mobile applications.. Using the arc

Dim childrow As DataRow Dim row As DataRow

' -add a relation to the dataset -ds.Relations.Add(TitleToAuthor)

For Each row In ds.Tables("titles_table").Rows titleToAdd = row("title") & " by "

count = 0 For Each childrow In row.GetChildRows("TtoA") count += 1

if count>1 then titleToAdd += ", "

end if titleToAdd += childrow("au_fname") & " " & childrow("au_lname")

Next titles.items.Add (titleToAdd) Next

When viewed using the Pocket PC emulator, you should see the screen shown in Figure 9.53

Figure 9.53Using the Dataset Object

This chapter has covered quite a lot of ground for developers wishing to utilize the Microsoft NET Framework for mobile application development In partic-ular we have introduced you to how ASP.NET works and how you can use the Microsoft Mobile Internet Toolkit and ADO.NET to develop compelling mobile applications

The current version of the Mobile Internet Toolkit is Beta 2 Since the NET Mobile Architecture is an extension of the ASP.NET Web Forms, developing mobile applications is very similar to developing Web applications In the early part of this chapter, we have seen how ASP.NET addresses the problem of HTTP statelessness using HTML and Web Server Controls Using the architecture in ASP.NET, the Mobile Internet Toolkit allows developers to write mobile applica-tions using the mobile controls, and during runtime it automatically will generate the appropriate codes for the mobile devices

The set of mobile controls the Mobile Internet Toolkit provides offers a rich set of functionalities for mobile developers.The nicest feature is that the runtime frees the developer from the arduous tasks of customizing the application for the myriad devices available in the market

In these days, any application that is of any use makes use of databases

Developing mobile applications is no different In the last section of this chapter,

we cover data access using ADO.NET ADO.NET is part of the NET framework and is an evolution (rather than revolution) of ADO

Solutions Fast Track

Overview of the NET Mobile Architecture

 The Mobile Internet Toolkit is built on the Microsoft ASP.NET Web Forms and supports languages like VB NET, C#, and JScript.NET It is

an extension to the ASP.NET model

 The toolkit includes a set of Mobile Controls that is executed by the Mobile Internet Controls runtime during the execution phase

 The key feature of the runtime is its ability to recognize the different types of devices accessing the forms and to generate dynamically the codes that the device can understand

 The current release of the Microsoft Mobile Internet Toolkit is Beta 2 Before installing the Microsoft Mobile Internet Toolkit, you must first install the NET framework SDK

Introduction to ASP.NET

 Current ASP technology contains a mixture of HTML and scripting codes and does not provide a clean separation of display from content, which often results in bugs and difficulties

 HTTP is a stateless protocol Preserving state in ASP requires substantial effort by the developer

 In ASP.NET, normal HTML elements are converted to HTML Server controls so that they can be programmed on the server Besides the HTML Server controls, ASP.NET provides a different set of server controls known as ASP.NET server controls

 A Web Form in ASP.NET contains two components: Code and Content

 The Content component of a Web Form can contain Web Form Server controls.Web Form Server controls contain the HTML Server control, ASP.NET Server control,Validation controls, and User controls

 One important difference between ASP.NET and ASP is that ASP.NET applications are parsed and compiled once and then cached, so that subsequent requests do not go through the same time-consuming steps

Developing Mobile Web Forms

 During runtime when the form is requested, the NET runtime automatically will detect the type of devices (our examples use Pocket

PC, IE 5.5 and UP.SDK) requesting that page, and will perform a dynamic generation of the target markup languages Unlike WAP applications developed using WML and ASP, the same ASP.NET application can be displayed on different devices, with no effort on your part for customization

 In ASP.NET pages, there can be only a single form; however, you can have multiple mobile forms in a Mobile Web form.To link the two

forms, you use the <Mobile:Link> control.The navigateURL attribute

contains the ID of the form to link to

 Linking to forms on another page is not so straightforward.The form in the first page links to the second page by specifying the filename in the

navigateURL attribute Subsequent steps involve adding another parameter called Form, retrieving its value using the Request.QueryString collection, verifying the form ID in that value, and using the ActiveForm

property to set and return the active page

 The Microsoft Mobile Internet Toolkit supports user input controls TextBox, Command, and List

 To input text into a Mobile Web Form, use the <Mobile:TextBox>

control.To display a command button so that an action can be

performed, use the <Mobile:Command> control.To display lists of items either as a static list or interactive selection, use the <Mobile:List>

control.You can also dynamically bind a list of items using the

ArrayListclass

 To display images, you can use the <Mobile:Image> control Because

various mobile devices display images of differing format, use the

<DeviceSpecific> control (within which are the <Choice> elements) to

send the correct image type to the right device

 Validation controls available in the Microsoft Mobile Internet Toolkit SDK include CompareValidator, CustomValidator, RangeValidator, RegularExpressionValidator, RequiredFieldValidator, and

ValidationSummary

 Other features of the Mobile API are its records paging capability, using

the Paginate attribute, and also its Calendar control for date selection.

Accessing Data with ADO.NET

 Developers are familiar with using the ActiveX Data Objects (ADO) for accessing databases through OLE DB and ODBC ADO.NET was evolved to support the need for remote data access

 In ADO, communication with the data source is through the OLE DB providers In ADO.NET, the communication is through Data providers

ADO.NET contains two data providers—SQL Data providers and OLEDB Data providers

 It is possible to use OLEDB Data provider even if you are using SQL server

 ADO.NET provides the DataReader for retrieving records as a read-only, forward-only stream returned from the database for display on the client side.The DataReader stores only a single record in memory at any one time to prevent storing a huge number of records in memory

 The more powerful Dataset object is used to access different tables in the database.The requested data can be retrieved, saved, and printed with the use of Tables collections

Q:What are the main differences between Beta 1 and Beta 2 of the Microsoft Mobile Internet Toolkit?

A:Besides the name change, you can now develop mobile application using Visual Studio.NET Also, more devices are supported in Beta 2 For more information about the changes from Beta 1 to Beta 2, refer to the documen-tation that comes with the Toolkit

Q:I am developing WAP applications using the Mobile Internet Toolkit Do my users still need a WAP gateway?

A:Yes, the Mobile Internet Toolkit simply provides an easier way to develop mobile applications that runs on multiple devices.Your user still needs to use

a WAP gateway to access your application

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts To have your questions about this chapter answered by the author, browse to

www.syngress.com/solutions and click on the “Ask the Author” form.

Q:Do I need to know VB to build for mobile.NET?

A:Since the Mobile Internet Toolkit is based on ASP.NET Web forms, you can use any of the languages supported by ASP.NET; that is,Visual Basic NET, C#, or JScript.NET

Q:Do I need to know XML to build for mobile.NET?

A:No.You need not learn XML or other languages like WML since the Mobile Controls runtime automatically will generate the appropriate codes for the target device

Securing Your Wireless Web

Solutions in this chapter:

■ Comparing Internet and Wireless Security

■ Security Challenges of the Wireless Web

■ Security Models of the Wireless Web

■ WTLS and Point-to-Point Security Models

■ PKI Technology and End-to-End Security Models

■ The Future of Security on the Wireless Web

; Summary

; Solutions Fast Track

; Frequently Asked Questions

Chapter 10

429

Today’s wireless landscape is highly fragmented and lacks a standard security solu-tion As a wireless Webmaster, you must choose from three methods of securing the information under your care: the first is to ensure that information has a low security requirement, which is compatible with the currently deployed security model; (2) severely limit access to devices and networks by implementing a

custom high-security solution; (3) wait for newer third generation (3G) devices and networks that will support end-to-end Secure Sockets Layer (SSL) protection The most important weapon in your arsenal is SSL Using SSL to limit access

to Web Servers and applications is the best short-term solution, but this does nothing to fix potential security flaws in the Wireless Application Protocol (WAP) Implementing a Public Key Infrastructure (PKI) will result in the highest level of security, but PKI security limits the devices that can be used and poses deployment challenges, particularly for phones If you require a level of security higher than that required by e-mail, deploying a PKI on Personal Digital

Assistants (PDAs) or standardizing on devices that support end-to-end SSL are the best options

The applications driving the wireless Web provide access to time-critical infor-mation and transactions using mobile devices such as WAP phones, 2-way pagers, and wireless PDAs An investor might receive a wireless message informing him or her of a merger or stock split, or that a stock has reached a given price He or she might wish to browse immediately to a brokerage account and place a trade using

a wireless phone or PDA A traveling credit card holder might be notified that their credit card has reached its balance He or she may then browse to his or her bank account and place an electronic payment, or access another credit card com-pany’s wireless application to transfer the balance A consumer may receive a mes-sage reminding him or her of a relative’s birthday and wish to place an order to have flowers delivered An avid user of eBay could be notified that a coveted item

is about to be sold, and place a last-second bid from a wireless phone or two-way pager In all of these situations, time is critical, money is involved, and the

infor-mation or the transaction absolutely must be secure.

Security for both the conventional and wireless Webs involves client tions or devices, physical networks, transport protocols, and server-based applica-tions (see Figure 10.1) Security technology involves privacy, data integrity, and authentication.There are various security technologies in the wireless Web; putting all the pieces together is a challenge not only for the wireless Webmaster but for the wireless and security industries as well Secure wireless applications

must interoperate with existing security standards and technologies while seam-lessly incorporating new wireless security technologies as they become available

This chapter explores the major technologies and debates in wireless security, and gives practical advice for securing your wireless Web setup.The best place to start

is with a comparison of Web and wireless technologies.Wireless security imple-mentations fall in two categories: point-to-point security models and end-to-end security models Understanding the pros and cons of both models will prepare you to design a secure wireless Web presence.This chapter introduces the major issues and challenges of wireless Web security and discusses the two general secu-rity models that are in use today, as well as covering the specific ways those models attempt to overcome security challenges

Comparing Internet and Wireless Security

The Internet security landscape is far from simple, and adding wireless into the mix hardly makes things easier.Wireless security involves several interconnected components that are often in different locations, for example: a private corporate network, the public Internet, and a Wireless Application Service Provider

(WASP).Wireless Web security introduces new technologies while using existing major security technologies that are used on the Web and in Internet-accessed corporate applications.This means that a number of different protocols, connec-tion mechanisms, and networks—each with its own security technologies and features—have to come together to provide security on the wireless Web

The Internet provides a fairly coherent model for applications and security by using ubiquitous standards like Transmission Control Protocol/Internet Protocol (TCP/IP), Hypertext Transfer Protocol (HTTP) and Hypertext Markup

Language (HTML) On the conventional Web there are three major operating systems (Windows, UNIX, and Mac OS), and two major Web browsers (Netscape

Navigator and Microsoft Internet Explorer) On the wireless Web there are many

networks using different standards (Advanced Mobile Phone System [AMPS], Code Division Multiple Access [CDMA],Time Division Multiple Access [TDMA], Global System for Mobile Communication [GSM], Integrated Digital Enhanced Network [iDEN] and so forth) and there are multiple browser proto-cols, including WAP and NTT DoCoMo’s i-mode protocol (which has been widely deployed in Japan), as well as many different browsers Perhaps the best illustration of the disparate standards on the wireless Web is that in contrast to