Professional ASP.NET 3.5 in C# and Visual Basic Part 67 pdf

This provider enables you to map any Web events that come from the health monitoring system to Windows Man-agement Instrumentation WMI events.. Listing 12-23: The WmiWebEventProvider def

<! Removed for clarity >

</eventMappings>

</healthMonitoring>

</system.web>

</configuration>

In this example, the errors that occur are captured and not only written to the event log, but are also

e-mailed to the end users specified in the provider definition One very interesting point of the Simple-MailWebEventProvideris that this class inherits from theBufferedWebEventProviderinstead of from

theWebEventProvideras theEventLogWebEventProviderdoes Inheriting from the BufferedWebEvent-Providermeans that you can have the health monitoring system build a collection of error notifications before sending them on The<bufferModes>section defines how the buffering works

System.Web.Management.TemplatedMailWebEventProvider

The aforementionedSimpleMailWebEventProviderdoes exactly what its name states — it sends out a

simple, text-based e-mail To send out a more artistically crafted e-mail that contains even more

infor-mation, you can use theTemplatedMailWebEventProvider Just like theSimpleMailWebEventProvider, you simply define the provider appropriately in the<healthMonitoring>section The model for this is presented in Listing 12-19

Listing 12-19: The TemplatedMailWebEventProvider definition

<providers>

<clear />

<add name="EventLogProvider"

type="System.Web.Management.EventLogWebEventProvider,

System.Web,Version=2.0.0.0,Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a" />

<add name="TemplatedMailProvider"

type="System.Web.Management.TemplatedMailWebEventProvider,

System.Web, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a"

template=" /mailtemplates/errornotification.aspx"

from="website@company.com"

to="admin@company.com"

cc="adminLevel2@company.com

bcc="director@company.com"

bodyHeader="Warning!"

bodyFooter="Please investigate ASAP."

subjectPrefix="Action required."

buffer="true"

bufferMode="Website Error Notification"

maxEventLength="4096"

maxMessagesPerNotification="1" />

</providers>

The big difference between this provider declaration and theSimpleMailWebEventProvideris shown in bold in Listing 12-19 TheTemplatedMailWebEventProviderhas atemplateattribute that specifies the

location of the template to use for the e-mail that is created and sent from the health monitoring system

Again, details on using the templated e-mail notification in the health monitoring system appear in

Chapter 33.

System.Web.Management.SqlWebEventProvider

In many instances, you may want to write to disk when you are trapping and recording the Web events

that occur in your application TheEventLogWebEventProvideris an excellent provider because it writes

these Web events to the Windows event log on your behalf However, in some instances, you may want

to write these Web events to disk elsewhere In this case, a good alternative is writing these Web events

to SQL Server instead (or even in addition to the writing to an event log)

Writing to SQL Server gives you some benefits over writing to the Windows event log When your

application is running in a Web farm, you might want all the errors that occur across the farm to be

written to a single location In this case, it makes sense to write all Web events that are trapped

via the health monitoring system to a SQL Server instance to which all the servers in the Web farm

can connect

By default, theSqlWebEventProvider(like the other SQL Server-based providers covered so far in this

chapter) uses SQL Server Express Edition as its underlying database To connect to the full-blown version

of SQL Server instead, you need a defined connection as shown in Listing 12-20

Listing 12-20: The LocalSql2005Server defined instance

<configuration>

<connectionStrings>

<add name="LocalSql2005Server"

connectionString="Data Source=127.0.0.1;Integrated Security=SSPI" />

</connectionStrings>

</configuration>

With this connection in place, the next step is to use this connection in yourSqlWebEventProvider

dec-laration in theweb.configfile This is illustrated in Listing 12-21

Listing 12-21: Writing Web events to SQL Server 2005 using the SqlWebEventProvider

<configuration>

<system.web>

<healthMonitoring>

<! Other nodes removed for clarity >

<providers>

<clear />

<add name="SqlWebEventProvider"

type="System.Web.Management.SqlWebEventProvider,System.Web"

connectionStringName="LocalSql2005Server"

maxEventDetailsLength="1073741823"

buffer="true"

bufferMode="SQL Analysis" />

</providers>

</system.web>

</configuration>

Events are now recorded in SQL Server 2005 on your behalf The nice thing about the

SqlWebEvent-Provideris that, as with theSimpleMailWebEventProviderand theTemplatedMailWebEventProvider, theSqlWebEventProviderinherits from theBufferedWebEventProvider.This means that the Web

events can be written in batches as opposed to one by one This is done by using thebufferand buffer-Modeattributes in the provider declaration It works in conjunction with the settings applied in the

<bufferModes>section of the<healthMonitoring>declarations

System.Web.Management.TraceWebEventProvider

One method of debugging an ASP.NET application is to use the tracing capability built into the system Tracing enables you to view details on the request, application state, cookies, the control tree, the form

collection, and more Outputting Web events to the trace output is done via theTraceWebEventProvider

object Setting theTraceWebEventProviderinstance in a configuration file is illustrated in Listing 12-22 Listing 12-22: Writing Web events to the trace output using TraceWebEventProvider

<configuration>

<system.web>

<healthMonitoring>

<! Other nodes removed for clarity >

<providers>

<clear />

<add name="TraceWebEventProvider"

type="System.Web.Management.TraceWebEventProvider,System.Web"

maxEventLength="4096"

maxMessagesPerNotification="1" />

</providers>

</healthMonitoring>

</system.web>

</configuration>

Remember, even with the provider in place, you must assign the provider to the particular errors you are wishing to trap This is accomplished through the<rules>section of the health monitoring system The

IisTraceWebEventProvideris the same except that the tracing information is sent to IIS rather than

the ASP.NET tracing system

System.Web.Management.WmiWebEventProvider

The last provider built into the health monitoring system is theWmiWebEventProvider This provider

enables you to map any Web events that come from the health monitoring system to Windows

Man-agement Instrumentation (WMI) events When passed to the WMI subsystem, you can represent the

events as objects This mapping to WMI events is accomplished through theaspnet.moffile found at

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

By default, theWmiWebEventProvideris already set up for you, and you simply need to map the Web

events you are interested in to the already-declaredWmiWebEventProviderin the<rules>section of

the health monitoring declaration This declaration is documented inweb.config.commentsfile in the

CONFIG folder of the Microsoft NET Framework install on your server This is illustrated in Listing

12-23 (theWmiWebEventProvideris presented in bold)

Listing 12-23: The WmiWebEventProvider definition in the web.config.comments file

<configuration>

<system.web>

<healthMonitoring>

<! Other nodes removed for clarity >

<providers>

<clear />

<add name="EventLogProvider"

type="System.Web.Management.EventLogWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a" />

<add connectionStringName="LocalSqlServer"

maxEventDetailsLength="1073741823" buffer="false"

bufferMode="Notification" name="SqlWebEventProvider"

type="System.Web.Management.SqlWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

<add name="WmiWebEventProvider"

type="System.Web.Management.WmiWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</providers>

</healthMonitoring>

</system.web>

</configuration>

Remember, the wonderful thing about how the health monitoring system uses the provider model is that

it permits more than a single provider for the Web events that the system traps

Configuration Providers

A wonderful feature of ASP.NET 3.5 is that it enables you to actually encrypt sections of your

configu-ration files You are able to encrypt defined ASP.NET sections of theweb.configfile as well as custom

sections that you have placed in the file yourself This is an ideal way of keeping sensitive configuration

information away from the eyes of everyone who peruses the file repository of your application

By default, ASP.NET 3.5 provides two possible configuration providers out of the box These providers

are defined in the following list:

❑ System.Configuration.DpapiProtectedConfigurationProvider:Provides you with the

capa-bility to encrypt and decrypt configuration sections using the data protection API (DPAPI) that is

built into the Windows operating system

❑ System.Configuration.RsaProtectedConfigurationProvider:Provides you with the capabil-ity to encrypt and decrypt configuration sections using an RSA public-key encryption algorithm These two providers used for encryption and decryption of the configuration sections inherit from the

ProtectedConfigurationProviderbase class This is illustrated in Figure 12-15

Figure 12-15

You can find information on how to use these providers to encrypt and decrypt configuration sections in

Chapter 32.

Next, you review each of these providers

System.Configuration.DpapiProtectedConfigurationProvider

TheDpapiProtectedConfigurationProviderclass allows you to encrypt and decrypt configuration

sections using the Windows Data Protection API (DPAPI) This provider enables you to perform these

encryption and decryption tasks on a per-machine basis This is not a good provider to use on a Web

farm If you are using protected configuration on your configuration files in a Web farm, you might want

to turn your attention to theRsaProtectedConfigurationProvider

If you look in themachine.configon your server, you see a definition in place for both the

DpapiProtectedConfigurationProviderand theRsaProtectedConfigurationProvider The RsaPro-tectedConfigurationProvideris set as the default configuration provider To establish the

Dpapi-ProtectedConfigurationProvideras the default provider, you might use theweb.configfile of your

application, or you might change thedefaultProviderattribute in themachine.configfile for the

<configProtectedData>node Changing it in theweb.configis illustrated in Listing 12-24

Listing 12-24: Using the DpapiProtectedConfigurationProvider in the web.config

<configuration>

<configProtectedData defaultProvider="DataProtectionConfigurationProvider">

<providers>

<clear />

<add name="DataProtectionConfigurationProvider"

type="System.Configuration.DpapiProtectedConfigurationProvider,

System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

Continued

description="Uses CryptProtectData and CryptUnProtectData Windows

APIs to encrypt and decrypt"

useMachineProtection="true"

keyEntropy="RandomStringValue" />

</providers>

</configProtectedData>

</configuration>

The provider is defined within the<configProtectedData>section of the configuration file Note that

this configuration section sits outside the < system.web >section

The two main attributes of this provider definition are theuseMachineProtectionand thekeyEntropy

attributes

TheuseMachineProtectionattribute by default is set totrue, meaning that all applications in the server

share the same means of encrypting and decrypting configuration sections This also means that

appli-cations residing on the same machine can perform encryption and decryption against each other Setting

theuseMachineProtectionattribute tofalsemeans that the encryption and decryption are done on an

application basis only This setting also means that you must change the account that the application runs

against so it is different from the other applications on the server

ThekeyEntropyattribute provides a lightweight approach to prevent applications from decrypting each

other’s configuration sections ThekeyEntropyattribute can take any random string value to take part in

the encryption and decryption processes

System.Configuration.RsaProtectedConfigurationProvider

The default provider for encrypting and decrypting configuration sections is the

RsaProtectedConfig-urationProvider You can see this setting in themachine.configfile on your application server Code

from themachine.configfile is presented in Listing 12-25

Listing 12-25: The RsaProtectedConfigurationProvider declaration in the

machine.config

<configuration>

<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">

<providers>

<add name="RsaProtectedConfigurationProvider"

type="System.Configuration.RsaProtectedConfigurationProvider,

System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

description="Uses RsaCryptoServiceProvider to encrypt and decrypt"

keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""

useMachineContainer="true" useOAEP="false" />

<add name="DataProtectionConfigurationProvider"

type="System.Configuration.DpapiProtectedConfigurationProvider,

System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

description="Uses CryptProtectData and CryptUnProtectData

Windows APIs to encrypt and decrypt"

useMachineProtection="true" keyEntropy="" />

</providers>

</configProtectedData>

</configuration>

TheRsaProtectedConfigurationProvideruses Triple-DES encryption to encrypt the specified sections

of the configuration file This provider only has a couple of attributes available to it These attributes are detailed a bit further on in the chapter

ThekeyContainerNameattribute is the defined key container that is used for the encryption/decryption process By default, this provider uses the default key container built into the NET Framework, but you can easily switch an application to another key container via this attribute

ThecspProviderNameattribute is only used if you have specified a custom cryptographic service

provider (CSP) to use with the Windows cryptographic API (CAPI) If so, you specify the name of the

CSP as the value of thecspProviderNameattribute

TheuseMachineContainerattribute enables you to specify that you want either a machine-wide or

user-specific key container This attribute is quite similar to theuseMachineProtectionattribute found

in theDpapiProtectedConfigurationProvider

TheuseOAEPattribute specifies whether to turn on the Optional Asymmetric Encryption and Padding

(OAEP) capability when performing the encryption/decryption process This is set tofalseby default

only because Windows 2000 does not support this capability If your application is being hosted on either Windows Server 2008, Windows Server 2003, or Windows XP, you can change the value of theuseOAEP

attribute totrue

The WebParts Provider

Another feature of ASP.NET 3.5 is the capability to build your applications utilizing the new portal

framework The new portal framework provides an outstanding way to build a modular Web site that

can be customized with dynamically reapplied settings on a per-user basis Web Parts are objects in the Portal Framework that the end user can open, close, minimize, maximize, or move from one part of

the page to another

Web parts and the new portal framework are covered in Chapter 17.

The state of these modular components, the Web Parts, must be stored somewhere so they can be

reis-sued on the next visit for the assigned end user The single provider available for remembering the state

of the Web Parts isSystem.Web.UI.WebControls.WebParts.SqlPersonalizationProvider, which pro-vides you with the capability to connect the ASP.NET 3.5 portal framework to Microsoft’s SQL Server

2000/2005/2008 as well as to the new Microsoft SQL Server Express Edition

This single class for the portal framework inherits from thePersonalizationProviderbase class This is illustrated in Figure 12-16

You will find the definedSqlPersonalizationProviderin theweb.configfile found in the NET

Framework’s configuration folder (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) This

definition is presented in Listing 12-26

Figure 12-16

Listing 12-26: The SqlPersonalizationProvider definition in the web.config file

<configuration>

<system.web>

<webParts>

<personalization>

<providers>

<add connectionStringName="LocalSqlServer"

name="AspNetSqlPersonalizationProvider"

type="System.Web.UI.WebControls.WebParts

SqlPersonalizationProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</providers>

<authorization>

<deny users="*" verbs="enterSharedScope" />

<allow users="*" verbs="modifyState" />

</authorization>

</personalization>

<transformers>

<add name="RowToFieldTransformer"

type="System.Web.UI.WebControls.WebParts.RowToFieldTransformer" />

<add name="RowToParametersTransformer"

type="System.Web.UI.WebControls.WebParts

RowToParametersTransformer" />

</transformers>

</webParts>

</system.web>

</configuration>

As you can see the provider declaration is shown in bold in Listing 12-26 As with the other SQL Server– based providers presented in this chapter, this provider works with SQL Server Express Edition by

default To change this to work with SQL Server 2000, 2005, or 2008, you must make a connection to

your database within the<connectionStrings>section and make an association to this new connection string in theSqlPersonalizationProviderdeclaration using theconnectionStringNameattribute

Configuring Providers

As you have seen in this chapter, you can easily associate these systems in ASP.NET 3.5 to a large base of available providers From there, you can also configure the behavior of the associated providers through the attributes exposed from the providers This can easily be done through either the system-wide con-figuration files (such as themachine.configfile) or through more application-specific configuration files (such as theweb.configfile)

You can also just as easily configure providers through the GUI-based configuration systems such as the ASP.NET Web Site Administration Tool or through the new ASP.NET MMC snap-in Both of these items are covered in detail in Chapter 32 An example of using the ASP.NET MMC snap-in Windows XP to

visually configure a provider is presented in Figure 12-17

Figure 12-17

From this figure, you can see that you can add and remove providers in the membership system of your

application You can also change the values assigned to individual attributes directly in the GUI

Summar y

This chapter covered the basics of the provider model and what providers are available to you as you

start working with the various ASP.NET systems at your disposal It is important to understand the

built-in providers available for each of these systems and how you can fine-tune the behaviors of each

provider

This provider model allows for an additional level of abstraction and permits you to decide for yourself

on the underlying data stores to be used for the various systems For instance, you have the power to

decide whether to store the membership and role management information in SQL Server or in Oracle

without making any changes to business or presentation logic!

The next chapter shows how to take the provider model to the next level