NoBot Control The NoBot control works to determine how entities interact with your forms and to help you make sure that actual humans are working with your forms and some automated code
Trang 1Figure 20-42
Finally, the properties ofDataSource,DataSourceID, andDataMemberallow you to bind to this control
from your code
NoBot Control
The NoBot control works to determine how entities interact with your forms and to help you make sure
that actual humans are working with your forms and some automated code isn’t working through your
application
The NoBot control is illustrated in Listing 20-36
Listing 20-36: Using the NoBot control to limit a login form
.ASPX
<%@ Page Language="VB" AutoEventWireup="true" CodeFile="NoBot.aspx.vb"
Inherits="NoBot" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit"
TagPrefix="cc1" %>
Trang 2<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>NoBot Control</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ScriptManager ID="ScriptManager1" runat="server">
</asp:ScriptManager>
<cc1:NoBot ID="NoBot1" runat="server" CutoffMaximumInstances="3"
CutoffWindowSeconds="15" ResponseMinimumDelaySeconds="10"
OnGenerateChallengeAndResponse="NoBot1_GenerateChallengeAndResponse" />
<asp:Login ID="Login1" runat="server">
</asp:Login>
<asp:Label ID="Label1" runat="server"></asp:Label>
</div>
</form>
</body>
</html>
The NoBot control has three important properties to be aware of when controlling how your forms
are submitted These properties include theCutoffMaximumInstances,CutoffWindowSeconds, and the
ResponseMinimumDelaySecondsproperties
TheCutoffMaximumInstancesis the number of times the end user is allowed to try to submit the form
within the number of seconds specified by theCutoffWindowSecondsproperty The ResponseMinimumDe-laySecondsproperty defines the minimum number of seconds the end user has to submit the form If
you know the form you are working with will take some time, then setting this property to a value (even
if it is5seconds) will help stop submissions that are not made by humans
TheOnGenerateChallengeAndResponseproperty allows you to define the server-side method that works with the challenge and allows you to provide a response based on the challenge This property is used in Listing 20-36 and posts back to the user the status of the form submission
The code-behind for this page is represented in Listing 20-37
Listing 20-37: The code-behind page for the NoBot control’s
OnGenerateChallengeAndResponse
VB
Imports System
Imports AjaxControlToolkit
Public partial Class NoBot
Inherits System.Web.UI.Page
Protected Sub NoBot1_GenerateChallengeAndResponse(ByVal sender As Object, _
ByVal void As AjaxControlToolkit.NoBotEventArgs) _
Handles NoBot1.GenerateChallengeAndResponse
Trang 3Dim state As NoBotState NoBot1.IsValid(state) Label1.Text = state.ToString() End Sub
End Class
C#
using System;
using AjaxControlToolkit;
public partial class NoBot : System.Web.UI.Page
{
protected void NoBot1_GenerateChallengeAndResponse(object sender,
AjaxControlToolkit.NoBotEventArgs e) {
NoBotState state;
NoBot1.IsValid(out state);
Label1.Text = state.ToString();
}
}
Running this page and trying to submit the form before the ten-second minimum time results in an
invalid submission In addition, trying to submit the form more than three times within 15 seconds
results in an invalid submission
PasswordStrength Control
The PasswordStrength control allows you to check the contents of a password in a TextBox control and
validate its strength It will also then give a message to the end user about whether the strength is
rea-sonable A simple example of the PasswordStrength control is presented in Listing 20-38
Listing 20-38: Using the PasswordStrength control with a TextBox control
<%@ Page Language="C#" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit"
TagPrefix="cc1" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Password Strength Control</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ScriptManager ID="ScriptManager1" runat="server">
Trang 4<cc1:PasswordStrength ID="PasswordStrength1" runat="server"
TargetControlID="TextBox1">
</cc1:PasswordStrength>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
</div>
</form>
</body>
</html>
This simple page produces a single text box and when end users start typing in the text box, they will be notified on the strength of the submission as they type This is illustrated in Figure 20-43
Figure 20-43
Some of the important properties to work with here includeMinimumLowerCaseCharacters,
Minimum-NumericCharacters,MinimumSymbolCharacters,MinimumUpperCaseCharacters, and
PreferredPass-wordLength
Rating Control
The Rating control gives your end users the ability to view and set ratings (such as star ratings) You have control over the number of ratings, the look of the filled ratings, the look of the empty ratings, and more Listing 20-39 shows you a page that shows a five-star rating system that gives end users the ability to set the rating themselves
Listing 20-39: A rating control that the end user can manipulate
<%@ Page Language="C#" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit"
TagPrefix="cc1" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Rating Control</title>
Continued
Trang 5<style type="text/css">
.ratingStar { font-size: 0pt;
width: 13px;
height: 12px;
margin: 0px;
padding: 0px;
cursor: pointer;
display: block;
background-repeat: no-repeat;
} filledRatingStar { background-image: url(Images/FilledStar.png);
} emptyRatingStar { background-image: url(Images/EmptyStar.png);
} savedRatingStar { background-image: url(Images/SavedStar.png);
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ScriptManager ID="ScriptManager1" runat="server">
</asp:ScriptManager>
<cc1:Rating ID="Rating1" runat="server" StarCssClass="ratingStar"
WaitingStarCssClass="savedRatingStar"
FilledStarCssClass="filledRatingStar" EmptyStarCssClass="emptyRatingStar">
</cc1:Rating>
</div>
</form>
</body>
</html>
Here, the Rating control uses a number of CSS classes to define its look and feel in various states In
addition to the CSS class properties (StarCssClass,WaitingStarCssClass,FilledStarCssClass, and
EmptyCssClass), you can also specify rating alignments, the number of rating items (the default is5), the
width, the current rating, and more The code presented in Listing 20-39 produces the results shown in
Figure 20-44
Figure 20-44
Trang 6TabContainer Control
Tabs are another great way to control a page that has a lot of content to present TheTabContainer control can contain one or more TabPanel controls that provide you with a set of tabs that show content one tab
at a time
You are able to control the width and the height of the panels and to specify whether there are
scrollbars as well EachTabPanelcontrol has<HeaderTemplate>and<ContentTemplate>subelement that you can define Listing 20-40 shows an example of a TabContainer control with three TabPanel
controls
Listing 20-40: Showing three tabs in a TabContainer control
<%@ Page Language="C#" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit"
TagPrefix="cc1" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>TabContainer Control</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ScriptManager ID="ScriptManager1" runat="server">
</asp:ScriptManager>
<cc1:TabContainer ID="TabContainer1" runat="server" Height="300px">
<cc1:TabPanel runat="server">
<HeaderTemplate>Tab 1</HeaderTemplate>
<ContentTemplate>Here is some tab one content.</ContentTemplate>
</cc1:TabPanel>
<cc1:TabPanel runat="server">
<HeaderTemplate>Tab 2</HeaderTemplate>
<ContentTemplate>Here is some tab two content.</ContentTemplate>
</cc1:TabPanel>
<cc1:TabPanel runat="server">
<HeaderTemplate>Tab 3</HeaderTemplate>
<ContentTemplate>Here is some tab three content.</ContentTemplate>
</cc1:TabPanel>
</cc1:TabContainer>
</div>
</form>
</body>
</html>
The result of this simple page is presented in Figure 20-45
Trang 7Figure 20-45
Summar y
As you can see, there are a ton of new controls at your disposal The best thing about this is that this is a
community effort along with Microsoft and the list of available ASP.NET AJAX controls is only going to
grow over time
This chapter looked at the lot of the new ASP.NET AJAX controls and how to use them in your ASP.NET
applications Remember to visit the CodePlex page for these controls often and take advantage of the
newest offerings out there
Trang 8Not every page that you build with ASP.NET is meant to be open and accessible to everyone on the
Internet Sometimes, you want to build pages or sections of an application that are accessible to only
a select group of your choosing For this reason, you need the security measures explained in this
chapter They can help protect the data behind your applications and the applications themselves
from fraudulent use
Security is a very wide-reaching term During every step of the application-building process, you
must, without a doubt, be aware of how mischievous end users might attempt to bypass your
lockout measures You must take steps to ensure that no one can take over the application or
gain access to its resources Whether it involves working with basic server controls or accessing
databases, you should be thinking through the level of security you want to employ to protect
yourself
How security is applied to your applications is truly a measured process For instance, a single
ASP.NET page on the Internet, open to public access, has different security requirements than
does an ASP.NET application that is available to only selected individuals because it deals with
confidential information such as credit card numbers or medical information
The first step is to apply the appropriate level of security for the task at hand Because you can
take so many different actions to protect your applications and the resources, you have to decide
for yourself which of these measures to employ This chapter looks at some of the possibilities for
protecting your applications
Notice that security is discussed throughout this book In addition, a couple chapters focus on
specific security frameworks provided by ASP.NET 3.5 that are not discussed in this chapter
Chapters 15 and 16 discuss ASP.NET’s membership and role management frameworks, as well
as the personalization features in this version These topics are aspects of security that can make
it even easier for you to build safe applications Although these new security frameworks are
provided with this latest release of ASP.NET, you can still build your own measures as you did
Trang 9An important aspect of security is how you handle the authentication and authorization for accessing
resources in your applications Before you begin working through some of the authentication/
authorization possibilities in ASP.NET, you should know exactly what we mean by those two terms
Authentication and Authorization
As discussed in Chapter 16, authentication is the process that determines the identity of a user After a user
has been authenticated, a developer can determine if the identified user has authorization to proceed It
is impossible to give an entity authorization if no authentication process has been applied
Authorization is the process of determining whether an authenticated user is permitted access to any part
of an application, access to specific points of an application, or access only to specified datasets that the
application provides Authenticating and authorizing users and groups enable you to customize a site
based on user types or preferences
Applying Authentication Measures
ASP.NET provides many different types of authentication measures to use within your applications,
including basic authentication, digest authentication, forms authentication, Passport, and Integrated
Windows authentication You also can develop your own authentication methods You should never
authorize access to resources you mean to be secure if you have not applied an authentication process to
the requests for the resources
The different authentication modes are established through settings that can be applied to the
appli-cation’sweb.configfile or in conjunction with the application server’s Internet Information Services
(IIS) instance
ASP.NET is configured through a series of.configfiles on the application server These are XML-based
files that enable you to easily change how ASP.NET behaves This is an ideal way to work with the
configuration settings you require ASP.NET configuration files are applied in a hierarchal manner
The NET Framework provides a server-level configuration file called themachine.configfile, which
can be found atC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG The folder contains the
machine.configfile This file provides ASP.NET application settings at a server-level, meaning that the
settings are applied to each and every ASP.NET application that resides on the particular server
Aweb.configfile is another XML-based configuration file that resides in the root of the Web
applica-tion The settings applied in theweb.configfile override the same settings applied in the higher-level
machine.configfile
You can even nest theweb.configfiles so that the main applicationweb.configfile is located in the
root directory of your application, but additionalweb.configfiles reside in some of the application’s
subdirectories (see Figure 21-1) Theweb.configfiles contained in any of the subdirectories supersede
the root directory’sweb.configfile Therefore, any settings applied through a subdirectory’sweb.config
file change whatever was set in the application’s mainweb.configfile
In many of the examples in this chapter, you use theweb.configfile to apply the authentication and
authorization mechanics you want in your applications You also can work with IIS to apply settings
directly to your applications
Trang 10Figure 21-1
IIS is the Web server that handles all the incoming HTTP requests that come into the server You must
modify IIS to perform as you want IIS hands a request to the ASP.NET engine only if the page has a
specific file extension (for example,.aspx) In this chapter, you will work with IIS 7.0, as well
The < authentication > Node
You use the<authentication>node in the application’sweb.configfile to set the type of authentication your ASP.NET application requires:
<system.web>
<authentication mode="Windows|Forms|Passport|None">
</authentication>
</system.web>
The<authentication>node uses themodeattribute to set the form of authentication that is to be used Options includeWindows,Forms,Passport, andNone Each option is explained in the following table
Windows Windows authentication is used together with IIS authentication Authentication is
performed by IIS in the following ways: basic, digest, or Integrated Windows Authentication When IIS authentication is complete, ASP.NET uses the authenticated identity to authorize access This is the default setting
Forms Requests that are not authenticated are redirected to an HTML form using HTTP
client-side redirection The user provides his login information and submits the form
If the application authenticates the request, the system issues a form that contains the credentials or a key for reacquiring the identity
Passport A centralized authentication service provided by Microsoft that offers single login and
core profile services for member sites This mode of authentication was de-emphasized
by Microsoft at the end of 2004