Tài liệu XML.NET Developer''''s Guide docx

All applications will share a common time environment called the Common Language Runtime CLR.The .NETFramework now includes a Common Type System CTS that allows all the lan-guages to sha

Develop and Deliver Enterprise-Critical Applications with XML NET

• Complete Case Studies with Ready-to-Run Source Code and Full Explanations

• Hundreds of Developing & Deploying, and Debugging Sidebars, Security Alerts, and FAQs

• Complete Coverage of Web Services and the VS.NET Integrated Development Environment (IDE)

s o l u t i o n s @ s y n g r e s s c o m

With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Ciscostudy guides in print, we continue to look for ways we can better serve theinformation needs of our readers One way we do that is by listening

Readers like yourself have been telling us they want an Internet-based vice that would extend and enhance the value of our books Based onreader feedback and our own strategic plan, we have created a Web sitethat we hope will exceed your expectations

ser-Solutions@syngress.com is an interactive treasure trove of useful

infor-mation focusing on our book topics and related technologies The siteoffers the following features:

product upgrades You can access online updates for any affectedchapters

questions to our authors and editors

reader queries and clear explanations of complex material

readers desiring additional reliable information on key topics

Best of all, the book you’re now holding is your key to this amazing site

Just go to www.syngress.com/solutions, and keep this book handy when

you register to verify your purchase

Thank you for giving us the opportunity to serve your needs And be sure

to let us know if there’s anything else we can do to help you get the maximum value from your investment We’re listening

www.syngress.com/solutions

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results

to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work

is sold AS IS and WITHOUT WARRANTY You may have other legal rights, which vary from state

to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” and “Ask the Author UPDATE®,” are registered trademarks of Syngress Publishing, Inc “Mission Critical™,”“Hack Proofing™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY SERIAL NUMBER

XML NET Developer’s Guide

Copyright © 2002 by Syngress Publishing, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

Printed in the United States of America

1 2 3 4 5 6 7 8 9 0

ISBN: 1-928994-47-4

Technical Editor: Jonothon Ortiz Cover Designer: Michael Kavish

Acquisitions Editor: Catherine B Nolan Page Layout and Art by: Reuben Kantor and Indexer: Robert Saigh Shannon Tozier

Copy Editor: Beth A Roberts

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

Acknowledgments

v

We would like to acknowledge the following people for their kindness and support

in making this book possible

Ralph Troupe, Rhonda St John, and the team at Callisma for their invaluable insightinto the challenges of designing, deploying and supporting world-class enterprisenetworks

Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner,Kevin Votel, Kent Anderson, Frida Yara, Bill Getz, Jon Mayes, John Mesjak, PegO’Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, PatriciaKelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, and David Dahl of PublishersGroup West for sharing their incredible marketing experience and expertise

Jacquie Shanahan, AnnHelen Lindeholm, David Burton, Febea Marinetti, and RosieMoss of Elsevier Science for making certain that our vision remains worldwide inscope

Annabel Dent and Paul Barry of Elsevier Science/Harcourt Australia for all their help.David Buckland,Wendi Wong, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan,and Joseph Chan of Transquest Publishers for the enthusiasm with which they receiveour books

Kwon Sung June at Acorn Publishing for his support

Ethan Atkin at Cranbury International for his help in expanding the Syngressprogram

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, DarleneMorrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associatesfor all their help and enthusiasm representing our product in Canada

Lois Fraser, Connie McMenemy, Shannon Russell and the rest of the great folks atJaguar Book Group for their help with distribution of Syngress books in Canada

Contributors

Adam Sills is an Internet Programmer at GreatLand Insurance, a smallinsurance company parented by Kemper Insurance He works in a small ITdepartment that focuses on creating applications to expedite business pro-cesses and manage data from a multitude of locations Previously, he had asmall stint in consulting and also worked at a leading B2B eCommercecompany designing and building user interfaces to interact with a large-scale enterprise eCommerce application Adam’s current duties includebuilding and maintaining Web applications, as well as helping to architect,build, and deploy new Microsoft NET technologies into production use.Adam has contributed to the writing of a number of books for Syngress

including ASP NET Developer’s Guide (ISBN: 1-928994-51-2) and is an

active member of a handful of ASP and ASP.NET mailing lists, providingsupport and insight whenever he can

Todd Carrico(MCDBA, MCSE) is a Senior Database Engineer forMatch.com Match.com is a singles portal for the digital age In addition

to its primary Web site, Match.com provides back-end services to AOL,MSN, and many other Web sites in its affiliate program.Todd specializes

in design and development of high-performance, high-availability dataarchitectures primarily on the Microsoft technology His backgroundincludes designing, developing, consulting, and project management forcompanies such as Fujitsu, Accenture, International Paper, and

GroceryWorks.com In addition to his contribution to C# NET Web

Developer’s Guide (ISBN: 1-928994-50-4),Todd has also contributed

chapters to other books in the Syngress NET Series including the

ASP NET Web Developer’s Guide (ISBN: 1-928994-51-2) and the

VB NET Developer’s Guide (ISBN: 1-928994-48-2).Todd resides in

Sachse,Texas with his wife and two children

Greg Hackis a Senior Software Engineer with Allscripts HealthcareSolutions Greg has over 15 years of experience developing software onplatforms ranging from the mainframe to the desktop, using a wide

variety of languages and technologies Recent work includes a Web-basedapplication that allows patients to view their medical records and a Pocket

PC application that delivers clinical information to physicians at the point

of care Greg has also contributed to C# NET Web Developer’s Guide

(ISBN: 1-928994-50-4)

Patrick Coelho(MCP) is an instructor at The University of WashingtonExtension, North Seattle Community College, Puget Sound Center, andSeattle Vocational Institute, where he teaches courses in Web Development(DHTML, ASP, XML, XSLT, C#, and ASP.NET) Patrick is a Co-Founder

of DotThatCom.com, a company that provides consulting, online ment resources, and internships for students He is currently working on a.NET solution with contributing author David Jorgensen and nLogix.Patrick holds a bachelor of science degree from the University ofWashington, Bothell He lives in Puyallup,Washington with his wife,

develop-Angela Patrick is a contributor to Syngress Publishing’s C# NET Web

Developer’s Guide (ISBN: 1-928994-50-4) and the ASP NET Web Developer’s Guide (ISBN: 1-928994-51-2).

David Jorgensen (MCP) is an instructor at North Seattle CommunityCollege, University of Washington Extension campus, and Puget SoundCenters He is also developing courses for Seattle Vocational Institute, whichteach NET and Web development to the underprivileged in the Seattlearea David also provides internship opportunities through his company,DotThatCom.com, which does online sample classes and chapters of books.David holds a bachelor’s degree in Computer Science from St Martin’sCollege and resides in Puyallup,Washington, with his wife, Lisa and theirtwo sons, Scott and Jacob David is a contributor to Syngress Publishing’s

C# NET Web Developer’s Guide (ISBN: 1-928994-50-4) and the ASP NET Web Developer’s Guide (ISBN: 1-928994-51-2).

Joe Dulay(MCSD) is the Vice-President of Technology for the IT AgeCorporation IT Age Corporation is a project management and softwaredevelopment firm specializing in customer-oriented business enterpriseand e-commerce solutions located in Atlanta, Georgia His current

responsibilities include managing the IT department, heading the nology steering committee, software architecture, e-commerce productmanagement, and refining development processes and methodologies.Though most of his responsibilities lay in the role of manager and archi-tect, he is still an active participant of the research and development team.Joe holds a bachelor’s degree from the University of Wisconsin in

tech-Computer Science His background includes positions as a SeniorDeveloper at Siemens Energy and Automation, and as an independentcontractor specializing in e-commerce development Joe is also co-

author of Syngress Publishing’s Hack Proofing Your Web Applications

(ISBN: 1-928994-31-8) Joe would like to thank his family for alwaysbeing there to help him

Henk-Evert Sonder(CCNA) has over 15 years of experience as anInformation and Communication Technologies (ICT) professional,building and maintaining ICT infrastructures In recent years, he has spe-cialized in integrating ICT infrastructures with secure business applica-tions Henk’s company, IT Selective, works with small businesses to helpthem develop high-quality, low cost solutions Henk has contributed to

several Syngress books, including the E-Mail Virus Protection Handbook (ISBN: 1-928994-23-7), Designing SQL Server 2000 Databases for NET

Enterprise Servers (ISBN: 1-928994-19-9), VB NET Developer’s Guide

(ISBN: 1-928994-48-2), and BizTalk Server 2000 Developers Guide for

.NET (ISBN: 1-928994-40-7) Henk lives in Hingham, Massachusetts

with his wife, Jude and daughter, Lilly

Chris Garrett is the Technical Manager for a large European Webagency He has been working with Internet technologies since 1994 andhas provided technical and new media expertise for some of the world’s

biggest brands Chris is a co-author of Syngress Publishing’s ASP NET

Web Developer’s Guide (ISBN: 1-928994-51-2) Chris lives in Yorkshire,

England with his wife, Clare and his daughter, Amy

Mesbah Ahmed(PhD and MS, Industrial Engineering) is a Professor ofInformation Systems at the University of Toledo In addition to teaching

and research, he provides technical consulting and training for IT andmanufacturing industries in Ohio and Michigan His consulting experi-ence includes systems design and implementation projects with FordMotors, Dana Corporation, Riverside Hospital, Sears, and others

Currently, he provides IT training in the areas of Java Server, XML, and.NET technologies He teaches graduate level courses in DatabaseSystems, Manufacturing Systems, and Application Development inDistributed and Web Environment Recently, he received the University

of Toledo Outstanding Teaching award, and the College of BusinessGraduate Teaching Excellence award His current research interests are inthe areas of data warehousing and data mining He has published many

research articles in academic journals such as Decision Sciences, Information

& Management, Naval Research Logistic Quarterly, Journal of Operations Management, IIE Transaction, and International Journal of Production Research.

He has also presented numerous papers and seminars in many nationaland international conferences Mesbah is also a co-author of Syngress

Publishing’s ASP NET Web Developer’s Guide (ISBN: 1-928994-51-2).

Dreamtech Software India, Inc., is a leading provider of corporatesoftware solutions Based in New Delhi, the company is a successful pio-neer of innovative solutions in e-learning technologies.The Dreamtech

Software team, which authored all the books in the Cracking the Code

series has over 50 years of combined software-engineering experience inareas such as Java, wireless application, XML, voice-based solutions, NET,COM/COM+ technologies, distributed computing, DirectX,WindowsMedia technologies, and security solutions For more information, log on

to www.dreamtechsoftware.com

Frank Boumphreyis a retired professor of surgery who now specializes inInternet applications and medical documentation As well as numerousmedical papers, he has authored several books on XML, the Internet and

on other related subjects Frank is the president of the HTML WritersGuild, a 125,000 member strong, not-for-profit, International organization

of Web page Writers, and was a participant in various working groups ofthe World Wide Web Consortium (W3C) Presently his main objective is tohelp XML to become the language of choice in Web documents

Technical Editor and Reviewer

Jonothon Ortizis Vice President of Xnext, Inc in Winter Haven,Florida Xnext, Inc is a small, privately owned company that developsWeb sites and applications for prestigious companies, such as the NewYork Times Jonothon is the head of the programming department andworks together with the CEO on all company projects to ensure the bestpossible solution His primary field of experience is database backend forWeb applications and occasionally programming the GUI of a Web appli-cation He has developed over 30 databases, ranging from small e-com-merce sites to client identification and storage Many of these databasesincorporated XML in some fashion, from a small footprint file to thegeneration of smaller XML files to increase performance time for often-used queries and results.The majority of these applications were coded ineither PHP, Perl, or ASP 3.x / NET Johothon has been a contributor to

a variety of title from Syngress Publishing, including ASP NET Web

Developer’s Guide (ISBN: 1-928994-51-2), the VB NET Developer’s Guide (ISBN: 1-928994-48-2), and the Ruby Developer’s Guide

(ISBN: 1-928994-64-4) Jonothon lives with his wife, Carla in Lakeland, Florida

YES NO

StackTrace 25InnerException 26Message 26HelpLink 26

Chapter 2 Visual Studio.NET IDE 55

Chapter 3 Reviewing the Fundamentals

The Goals of XML

■ XML shall be compatible with SGML.

■ It shall be easy to write programs that process XML documents.

■ The number of optional features in XML is to

be kept to the absolute minimum; ideally, zero.

■ XML documents should

be human-legible and reasonably clear.

■ The XML design should

be prepared quickly.

■ The design of XML shall be formal and concise.

■ XML documents shall

be easy to create.

■ Terseness in XML markup is of minimal importance.

■ XML shall be straightforwardly usable over the Internet.

■ XML shall support a variety of applications.

XPath 105Summary 107

Chapter 4 Using XML in the NET Framework 111

Introduction 112

Summary 156

Chapter 5 Understanding NET and

Introduction 160The Risks Associated with Using XML in

document The root

Element element in the

document

Confidentiality Concerns 161

Permissions 163Principal 164Authentication 165Authorization 165

You can determine the permission set of a code group by performing these steps:

1 Run Microsoft Management Console (MMC) by choosing

Start | Run and typing mmc.

2 Open the NET Management snap-in,

via Console | Add/Remove Snap-in.

3 Expand the Console Root | NET Configuration | My Computer.

4 Expand Runtime Security Policy | Enterprise |Code Groups.

5 Select the code group

All_Code.

6 Right-click All_Code and select Properties.

7 Select the Permission Set tab.

8 The Permission Set

field lists the current value.

Chapter 6 XML and the Web with ASP.NET 231

Introduction 232

Navigating through an XmlDocument

Object 243Parsing an XML Document Using the

XmlDocument Object 244

Using the XmlDataDocument Class 247 Loading an XmlDocument and

Using the Relational View of an

Using XPathDocument and XPathNavigator

Q:Why so much emphasis

on the Web? Can’t I

use XML on the

desktop as well?

A:Yes, you can use XML

on the desktop.

However, one of the

main goals of NET is

to properly connect

the desktop with the

Internet and not suffer

any setback due to

server type,

program-ming language, and so

on As you might have

noticed as well,

ASP.NET can be

thought of as a Web

wrapper for desktop

code This helps ensure

that what you see

online will be mostly

reproducible offline.

Creating an XML Document from

Summary 280

Chapter 7 Creating an XML.NET Guestbook 283

Introduction 284Functional Design Requirements

Understanding the pnlAdd Panel 292

Summary 308

Chapter 8 Creating a Message Board

Introduction 312

Creating Your Data Access Object 323 Designing the User Class 325 Designing the Board Class 335

Migrating…

Online Forms

As you have noticed and learned throughout this book, ASP.NET enables programmers to use Web forms, which can be described as the VB6.0 desktop form In this par- ticular example, your

“AddClick” sub would be placed within the

OnClick() event for

what-ever button you wanted to use as your trigger for this action One other little trick is to view each

“panel” as a small form within an mdi, namely the browser window, with their own “hide” and

“show” features.

Designing the ThreadList Class 344 Designing the Thread Class 347 Designing the PostList Class 350 Designing the Post Class 353 Designing the MessageBoard Class 356

Summary 403

Chapter 9 Building a Remote

Introduction 408

A Quick Comparison of ADO andADO.NET 414Accessing Data from a Database Using ADO.NET 414

Converting Binary Data Using Base64 428

Advantages and Disadvantages of

Implementing a Simple Remote DatabaseViewer 445Summary 448

Chapter 10 Building a Wholesale Catalog 451

Introduction 452

The ADO.NET also sports these features:

Coding the Project 462

Analysis of Code Listing updatecat1.aspx 482

Analysis of Code Listing

Universal Description, Discovery,

Summary 533

Developing &

Deploying…

DataReader versus DataSet

DataReader for the most

part works pretty much

like the old recordset with

which ASP programmers

are familiar DataSet will

create a virtual database

(preserved in XML) that

we can work with even

while disconnected to the

database It requires a

complete new subset of

objects and methods to

work with it.

Welcome to the XML.NET Developer’s Guide! We have taken great care to create a

quality reference book for XML programmers who want to enhance their codingskills to include applications for the NET platform.This book assumes that you dohave previous exposure to XML and are familiar with VB.NET, C#, and ASP.NET

In other words, this book is not for a novice or beginner

Since its inception in February of 1998, XML has been moving forward throughthe continued efforts of the World Wide Web Consortium (W3C) At first manydevelopers scoffed at XML, thinking it was just a new way to script However, thosedevelopers who regularly worked with database management and development soonrealized the potential of what XML could be—a way to provide data between partieswithout needing to rely on proprietary solutions

Developers began to incorporate snippets of XML into their desktop tions, maybe to store configuration data or maybe as an export file As time passed,they began to transfer XML to the Internet Databases began to communicate toeach other via XML and companies were finding that they had an easier time copingwith external database data thanks to XML

applica-Developers, however, were not the only ones to notice the potential of XML:Microsoft and made it one of the cornerstones of the NET Framework .NET aims

to bridge the gap between desktop applications and online applications, and facilitatethe communication of objects between the two

The XML NET Developer’s Guide was created and organized using the following

principal: XML, in the real world, lives up to its flexibility.You are just as likely tostumble across a desktop application running XML as you are to find an online e-commerce shop that uses XML to transfer data

xxi

Foreword

As you work through this book you’ll find that we will be jumping around fromVB.NET to C# or maybe use a little bit of both.This flexibility within NET allowsyou to use the right code always to optimize your XML code; if you thought C#provides faster queries than VB.NET but VB.NET delivers the better front-end you’llfind; it’s not an issue, as within NET you can use both.

If this sounds confusing to you it may mean that you are still a beginner with

.NET in general; if this is the case we suggest you pick up a copy of VB.NET

Developer’s Guide (ISBN: 928994-48-2) and C# Web Developer’s Guide (ISBN:

1-928994-50-4) from Syngress Publishing.These books contain greater detail on the.NET framework including how it works, and how to work with it using the pro-gramming language of your choice As new NET languages become available

Syngress’ set of NET programming books will increase and so will your choices inprogramming for XML

If you have read any of Syngress’ NET books in the past you’ll be familiar withthe layout.We introduce either introductory material (or, in this case, refresher mate-rial) in the first couple of chapters, move on to the meat of the book with in-depthviews on specific points in the programming language, and finish off with a set ofcase studies that enhance the skills and ideas you’ve learned throughout the book All

in all, the XML.NET Developer’s Guide has a total of ten chapters.

Chapter 1 (Introducing the NET Framework) will bring you up to speed with a refresher in how NET works internally, with Chapter 2 (Visual Studio NET IDS)

providing an introductory look into VS.NET, Microsoft’s IDE for NET ming.This new IDE can work more with XML than its predecessor, so even if youare familiar with the VS.NET IDE it may be a good idea to browse through thischapter

program-Chapter 3 (Reviewing the Fundamentals of XML) kicks off by giving you a quick refresher for XML basics.This is followed up by Chapter 4 (Using XML in the NET

Framework), in which we start to look at how you can work with XML through

.NET Both Chapter 3 and 4 cover basic XML items such as proper XML syntax andvalidation through Schemas.You will also learn about many of the major namespacesand how they work, and begin to familiarize yourself with the appropriate classesyou need to complete your projects.You will be surprised at the flexibility that XMLoffers and how even some other classes that do not directly revolve around XML canwork with XML as well

Chapter 5 (Understanding NET and XML Security) introduces a major issue in the

XML user community—security.While XML is unable to provide proper security by

www.syngress.com

itself, a thorough understanding of what XML can do combined with an standing of NET security is vital.

under-Chapter 6 (Web Development Using XML and ASP.NET) will introduce you to the

online aspect of XML using ASP NET and teach you how XML is a vital part ofonline applications through the use of multiple examples, including an online catalog

Chapters 7, 8, 9, and 10 are the hands-on case studies (Creating an XML.NET

Guestbook; Creating a Message Board with ADO and XML; Building a Simple Remote Database Viewer; and Building a Wholesale Catalog).These applications, with the excep-

tion of Chapter 7, are fairly large, complex, and require an understanding of basic.NET concepts as well as NET programming

You wanted XML? You got it!

—Jonothon Ortiz,Technical Editor

Introducing the Microsoft NET Framework

Solutions in this chapter:

■ What Is the NET Framework?

„ Introduction to the Common Language Runtime

„ Using NET-Compliant Programming Languages

„ Creating Assemblies

„ Understanding Metadata

„ Using System Services

„ Microsoft Intermediate Language

„ Using the Namespace System to Organize Classes

„ The Common Type System

„ Relying on Auto Resource Management

„ Security Services

Chapter 1

1

; Summary

; Solutions Fast Track

; Frequently Asked Questions

With the introduction of the NET architecture, Microsoft presents a solutionthat must provide us with a solid base for distributed applications AlthoughMicrosoft has a long way to go, they are off to a good start with the NET

Framework.Visual Studio NET is the first real NET application that will seedaylight

To leverage the communication of distributed NET applications, the NETarchitecture makes heavy use of XML In fact, XML is the default encoding lan-guage of the framework, not only to encapsulate data to send back and forthbetween applications, but also in configuration files.This is a logical choice as youlearn what the NET Framework is all about

This chapter will cover all the basics of this framework that you need tounderstand to use the information in the rest of this book If you need more in-depth information on the NET framework, you can find it in the other NETbooks in this series

The NET framework includes a number of base classes to get you started.

The Framework includes abstract base classes to inherit from, as well as mentations of these classes to use.You can even derive your own classes for

imple-custom modifications All the classes are derived from the system object, which

gives you great power and flexibility All applications will share a common time environment called the Common Language Runtime (CLR).The NETFramework now includes a Common Type System (CTS) that allows all the lan-guages to share data using the same types.These features facilitate cross-languageinteroperability

run-To use NET, you need to learn some new concepts, which we discuss

throughout this chapter A NET application is wrapped up in an assembly An

assembly includes all the information you need about your application It

includes information that you would find currently in a type library, as well asinformation you need to use the application or component.This makes yourapplication or component completely self-describing When you compile yourapplication, it is compiled to an intermediate language called the MicrosoftIntermediate Language (MSIL) When a program is executed, it is then con-verted to machine code by the CLR’s just-in-time (JIT) compiler.The MSILallows an application to run on any platform that supports the CLR withoutchanging your development code

Once the code has been prepared, NET’s work is still not done It continues

to monitor the application and perform automatic resource management on the

www.syngress.com

application to clear up any unused memory resources and provide security sures to prevent anyone from accessing your assembly.

mea-In these few paragraphs, we’ve introduced the major new concepts foundwithin NET: the CLR, the assembly unit (and its contents), what makes NETinteroperable, and how NET is “smart” in terms of automatic memory manage-ment and security Let’s now look in-depth at how NET works so we can get abetter grasp of what it can do for our XML applications, both desktop and online

What Is the NET Framework?

The NET Framework is Microsoft’s latest offering in the world of ment (developing both desktop and Web applications), interoperability, and, soon,cross-platform development As you go through this chapter, you’ll see just how.NET meets these developmental requirements However, Microsoft’s developersdid not stop there; they wanted to completely revamp the way we program

cross-develop-In addition to the more technical changes, NET strives to be as simple aspossible .NET contains functionality that a developer can easily access.This samefunctionality operates within the confines of standardized data types and namingconventions.This internal functionality also encompasses the creation of specialdata within an assembly file that is vital for interoperability, NET’s built-in secu-rity, and NET’s automatic resource management

Another part of the “keep it simple” philosophy is that NET applications aregeared to be copy-only installations; in other words, a special installation packagefor your application is no longer required.The majority of NET applicationswork if you simply copy them into a directory, which definitely eases the burden

on the programmer

The CLR changes the way in which programs are written, in the sense thatdevelopers won’t be limited to the Windows platform Just as with ISO C/C++,programmers are now able to see their programs work on any platform with the.NET runtime installed

Introduction to the Common Language Runtime

The CLR controls the NET code execution CLR is the step above COM,MTS, and COM+

The CLR is the runtime environment for NET It manages code executionand the services that NET provides The CLR “knows” what to do through

special data (referred to as metadata) that is contained within the applications.

The special data within the applications store a map of where to find classes,when to load classes, and when to set up runtime context boundaries, generatenative code, enforce security, determine which classes use which methods, andload classes when needed Since the CLR is privy to this information, it can also determine when an object is used and when it is released.This is known as

managed code.

Managed code is what we want to aim for in order to create fully compliant code Code that’s compiled with COM and Win32API declarations

CLR-falls under the category of unmanaged code Managed code keeps us from

depending on obstinate dynamic link library (DLL) files In fact, thanks to theCLR, we don’t have to deal with the Registry, graphical user identifications(GUIDs), AddRef, HRESULTS, and all the macros and application programminginterfaces (APIs) we depended on in the past.They aren’t even an available option

To help CLR-based code execute properly, CLR-compliant code is alsoCommon Language Specification (CLS)-compliant code CLS is a subset ofCLR types defined in the Common Type System (also discussed later in thechapter), and its features are instrumental in the interoperability process by con-taining the basic types required for CLR operability These little things puttogether allow NET to handle multiple programming languages The CLRmanages the mapping; all that you need is a compiler that can generate thecode and the special data needed within the application for the CLR to

operate This ensures that any dependencies your application might have arealways met and not broken

When you set your compiler to generate the NET code, it runs through theCTS and inserts the appropriate data within the application for the CLR to read.Once the CLR finds the data, it proceeds to run through it and lay out every-thing it needs within memory, declaring any objects when they are called (butnot before) Any application interaction, such as passing values from classes, is alsomapped within the special data and handled by the CLR

www.syngress.com

Using NET-Compliant Programming Languages

.NET isn’t stuck in the rut of a single, solitary programming language takingadvantage of a multiplatform system In fact, when you get right down to it,what’s the point of having a runtime that promises portability when you have touse a singular programming model to do it? You have to rely on just that oneprogramming language to fill your needs, but what happens if the languagedoesn’t lend itself to your needs? All of a sudden, portability takes a back seat tonecessity—for something to be truly “portable,” you require not only a portable

runtime, but also the ability to code in what you need, when you need it .NET

offers us the solution of allowing any programming language that is compliantwith NET to run Can’t get that bug in your class worked out in VB, but youknow that you can work around it in C? Use C# to create a class that can beeasily used with your VB application.Third-party programming language usersdon’t need to fret for long, either; several companies plan to create NET-com-pliant versions of their languages

Currently, the only NET-compliant languages are all of the Microsoft flavor;

for more information, check these out at http://msdn.microsoft.com/net:

ver-Creating Assemblies

So, just how do you get a bunch of languages to “play nice” together? Mostother programming languages do not use the Portable Executable (PE) formatfor their executables, which was a primary reason that prevented portability to

Microsoft, and vice versa.With the NET environment comes something new: a

logical approach to executables called assemblies.The CLR handles the entire

exe-cuting of an assembly.The assembly “owns” a collection of files that are referred

to as static assemblies, which the CLR uses Static assemblies can be resources used

by the assembly, such as image files or text files that the application will use.Theactual code that executes is found within the assembly in MSIL format In otherwords, an assembly is roughly the equivalent of a VB 6.0 COM component Anassembly has three options that need to be set when you create it:

appli-The multidomain and multidomain host settings apply to the same concept

of multidomain usage.The only difference between the two is how the CLR willreact with the code In multidomain, the code is assumed to be the same acrossthe domain In multidomain host, however, each domain hosts different code.Let’s say that you have an application development in which all the domains havethe assembly filename, but each has different code hosted to see how it can stillinteract; you would get the best performance using the multidomain host opti-mization routine

There are some benefits to setting the assembly as useable by multiple cations Fewer resources will be consumed, since the type (object) will be loadedand mapped already; it won’t need to be recreated each time it’s needed

appli-However, the end result of the JIT code is increased some, and access to staticitems are slower, since the static references are referenced indirectly

The name of the assembly can impact the scope and usage by multiple

appli-cations A single-client use application uses the name given to it when created,but there is no prevention for name collision.Therefore, in order to help prevent

www.syngress.com

name collisions in an assembly in a multi-assembly scenario, you can also give the

assembly a shared name Having a shared name means that the assembly can be deployed in the global assembly cache, which you can think of as a global repository

of assemblies

A shared name is made up of the textual name of the assembly (the name youcreated for it) and a digital signature Shared names are unique names due to thepairing of the text name and digital signature.This system, in turn, helps preventname collision and keeps anyone using the same textual name from writing overyour file, since the shared name is different A shared name also provides therequired information that’s needed for versioning support by the CLR; this sameinformation is used to provide integrity checks to give a decent level of trust

(For full trust, you should include a full digital signature with certificates.) Figure1.1 illustrates how the shared-name process works

From the shared-name diagram in Figure 1.1, you can see that the shared

name is first created into the primary assembly (Assembly 1), then the reference of

the primary assembly is stored as a token of the version within the referencing

assembly’s (Assembly 2’s) metadata, and it is finally verified through the CLR.

An assembly, once created, has the following characteristics:

Figure 1.1 The Shared-Name Process

CLR evaluates between the two, and

if both are equal, the CLR verifies that the data is 100 percent from the same developer.

„ Contains code that the runtime executes PE MSIL code is notexecuted without the manifest present In other words, if the file is notformatted correctly, it will not run.

„ Only one entry point An assembly cannot have more than onestarting point for execution by the runtime; you cannot, for example, useboth WinMain and Main

„ Unit of side-by-side execution An assembly provides the basic unitneeded for side-by-side execution

„ Type boundary Each type declared within an assembly is recognized

as a type of the assembly, not as a solitary type initiated into memory

„ Security boundaryThe assembly evaluates permission requests

„ Basic deployment unitAn application comprised of assembliesrequires only the assemblies that make up its core functions Any otherassemblies that are needed can be provided on demand, which keepsapplications from having the bloated setup files commonly associatedwith VB 6.0 runtime files

„ Reference scope boundary The manifest within the assembly tates what can and cannot go on, in order to resolve types and resources;

dic-it also enumerates assembly dependency

„ Version boundary Being the smallest versionable unit in the CLR,all the types and resources that it has are also versioned as a unit.Themanifest describes any version dependencies

Figure 1.2 displays a typical assembly.The assembly has been dissected to play the code, the manifest area, the metadata within the manifest, and the infor-mation stored within the metadata

dis-As you can see, all the benefits that CLR gives us are located within theassembly, but reside within the manifest

Using the Manifest

Apart from the MSIL, an assembly contains metadata within its manifest.We will

go into detail about metadata and its uses in upcoming sections, but for now, justremember that the metadata is all the relevant information that the CLR needs

to properly run the file, and the manifest stores the metadata.Thanks to the ifest, assemblies are freed from depending on the Registry and breaking DLLs(the cause of DLL Hell) Basic metadata includes the items listed in Table 1.1

man-www.syngress.com

Table 1.1 Basic Attribute Classes

AssemblyCompanyAttribute Contains a string with the company

name and product information.

AssemblyConfigurationAttribute Contains current build information, as

in Alpha stage.

AssemblyCopyrightAttribute Copyright information that is stored as

a string.

AssemblyDefaultAliasAttribute Name information and alias information.

AssemblyDescriptionAttribute Provides a description of the modules

included within the assembly.

AssemblyInformational Any extra version information; this is

VersionAttribute not used by the CLR for versioning

purposes.

AssemblyProductAttribute Product information.

AssemblyTitleAttribute Title of the assembly.

AssemblyTrademarkAttribute Any trademarks of the assembly.

Figure 1.2 A Typical Assembly

Manifest generated by the Compiler Code

Code Reuse Interoperability InformationAssembly

Version Objects/Types Members

METADATA

Table 1.2 lists custom attributes that you can set into the manifest.

Table 1.2Custom Attributes

AssemblyCultureAttribute Contains information on the cultural

set-tings, such as base language or time zone.

AssemblyDelaySignAttribute Tells the CLR that there is some extra

space that might be empty to reserve space for a future digital signature.

AssemblyKeyFileAttribute Contains the name of the file that

con-tains the key pair for a shared name.

AssemblyKeyNameAttribute If you use the CSP option, the key will be

stored within a key container This attribute returns the name of the key container.

AssemblyOperatingSystem Information on the operating system(s)

AssemblyProcessAttribute Information on the CPU(s) supported by

the assembly.

AssemblyVersionAttribute Returns the version of the assembly in the

standard major.minor.build.revision form.

In regard to the third assembly option, location, a manifest’s location on the

assembly can also be altered, based on the type of assembly deployment An assemblycan be deployed as either a single file or multiple files A single file assembly is muchlike a standard DLL file; its manifest is placed directly within the application Again,the assembly is not that different from the standard executable or DLL; what changes

is how it’s run In a multifile assembly, the manifest is either incorporated into themain file (such as the main DLL file), or as a standalone (Figure 1.3)

NOTE

Depending on what you are doing, you might want to use a standalone manifest for any multifile assembly A standalone manifest provides a consistent access location for the manifest and ensures that it will be there when needed However, constantly referencing the assembly can carry a small memory overhead, so its advantage shines with larger, mul- tifile assemblies.

www.syngress.com

Assembly Cache

The cache on which the CLR depends is called the machinewide code cache.This cache is further divided into two subsections: the global assembly cache and the

download cache.The download cache simply handles all the online codebases that

the assembly requires.The global download cache stores and deals with theassemblies that are required for use within the local machine; namely, those thatcame from an installer or an SDK Only assemblies that have a shared name can

be entered into the global assembly cache, since the CLR assumes that these fileswill be used frequently and between programs

Even though a file will be used often, however, it can still be sluggish Sincethe CLR knows that to enter the global assembly cache, the assembly must beverified, it assumes that it is already verified and does not go through the verifi-cation process, thus increasing the time it takes to reference the assembly withinthe global assembly cache One integrity check is performed on it prior to entryinto the global assembly cache; this integrity check consists of verifying the hashcode and algorithms located within the manifest Furthermore, if multiple filesattempt to reference the assembly, a single dedicated instance of the assembly is

Figure 1.3Manifest Location within an Assembly

DLL File

Manifest

DLL File

Manifest image.jpg DLL File logo.bmp

sugoi.ico

DLL File

check.exe

DLL File Manifest

Single File Multiassembly with Manifest

Multiassembly with Standalone Manifest

created to handle all the references, which allows the assemblies to load faster andreference faster across multi-assembly situations.

A file that’s located in the global assembly also experiences a higher degree ofend-user security, since only an administrator can delete files located within theglobal assembly cache In addition, the integrity checks ensure that an assemblyhas not been tampered with, since assemblies within the global assembly cachecan be accessed directly from the file system

Locating an Assembly

Once the assembly is created, finished, and deployed, its scope is basically

pri-vate; in other words, the assembly will not in any way, shape, or form interfere with any other assemblies, DLL files, or settings that are not declared in the

assembly’s manifest It’s all part of CLR’s automation; it used to be that only VBcoders had protection from memory leaks or other types of problems by inad-vertently creating a program that went too far out of its area, but now, theCLR handles all that

Now, a single assembly is easy to run, and easy for the CLR to locate

However, when dealing with multiple files, you might ask yourself, “Wait—if theassembly is so tightly locked, how can multiple assemblies interact with eachother?” It’s a good question to ask; most programmers working with NET createmultifile assemblies, and so we need to understand the process the CLR takes tolocate an assembly It goes like this:

1 Locate the reference and begin to bind the assembly(ies).

Once the request has been made (through AssemblyRef ) by an assembly

in a assembly to reference another assembly within the

multi-assembly, the runtime attempts to resolve a reference in the manifest thattells the CLR where to go.The reference within the manifest is either a

static reference or a dynamic reference A static reference is a reference ated at build time by the compiler; a dynamic reference is created as an on-

cre-the-fly call is made Figure 1.4 illustrates Step 1 of the location process

checks to see if there’s a configuration file; for client-side executables, itusually resides in the same directory with the same name, but has a

*.CFG extension For Internet-based applications, the application must

be explicitly declared in the HTML file A standard configuration filecan look like the following:

www.syngress.com

<?xml version = "1.0">

<Configuration>

<AppDomain PrivatePath="bin;etc;etc;code"

YES

NO

The document element of this XML file is Configuration All thisnode does is tell the CLR that it’s found a configuration file type, andthat it should look through it to see if this type is the one it needs.The

first node contains the AppDomain element that has the PrivatePath and

ShadowCopy attributes PrivatePath points to a shared and private path to

the bin(s) directory(ies).The path is the location of the assemblies thatyou need and the location of the global assembly cache

Keep in mind that the PrivatePath attribute is relative to the

assembly’s root directory and/or subdirectories thereof; anything outside

of that needs to be either in the global assembly cache or linked to using

the CodeBase attribute of the Assemblies attribute ShadowCopy is used to

determine whether an assembly should be copied into the local load cache, even if it can be run remotely

down-The next node contains BindingMode Binding mode refers to how

the assemblies within the application should “bind” to their exact

ver-sions BindingMode contains the AppBindingMode element, which declares the BindingMode to be safe or normal A safe binding mode indicates that

this assembly is of the same assembly version as the others when theapplication is deployed No Quick Fix Engineering (QFE) methods areapplied, and any version policies are ignored; these characteristics apply

to the entire application Normal mode is simply the normal binding

process in which the QFE is used and version policies are applied

BindingPolicy stores the BindingRedir element, which deals with the

attributes that tell the CLR which version to look for.This type of

ele-ment applies only to assemblies that are shared.The Name attribute is the assembly’s name; Originator contains an 8-byte public key of the

assembly; and Version can either explicitly state which version the

assembly should be redirected to, or uses a wildcard (*) to signify that all

versions should be redirected VersionNew contains the version to which the CLR should be redirected, and UseLatestBuildVersion contains a

yes/no value that states whether the QFE will automatically update it.Assemblies stores the tags that the CLR can use to locate anassembly.The tags in this element are always attempted before a thor-

ough search Name and Originator contain the same information that they contain in the BindingPolicy Version contains only the current version of the assembly; CodeBase contains the URL at which the assembly can be

located Figure 1.5 illustrates Steps 2 and 3

www.syngress.com

The reference that’s checked against from the AssemblyRef contains the

fol-lowing information from the assembly it’s asking for: text name, version, culture, and originator if it has a shared name Of the references listed, the location process can work without all of them except the name If it can’t find culture, version, or originator (which only shows up on shared names),

it will try to match the filename and then the newest version.

Figure 1.5 Steps 2 and 3 of the Location Process

Bind Redirect Originator

Bind Redirect Version Information

Bind Redirect use Latest Version?

Assembly Name Assembly Originator

Assembly Version Does it have a codebase?

Yes, access it at the location defined.

No, assume it is in the local path or in the PrivatePath.

Step 3

Step 2