Pages

Wednesday, October 10, 2012

ASP.Net user authentication by using user name and password - Forms Authentication

What is Forms Authentication is ASP.Net?


If you needs to validate your own users authentication by providing user name and password, you have to establish a security settings on asp.net forms or each page request. To implement this mechanism ASP.Net provides an infrastructure is called  Forms authentication. The main advantage of Forms Authentication is, the basic user information, such as user name and password is stored in an encrypted authentication cookie (ticket). Forms Authentication is a token or ticket based system. When user log in, the basic user information should store on the token. So you can control the anonymous user access by implementing the token system.

How Forms Authentication works? 


When a user request an ASP.Net page, then ASP.Net run time verifies whether the forms authentication token is available, if not available, ASP.Net automatically redirect the user to a login page. If authentication token (cookie) is available, ASP.Net login page validate the user credentials and if the user successfully validate then redirect the user to the requested page.

Here you could find an example, how to implement a simple form based authentication.

How to exclude a page from Forms Authentication?


To exclude a page from forms authentication, you can use the <location> tag in web.config file. For example, (Please click on image to enlarge)


Here, registration.aspx page would be excluded from forms authentication. If you want to exclude a group of pages from forms authentication, you can add a folder name instead of a page name in the location path tag.


Friday, August 24, 2012

What is State Management in Asp.Net?

Importance of State Management

Effective state management will provide users a seamless experience on your web site. For example, if your website maintaining multiple user roles, such as admin, manager, employee. When a user login as employee, the website have to maintain that role till the user sign out from the site. If your website not maintaining the state or data, the user may be need to provide his login credentials for each page request. Hence, good state management will provide richness on you website. ASP.Net providing various techniques to manage state information.

How Asp.net manages user's state?

ASP.NET provides multiple ways to manage user's state in your applications. Either you can manage client-side or server-side. In client-side state management the data stores on the client's side computer by browser cookie or the browser's cache. ASP.Net have various techniques for storing state information or data on client side, these includes, View State, Cookies, Query String, Hidden Fields and Control State. In server-side state management the user's information stored on server's memory or a database. ASP.Net Provides three techniques to store state data on the server, these are Application State, Session State and Profile Properties. These techniques help you to share state information between pages without sending data to the client.


Hope you understand the importance of state management and how ASP.Net manages user's state. I will give you more details about each state management techniques in feature blogs.

What is Post Back in ASP.Net?


PostBack, is a common method of sending data back to the web server as part of your request from a web client application (browser). For example, while you click on a button, the button control will initiate a PostBack event. Then, the state (data) of this button control and all other controls on the page will send back (posted back) to the web server through a GET or POST HTTP request. If the page is loading first time the PostBack event will not occur, meantime the value of IsPostBack property would be false. If the page is being loaded in response to a client postback, then the value of IsPostBack property would be true. While PostBack event triggers, the page control's properties will load from ViewState. 
User could verify that if the PostBack event will fire or not by validating the IsPostBack property on the page's Page_Load function. For example,



private void Page_Load()
{
    if (!IsPostBack)
    {
        // Validate initially to force asterisks
        // to appear before the first roundtrip.
        Validate();
    }
}



You could use "AutoPostBack" property to configure some web server controls PostBack events. The AutoPostBack property for a control is used to change whether that control’s default event causes an automatic PostBack to the server. 

For more details about Request and Response, click onWhat is a Request and Response?

What is Common Language Runtime (CLR)?

CLR is Common Language Runtime and it forms the heart of the .NET framework. The responsibility of CLR is to take care of the code execution of the program. The responsibilities of CLR are,

Code Access Security

CAS grants rights to program depending on the security configuration of the machine. Example, the program has rights to edit or create a new file but the security configuration of machine does not allow the program to delete a file.

Garbage Collection

CLR automatically manages memory. When objects are not referred garbage collection automatically release that memories thus providing efficient memory management.

Code Verification

This ensures proper code execution and type safety while the code runs. It prevents the source code to perform illegal operation such as accessing invalid memory locations etc.

IL( Intermediate language )-to-native translators and optimizer

CLR uses JIT (Just In Time) compiler and compiles the IL code to machine code and then executes.


For more about Asp.Net Page life-cycle, click on Explain ASP.Net Page life-cycle events

Thursday, August 23, 2012

What is a Request and Response?


The communication from Web browser (Web Client) to the Web server is referred to as a Request. In ASP.NET, there is a Request object that is used to represent the Web browser's communication to the Web server. It wraps the resource request in an object that can be queried in code. This includes providing your code access to things like the cookies associated with your site, the query string parameters passed on the URL, the path to the request, and more.

The communication from the Web server back to the Web browser is commonly referred to as the Response. In ASP.NET this information is wrapped in the Response object. You can use this object to set cookies, define caching, set session expiration, and so on. When the Web server responds to a request, it uses what it finds in the Response object to write the actual, text-based HTTP response.

What is HTTP (Hypertext Transfer Protocol)?

HTTP is a text-based communication protocol which is used to request web pages (client) from the web server and send responses back to the web browser (client). HTTP messages are typically sent between the Web server and Web browser using port 80 or port 443 when using Secure HTTP (HTTPS).

Explain State and Stateless Web Applications

When a Web Server receives a web page request (HTTP GET request) from a web browser, the Web Server process the HTTP request and send a response back to the web browser and the browser process the response and shows the web page in the browser. After sent back the response to the web browser, the web server releases or disconnect all the resources which were involved with the request. So, the web server and web browser doesn't have retain any open connection. This type of web applications are calling stateless web applications (Stateless Environment) (Figure 1). Many of the legacy web applications were stateless.

Figure 1 - Stateless Environment



However, modern web applications maintain states (Figure 2), that means they remembering what they did last time by implement various state management techniques, such as Cookies, Cache, QueryString, ViewState, Sessions, Application state, Static variables and profiles.

Figure 2 - State Environment





For more information about state management, click on What is State Management in Asp.Net?

Explain ASP.Net Page life-cycle events

what is a page life-cycle?

While you requesting a Asp.net page, it goes through a series of processing steps, such as initialization, instantiating controls, restoring and maintaining states, Postback event handling and rendering. Each time you request a page,the page goes through these stages before loading to the Web Browser.

What is page life-cycle events?

Each stages of a page life-cycle will raise events that you could handle to run your code, that would automatically invoke those event methods when certain events are raised. The most important page life-cycle events are ,
  • Page_Init 
  • Page_Load 
  • Control Events 
  • Page_Unload
Events in the page life-cycle (image from http://msdn.microsoft.com)


Page_Init event

Page_Init method, which is the first step in page life-cycle, which automatically called when the page is created. Page_Init event only occurs when first time the page is started. When you PostBack to any page, the Page_Init does not fire. The page and server control fire there Init event when page life-cycle enter the initialization stage. Page_Init event initialize the page's control hierarchy, but you do not try to access the control in this event because it may not be loaded completely .

Page_Load event

Page_Load event guarantees that all controls are fully loaded. The Page_Load event triggers each time when a page load. In Load event, the page's load event is called first. Then, the load event for each child control is called (and their child controls, if any). In Load event, you can access View State information and Web form POST data. Inside the Page Load event, you can check the PostBack and then sets control properties appropriately. To avoid repeat execution of code inside the Page Load event, you can use IsPostBack method.

Control Events (PostBack Events)

In Control Events, Asp.Net calls any events on the page or its controls that caused the PostBack to occur. Control events normally know as PostBack event. TextChanged, SelectedIndexChanged, and similar are examples for Control events. After PostBack call, the Validate method of all validator controls is called.

Page_Unload Event

Page_Unload event is used to do final cleanup process for Controls and Page. For example, closing control specific database connection, closing open files, other user specific task. And destroy any user specific object reference you have created in building the page.

For more information about Post back, please click on What is Post Back in ASP.Net?