Special Characters A

Index

Special Characters AddAttributesToRender method, overriding, & (ampersand) character, QueryString 681, 691, 724, 777 encryption, 635 AddBezier method, 793 & operator, 499 AddBeziers method, 793 * (asterisk) character, XPath expression, 476 AddClosedCurve method, 793 * wildcard operator, 500, 505 AddCurve method, 793 @ (at sign) character, XPath expression, 477 AddEllipse method, 793 | (pipe) character, XPath expression, 477 AddLine method, 793 < > (brackets) characters, XPath expression, AddLines method, 793 477 AddNew method, 315 = (equal sign) character, QueryString AddParsedSubObject method, 706, 749 encryption, 635 AddPath method, 793 : (colon) character, namespace prefix, xmlns, AddPie method, 793 458 AddPolygon method, 793 . (dot) character, XPath expression, 477 AddRectangle method, 793 / (forward slash) character, XPath expression, AddRectangles method, 793 477 AddString method, 793 . (period) character, XPath expression, 477 AddStyleAttribute method, 674 \ in Path, 503 Administrator enumeration, ? wildcard operator, 500, 505 WindowsBuiltInRole, 592 ADO vs. ADO.NET, 276–78 A ADO.NET, 407–24, 426, 428, 431, 433–44, Abandon session state settings, 248 446–51 abstract encryption classes, 624 advanced grids, 433–41, 443 AcceptChanges, DataSet Version-Tracking, overview, 433 313, 334–36 parent/child view, 433–36 access, anonymous, 589, 596, 617 parent/child view in single table, access control lists (ACLs), 608 440–41, 443 AccessKey property, 149 parent/child/detail view, 437–38 account tokens, 596–97 summaries in DataGrid, 438–40 AccountOperator enumeration, architecture of, 273–81, 289, 292, 294 WindowsBuiltInRole, 592 ADO worse than ADO.NET, 276–78 ACID properties, 408 ADO.NET data providers, 274–75, 289, AcquireRequestState, 188 292, 294 Acrobat (PDF) files, 619 disconnected data, 279 Act as Part of the Operating System fundamental ADO.NET classes, 276, permission, 595 280–81 ActiveX components, PDF files, 619 overview, 273 ActiveXControls property, standardization in ADO.NET, 278 HttpBrowserCapabilities, 685 web applications and DataSet, 279 AdCreated, AdRotator event, 177 XML integration, 280 Add method building shopping carts, 443–44, 446–51 database, 329 multiple selection, 451 hashtable, 355–56 overview, 443–44 Add Web Reference dialog box, 846 shopping cart classes, 444, 446–47 AddArc method, 793 test page, 447–51 AddAttribute method, HtmlTextWriter, 674 classes, 276, 280–81

941 942 ■INDEX

Command and DataReader classes, advanced credential storage, 562–74, 576–77 285–94, 296–300 adding information to authentication calling stored procedures, 298–300 ticket, 573–74, 576–77 command basics, 285–86 adding user-specific data to credential DataReader class, 286–87 store, 573–74 ExecuteNonQuery( ) method, 293 attaching user-specific data, 576–77 ExecuteReader( ) method and limits of UserData property, 577 DataReader, 287–92 overview, 573 ExecuteScalar( ) method, 292–93 hashing passwords for storage, 562–65 overview, 285 creating password hashes, 564–65 SQL injection attacks, 294, 296–97 hashing passwords for web.config, using parameterized commands, 563–64 297–98 overview, 562–63 Connection class, 281–85 overview, 562 connection-based classes, 281 using other credentials stores, 565–73 data binding structures, 350 interface for credential stores, 566–67 data providers, 274–75, 289, 292, 294 overview, 565–66 database component, 301–2, 304–5, storing credentials in database, 570–73 309–10 storing credentials in XML file, 567–70 overview, 301–2 advanced digest Windows authentication, sample database component, 302, 586–87 304–5, 308 AdvertisementFile, AdRotator, 177–78 testing components, 308–10 algorithms, hash, 552, 562–63, 569 DataSet mapping, 421–23 AllowCustomPaging property, DataGrid disconnected access model, 311, 333 control, 395 JOIN queries vs. DataRelation, 323 allowOverride, Web.Config location, 196 overview, 273 AllowPaging property, DataGrid control, 393, serving images from Database, 416–21 395 displaying binary data, 416–17 AllowSorting property, DataGrid control, integrating images with other content, 387–88 419–21 AllowWeekendSelection property, 699 overview, 416 AlternateText, AdvertisementFile, 177 reading binary data efficiently, 418 alternating item template, 712 transactions, 407–15 AlternatingItemStyle property, 370–71, 386 and ASP.NET applications, 408–12 AlternatingItemTemplate template, 363, 365, isolation levels, 412–14 367 nested transactions, 415 ampersand (&) character, QueryString overview, 407–8 encryption, 635 savepoints, 414–15 anonymous access, 589, 596, 603, 617 using transactions with DataAdapter, anonymous users, denying access to, 553, 415 590 typed DataSets, 424–28, 431–32 antialiasing, 789 creating typed in Visual Studio .NET, AOL property, 685 426–27 Apache Foundation, digest authentication, creating typed with XSD.exe, 428 587 dissecting, 428, 430 APIs, 547 overview, 424–25 App.config, 844 using typed DataSet, 431–32 AppendHeader, PDF files, 619 and XML, 484–91 Application collection, 518 accessing DataSet as, 488–89 application directories, 31–32 converting DataSet to, 485–87 application domains, 33, 183–85 executing XML query, 490–91 application event, 188–92 overview, 484–85 application integration, 454, 456 AdRotator control, 176–77 application lifetime, 185 advanced breakpoints, 82 Application object, 118 application pool, 34 ■INDEX 943

Application property, 833 overview, 31 application server role, IIS, 41–42 process recycling, 35, 38 application state, 253–54, 515, 628 processing requests, 32, 35 application update, 185–86 URL request, 31–32 Application_Error method, in global.asax, ARGB color values, 152 190 ArrayList class, 350, 446 ApplicationConfiguration dialog box, 617 Arrays data type, 828 application-level traces, 127–28 AS keyword, 422 ApplicationPath method, Request object, 122 .asax file extension, 47 ApplicationPath property, HttpRequest ASC sorting attribute, 325 object, 119 .ascx extension, 652, 654 applications, ASP.NET, 183–206, 208–30 .ascx file, 655–56, 666, 670 anatomy of, 183–86 .ascx file extension, 47, 64 ASP.NET configuration, 192–205 .ascx text file, 654 configuration settings, 197–205 .ascx user control markup file, 666 machine.config file, 192–94 .ashx file extension, 47, 216–17 overview, 192 .asmx file, 831, 840 web.config file, 194–97 .asmx file extension, 47, 65, 184 deploying, 227–30 asp prefix, 18, 151 extending HTTP pipeline, 210–27 ASP vs. ASP.NET, 27–28 configuring custom HTTP Handler, ASPNET accounts, 35, 529, 595, 608 214–16 ASP.NET pages. See pages, ASP.NET creating advanced HTTP handler, aspnet_isapi.dll, 31 217–20 aspnet_regiis utility, 48, 51 creating custom HTTP handler, 213–14 .aspx (web form) files, 652 creating custom HTTP module, 220–22 .aspx file extension, 47, 64, 75, 184, 652, 654 extending configuration file structure, .aspx files, 608, 762, 798 223–27 .aspx page, 670 HTTP handlers and HTTP modules, assemblies, 6, 8–9, 66, 79, 186 211–13 assembly cache, global. See GAC overview, 210–11 Assembly Name project setting, 79 registering HTTP handlers without asterisk (*) character, XPath expression, 476 configuring IIS, 216–17 ASXII encoding, 513 global.asax application file, 186, 188–92 asymmetric encryption, 538–40 application events, 188–90 asymmetric key pair, 538 demonstrating application events, AsymmetricAlgorithm class, Cryptography, 191–92 622 overview, 186, 188 asynchronous calls, 909–11, 913–19 .NET components, 205–6, 208–10 asynchronous services, 918–19 overview, 183 concurrent asynchronous calls, 914–15 and transactions, 408–12 overview, 909–10 client-initiated ADO.NET transactions, proxy class, 910–11 410, 412 responsive Windows clients, 916–18 overview, 408–9 simple asynchronous call, 911–14 stored procedure transactions, 409–10 asynchronous proxy class methods, 845 applications, certified, 593 asynchronous thread, 13, 219 applications, web. See web applications at sign (@) character, XPath expression, 477 application-specific key, 628–29 attacks, script injection, 131–32 appsettingbaseurl, parameter, AttributeCount property, XmlTextReader, 472 Wsdl.exe, 840 attributes, 60, 139–41, 149 element, 203–5, 844 design-time attributes, 727–33 appsettingurkey, parameter, Wsdl.exe, attributes and inheritance, 732 840 overview, 727–28 architecture of ASP.NET, 31, 38 Properties window, 728–31 account security with worker process, 35 Toolbox icon, 732–33 ASP.NET execution model, 38 File and Directory classes, 498–500 944 ■INDEX

Authenticate, 563–68, 576 B Authenticate event, 533 back reference, regular expressions, 701 Authenticate Request event, 532–33 BackColor property, 149, 165 authenticated users, 602–3 BackgroundSounds property, 685 AuthenticateRequest event, 188, 221, 533, BackupOperator enumeration, 644–45, 647 WindowsBuiltInRole, 592 authentication, 16, 124, 184, 188, 197, 202, base tag, HTML, WebControl class, 679–80 528, 532–34. See also forms Base64 string, 100, 103, 241, 586, 635 authentication BaseValidator class, 164–65 built-in authentication modules, 533–34 basic Windows authentication, 585–86 database, 281–82 Begin, 410, 412, 415 overview, 532–33 BeginEdit, DataRow, 315, 332, 334 process, 527–28 BeginGetEmployeesCount method, 845 authentication mode, 646 BeginPageLoad function, 762–63 element, 202, 533–34 BeginRequest, Application event, 188 AuthenticationType property, 536, 644 BeginTransaction, 283, 410–15 authorization, 16, 184, 197, 202, 527, 529, benchmarks, 10 601–19 Berners-Lee, Tim, 3 authorization checks in code, 609–11 Beta property, 685 overview, 609 Bin directories, 16, 63, 185–86, 208, 228, 676 using IsInRole( ) method, 609 Bin subdirectory, 673 using PrincipalPermission class, 610–11 binary data file authorization, 608–9 displaying in database, 416–17 overview, 601 reading in database, 418 protecting non-web-page resources, binary file, 514 617–19 Binary namespace, 521 adding file type mapping, 617–19 BinaryFormatter class, 521 overview, 617 BinaryWrite method, Response object, 416, role-based authorization with forms 418–21 authentication, 612–16 BinaryWriter class, 514 attaching roles, 614–16 Bindable attribute, 730 creating data store, 612–13 BindGrid method, 388–97 overview, 612 binding. See data binding retrieving role information, 613–14 BindList example, 375–76, 378, 381 URL authorization, 601–8 bitwise and operation, 499 authorization rules, 602–8 bitwise arithmetic, 499 overview, 601–2 blank passwords, 597 element, 534 Bold property, FontInfo object, 153 AuthorizeRequest event, 188, 532–33 Boolean property, 716 auto format, in Visual Studio .NET, 74–75 BorderColor property, WebControl, 149 AutoFormat link to scheme, DataList and Borders tab, Property Builder link, 386 DataGrid, 370, 386 BorderStyle property, 149, 152 autogenerate value, 193 BorderWidth property, 149, 151, 371, 384 AutoGenerateColumns property, DataGrid, BoundColumn tag, DataGrid control, 383–91, 383 447, 449 autogenerating update commands, 337, brackets (<>) character, XPath expression, 339–40 477 automatic paging, with DataGrid control, break mode, 80–83 392–95 Browsable attribute, 729, 732 automatic postbacks, 98–100 browse permission, 44 AutoPostBack, 99–100, 106, 154, 158, 174 Browser property, 119, 684–85 Autos, variable watch window, 83 browserCaps, Configuration setting, 197 .axd file extension, 31, 47 brushes, and dynamic graphics with GDI+, 796–98 BufferOutput, HttpResponse object, 120 ■INDEX 945

BufferResponse, 855, 862–63 checksums, Cryptography, 563 Build Errors task, 70 child controls, 110, 135, 142 Button web control, 367 ChildControlsCreated property, 722 Button1.Click event, 155 ChildNodes collection, XmlDocument, 466, Button1.Load event, 155 468 Button.Click event handler, 106–7, 132 class libraries, 7–8, 90, 214 ButtonColumn tag, DataGrid control, 383, Class Library projects, 205–6 390–401, 447 Class View, 63 Button.CommandName, EditItem template, Clear, HttpSessionState object, 248 372, 374 ClearTypeGridFit, 789 client server development, 4 C ClientCertificate property, HttpRequest C# language, 9, 54, 65, 87, 140, 428, 518 object, 119 C# lock statement, 640–41 clientConnectedCheck, 37 Cache, 120, 515 ClientID property, Control object, 135 cache, global assembly. See GAC client-initiated transactions, 408, 410, 412 Cache object, 118, 319, 389, 395 client-side JavaScript, 15, 99, 161, 170–71 Cache property, Response object, 269 clientTarget, Configuration setting, 197 Cache state, 628 ClientValidationFunction, 171 CacheDuration, 854, 856–57, 859 Close method CacheItemRemovedReason enumeration, Connection, 282 263 DataReader, 287 CachePriority enumeration, 259 Close method, File class, 512 caching. See data caching; output caching CloseFigure method, 793–94 Calendar control, 174–76 CLR. See Common Language Runtime Calendar rich control, 133, 174–76 ClrVersion property, 685 Call Stack window, 84–85 CLS. See Common Language Specification Cancel property, 663 CLS-compliant languages, 12 CancelCommand event, DataList, 377, 400 cmdUpload.ServerClick event, 144 CancelEdit method, DataRow, 315, 332, 334 CN (Common Name) server certificate, 542 CancelText property, EditCommandColumn, code. See also inline code model 401 adding to user controls CanConvertFrom method, 737–38 adding events, 662, 664 CanConvertTo method, 737, 739 adding properties, 657–59 canonicalization errors, 503 exposing inner web control, 665–66 Cascading Style Sheets (CSS), 58, 137, 154, handling events, 655–56 370 overview, 655 CaseSensitive property, DataTable, 325 using custom objects, 659, 661–62 Cassini web server, 34 authorization checks in, 609–11 CategoriesRow object, Categories DataTable, overview, 609 428, 430, 432 using IsInRole( ) method, 609 Category attribute, 729 using PrincipalPermission class, 610–11 CategoryID example, 426, 435, 442 data retrieval and processing, 278 CausesValidation property, 163–66, 173 code serialization, 734–35, 737–39, 741–50, CellPadding property, 159 752 Cells collection, 403, 439–40 overview, 734 CellSpacing property, 159 serialization attributes, 742–50, 752 certificate authority (CA), 537–38, 540–41 controls with collections, 745–49 certificate-based Windows authentication, overview, 742–44 586 templated controls, 744–45 certificates, 537–38, 540–41 type converters, 734–35, 737–39, 741–42 certified applications, 593 attaching a type converter, 740–41 CGI. See Common Gateway Interface control with object properties, 734–35, change event, 106 737 charting, with GDI, 808–13 creating a custom type converter, CheckBoxList, 157–60, 349–50, 354–55 737–39 946 ■INDEX

ExpandableObjectConverter, 741–42 CommandBehavior, 290 overview, 734 CommandBuilder, 337–40 type editors, 749–50, 752 CommandName property, 509 Codebehind attribute, 76 DataGrid, 390 code-behind model, 53, 75–79, 184, 676 DataList control, 380 code-behind files connected to pages, 76 RepeaterItemEventArgs, 365, 368, 372, 377 control tags connected to page variables, CommandSource property, 77–78 RepeaterItemEventArgs, 365 events connected to event handlers, 78 CommandText property, 337, 411 overview, 75 CommandType enumeration, 285 project settings, 78–79 Comment task, 70 code-behind view, 60 Commit, 410 codes, hash, 549, 562, 564 Commit method, Transaction class, 410–12 ColdFusion, 4 Common Gateway Interface (CGI), 4–5, 44 CollectionBase class, System.Collections common language runtime (CLR), 6, 11, class, 446–47 13–14, 32, 61, 184, 186, 728 CollectionConverter, 745 common language specification (CLS), 12 colon (:) character, namespace prefix, xmlns, Common Name (CN) server certificate, 542 458 Common Properties, Project setting, 79 color, configuring in Visual Studio .NET, 74 CompareValidator control, 162, 166–67, 450 Color data type, 752 compilation, 9, 200–201, 208 Colors object, 152–53 of component source codes, 205–6, 208 ColorTranslator class, 152 of custom HTTP handlers, 214–16 columns, in DataGrid compilation tag, web.config, 86, 197, 200–201 declaring, 400–402 element, 200 defining, 383–87 compiled deployment model, 55 templated, 398–400 Component Designer generated code, 832 Columns collection, 314, 329, 351, 387, 440 Component property, 754 Columns tab, Property Builder link, 386 component-based technology, 818 ColumnSpan property, 439 components, 184, 206, 208–10, 308–10, column-specific styles, 385–87 346–47 COM (Component Object Model), 6–7, 121, composite controls, 694–97 208, 818–20 computer-specific key, 627 COM+ transactions, 409, 863 concurrency issues, ADO vs. ADO.NET, 277 Combine, Path method, 503–5 concurrent asynchronous calls, 914–15 command .config files, 47, 49, 211, 628 parameterized, 297–98 configuration, ASP.NET, 192–205 types of, 285 machine.config file, 192–94 Command and DataReader classes, 285–94, element, 193 296–300 > element*****, 193–94 command basics, 285–86 overview, 192–93 DataReader class, 286–87 overview, 192 ExecuteNonQuery( ) method, 293 settings, 197–205 ExecuteReader( ) method and DataReader, element, 203–5 287–92 element, 202 CommandBehavior, 290 element, 200 overview, 289 element, 199 processing multiple result sets, 290–92 element, 201 ExecuteScalar( ) method, 292–93 element, 200 overview, 285 element, 202–3 SQL injection attacks, 294, 296–97 overview, 197–99 using parameterized commands, 297–98 web.config file, 194–97 Command object, 274, 286, 311, 316–17, 411, overview, 194–96 418 using elements, 196–97 CommandArgument property, configuration files. See web.config RepeaterItemEventArgs, 365, 373 configuration inheritance, 195–96 ■INDEX 947

Configuration Properties, Project setting, 79 CustomValidator control, 170–71 configuration settings, 184 overview, 161–62 element, 199 RangeValidator control, 166 ConfigurationSettings class, 204–5 RegularExpressionValidator control, configured impersonation, 594, 596 167–70 Connection class, 281–85 RequiredFieldValidator control, 165–66 connection pooling, 284 using the validators programmatically, connection strings, 281–82 172–73 overview, 281 validation controls, 162–63 testing connection, 282–83 validation process, 163–64 Connection Lifetime settings, connection ValidationSummary control, 171 pooling, 285 list controls, 157–61 Connection object, 274, 278, 282 overview, 133 DataReader, 350, 358, 360–61 rich controls, 174–80 DataSet, 313, 317, 337 AdRotator control, 176–77 Transactions, 410, 412 Calendar control, 174–76 connection pooling, 284 overview, 174 connection strings, 281–82 Xml control, 178–80 connection-based classes, ADO.NET, 281 server controls, 133–36 connection-based objects, 276 web form controls, 148–57, 159 Container object, 360, 382, 428 basic web control classes, 149–51 content-based objects, 276 Colors, 152–53 Context property, 833 enumerated values, 152 Continue. See break mode Fonts, 153–54, 159 control attributes, 727–28 handling Web Control Events, 154–57 control builder, 748 overview, 148 Control class, 134–36, 674 Units, 151–52 control designers, 747, 752–55 WebControl base class, 149 Control State and Events, 687–94 controls, validation, 554–55 overview, 687 Controls collection, 403, 442 postback data and change events, 690–92 Controls property, Control object, 135 triggering postback, 692–94 ControlToCompare property, ViewState data, 687–89 CompareValidator control, 166 control tags, 77–78 ControlToValidate property, 165–67, 173 control tree, 110–12, 114, 124 ConvertFrom, ConvertTo method, 737–39 Control.ApplyStyle method, 712 ConvertXmlTextToHtmlText method, ControlDesigner, 752–53 700–701 controls. See also custom controls; custom cookie container, 861–62 server controls; user controls cookieless setting, 252 controls, ASP.NET, 18, 20, 133–47, 149–63, CookiePath property, 559 165–72, 174–80 cookies, 549–50, 552, 557–59, 576, 614 ASP.NET server controls, 134–36 authentication, reasons for not using, creating dynamically, 115–17 549–50 HTML server controls, 136–47 custom, 244–45 handling Server-Side events, 142–47 persistent, 557, 560–62 HtmlContainerControl class, 137 SessionID, 247 HtmlControl class, 136–37 state management options, 231–32 HtmlInputControl class, 137–38 Cookies Collection overview, 136 HttpResponse, 120 programmatically creating server Request and Response objects, 244 controls, 141–42 Trace Log, 125 Setting Style Attributes and other Cookies property, 119, 685 properties, 139–41 copies, shadow, ASP.NET files, 186 input validation controls, 161–63, 165–73 Copy method, 314, 343 BaseValidator class, 164–65 Copy Project wizard, 228 CompareValidator control, 166–67 CopyFrom method, Style class, 712 948 ■INDEX

CORBA (Common Object Request Broker custom HTTP handlers, 214–19 Architecture), 818–20 configuring, 214–16 COUNT, DataView, 329–30 creating, 213–14 Count, HttpSessionState setting, 248 custom HTTP module, creating, 220–22 COUNT, sql, 396 Custom Objects data type, 828 count, XPath expression, 477 custom pagination, 395–98 Crawler property, 685 custom section handlers, 567 Create, DES encryption, 624 custom server controls, 673–78, 680–709, Create Decryptor, CreateEncryptor, 625 711–22, 724, 726 Create method, FileInfo class, 496, 512 basics of CreateChildControls method, 695–97, 704, adaptive rendering, 684–87 707–8, 724 creating bare-bones custom control, createConstraints parameter, DataRelation, 674–75 322 creating WebControl that supports style CreateControlHierarchy method, 722–24 properties, 679–82 CreateDirectory method, Directory class, 494 custom controls in Visual Studio .NET, CreateMachineKey( ), 193–94 676–78 CreateNavigator method, XmlDocument, rendering process, 683–84 469, 483 using custom control, 676 CreateObject( ), 121 Control State and Events, 687–94 CreatePlaceHolderDesignTimeHtml method, overview, 687 753–54 Postback Data and Change events, credential storage. See also advanced 690–92 credential storage triggering postback, 692–94 CreditAccount method, 863 ViewState data, 687–89 CryptoAPI, 622, 624 creating data bound controls, 714–22, 724, cryptographic step, 629 726 cryptographically strong checksum, 563 data binding process, 720–22 Cryptography namespace, 621–22 data items, 716–17 CryptoStream class, 625 data source, 718–19 CryptoStreamMode enumeration, 625 dealing with postbacks, 724, 726 .cs files, 47, 65, 228 overview, 714–15 csc.exe compiler, 428, 676, 840 rendering the control, 723–24 .csproj files, 47, 57, 65, 228 extending existing web controls, 694–702 CSS style attributes, 139–40. See also composite controls, 694–97 Cascading Style Sheets derived controls, 698–702 CssClass property, 149 overview, 694 Current property, 129 overview, 673–74 CurrentPageIndex property, DataGrid, 392, templated controls, 703–9, 711–14 394–98 creating, 703–6 cursor support, 277, 279 overview, 703 cursors, firehose, 286 styles, 711–14 custom authentication systems, 545 using customized templates, 706–9, 711 Custom Caching Control, 267–68 custom ticket-based authentication, 922–23 custom commands, 342–44, 346 custom type converter example, 737 custom control custom validation, 173 custom caching control, 267–68 customErrors, configuration setting, 197 with JavaScript element, 201 overview, 771 CustomIdentity class, 646 pop-up windows, 771–72, 774–75 CustomImageButton control, 694 rollover buttons, 776–78 customization, 404–6 custom control class, 706 CustomServerControlsLibrary, 731 custom controls. See also custom server CustomTextBox control, 731, 733 controls CustomValidator control, 162, 170–71 custom cookies, 244–45 Cyclical Redundancy Check (CRC), 563 custom errors, 50 cryptography classes, 193 custom form class, 77 ■INDEX 949

D item removed callback, 261–63 /d switch, csc.exe command-line compiler, overview, 255–57 428 testing, 258 DashPattern member, 794 data conflicts, 341–42 DashStyle member, 794 Data Encryption Standard (DES), 193, 241, DashStyle properties, 794 622 data access step, 629 data package, 302–3 data binding, 23, 135, 349–67, 369–78, data providers, 274–75, 280–94, 296–300 381–406 data source, updating data in, 336–37, controls supporting repeated binding, 339–44, 346–47 350–51 autogenerating update commands, 337, data structures supported for, 350 339–40 DataGrid control, 382–406 data conflicts and update events, 341–42 advanced customization, 404–6 overview, 336–37 defining columns, 383–87 testing component, 346–47 editing and deleting rows, 400–404 using custom commands and stored overview, 382–83 procedures, 342–44, 346 paging records, 392–98 data types, 6, 66, 277, 281, 287 selecting rows, 390–92 data utility class, 304–5, 308 sorting rows, 387–90 DataAdapter class, 318–22 templated columns, 398–400 filling DataSet, 316–20 DataList control, 369–76, 378, 381 overview, 316 deleting items, 380 searching for specific rows, 323–24 editing items, 374–76, 378 working with multiple tables and overview, 369–71 relationships, 320–23 selecting items, 371–74 DataAdapter object, 274, 313, 333–34, 336, to DataReader, 356–58 341–42, 344, 346, 421–23, 431 fundamentals, 349–58 database binding to DataReader, 356–58 and ADO.NET architecture, 273–75, 289, controls supporting repeated binding, 292, 294 350–51 serving images from, 416–21 data structures supported for data displaying binary data, 416–17 binding, 350 integrating images with other content, overview, 349 419–21 simple controls for repeated-value overview, 416 binding, 354–56 reading binary data efficiently, 418 single value binding, 351–53 transferring to web server, 229 overview, 349 database component, 301–2, 304–5, 309–10 Repeater control, 358–67, 369 overview, 301–2 DataBinder.Eval( ) method, 361–63 sample database component, 302, 304–5, ItemTemplate, 359–61 308 other templates, 363–65 data package, 302–3 overview, 358–59 data utility class, 304–5, 308 Repeater’s events, 365–67, 369 overview, 302 data binding expression, 351–53, 360, 365, stored procedures, 304 377, 400 testing component, 308–10 data bound controls, 23–24 DatabaseCredentialStore class, 570–74, 613, creating, 714–22, 724, 726 629 data binding process, 720–22 DataBind method, 135, 319, 326–27, 349, 351, data items, 716–17 353, 358–59, 688, 709–10, 850 data source, 718–19 DataBinder.Eval( ) method, 361–63 dealing with postbacks, 724, 726 DataBinding( ) event, 361 overview, 714–15 DataColumn object, DataTable, 314, 321, rendering the control, 723–24 324, 329, 428 data caching, 255–63 data-definition, 285 cache priorities, 258–59 DataEncryption Standard (DES), 624 caching with dependencies, 259–61 DataFormatString property, DataGrid, 384 950 ■INDEX

DataGrid control, 382–406, 764–65 typed, 424–28, 431–32 advanced customization, 404–6 creating in Visual Studio .NET, 426–27 binding DataReader to, 292 creating with XSD.exe, 428 defining columns, 383–87 overview, 424–25 editing and deleting rows, 400–404 using, 431–32 inserting into page, 23–24 web applications, 279 overview, 157, 382–83 DataSet property, 488 paging records, 392–98 DataSetName element, 487 selecting rows, 390–92 DataSets, Web Service data Type, 829 sorting rows, 387–90 DataSource property, 158, 318, 349, 354, 359, templated columns, 398–400 377, 383, 688, 718 DataGrid object, 505–10 DataTable object, 314, 343, 350, 428 DataGridCommandEventArgs object, 403 DataTableMapping object, 423 DataGridItems, 716 DataTextField property, 158, 354, 357, 392, DataGridPageChangedEventArgs class, 394 722 DataKeyField property, 373 DataTextFormatString, ListControl class DataKeys collection, 373–74, 379–80, 403 property, 158 DataList control, 157, 369–76, 378, 381 DataValueField property, 158, 354, 722 deleting items, 380 DataView class, 324–31 editing items, 374–76, 378 advanced data filtering with relationships, overview, 369–71 329 selecting items, 371–74 calculated columns, 329–31 DataList object, 509–10, 642, 661 data filtering with, 326–28 DataList page, 800–802 data sorting with, 324–26 DataListItem type, 382 overview, 324 data-manipulation, 285 DataView object, 435, 442 DataMember, ListControl class property, 158 DataView view, 350, 388 DataMember property, 354 DateTimeCollection property, 746 DataReader object, 23, 274, 279, 285–94, DateTimeHelper object, 748–49 296–300, 311–12 DayRender event, 699 binding to, 356–58 DBConcurrencyException, 341 and ExecuteReader( ) method, 287–92 DbDropDown control, 715–19, 723 CommandBehavior, 290 DbListItem control, 717–18 overview, 287–89 DbListItem control objects, 719, 723 processing multiple result sets, 290–92 DbListItem.Render method, 723 DataRelation object, 321–23, 330, 426 DCOM (Distributed COM), 819–20 DataRow object, 313–15, 318, 322, 332, 339, DebitAccount method, Web Service example, 342, 424, 428, 430, 444, 448–49 863 DataRow versioning, 333–35 debugging, 28, 55, 80–86, 125, 590 DataRowState enumeration, 333–34 Decrypt, 558 DataRowVersion, 334, 346 decryption routines, 629–30, 632 DataSet object, 257, 274, 311–15, 320, 336, decryptionKey, 193 343, 350, 395 DecryptString, 629–30 accessing as XML, 488–89 DecryptToString, 631–32, 636 and automatic paging, 394–95 default editors, 67 converting to XML, 485–87 Default Namespace project setting, 79 data conflicts and update events, 341–42 Default Website item, 45–46 DataRow class, 314–15 DefaultEvent attribute, 730 DataTable class, 314 defaultLanguage, Compilation attribute, 86, DataView class, 315 200 filling, 316–20 DefaultProperty attribute, 730 generic nature of, 278–79 DefaultValue attribute, Properties Window, mapping, 421–23 729 modifying, 332–35 DefaultView property, 315, 350 overview, 312–14 DefaultWsdlHelpGenerator.aspx file, 836 sorting rows, 484 Delete method, 315, 333 ■INDEX 951

DELETE operation, 339–40 Directory object, 494, 500 DeleteCommand event, 380, 400, 415 Directory Security, 588–90 DeleteCommand property, 316, 336–37 DirectoryInfo object, 493–94, 496–98, 500, Demand method, PrincipalPermission class, 506–7, 801 610 DirectoryInfo.GetFiles( ) method, 801 deploying dirty read, 412 ASP.NET, 16 Disabled HtmlControl property, 137 ASP.NET applications, 227–30 Disassembler. See ILDASM deploying Visual Studio .NET project, disassembly view, 85 228–29 .disco files, 65 other configuration steps, 229–30 DISCO standard, 825 overview, 227–28 disconnected access, 277 Visual Studio .NET project, 228–29 disconnected data, 279, 311–22, 324–37, XCopy, 229 339–44, 346–47 zero-touch, 229 data model, 273 derived controls, 698–702 DataAdapter class, 316, 318–22, 324 DES. See Data Encryption Standard filling DataSet, 316–20 Description attribute, 729 overview, 316 Description property, 854 searching for specific rows, 323–24 DESCryptoServiceProvider class, 622 working with multiple tables and Deserialize, 636 relationships, 320–23 Design mode, 59 DataSet classes, 312–15 DesignerSerializationVisibility attribute, DataView class, 324–31 742–44 advanced data filtering with DesignOnly attribute, 730 relationships, 329 design-time behavior, 732 calculated columns, 329–31 design-time environment (DTE) object data filtering with, 326–28 model, 87–88 data sorting with, 324–26 design-time support, 664, 727–35, 737–39, modifying DataSet, 332–35 741–50, 752–55. See also code overview, 311–12 serialization updating data in data source, 336–37, control designers, 752–55 339–44 basic control designer, 753–55 autogenerating Update commands, overview, 752–53 337, 339–40 design-time attributes, 727–33 data conflicts and update events, attributes and inheritance, 732 341–42 overview, 727–28 overview, 336–37 Properties window, 728–31 testing the component, 346–47 Toolbox icon, 732–33 using custom commands and stored overview, 727 procedures, 342–44, 346 development tools, .NET, 53–54 disconnected data updates, 277 compilers, 54 discovery, 825 overview, 53–54 Display property, BaseValidator Class, 165 Visual Studio .NET IDE, 54–55 DisplayMode property, 171 devices, mobile, 547 Dispose event, 220 DHTML (Dynamic HTML), 759 Dispose method, 787 dictionary collections, 118, 233–34, 253 Disposed event, 107, 190 DictionaryEntry class, 257 distributed transaction, 410 digest Windows authentication, 585, 587 DLL, 55, 66, 185, 203, 205, 213–14, 656, Direction property, 344 676–77 directories, controlling access to, 35, 44–45, document structure, 459 143, 605–6. See also physical document vocabulary, 459 directory; virtual directories; document window, in Visual Studio .NET, wwwroot directory 63, 67 Directory classes. See File and Directory domain controllers, Windows Active classes Directory, 587 952 ■INDEX

parameter, Wsdl.exe, 840 E DomainName\GroupName format, 609 EcmaScriptVersion property, 685 domains, application, 33, 183–85 E-commerce Starter Kit, 302 dot (.) character, XPath expression, 477 Edit button, 374 DotNetNuke project, 670 EditCommand event, 376 down-level client, 15, 687 EditCommandColumn tag, DataGrid control, DrawArc method, 790 383, 400–401 DrawBezier method, 790 editing DrawBeziers method, 790 in DataList control, 376–77 DrawClosedCurve method, 790 items in DataList control, 374–76, 378 DrawCurve method, 790 canceling and committing the edit, 378 DrawEllipse method, 790 EditItem template, 377–78 DrawIcon method, 790–91 initiating an Edit, 376–77 DrawIconUnstretched method, 790 overview, 374–76 DrawImage method, 790–91 rows in DataGrid control, 400–404 DrawImageUnscaled method, 790 declaring the columns, 400–402 drawing dynamic graphics, with GDI+, overview, 400–404 786–88 performing the update, 402–4 .Drawing.Font object, 787 EditItem event, 377 DrawLine method, 790 EditItem style, 370 DrawLines method, 790 EditItem template, 377–78 DrawPath method, 790, 792 EditItemIndex event, 377 DrawPie method, 790 EditItemIndex property, 378, 380 DrawPolygon method, 790 EditItemTemplate, 374, 402 DrawRectangle method, 790 editors, default, 67 DrawRectangles method, 790 EditValue method, UI type editor, 750 DrawString method, 787, 790–91, 806 email address, Regular Expression, 169 DrawXxx method, 791, 794 embedded code, 4, 50–51, 75, 109, 123, DropDownList, 157, 354–55, 379, 666, 715–16 129–30 DTE. See design-time environment embedding dynamic graphics in web page, DTE (design-time environment) object 798–803, 805–8 model, 87–88 custom controls that use GDI+, 802–3, DummyDataSource, 722 805–8 DvdList.xml document, 700–701 custom control class, 804–5 dynamic control creation, 115–17 overview, 802–3 dynamic graphics with GDI+, 785–94, rendering page, 805–8 796–803, 805–13 overview, 798–99 charting with GDI+, 808–13 passing information to a dynamic images, embedding in web page, 798–803, 805–8 799–802 custom controls that use GDI+, 802–3, EmployeeProxy class, 840 805–8 tag, 852 overview, 798–99 EmployeesService, Web Service example, 827 passing information to a dynamic EmployeesService class, Web Service images, 799–802 example, 830 Graphics class, 790–92 EmployeesService declaration, Web Service image format and quality, 788–89 example, 845 overview, 785–86 EmployeesService.asmx file, Web Service pens, 794, 796 example, 831, 835, 840 simple drawing, 786–88 enable, processModel attribute, 36 using GraphicsPath, 792–94 EnableClientScript, BaseValidator class dynamic help, 63, 69, 89–90 property, 165 dynamic interfaces, 96–97 EnableConstraints property, 322 dynamic URLs, 842–44 Enabled BaseValidator class property, 165 Enabled property, of WebServer class, 149 Enabled Trace option, 128 EnableSession, 855, 859–62 ■INDEX 953

EnableViewState, 109, 135, 240–41, 355, 689 Exception.Message property, 296 encoded Base64 data strings, 586 Exclusive locks, 413 encoded tags, 123 execute permission, 44. See also Permissions encoded user input, 130 ExecuteDataReader method, 418 encoding, with Secure Sockets Layer, 541–43. ExecuteNonQuery( ) method, 286, 293 See also SOAP ExecuteReader( ) method, and DataReader Encrypt, 558, 576 class, 287–92 encrypted authentication tickets, 577–78, 581 CommandBehavior, 290 EncryptedQueryString, 634–36, 638 overview, 289 encrypting data, 621–30, 632–38 processing multiple result sets, 290–92 encrypting query string, 634–38 ExecuteScalar( ) method, 286, 292–93 creating test page, 637–38 ExecuteXmlReader method, SqlCommand, overview, 634 491 wrapping query string, 634–37 execution model, ASP.NET, 38 and IIS security settings, 230 ExpandableObjectConverter, 741–42 and Machine.config file, 193–94 expiration date creation, for persistent .NET cryptography classes, 622–26 cookies, 561–62 overview, 530–31, 621 expiration policies, 256–57, 263, 265–66, 269 sensitive data, 626–30, 632–38 Expiration property, 559 choosing algorithm, 626–27 Expired property, 559 creating encryption and decryption explicit compile option, 200 routines, 629–30, 632 Expression property, 329 creating key, 627–29 extensible data provider model, ADO.NET, creating test page, 632–33 275 overview, 626 view state, 103 F encryption classes, 531 farms, web, 550 EncryptionUtil class, 629, 634–35 Ferguson, Derek, 134 EncryptString, 629–30, 635 file access objects, locking, 518–19 enctype attribute, 138, 144 File and Directory classes, 493–510 encrypting data. See also Data Encryption determining space usage, 501–3 Standard DirectoryInfo and FileInfo classes, 496–98 EndCap member, 794 file browser, 505–10 EndEdit method, DataRow object, 315, 332, filtering files with wildcards, 500 334 overview, 493–94 EndGetEmployeesCount method, 845 Path class, 503–5 EndPageLoad JavaScript function, 763 retrieving file version information, EndRequest, Application, 189 500–501 enforcing SSL connections, 542 working with Attributes, 498–500 EnsureChildControls method, 697, 709 file authorization, 608–9 enterprise template policy, 91–92 file browser, File and Directory classes, enumerated values, 152 505–10 Enumerations data type, 829 File class, 512 equal sign (=) character, QueryString file management, for Solution Explorer, encryption, 635 65–66 error handling, structured, 13 file mappings, 46, 49, 215–16, 230, 617 Error method, Application, 191–92 file type mapping, 617–19 error underlining feature, 74 file types, 47, 64–65 ErrorMessage property, 165–66 FileAccess value, 515 Eval, DataBinder, 361, 378, 400 FileAttributes enumeration, 498 event bubbling, 366 FileInfo object, 493–94, 496–98, 506, 509, 512, event handlers, 21–22, 60, 78, 97–98, 106–8, 801–2 110, 117, 146–47, 155, 186, 222 FileInfo.Name property, 802 Event Model, 97–98 FileMode value, 511, 515 event trackers, 155 filenames, unique, 515–16, 518 EventArgs, 144, 156, 662 files, source-code. See source-code files 954 ■INDEX

FileStream constructor, 511, 515 overview, 612 FileStream object, 466 retrieving role information, 613–14 FileSystemInfo object, 496, 506 Forms collection, Request object, 95 FileVersionInfo object, 500–501, 510 Forms collection, Trace Log, 125 Fill, DataAdapter method, 316, 337, 422 FormsAuthentication class, 557–58 FillClosedCurve method, 790 FormsAuthenticationModule, 534, 550, 577, FillEllipse method, 790 579, 581 FillPath method, 790, 792 FormsAuthenticationTicket, 550, 558–64, FillPie method, 790 573, 576 FillPolygon method, 790 FormsCookieName, 557, 576 FillRectangle method, 786, 791 FormsCookiePath, 557 FillRectangles method, 791 FormsIdentity, 550, 559, 644, 646 FillRegion method, 791 forward slash (/) character, XPath expression, FillSchema, DataAdapter method, 425 477 FillXxx method, 791, 796 fragment caching (partial caching), 255, 265, filters, ISAPI, 212–13 267, 269, 670 FindBook class, 766 Frame1.aspx page, 780 FindControl method, 116–17, 135, 173, 379, frames, JavaScript, 779–83 404, 666 frame navigation, 780–81 firehose cursors, 286 inline frames, 782–83 FlowLayout, 58 overview, 779 folder icons, 45 Frames property, 685 folder settings, 46 FromString Custom Type Converter, 738 Font property, WebServer class property, 149, Full Unicode (or UTF-16) encoding, 513 153 FullName property, 503, 507 FontInfo object, 741, 787 full-text match algorithm, 284 Fonts property, 153–54, 159 function overloading, 73, 256, 290, 300 FooterStyle property, 370 FooterTemplate template, 363–65, 371 G FOR XML AUTO, ELEMENTS query, 490 GAC. See global assembly cache FOR XML AUTO query, 490 garbage collection, 13, 107, 190 FOR XML clause, 490 GDI+. See dynamic graphics with GDI+ FOR XML EXPLICIT syntax, 491 GenericIdentity class, 644 ForeColor, WebServer class property, 149, 153 GenericPrincipal class, 612, 645 Form HttpRequest property, 119 GetAnonymous property, WindowsIdentity form tags, 96, 100, 113, 151 class, 593 Format property, 657 GetAuthCookie, 558, 561–62 format string, 361–63 GetBookImage.aspx, 766 Format tab, Property Builder link, 386 GetBytes method, DataReader object, 418 Formatting property, 461 GetChanges, DataSet Version-Tracking, 313 forms authentication, 193–94, 202, 528, GetChar, DataReader method, 287 545–74, 576–79, 581. See also GetChildControlType method, 748 advanced credential storage GetChildRows, 322 Cookie-Less Forms Authentication, GetColor method, 811–12 577–79, 581 GetConfig, HttpContext object, 226 implementing, 550–52. See also login page, GetCurrent property, WindowsIdentity class, creating 593, 598–99 configuring forms authentication, GetDateTime, DataReader Method, 287 551–52 GetDesignTimeHtml method, Control overview, 550 Designers, 752, 754 ingredients of, 550 GetDirectories, 500 overview, 545–46 GetDiskFreeSpaceEx, Win32 API function, reasons for using, 546–50 502 role-based authorization with GetEditStyle method, UI type editor, 750 attaching roles, 614–16 GetElementsByTagName, XmlDocument, creating data store, 612–13 474–76 ■INDEX 955

GetEmployees( ) web method, Web Service GridLines properties, 371 example, 852 grids, 433–41, 443 GetEmployees method, Web Service overview, 433 example, 827–28, 836–37, 855–57 parent/child view, 433–36 GetEmployeesCount( ) method, Web Service parent/child view in single table, 440–41, example, 827–28, 835–36, 845 443 GetEmployeesDataSet method, Web Service parent/child/detail view, 437–38 example, 857 summaries in DataGrid, 438–40 GetEmptyDesignTimeHtml, Control Guest value enumeration, Designer, 753–54 WindowsBuiltInRole, 592 GetEmptyDesignTimeHtml method, Control GUID (globally unique identifier), 516 Designer, 753 GetErrorDesignTimeHtml method, Control H Designers, 753–54 HACK token tags, 71 GetErrors method, 342 handlers, custom section, 567 GetFileName, 504–5, 516 Handles keyword, 155 GetFiles method, 500, 801 HasChanges, DataSet version-tracking, 313 GetFullPath, 505 HasControls, Control class method, 136 GetImageUrl method, 767, 802 hash algorithms, 552, 562–63, 569 GetInt32, DataReader Method, 287 hash codes, 103, 241, 549, 562, 564 GetPaintValueSupported method, UI type HashAlgorithm class, 622 editor, 750 hashing passwords, 562–65 GetPersistInnerHtml( ) method, 747 creating password hashes, 564–65 GetPostBackEventReference method, 692–93 digest authentication, 587 GetProducts method, Web Service example, hashing passwords for web.config, 563–64 857 overview, 562–63 GetRandom( ) quote method, 206 HashPasswordForStoringInConfigFile, 558, GetRedirectUrl, 558, 561 564–65, 569 GetValue, DataReader method, 287 Hashtable class, 236–38 GetValues, DataReader method, 287 Hashtable collection, 355 GetVaryByCustomString, 268 HatchBrush, 797 GetVersionInfo, 500 Headers, HttpRequest property, 119 GetVersionInfoString, 510 Headers Collection, Trace Log, 125 GetWebPageAsString method, 766 HeaderTemplate template, 363–65 GetXxx, DataReader Method, 287 HeaderText property, ValidationSummary GIF format, 812 control, 171 global application events, 184, 190, 220, 222, HeadStyle, 370 532–33. See also global.asax file Height property, 149, 732 global assembly cache (GAC), 66, 186, 203 help, dynamic, 63, 69, 89–90 global style properties, 385 hexadecimal color numbers, 153 global.asax file, 27, 65, 184, 186, 188–92, 228, hidden columns, 387 533, 612, 614, 628, 647 hidden input field, 103 element, 203 hierarchically rendered pages, 113–14 GradientLabel control, 803–5 HTML, 3–6, 14–15, 18, 20, 96, 178–80, 318–20, GradientLabel.aspx, 805–6 322, 360, 456, 547, 679 graphical pie chart, 808 color names, 152 Graphics class, 790–92 encoding, 122–23 Graphics.FillPie method, 811 forms, page processing, 94–96 Graphics.FromImage method, 786 HTML mode of Visual Studio .NET, 59 Graphics.MeasureString method, 806 HTML server controls, 17–18, 136–47 GraphicsPath, 792–94 handling Server-Side events, 142–47 Graphics.SmoothingQuality property, 789 overview, 142–43 Graphics.TextRenderingHint property, 789 ServerChange event, 145–47 greedy matching, 701 ServerClick event and HtmlInputFile Grid Layout Panel, 654 control, 143–45, 156, 171, 175 GridLayout, 58 HtmlContainerControl class, 137 956 ■INDEX

HtmlControl class, 136–37 HttpBrowserCapabilities, 685–87 HtmlInputControl class, 137–38 HttpCachePolicy class, 269 overview, 136 HttpContext object, 533 programmatically creating server controls, HttpCookie, authentication, 561 141–42 HttpRequest object, 684 Setting Style Attributes and other HttpRuntime.UnloadAppDomain method, properties, 139–41 185 HtmlAnchor object, 579 https, // Secure Sockets Layer address, 537, HtmlContainerControl class, 137 541 HtmlControl class, 136–37 HttpServerUtility class, 121–23, 243 HtmlDecode, HttpServerUtility class, 121, HttpSessionState class, 118, 248 123 HyperLink attributes, 682 HtmlEncode method, HttpServerUtility, 121, Hyperlink control, 661, 663 123, 700 HyperLink objects, 579 HtmlForm class controls, 77, 113, 138 HyperlinkColumn tag, DataGrid control, 384 HtmlGenericControl, 133, 137, 139, 143, 782 Hypertext Transfer Protocol. See HTTP HtmlInputButton, HTML Server Control, 138, 143 I HtmlInputControl class, 137–38 ICollection interface, 350, 393, 447, 718 HtmlInputFile control, 143–45, 156, 171, 175 ICredentialStore interface, 566–74 HtmlInputImage control, 156–57 ICryptoTransform interface, 624 HtmlInputText control, HTML Server ID, Control Class property, 135 Control, 139–41 ID, dynamic control, 116–17 HtmlSelect control, 354–55 ID, session, 124–25, 245–46, 248, 252 HtmlTextWriter, 674–75, 697 id attribute, HTML tag, 17 HtmlTextWriterAttribute enumeration, 675 ID property, 666 HtmlTextWriterStyle enumeration, 675 IDbTransaction interface, 410 HtmlTextWriterTag enumeration, 675 identity HTTP, 3, 31, 129, 550, 601 role-based authorization, 536 401 responses, digest authentication, 587 tracking, 923–24 context, accessing, 129 identity, Configuration setting, 198 errors, 49–50, 201 Identity objects, 591–93 HTTP handlers, 47, 184, 211–20, 420–21, 803 idleTimeout, processModel attribute, 36 configuring custom, 214–16 IEnumerable interface, 718 creating advanced, 217–20 IEnumerator interface, 722 creating custom, 213–14 IFormatter interface, 520 registering without configuring IIS, 216–17 IHTTPHandler interface, 419 HTTP modules, 184, 211–13, 220–22, 647 IHttpHandlerFactory class, 211 HTTP pipeline, extending, 210–27 IHttpModule interface, 533 configuring custom HTTP handler, 214–16 IIdentity, 550, 559 creating advanced HTTP handler, 217–20 IIdentity class, 644, 647 creating custom HTTP handler, 213–14 IIdentity interface, 536–37 creating custom HTTP module, 220–22 IIdentity object, 536 extending configuration file structure, IIPrincipal object, 536 223–27 IIS Application directory, 184 HTTP handlers and HTTP modules, IIS software, 537 211–13 ILDASM, 11–12 overview, 210–11 IList interface, 718 registering HTTP handlers without ImageButton, Basic Web control, 156–57 configuring IIS, 216–17 images HTTP POST command, 852 dynamic graphics with GDI+, 788–89 HTTP request, 31, 119, 128, 183 integrating with other content in HTTP wire encryption protocols, 586 database, 419–21 HttpApplication object, 118, 187, 191, 220, serving from database to ADO.NET, 222, 533 416–21 HttpApplication.AuthenticateRequest Image.Save method, 787, 798 events, 612, 614 ImageUrl, Basic Web control, 150, 177 ■INDEX 957

tag, 803 integrated state serialization mechanism, ImmutableObject attribute, 730 100–103 Impersonate, WindowsIdentity class, 596–99 integrated Windows authentication, 585, impersonation, 528, 530, 535, 584, 594–99 587–88, 590 configured impersonation, 596 IntelliSense, 53, 72–75 impersonation in Windows 2000, 595 intermediate language (IL), 9, 12. See also overview, 594 ILDASM programmatic impersonation, 596–99 Internet Explorer, 180, 457, 619 INamingContainer interface, 695, 703, 707 Internet Information Services. See IIS Indentation property, 461 Internet Information Services (IIS), 16, 31, 52, index-based lookup, 423 85, 183, 213, 215–17, 230, 583, 596, InferXmlSchema( ), 485 608, 617–19 inheritance, configuration, 195–96 ASP.NET architecture, 31, 38 Inherits attribute, 76, 656 account security with worker Init event, 220, 222 process, 35 initialization, 21, 97, 104–5, 185 ASP.NET execution model, 38 InitializeComponent( ) function, 105 overview, 31 InitialValue, RequiredFieldValidator Control process recycling, 35, 38 property, 165 processing requests, 32, 35 inline code model, 75 URL request, 31–32 inline frame, 782–83 configuring, 588–90 inline styles, 58 installing, 39 in-memory resources, 184 installing certificates in, 540–41 InnerHtml HtmlContainerControl property, managing websites, 42 137 creating virtual directory, 43, 45 InnerHtmlContainerControl property, 123 folder settings, 46 InnerProperty, 744 overview, 42–43 InnerText, 123, 137 virtual directories and Web InProc setting, 249–50 applications, 45 input controls, 136–38, 690–91 overview, 31 input validation controls, 161–63, 165–73 verifying ASP.NET installation, 50–51 BaseValidator class, 164–65 Internet Server Application Programming CompareValidator control, 166–67 Interface (ISAPI), 5, 32, 48. See also CustomValidator control, 170–71 ISAPI extensions; ISAPI filters overview, 161–62 interop assembly, 208 RangeValidator control, 166 Intersect method, PrincipalPermission class, RegularExpressionValidator control, 611 167–70 IntPtr objects, 597 RequiredFieldValidator control, 165–66 intranet applications, Integrated Windows using validators programmatically, 172–73 Authentication, 587 validation controls, 162–63 invisible authentication, 584 validation process, 163–64 Invoke method, 845–46 ValidationSummary control, 171 IO namespace, 512 InsertCommand event, 415 IPostBackDataHandler, 690, 692, 724 InsertCommand property, 316, 337, 344 IPostBackEventHandler, 776, 778 inserting rows, command for, 343–44 IPrincipal class, 645 installing IPrincipal interface, 536 ASP.NET, verification of, 50–51 IPrincipal objects, 550 IIS, 39 IReadOnlySessionState, 220 WSE, 930–31 IRequiresSessionState, 220 InstallPersistSqlState.sql, 252 IS NULL Filter Operator, 340 InstallSqlState.sql, 251–52 IsAnonymous property, 593 instance version of Impersonate, 598 ISAPI DLL, 618 InstatiateIn method, 703–4 ISAPI extensions, 48, 185, 212–13 integrated debugger, 842 ISAPI filters, 212–13 958 ■INDEX

IsAuthenticated, HttpRequest property, 119 frames, 779–83 IsAuthenticated property, 536, 644 frame navigation, 780–81 IsClientConnected property, HttpResponse inline frames, 782–83 object, 120 overview, 779 IsClientScriptBlockRegistered, 777 JavaScript events, 758–59 IsCookieless, HttpSessionState settings, 248 overview, 757–58 IsEnabled property, Trace object, 125 script blocks, 760–67 IsGuest property, WindowsIdentity class, 593 creating JavaScript page processor, IsInRole, 536, 591–92, 609 761–64 IsNewSession, HttpSessionState settings, 248 overview, 760–61 isolation levels, 412–14 rendering, 769–71 IsolationLevel enumeration, 412–14 using JavaScript to download image IsPersistent property of asynchronously, 764–67 FormsAuthenticationTicket class, validation routines, 162, 170–71 559 JavaScript focus method, 770–71 IsPostBack, Page class property, 22, 105, 118 JavaScript property, 685 IsReusable, IHttpHandler interface property, JET database engine, 3 213 JIT (just-in-time) compilation, 9–10 IsSecureConnection HttpRequest property, JOIN query, 323, 339 119 just-in-time (JIT) compilation, 9–10 IsSecureConnection property, 542 IsStartupScriptRegistered method, 777 K IssueDate property of keystroke recording. See macro FormsAuthenticationTicket class, keywords, 12, 69, 74, 77, 90, 177 559 IsSystem property, WindowsIdentity class, L 593 /l switch, csc.exe command-line compiler, IStateClientManager interface, 247 428 IsValid Label control, 666 BaseValidator class property, 165 LAN-based intranet applications, Integrated Page class property, 105, 165, 170 Windows Authentication, 587 ItemCommand event, 365–67, 369, 372, 400, language 450, 508 parameter, Wsdl.exe, 839 ItemCreated event, 378, 404–5, 438 computer, 6, 9, 14, 24–25, 53–55, 76, 86, ItemDataBound event, 438, 440, 442 120, 140, 178, 200, 206, 268, 280 ITemplate interface, 703 human, 89 ITemplate object, 703–4 last-in-wins concurrency, 340, 345 item-removed callback, 261–63 LastWriteTime property, 507 Items collection, 374, 660 lazy initialization, 185 Items property, 661 leaks, memory, 36. See also memory ItemStyle, 370 Length contribution, 501 ItemTemplate, 359–61, 363, 367, 373, 376, Length property, 506 381, 400, 402, 510, 705–6 libraries, class, 7–8, 90, 214 ItemType property, 374 .licx files, 47 limited-length fields, regular expression, 170 J linear processing model, 97–98 Java, 25 LinearGradientBrush, 797, 807 JavaApplets property, 685 LineCap properties, 794 JavaScript, 15, 98–99, 133–34, 139, 154, 268, LineJoin member, 794 757–67, 769–72, 774–83 LinkButton control, 372, 663 code, 435, 686 LinkClicked event, 663 custom controls with JavaScript, 771–72, LinkTable control, 659, 661 774–78 LinkTableEventArgs class, 663 overview, 771 LinkTableItem object, 660 pop-up windows, 771–72, 774–75 LinkWebControl, 680–81, 687–88 rollover buttons, 776–78 Linux, 9 ■INDEX 959 list controls, 157–61, 354–56 M ListControl class, 158 machine.config file, 185, 192–95, 197, 211–13, overview, 157–58 223, 229, 241, 250, 603, 627, 686 using, 159–61 element, 193–94 ListBox, 354–55, 809–12 MachineName, HttpServerUtility method, ListControl class, 158 121 listener, trace, 28, 202–3 machine-specific keys, 550 ListItems, 716 macros, 63, 86–88 ListItem.Selected property, 160–61 MajorVersion property, 685 Literal control, 355, 467 Manage Your Server wizard, 41 literal control objects, 112 managed application, 11, 13 LiteralControl, 696 managed class, 622 Load( ), 466–67, 472 managed code, 13 Load event, 448, 656, 659, 666, 668 Manager, IIS, 588–90 Load event handler, 467 many-to-many relationship between users LoadControl, 666 and roles, 612–13 loading user controls, dynamically, 666–68, MapPath, HttpServerUtility method, 122 670 mapping, 617–19 overview, 666 MAX function, 329–30 portal frameworks, 666–68, 670 Max Pool Size setting, Connection pooling, LoadPostData method, 690–91, 725 284 LoadTemplate( ), 381 maxIoThreads, processModel attributes, 38 LoadViewState method, 689 maxRequestLength attribute, 145. See also LoadXml( ), 467 web.config local networks, digest authentication, 587 maxWorkerThreads, processModel local paths, 46. See also path, mapping attributes, 38 Local Security Policy tool, 595 MD5 hashing algorithm, 552, 564 localOnly Tracing option, 128 member list feature, 73 Locals Variable Watch window, 83 member variables, 188 elements, 196–97 memory, 4, 6, 13, 34, 57, 97, 101, 106–7, 185, Lock, 253, 515, 641 188, 190, 232, 239, 244–45, 247–48, locked settings, 196 252, 255, 259, 265, 289–90. See also locking file access objects, 518–19 garbage collection Log, 516, 521 MemoryStream, 788 LogEntry object, 521 MergableProperty attribute, 730 logged-on users, tracking, 639–41, 643 MergeWith method, Style class, 712 creating test page, 642–43 MessageName, 854–56 overview, 639–40 metacharacters, regular expressions, 168–69 reacting to application events, 640–41 metadata, 13, 16, 25 login button example code, 556 method names, 186, 188 login method for setting query string Microsoft ADO.NET (Core Reference), 451 parameters, 578, 581 Microsoft Intermediate Language (MSIL) login page, creating, 553–62 code, 9, 12 FormsAuthentication class, 557–58 Microsoft.XMLHTTP class, 852 FormsAuthenticationTicket class, 558–60 MIN function, 329–30 logging out, 557 Min Pool Size setting, Connection Pooling, overview, 553–57 284 persisting authentication cookie, 560–62 MinorVersion property, 685 loginUrl attribute, 551 MissingMappingAction property, 423 logLevel, processModel Attribute, 37 mobile controls, 134 LogonUser function, 597–98 mobile devices, 192, 244, 547 loopback address, 32, 281 Mobile .NET, 134 mode attribute, customErrors element, 201 960 ■INDEX

Mode property, 393 .NET cryptography classes, 622–26 mode session state setting, 249–52 .NET Framework, 7–8, 466 Mode setting, session state element, 248 .NET Framework Components tab, 678 modified URL (munged URL), 247, 252 .NET language, 673 modifiers. See regular expressions .NET reflection, 361 Modules collection, HttpApplication class, .NET standard, 662 222 .NET tab, Solution Explorer, 208 Modules window, 85 .NET Toolbox, 677 Mono 1.0, 9 network service accounts, 35 MoveNext( ) method, 277 networks, local, Integrated Windows MovePrevious( ) method, 277 Authentication, 587 Mozilla project, digest authentication, 587 NewPage.aspx, 780 MSDN, 8, 86, 88, 92, 180, 219, 275 NewPageIndex property, 394 MSDomVersion property, 685 NewRow method, 314, 332 MSIL (Microsoft Intermediate Language) NextPageText property, 393 code, 9, 12 NextPrev enumeration, 393 MSXML, creating ASP client with, 851–52 NextResult method, DataReader object, 287 MSXML2.DOMDocument object, 852 NodeType property, XmlNode object, 467, multibrowser, ASP.NET, 14–15 470 multidevice, ASP.NET, 14–15 nologo parameter, Wsdl.exe, 839 multilanguage, ASP.NET, 11–12 nonce values, digest authentication, 587 multiple attribute, Select element, 145 None, mode attribute, authentication multiple users, making files safe for, 515–16 element, 202 creating unique filenames, 515–16, 518 nonrepeatable read, 412 locking file access objects, 518–19 NonSelectableDates collection, 749 overview, 515 NonSelectableDates property, 699, 745–46 multithreading, 13 attribute, 236 munged URL, 247, 252 NonSerialized attribute, 520 MySQL injection attacks, 296 non-web-page resources, protecting, 617–19 adding file type mapping, 617–19 N overview, 617 /n parameter, csc.exe command-line NotifyParentProperty attributes, 741 compiler, 428 NotSupportedException exception, 626 name NTFS format files, 608 HTML color, 152 null reference, 664 predefined .NET color, 152 NullReferenceException, 689 name, method, 186, 188 NumericPages value, 393 Name attribute, 551 Name property, 153, 644 O FormsAuthenticationTicket class, 559 obfuscators, 12 HtmlInputControl class, 138 Object Browser, 8 namespace container, 7 object-oriented programming, 818 parameter, Wsdl.exe, 839 object-walker syntax, 149, 154, 385 namespaces, 7–8, 67, 79, 280–81 ODBC provider, 275, 281 prefixes for, 458 off setting, 249 XML, 457–58 OLE DB provider, 275, 297 NavigateUrl, AdRotator control, 177 onChange attribute, select element, 99–100 navigating XML files. See reading and onClick attribute, 99, 692–93, 769 navigating XML files OnDataBinding( ), 720–22 nested controls, 114 OnInit method, 681, 698 nested tags, 385 OnPreRender() method, 775 nested transactions, 415 onUnload events, 761 .NET classes, 673 OnXxx method, 691, 699 .NET components, 205–6, 208–10 Open method, connectionString object, 282 creating component, 206 OpenWrite, 514 overview, 205–6 Operator property, CompareValidator using component, 208, 210 control, 167 ■INDEX 961

Oracle provider, 275, 281, 284, 289, 292, 294 PageProcessor.aspx, 762 OracleConnection class, 274 Page.Request.Browser.JavaScript property, ordinary folder icon, 45 774 outlining, IntelliSense and, 72–75 PagerStyle object, 393 out-of-process, 249, 255 PagerStyle property, 393 output caching, 120, 188–89, 255, 264–69, 670 pages, ASP.NET, 93–112, 114, 116–32 custom caching control, 267–68 overview, 93 fragment caching, 269 page as control container, 110–12, 114, with HttpCachePolicy class, 269 116–17 overview, 264–65 dynamic control creation, 115–17 and query string, 265–66 overview, 110 with specific query string parameters, showing control tree, 110–12, 114 266–67 Page class, 118–28 Output Type setting, Web Application accessing HTTP context in another property, 79 class, 129 OutputCache directive, 264–69, 670 overview, 118 Overline property, FontInfo class, 153 Request, 119–20 overload method, 855 Response, 120–21 overloaded version of Authenticate method, Server, 121–23 576 Session, Application, and Cache, 118–19 User, 124 P page processing, 93–103 package folder icon, 45 ASP.NET Event Model, 97–98 Page class, 77, 105, 118–28, 652. See also automatic postbacks, 98–100 pages, ASP.NET dynamic interfaces, 96–97 accessing HTTP context in another class, HTML forms, 94–96 129 overview, 93 overview, 118 view state, 100–101, 103 Request, 119–20 web forms processing stages, 104–10 Response, 120–21 cleanup, 106–7 Server, 121–23 event handling, 106 Session, Application, and Cache, 118–19 overview, 104–5 Trace, 124–28 page flow example, 107–10 User, 124 page framework initialization, 105 page flow example, 107–10 User Code initialization, 105 page framework initialization, 105 validation, 105 page initialization, 658–59 pages element, Web.config file, 198 Page Layout setting, Web Application PageSize property, 393, 395, 398 property, 79 Page.Unload, 106 page processing. See pages, ASP.NET paging records, 392–98 Page property, Control class, 135 automatic paging, 392–95 page variables, control tags how connect to, custom pager bar, 398 77–78 custom pagination, 395–98 PageButtonCount property, 393 overview, 392 Page.Controls collection, 110 PaintValue method, UI type editor, 750 Page.Disposed event, 107 ParameterDirection.Output parameter, 344 Page.FindControl, 116, 173 parameterized commands, 297–98 PageIndexChanged event, 394, 396 parameters, query string, 266–67 Page.Init event, 105–7, 110 Parent property, Control class, 135 Page.IsPostBack property, 105 parent/child view, 433–36, 440–41, 443 Page.IsValid property, 105 parent/child/detail view, 437–38 Page.Load event, 21–22, 105, 111, 116–17, ParenthesizePropertyName attribute, 730 147, 160, 239, 786 PartialCachingControl object, 670 Page.Load event handler, 360, 371, 373 Passport authentication, 202, 528, 547–49, pageOutput tracing option, 128 586 Page.PreRender, 106 Passport authentication service, 534 962 ■INDEX

Passport .NET SDK, 535 portal frameworks, 666–68, 670 PassportAuthenticationModule, 534, 537 Portal Starter Kit, 670 password position, XPath expression, 477 parameter, Wsdl.exe, 840 Position property, 626 blank, 597 postbacks, 22–23, 93, 174 hashed, digest authentication, 587 PostRequestHandlerExecute, Application hashing for storage event, 189 creating password hashes, 564–65 PowerUser enumeration, hashing passwords for web.config, WindowsBuiltInRole, 592 563–64 precompiled web-page classes, 76 overview, 562–63 PreRender event, 448 regular expressions, 169 PreRequestHandlerExecute, Application passwordFormat attribute, 552, 563, 567–69 event, 188 passwordToCompare string variable, 569 PrevPageText property, 393 path, HttpPostedFile.SaveAs, 144 Principal object, 535–36 path, mapping. See also MapPath PrincipalPermission attribute, 611 path, system cache, 9 PrincipalPermission objects, 610–11 path attribute, 196–97, 214, 552 PrintOperator enumeration, Path class, 503–5 WindowsBuiltInRole, 592 .pdb files, 228 process recycling, 35, 38 PDF (Acrobat) files, 619 element, 193 PDF files, 619 ProcessRequest, 213, 419 Pen object, 794 programmatic impersonation, 596–99 pens, and dynamic graphics with GDI+, 794, project, for Visual Studio .NET, 57, 228–29 796 project references, default, 66 PenType member, 794 Projects tab, Add Reference dialog, 209 period (.) character, XPath expression, 477 Properties, Visual Studio .NET, window, 63, Perl, 4, 200 107–8 permissions, 35, 44–45, 85, 143, 188, 230. See Properties window, 370, 372, 386–87, 678, also security 727–31 PersistChildren attribute, 706 Property Builder link, 386 PersistenceMode attribute, 742–44 property procedures, 446 PersistenceMode.InnerProperty, 744 protection attribute, 551 persistent cookies, 557 parameter, Wsdl.exe, 840 personalization of web pages, 553 proxy, connecting through, 848–49 phantom reads, 412 proxy class, 837–38, 845, 910–11 phantom rows, 412 generating with Visual Studio .NET, 840, physical directory, 43–44 842–43 PhysicalPath, HttpRequest property, 119 generating with Wsdl.exe, 839–40 PieSlice object, 808–9 Proxy property, 848 pingFrequency attribute, processModel proxydomain, parameter, element, 37 Wsdl.exe, 840 pingTimeout attribute, processModel proxypassword, parameter, element, 38 Wsdl.exe, 840 pipe (|) character, XPath expression, 477 ProxyServer, 849 Pixel, 152 proxyusername, parameter, PlaceHolder control, 116, 666, 668 Wsdl.exe, 840 placeholders, 297 plain text editors, 53 Q Platform property, 685 query string, 799 PNG, 788 and caching, 265–66 pool, application, 34, 36 encrypting, 634–38 pooling, connections, 284 creating test page, 637–38 PopUp control, 772, 775 overview, 634 PopUp properties, 772 wrapping query string, 634–37 pop-up windows, 771–72, 774–75 parameters, 554, 577–78, 581 ■INDEX 963

transferring information with, 242–43 RefreshProperties attribute, 730, 741 overview, 242–43 Register directive, 676 URL encoding, 243 RegisterClientScriptBlock method, 769, 781 using the query string, 243 RegisterStartupScript, 435, 769, 781 QueryString regular expressions, 169–70 HttpRequest property, 119 RegularExpressionValidator control, 162, TraceLog collection, 125 167–70, 555 QueryString collection, 634 RejectChanges, DataSet version-tracking, 313, 333–35 R release mode, 229 RadioButtonList control, 157–58, 350, 354–55 ReleaseRequestState, Application event, 189 RaisePostBackEvent method, 693, 778 .rem files, 47 RaisePostDataChangedEvent method, Render method, 136, 674, 680, 683, 774 690–91, 725 RenderBeginTag method, 674–75, 680, 683 RangeValidator control, 162, 166 RenderChildren method, 683 RC2 algorithm class, 624 RenderContents method, 680, 682–83, 702 RDBMS (relational database management RenderControl method, 683 system), 408, 493 RenderEndTag method, 674–75, 680, 683 Read, StreamReader, 512 RenewTicketIfOld, 558 Read method, DataReader class, 287 RepeatColumns property, 159, 369, 371 read mode, 625 RepeatDirection property, 159, 369, 371 ReadCommitted isolation level, 413 repeated-value binding, 349, 354–56, 714 ReadElementString, 472 Repeater, List control, 157 ReadEndElement, 472 Repeater control, 320, 350, 358–67, 382, 704 reading and navigating XML files, 464, DataBinder.Eval( ) method, 361–63 467–73, 475–77, 479–83 events, 365–67, 369 overview, 464–65 ItemTemplate, 359–61 searching XML documents, 474–76 overview, 358–59 searching XML documents with XPath, RepeaterItem object, 360 476–77 RepeaterItem type, 382 transforming XML files, 480–83 RepeaterItemEventArgs property, 367 using XML DOM, 465, 467–68 RepeatLayout property, 159, 369 using XmlTextReader, 471–73 Repeator control, 318–19 using XPathNavigator, 469–71 replay attacks, digest authentication, 587 validating XML files, 478–81 Replicator enumeration, ReadLine, StreamReader, 512–13 WindowsBuiltInRole, 592 read-only access, 277 Request object, 119–20 ReadOnly attribute, 729 request validation, 129–30 read-only enumeration, FileInfo and RequestDetails, Trace Log, 124 DirectoryInfo, 498 requestLimit, processModel Attribute, 37 ReadOnly property, 401–2 requestLimit, Tracing option, 128, 202 ReadStartElement, 472 requestQueueLimit, processModel Attribute, ReadString, 514 37 ReadToEnd, StreamReader, 514 request-related events, 188 ReadXml, XmlTextReader, 471, 486 requests, HTTP, 31, 119, 128, 183 ReadXmlSchema( ), 485 RequiredFieldValidator control, 162, 165–66, recursive searching logic, 116–17 555 recycle application domains, 185 ResolveRequestCache, Application event, 188 Redirect, 541, 576, 579, 619, 636 resource checking, 84–85 Redirect, Response object, 120–21 response caching, 670 RedirectFromLoginPage, 556–58, 561, 576, response events, immediate, 106 604, 619 Response object, 120–21 redirections, 619 responseDeadlockInterval, processModel Reference.cs, 842 Attribute, 37 reflection, 300 Response.OutputStream, 788 Refresh, 498 RestrictedCalendar control, 699–700, 745–47 964 ■INDEX

RestrictedDates collection, 748 schedule files, AdRotator control, 176 restrictions to database accounts, 297 schema file, 426 result sets, multiple, 290–92 schemas, XML, 458–59 .resx files, 47, 65, 228 script blocks, JavaScript, 760–67 retrieval of records using DataSet. See creating JavaScript page processor, 761–64 DataSet overview, 760–61 rich controls, 133, 174–80 rendering, 769–71 AdRotator control, 176–77 overview, 769–70 Calendar control, 174–76 using JavaScript to set control focus, overview, 174 770–71 Xml control, 178–80 using JavaScript to download image RichLabel control, 734–35, 737 asynchronously, 764–67 RichLabelFormattingOptions, 734–35, script injection attacks, 129–32 737–38 disabling request validation, 131–32 RichLabelFormattingOptionsConverter, overview, 129 example, 737, 741 request validation, 129–30 RichLabelTextType enumeration, 734 script languages, 6 Rijndael algorithm, 626–27 searching XML documents, 474–76 RijndaelManaged implementation class, 624 section handlers, 223–27, 567 Role Identifiers (RID), 591–92 Secure Sockets Layers. See SSL role-based authorization, 529, 612–16 Secure Sockets Layers (SSL), 537–43, 548, attaching roles, 614–16 556, 586 creating data store, 612–13 certificates, 537–38 overview, 612 encoding information with, 541–43 retrieving role information, 613–14 installing certificates in IIS, 540–41 Rollback, 334, 410–12 overview, 537 rollover button, 776–78 security, 621–30, 632–41, 643–48. See also round-trip, 98, 101, 121 encrypting data; Secure Sockets row Layer adding, 332–33 ASP.NET security processes, 527–32 deleting, 333, 346 authentication, 528 editing, 332 authorization, 529 inserting, 343–44 encryption, 530–31 selecting, 390–92 impersonation, 530 sorting, 387–90 overview, 527–28 updating, 345–46 authentication, 532–34 RowFilter object, 435 built-in authentication modules, RowFilter property, 326–27 533–34 Rows collection, 314, 332–33 overview, 532–33 RowState property, 333 authorization, 535–37 RowStateFilter property, 328 overview, 535 RowUpdated event, 341–42 security context, 535–37 rule ordering, 607–8 context objects, 550 rules, authorization, 601–2 extending ASP.NET authentication, 643–47 Run as Server Control, 140 custom authentication, 646–47 run scripts permission. See permissions custom identity and principal objects, runat="server" attribute, 21 644–46 runat=\"server\" attribute, 133, 137–40 overview, 643–44 of keys, 193–94 S overview, 527, 621 Save, 414, 461, 788 for query strings, 243 SaveAs method, HttpPostedFile object, 144 settings, IIS, 16, 35, 43, 45, 47, 230 savepoints, 414–15 tracking logged-on users, 639–41, 643 SaveViewState method, 689 creating test page, 642–43 scavenging, cache, 258 overview, 639–40 Sceppa, David, 451 reacting to application events, 640–41 ■INDEX 965

of view state, 103 Server.Transfer, 120–21 web services ServerVariables property, HttpRequest authenticating users, 924–26 object, 119 authorizing users, 926 Session collection, 448, 808, 859, 862 testing the SOAP authentication session hijacking attacks, 560 system, 927–28 Session object, 118, 319 SecurityException, 143, 496 Session property, 833 Select, DataTable, 323–24, 332 session state, 28, 245–52, 533, 581, 859–60 Select, XPathNavigator, 477 configuring, 249–52 SELECT query, 336–37, 360, 409 cookieless, 252 Select text string, 372 mode session state setting, 249–52 SelectCommand property, 316, 337 overview, 249 SelectedDate property, 175 timeout, 252 SelectedIndex event, 378 overview, 245 SelectedIndex property, 158, 374 session architecture, 245–47 SelectedIndexChanged event, 158, 372–73, using, 247–48 390–91, 437–38, 448, 509 session state management, 232, 245 SelectedIndexChanged event handler, 435 Session State, Trace Log, 124 SelectedItem property, 158, 160–61, 663 Session_End Application event, 190 SelectedItemStyle, 370, 372, 507 Session_Start Application method, 189 SelectionChanged events, 174 SessionID, 124–25, 245–46, 248, 252 SelectionIndexChanged event, 373 sessionState element, Configuration, 198 sensitive data, encrypting, 626–30, 632–38 element, 203 choosing algorithm, 626–27 SET TRANSACTION ISOLATION LEVEL creating encryption and decryption command, 413 routines, 629–30, 632 SetAuthCookie, 558, 561 creating key, 627–29 Setting Style Attributes, 139–41 creating test page, 632–33 settings, locked, 196 SeparatorStyle, 370 SHA1 hashing algorithm, 552, 564 SeparatorTemplate template, 363–65, 371 shadow copies, 186 SequentialAccess value, 418 Shared locks, 413 Serializable attribute, 233, 447, 519–21 shopping cart classes, building, 443–44, serializable object, 519–21 446–51 serialization. See code serialization multiple selection, 451 server controls, 15, 17, 20, 59, 62, 68, 133–47. overview, 443–44 See also custom server controls shopping cart classes, 444, 446–47 hierarchy of, 134–36 test page, 447–51 overview, 133–34 Shortcut task, Task List, 70 Server Explorer, Visual Studio .NET, window, Show All Files, Solution Explorer, 63 63, 71 ShowDirectoryContents, 507 Server object, 121–23 ShowFooter property, 438 server parameter, Wsdl.exe, 839 ShowHeader property, 506 Server property, 833 ShowMessageBox property, server roles, application, IIS, 41–42 ValidationSummary control, 171 Server Variables, Trace Log, 125 ShowSummary property, ValidationSummary server-based controls, 15 control, 171 ServerChange event, 142–47 shut down application domains, 185 ServerClick event, 143–45, 156–57, 171, 175 shutdownTimeout, processModel servers, database, 281–82 Attribute, 36 Server-Side events, 142–47, 154–56 side-by-side execution, 48 ServerChange event, 145–47 SignOut, 557–58, 561 ServerClick event and HtmlInputFile simple asynchronous call, 911–14 control, 143–45, 156, 171, 175 Simple data bound controls, 714 server-side execution, 93 SimpleRepeaterItem container, 708 server-side form tag, 77, 151 SimpleRepeaterItem control, 707 server-side input validation, 162, 170–71 single value binding, 349, 351–53 966 ■INDEX

SingleBitPerPixelGridFit, 789 special characters single-step debugging, in Visual Studio .NET, removal. See SQL injection attack 80–82 SELECT query, 339 single-value data binding, 714 specific-length passwords, regular Size property, FontInfo class, 153 expression, 169 sliding expirations, 256 SQL DELETE statement, 380 .sln files, 57, 65, 228 SQL injection attack, 294, 296–97, 324 SmoothingQuality property, 789 SQL query, 320 SOAP, 24, 826, 867–75, 877–89 SQL Server, 415, 570 encoding complex data types, 881–86 SQL Server provider, 275, 278, 284, 297–98 creating custom class, 883–84 SQL Server state service, 249 generating proxy, 885 SQL statements, 339 overview, 881–83 SQL UPDATE command, 379 extensions, creating, 890–900 SqlRowUpdatedEventArgs object, 342 overview, 892 SqlServer setting, 251–52 SoapExtension, 894–99 SqlTransaction class, 414 SoapExtension Attribute, 892–94 Src attribute, 420, 652, 656 SoapLog extension, 899–900 SSL (Secure Sockets Layer) encryption, 530 overview, 867–68, 890–92 standardization, in ADO.NET, 278 shaping XML of complex data types, start page, Project setting, 78 887–89 start tag, 675 SOAP encoding, 868–69 StartCap member, 794 SOAP envelope, 872–75, 877 StartFigure method, 793–94 fault messages, 874–75, 877 starts-with, XPath expression, 477 overview, 872–73 startup