Index
Special Characters AddAttributesToRender method, overriding, & (ampersand) character, QueryString 681, 691, 724, 777 encryption, 635 AddBezier method, 793 & operator, 499 AddBeziers method, 793 * (asterisk) character, XPath expression, 476 AddClosedCurve method, 793 * wildcard operator, 500, 505 AddCurve method, 793 @ (at sign) character, XPath expression, 477 AddEllipse method, 793 | (pipe) character, XPath expression, 477 AddLine method, 793 < > (brackets) characters, XPath expression, AddLines method, 793 477 AddNew method, 315 = (equal sign) character, QueryString AddParsedSubObject method, 706, 749 encryption, 635 AddPath method, 793 : (colon) character, namespace prefix, xmlns, AddPie method, 793 458 AddPolygon method, 793 . (dot) character, XPath expression, 477 AddRectangle method, 793 / (forward slash) character, XPath expression, AddRectangles method, 793 477 AddString method, 793 . (period) character, XPath expression, 477 AddStyleAttribute method, 674 \ in Path, 503 Administrator enumeration, ? wildcard operator, 500, 505 WindowsBuiltInRole, 592 ADO vs. ADO.NET, 276–78 A ADO.NET, 407–24, 426, 428, 431, 433–44, Abandon session state settings, 248 446–51 abstract encryption classes, 624 advanced grids, 433–41, 443 AcceptChanges, DataSet Version-Tracking, overview, 433 313, 334–36 parent/child view, 433–36 access, anonymous, 589, 596, 617 parent/child view in single table, access control lists (ACLs), 608 440–41, 443 AccessKey property, 149 parent/child/detail view, 437–38 account tokens, 596–97 summaries in DataGrid, 438–40 AccountOperator enumeration, architecture of, 273–81, 289, 292, 294 WindowsBuiltInRole, 592 ADO worse than ADO.NET, 276–78 ACID properties, 408 ADO.NET data providers, 274–75, 289, AcquireRequestState, 188 292, 294 Acrobat (PDF) files, 619 disconnected data, 279 Act as Part of the Operating System fundamental ADO.NET classes, 276, permission, 595 280–81 ActiveX components, PDF files, 619 overview, 273 ActiveXControls property, standardization in ADO.NET, 278 HttpBrowserCapabilities, 685 web applications and DataSet, 279 AdCreated, AdRotator event, 177 XML integration, 280 Add method building shopping carts, 443–44, 446–51 database, 329 multiple selection, 451 hashtable, 355–56 overview, 443–44 Add Web Reference dialog box, 846 shopping cart classes, 444, 446–47 AddArc method, 793 test page, 447–51 AddAttribute method, HtmlTextWriter, 674 classes, 276, 280–81
941 942 ■INDEX
Command and DataReader classes, advanced credential storage, 562–74, 576–77 285–94, 296–300 adding information to authentication calling stored procedures, 298–300 ticket, 573–74, 576–77 command basics, 285–86 adding user-specific data to credential DataReader class, 286–87 store, 573–74 ExecuteNonQuery( ) method, 293 attaching user-specific data, 576–77 ExecuteReader( ) method and limits of UserData property, 577 DataReader, 287–92 overview, 573 ExecuteScalar( ) method, 292–93 hashing passwords for storage, 562–65 overview, 285 creating password hashes, 564–65 SQL injection attacks, 294, 296–97 hashing passwords for web.config, using parameterized commands, 563–64 297–98 overview, 562–63 Connection class, 281–85 overview, 562 connection-based classes, 281 using other credentials stores, 565–73 data binding structures, 350 interface for credential stores, 566–67 data providers, 274–75, 289, 292, 294 overview, 565–66 database component, 301–2, 304–5, storing credentials in database, 570–73 309–10 storing credentials in XML file, 567–70 overview, 301–2 advanced digest Windows authentication, sample database component, 302, 586–87 304–5, 308 AdvertisementFile, AdRotator, 177–78 testing components, 308–10 algorithms, hash, 552, 562–63, 569 DataSet mapping, 421–23 AllowCustomPaging property, DataGrid disconnected access model, 311, 333 control, 395 JOIN queries vs. DataRelation, 323 allowOverride, Web.Config location, 196 overview, 273 AllowPaging property, DataGrid control, 393, serving images from Database, 416–21 395 displaying binary data, 416–17 AllowSorting property, DataGrid control, integrating images with other content, 387–88 419–21 AllowWeekendSelection property, 699 overview, 416 AlternateText, AdvertisementFile, 177 reading binary data efficiently, 418 alternating item template, 712 transactions, 407–15 AlternatingItemStyle property, 370–71, 386 and ASP.NET applications, 408–12 AlternatingItemTemplate template, 363, 365, isolation levels, 412–14 367 nested transactions, 415 ampersand (&) character, QueryString overview, 407–8 encryption, 635 savepoints, 414–15 anonymous access, 589, 596, 603, 617 using transactions with DataAdapter, anonymous users, denying access to, 553, 415 590 typed DataSets, 424–28, 431–32 antialiasing, 789 creating typed in Visual Studio .NET, AOL property, 685 426–27 Apache Foundation, digest authentication, creating typed with XSD.exe, 428 587 dissecting, 428, 430 APIs, 547 overview, 424–25 App.config, 844 using typed DataSet, 431–32 AppendHeader, PDF files, 619 and XML, 484–91 Application collection, 518 accessing DataSet as, 488–89 application directories, 31–32 converting DataSet to, 485–87 application domains, 33, 183–85 executing XML query, 490–91 application event, 188–92 overview, 484–85 application integration, 454, 456 AdRotator control, 176–77 application lifetime, 185 advanced breakpoints, 82 Application object, 118 application pool, 34 ■INDEX 943
Application property, 833 overview, 31 application server role, IIS, 41–42 process recycling, 35, 38 application state, 253–54, 515, 628 processing requests, 32, 35 application update, 185–86 URL request, 31–32 Application_Error method, in global.asax, ARGB color values, 152 190 ArrayList class, 350, 446 ApplicationConfiguration dialog box, 617 Arrays data type, 828 application-level traces, 127–28 AS keyword, 422 ApplicationPath method, Request object, 122 .asax file extension, 47 ApplicationPath property, HttpRequest ASC sorting attribute, 325 object, 119 .ascx extension, 652, 654 applications, ASP.NET, 183–206, 208–30 .ascx file, 655–56, 666, 670 anatomy of, 183–86 .ascx file extension, 47, 64 ASP.NET configuration, 192–205 .ascx text file, 654 configuration settings, 197–205 .ascx user control markup file, 666 machine.config file, 192–94 .ashx file extension, 47, 216–17 overview, 192 .asmx file, 831, 840 web.config file, 194–97 .asmx file extension, 47, 65, 184 deploying, 227–30 asp prefix, 18, 151 extending HTTP pipeline, 210–27 ASP vs. ASP.NET, 27–28 configuring custom HTTP Handler, ASPNET accounts, 35, 529, 595, 608 214–16 ASP.NET pages. See pages, ASP.NET creating advanced HTTP handler, aspnet_isapi.dll, 31 217–20 aspnet_regiis utility, 48, 51 creating custom HTTP handler, 213–14 .aspx (web form) files, 652 creating custom HTTP module, 220–22 .aspx file extension, 47, 64, 75, 184, 652, 654 extending configuration file structure, .aspx files, 608, 762, 798 223–27 .aspx page, 670 HTTP handlers and HTTP modules, assemblies, 6, 8–9, 66, 79, 186 211–13 assembly cache, global. See GAC overview, 210–11 Assembly Name project setting, 79 registering HTTP handlers without asterisk (*) character, XPath expression, 476 configuring IIS, 216–17 ASXII encoding, 513 global.asax application file, 186, 188–92 asymmetric encryption, 538–40 application events, 188–90 asymmetric key pair, 538 demonstrating application events, AsymmetricAlgorithm class, Cryptography, 191–92 622 overview, 186, 188 asynchronous calls, 909–11, 913–19 .NET components, 205–6, 208–10 asynchronous services, 918–19 overview, 183 concurrent asynchronous calls, 914–15 and transactions, 408–12 overview, 909–10 client-initiated ADO.NET transactions, proxy class, 910–11 410, 412 responsive Windows clients, 916–18 overview, 408–9 simple asynchronous call, 911–14 stored procedure transactions, 409–10 asynchronous proxy class methods, 845 applications, certified, 593 asynchronous thread, 13, 219 applications, web. See web applications at sign (@) character, XPath expression, 477 application-specific key, 628–29 attacks, script injection, 131–32 appsettingbaseurl,
Authenticate, 563–68, 576 B Authenticate event, 533 back reference, regular expressions, 701 Authenticate Request event, 532–33 BackColor property, 149, 165 authenticated users, 602–3 BackgroundSounds property, 685 AuthenticateRequest event, 188, 221, 533, BackupOperator enumeration, 644–45, 647 WindowsBuiltInRole, 592 authentication, 16, 124, 184, 188, 197, 202, base tag, HTML, WebControl class, 679–80 528, 532–34. See also forms Base64 string, 100, 103, 241, 586, 635 authentication BaseValidator class, 164–65 built-in authentication modules, 533–34 basic Windows authentication, 585–86 database, 281–82 Begin, 410, 412, 415 overview, 532–33 BeginEdit, DataRow, 315, 332, 334 process, 527–28 BeginGetEmployeesCount method, 845 authentication mode, 646 BeginPageLoad function, 762–63
BufferResponse, 855, 862–63 checksums, Cryptography, 563 Build Errors task, 70 child controls, 110, 135, 142 Button web control, 367 ChildControlsCreated property, 722 Button1.Click event, 155 ChildNodes collection, XmlDocument, 466, Button1.Load event, 155 468 Button.Click event handler, 106–7, 132 class libraries, 7–8, 90, 214 ButtonColumn tag, DataGrid control, 383, Class Library projects, 205–6 390–401, 447 Class View, 63 Button.CommandName, EditItem template, Clear, HttpSessionState object, 248 372, 374 ClearTypeGridFit, 789 client server development, 4 C ClientCertificate property, HttpRequest C# language, 9, 54, 65, 87, 140, 428, 518 object, 119 C# lock statement, 640–41 clientConnectedCheck, 37 Cache, 120, 515 ClientID property, Control object, 135 cache, global assembly. See GAC client-initiated transactions, 408, 410, 412 Cache object, 118, 319, 389, 395 client-side JavaScript, 15, 99, 161, 170–71 Cache property, Response object, 269 clientTarget, Configuration setting, 197 Cache state, 628 ClientValidationFunction, 171 CacheDuration, 854, 856–57, 859 Close method CacheItemRemovedReason enumeration, Connection, 282 263 DataReader, 287 CachePriority enumeration, 259 Close method, File class, 512 caching. See data caching; output caching CloseFigure method, 793–94 Calendar control, 174–76 CLR. See Common Language Runtime Calendar rich control, 133, 174–76 ClrVersion property, 685 Call Stack window, 84–85 CLS. See Common Language Specification Cancel property, 663 CLS-compliant languages, 12 CancelCommand event, DataList, 377, 400 cmdUpload.ServerClick event, 144 CancelEdit method, DataRow, 315, 332, 334 CN (Common Name) server certificate, 542 CancelText property, EditCommandColumn, code. See also inline code model 401 adding to user controls CanConvertFrom method, 737–38 adding events, 662, 664 CanConvertTo method, 737, 739 adding properties, 657–59 canonicalization errors, 503 exposing inner web control, 665–66 Cascading Style Sheets (CSS), 58, 137, 154, handling events, 655–56 370 overview, 655 CaseSensitive property, DataTable, 325 using custom objects, 659, 661–62 Cassini web server, 34 authorization checks in, 609–11 CategoriesRow object, Categories DataTable, overview, 609 428, 430, 432 using IsInRole( ) method, 609 Category attribute, 729 using PrincipalPermission class, 610–11 CategoryID example, 426, 435, 442 data retrieval and processing, 278 CausesValidation property, 163–66, 173 code serialization, 734–35, 737–39, 741–50, CellPadding property, 159 752 Cells collection, 403, 439–40 overview, 734 CellSpacing property, 159 serialization attributes, 742–50, 752 certificate authority (CA), 537–38, 540–41 controls with collections, 745–49 certificate-based Windows authentication, overview, 742–44 586 templated controls, 744–45 certificates, 537–38, 540–41 type converters, 734–35, 737–39, 741–42 certified applications, 593 attaching a type converter, 740–41 CGI. See Common Gateway Interface control with object properties, 734–35, change event, 106 737 charting, with GDI, 808–13 creating a custom type converter, CheckBoxList, 157–60, 349–50, 354–55 737–39 946 ■INDEX
ExpandableObjectConverter, 741–42 CommandBehavior, 290 overview, 734 CommandBuilder, 337–40 type editors, 749–50, 752 CommandName property, 509 Codebehind attribute, 76 DataGrid, 390 code-behind model, 53, 75–79, 184, 676 DataList control, 380 code-behind files connected to pages, 76 RepeaterItemEventArgs, 365, 368, 372, 377 control tags connected to page variables, CommandSource property, 77–78 RepeaterItemEventArgs, 365 events connected to event handlers, 78 CommandText property, 337, 411 overview, 75 CommandType enumeration, 285 project settings, 78–79 Comment task, 70 code-behind view, 60 Commit, 410 codes, hash, 549, 562, 564 Commit method, Transaction class, 410–12 ColdFusion, 4 Common Gateway Interface (CGI), 4–5, 44 CollectionBase class, System.Collections common language runtime (CLR), 6, 11, class, 446–47 13–14, 32, 61, 184, 186, 728 CollectionConverter, 745 common language specification (CLS), 12 colon (:) character, namespace prefix, xmlns, Common Name (CN) server certificate, 542 458 Common Properties, Project setting, 79 color, configuring in Visual Studio .NET, 74 CompareValidator control, 162, 166–67, 450 Color data type, 752 compilation, 9, 200–201, 208 Colors object, 152–53 of component source codes, 205–6, 208 ColorTranslator class, 152 of custom HTTP handlers, 214–16 columns, in DataGrid compilation tag, web.config, 86, 197, 200–201 declaring, 400–402
Configuration Properties, Project setting, 79 CustomValidator control, 170–71 configuration settings, 184 overview, 161–62
CORBA (Common Object Request Broker custom HTTP handlers, 214–19 Architecture), 818–20 configuring, 214–16 COUNT, DataView, 329–30 creating, 213–14 Count, HttpSessionState setting, 248 custom HTTP module, creating, 220–22 COUNT, sql, 396 Custom Objects data type, 828 count, XPath expression, 477 custom pagination, 395–98 Crawler property, 685 custom section handlers, 567 Create, DES encryption, 624 custom server controls, 673–78, 680–709, Create Decryptor, CreateEncryptor, 625 711–22, 724, 726 Create method, FileInfo class, 496, 512 basics of CreateChildControls method, 695–97, 704, adaptive rendering, 684–87 707–8, 724 creating bare-bones custom control, createConstraints parameter, DataRelation, 674–75 322 creating WebControl that supports style CreateControlHierarchy method, 722–24 properties, 679–82 CreateDirectory method, Directory class, 494 custom controls in Visual Studio .NET, CreateMachineKey( ), 193–94 676–78 CreateNavigator method, XmlDocument, rendering process, 683–84 469, 483 using custom control, 676 CreateObject( ), 121 Control State and Events, 687–94 CreatePlaceHolderDesignTimeHtml method, overview, 687 753–54 Postback Data and Change events, credential storage. See also advanced 690–92 credential storage triggering postback, 692–94 CreditAccount method, 863 ViewState data, 687–89 CryptoAPI, 622, 624 creating data bound controls, 714–22, 724, cryptographic step, 629 726 cryptographically strong checksum, 563 data binding process, 720–22 Cryptography namespace, 621–22 data items, 716–17 CryptoStream class, 625 data source, 718–19 CryptoStreamMode enumeration, 625 dealing with postbacks, 724, 726 .cs files, 47, 65, 228 overview, 714–15 csc.exe compiler, 428, 676, 840 rendering the control, 723–24 .csproj files, 47, 57, 65, 228 extending existing web controls, 694–702 CSS style attributes, 139–40. See also composite controls, 694–97 Cascading Style Sheets derived controls, 698–702 CssClass property, 149 overview, 694 Current property, 129 overview, 673–74 CurrentPageIndex property, DataGrid, 392, templated controls, 703–9, 711–14 394–98 creating, 703–6 cursor support, 277, 279 overview, 703 cursors, firehose, 286 styles, 711–14 custom authentication systems, 545 using customized templates, 706–9, 711 Custom Caching Control, 267–68 custom ticket-based authentication, 922–23 custom commands, 342–44, 346 custom type converter example, 737 custom control custom validation, 173 custom caching control, 267–68 customErrors, configuration setting, 197 with JavaScript
D item removed callback, 261–63 /d switch, csc.exe command-line compiler, overview, 255–57 428 testing, 258 DashPattern member, 794 data conflicts, 341–42 DashStyle member, 794 Data Encryption Standard (DES), 193, 241, DashStyle properties, 794 622 data access step, 629 data package, 302–3 data binding, 23, 135, 349–67, 369–78, data providers, 274–75, 280–94, 296–300 381–406 data source, updating data in, 336–37, controls supporting repeated binding, 339–44, 346–47 350–51 autogenerating update commands, 337, data structures supported for, 350 339–40 DataGrid control, 382–406 data conflicts and update events, 341–42 advanced customization, 404–6 overview, 336–37 defining columns, 383–87 testing component, 346–47 editing and deleting rows, 400–404 using custom commands and stored overview, 382–83 procedures, 342–44, 346 paging records, 392–98 data types, 6, 66, 277, 281, 287 selecting rows, 390–92 data utility class, 304–5, 308 sorting rows, 387–90 DataAdapter class, 318–22 templated columns, 398–400 filling DataSet, 316–20 DataList control, 369–76, 378, 381 overview, 316 deleting items, 380 searching for specific rows, 323–24 editing items, 374–76, 378 working with multiple tables and overview, 369–71 relationships, 320–23 selecting items, 371–74 DataAdapter object, 274, 313, 333–34, 336, to DataReader, 356–58 341–42, 344, 346, 421–23, 431 fundamentals, 349–58 database binding to DataReader, 356–58 and ADO.NET architecture, 273–75, 289, controls supporting repeated binding, 292, 294 350–51 serving images from, 416–21 data structures supported for data displaying binary data, 416–17 binding, 350 integrating images with other content, overview, 349 419–21 simple controls for repeated-value overview, 416 binding, 354–56 reading binary data efficiently, 418 single value binding, 351–53 transferring to web server, 229 overview, 349 database component, 301–2, 304–5, 309–10 Repeater control, 358–67, 369 overview, 301–2 DataBinder.Eval( ) method, 361–63 sample database component, 302, 304–5, ItemTemplate, 359–61 308 other templates, 363–65 data package, 302–3 overview, 358–59 data utility class, 304–5, 308 Repeater’s events, 365–67, 369 overview, 302 data binding expression, 351–53, 360, 365, stored procedures, 304 377, 400 testing component, 308–10 data bound controls, 23–24 DatabaseCredentialStore class, 570–74, 613, creating, 714–22, 724, 726 629 data binding process, 720–22 DataBind method, 135, 319, 326–27, 349, 351, data items, 716–17 353, 358–59, 688, 709–10, 850 data source, 718–19 DataBinder.Eval( ) method, 361–63 dealing with postbacks, 724, 726 DataBinding( ) event, 361 overview, 714–15 DataColumn object, DataTable, 314, 321, rendering the control, 723–24 324, 329, 428 data caching, 255–63 data-definition, 285 cache priorities, 258–59 DataEncryption Standard (DES), 624 caching with dependencies, 259–61 DataFormatString property, DataGrid, 384 950 ■INDEX
DataGrid control, 382–406, 764–65 typed, 424–28, 431–32 advanced customization, 404–6 creating in Visual Studio .NET, 426–27 binding DataReader to, 292 creating with XSD.exe, 428 defining columns, 383–87 overview, 424–25 editing and deleting rows, 400–404 using, 431–32 inserting into page, 23–24 web applications, 279 overview, 157, 382–83 DataSet property, 488 paging records, 392–98 DataSetName element, 487 selecting rows, 390–92 DataSets, Web Service data Type, 829 sorting rows, 387–90 DataSource property, 158, 318, 349, 354, 359, templated columns, 398–400 377, 383, 688, 718 DataGrid object, 505–10 DataTable object, 314, 343, 350, 428 DataGridCommandEventArgs object, 403 DataTableMapping object, 423 DataGridItems, 716 DataTextField property, 158, 354, 357, 392, DataGridPageChangedEventArgs class, 394 722 DataKeyField property, 373 DataTextFormatString, ListControl class DataKeys collection, 373–74, 379–80, 403 property, 158 DataList control, 157, 369–76, 378, 381 DataValueField property, 158, 354, 722 deleting items, 380 DataView class, 324–31 editing items, 374–76, 378 advanced data filtering with relationships, overview, 369–71 329 selecting items, 371–74 calculated columns, 329–31 DataList object, 509–10, 642, 661 data filtering with, 326–28 DataList page, 800–802 data sorting with, 324–26 DataListItem type, 382 overview, 324 data-manipulation, 285 DataView object, 435, 442 DataMember, ListControl class property, 158 DataView view, 350, 388 DataMember property, 354 DateTimeCollection property, 746 DataReader object, 23, 274, 279, 285–94, DateTimeHelper object, 748–49 296–300, 311–12 DayRender event, 699 binding to, 356–58 DBConcurrencyException, 341 and ExecuteReader( ) method, 287–92 DbDropDown control, 715–19, 723 CommandBehavior, 290 DbListItem control, 717–18 overview, 287–89 DbListItem control objects, 719, 723 processing multiple result sets, 290–92 DbListItem.Render method, 723 DataRelation object, 321–23, 330, 426 DCOM (Distributed COM), 819–20 DataRow object, 313–15, 318, 322, 332, 339, DebitAccount method, Web Service example, 342, 424, 428, 430, 444, 448–49 863 DataRow versioning, 333–35 debugging, 28, 55, 80–86, 125, 590 DataRowState enumeration, 333–34 Decrypt, 558 DataRowVersion, 334, 346 decryption routines, 629–30, 632 DataSet object, 257, 274, 311–15, 320, 336, decryptionKey, 193 343, 350, 395 DecryptString, 629–30 accessing as XML, 488–89 DecryptToString, 631–32, 636 and automatic paging, 394–95 default editors, 67 converting to XML, 485–87 Default Namespace project setting, 79 data conflicts and update events, 341–42 Default Website item, 45–46 DataRow class, 314–15 DefaultEvent attribute, 730 DataTable class, 314 defaultLanguage, Compilation attribute, 86, DataView class, 315 200 filling, 316–20 DefaultProperty attribute, 730 generic nature of, 278–79 DefaultValue attribute, Properties Window, mapping, 421–23 729 modifying, 332–35 DefaultView property, 315, 350 overview, 312–14 DefaultWsdlHelpGenerator.aspx file, 836 sorting rows, 484 Delete method, 315, 333 ■INDEX 951
DELETE operation, 339–40 Directory object, 494, 500 DeleteCommand event, 380, 400, 415 Directory Security, 588–90 DeleteCommand property, 316, 336–37 DirectoryInfo object, 493–94, 496–98, 500, Demand method, PrincipalPermission class, 506–7, 801 610 DirectoryInfo.GetFiles( ) method, 801 deploying dirty read, 412 ASP.NET, 16 Disabled HtmlControl property, 137 ASP.NET applications, 227–30 Disassembler. See ILDASM deploying Visual Studio .NET project, disassembly view, 85 228–29 .disco files, 65 other configuration steps, 229–30 DISCO standard, 825 overview, 227–28 disconnected access, 277 Visual Studio .NET project, 228–29 disconnected data, 279, 311–22, 324–37, XCopy, 229 339–44, 346–47 zero-touch, 229 data model, 273 derived controls, 698–702 DataAdapter class, 316, 318–22, 324 DES. See Data Encryption Standard filling DataSet, 316–20 Description attribute, 729 overview, 316 Description property, 854 searching for specific rows, 323–24 DESCryptoServiceProvider class, 622 working with multiple tables and Deserialize, 636 relationships, 320–23 Design mode, 59 DataSet classes, 312–15 DesignerSerializationVisibility attribute, DataView class, 324–31 742–44 advanced data filtering with DesignOnly attribute, 730 relationships, 329 design-time behavior, 732 calculated columns, 329–31 design-time environment (DTE) object data filtering with, 326–28 model, 87–88 data sorting with, 324–26 design-time support, 664, 727–35, 737–39, modifying DataSet, 332–35 741–50, 752–55. See also code overview, 311–12 serialization updating data in data source, 336–37, control designers, 752–55 339–44 basic control designer, 753–55 autogenerating Update commands, overview, 752–53 337, 339–40 design-time attributes, 727–33 data conflicts and update events, attributes and inheritance, 732 341–42 overview, 727–28 overview, 336–37 Properties window, 728–31 testing the component, 346–47 Toolbox icon, 732–33 using custom commands and stored overview, 727 procedures, 342–44, 346 development tools, .NET, 53–54 disconnected data updates, 277 compilers, 54 discovery, 825 overview, 53–54 Display property, BaseValidator Class, 165 Visual Studio .NET IDE, 54–55 DisplayMode property, 171 devices, mobile, 547 Dispose event, 220 DHTML (Dynamic HTML), 759 Dispose method, 787 dictionary collections, 118, 233–34, 253 Disposed event, 107, 190 DictionaryEntry class, 257 distributed transaction, 410 digest Windows authentication, 585, 587 DLL, 55, 66, 185, 203, 205, 213–14, 656, Direction property, 344 676–77 directories, controlling access to, 35, 44–45, document structure, 459 143, 605–6. See also physical document vocabulary, 459 directory; virtual directories; document window, in Visual Studio .NET, wwwroot directory 63, 67 Directory classes. See File and Directory domain controllers, Windows Active classes Directory, 587 952 ■INDEX
EnableViewState, 109, 135, 240–41, 355, 689 Exception.Message property, 296 encoded Base64 data strings, 586 Exclusive locks, 413 encoded tags, 123 execute permission, 44. See also Permissions encoded user input, 130 ExecuteDataReader method, 418 encoding, with Secure Sockets Layer, 541–43. ExecuteNonQuery( ) method, 286, 293 See also SOAP ExecuteReader( ) method, and DataReader Encrypt, 558, 576 class, 287–92 encrypted authentication tickets, 577–78, 581 CommandBehavior, 290 EncryptedQueryString, 634–36, 638 overview, 289 encrypting data, 621–30, 632–38 processing multiple result sets, 290–92 encrypting query string, 634–38 ExecuteScalar( ) method, 286, 292–93 creating test page, 637–38 ExecuteXmlReader method, SqlCommand, overview, 634 491 wrapping query string, 634–37 execution model, ASP.NET, 38 and IIS security settings, 230 ExpandableObjectConverter, 741–42 and Machine.config file, 193–94 expiration date creation, for persistent .NET cryptography classes, 622–26 cookies, 561–62 overview, 530–31, 621 expiration policies, 256–57, 263, 265–66, 269 sensitive data, 626–30, 632–38 Expiration property, 559 choosing algorithm, 626–27 Expired property, 559 creating encryption and decryption explicit compile option, 200 routines, 629–30, 632 Expression property, 329 creating key, 627–29 extensible data provider model, ADO.NET, creating test page, 632–33 275 overview, 626 view state, 103 F encryption classes, 531 farms, web, 550 EncryptionUtil class, 629, 634–35 Ferguson, Derek, 134 EncryptString, 629–30, 635 file access objects, locking, 518–19 enctype attribute, 138, 144 File and Directory classes, 493–510 encrypting data. See also Data Encryption determining space usage, 501–3 Standard DirectoryInfo and FileInfo classes, 496–98 EndCap member, 794 file browser, 505–10 EndEdit method, DataRow object, 315, 332, filtering files with wildcards, 500 334 overview, 493–94 EndGetEmployeesCount method, 845 Path class, 503–5 EndPageLoad JavaScript function, 763 retrieving file version information, EndRequest, Application, 189 500–501 enforcing SSL connections, 542 working with Attributes, 498–500 EnsureChildControls method, 697, 709 file authorization, 608–9 enterprise template policy, 91–92 file browser, File and Directory classes, enumerated values, 152 505–10 Enumerations data type, 829 File class, 512 equal sign (=) character, QueryString file management, for Solution Explorer, encryption, 635 65–66 error handling, structured, 13 file mappings, 46, 49, 215–16, 230, 617 Error method, Application, 191–92 file type mapping, 617–19 error underlining feature, 74 file types, 47, 64–65 ErrorMessage property, 165–66 FileAccess value, 515 Eval, DataBinder, 361, 378, 400 FileAttributes enumeration, 498 event bubbling, 366 FileInfo object, 493–94, 496–98, 506, 509, 512, event handlers, 21–22, 60, 78, 97–98, 106–8, 801–2 110, 117, 146–47, 155, 186, 222 FileInfo.Name property, 802 Event Model, 97–98 FileMode value, 511, 515 event trackers, 155 filenames, unique, 515–16, 518 EventArgs, 144, 156, 662 files, source-code. See source-code files 954 ■INDEX
FileStream constructor, 511, 515 overview, 612 FileStream object, 466 retrieving role information, 613–14 FileSystemInfo object, 496, 506 Forms collection, Request object, 95 FileVersionInfo object, 500–501, 510 Forms collection, Trace Log, 125 Fill, DataAdapter method, 316, 337, 422 FormsAuthentication class, 557–58 FillClosedCurve method, 790 FormsAuthenticationModule, 534, 550, 577, FillEllipse method, 790 579, 581 FillPath method, 790, 792 FormsAuthenticationTicket, 550, 558–64, FillPie method, 790 573, 576 FillPolygon method, 790 FormsCookieName, 557, 576 FillRectangle method, 786, 791 FormsCookiePath, 557 FillRectangles method, 791 FormsIdentity, 550, 559, 644, 646 FillRegion method, 791 forward slash (/) character, XPath expression, FillSchema, DataAdapter method, 425 477 FillXxx method, 791, 796 fragment caching (partial caching), 255, 265, filters, ISAPI, 212–13 267, 269, 670 FindBook class, 766 Frame1.aspx page, 780 FindControl method, 116–17, 135, 173, 379, frames, JavaScript, 779–83 404, 666 frame navigation, 780–81 firehose cursors, 286 inline frames, 782–83 FlowLayout, 58 overview, 779 folder icons, 45 Frames property, 685 folder settings, 46 FromString Custom Type Converter, 738 Font property, WebServer class property, 149, Full Unicode (or UTF-16) encoding, 513 153 FullName property, 503, 507 FontInfo object, 741, 787 full-text match algorithm, 284 Fonts property, 153–54, 159 function overloading, 73, 256, 290, 300 FooterStyle property, 370 FooterTemplate template, 363–65, 371 G FOR XML AUTO, ELEMENTS query, 490 GAC. See global assembly cache FOR XML AUTO query, 490 garbage collection, 13, 107, 190 FOR XML clause, 490 GDI+. See dynamic graphics with GDI+ FOR XML EXPLICIT syntax, 491 GenericIdentity class, 644 ForeColor, WebServer class property, 149, 153 GenericPrincipal class, 612, 645 Form HttpRequest property, 119 GetAnonymous property, WindowsIdentity form tags, 96, 100, 113, 151 class, 593 Format property, 657 GetAuthCookie, 558, 561–62 format string, 361–63 GetBookImage.aspx, 766 Format tab, Property Builder link, 386 GetBytes method, DataReader object, 418 Formatting property, 461 GetChanges, DataSet Version-Tracking, 313 forms authentication, 193–94, 202, 528, GetChar, DataReader method, 287 545–74, 576–79, 581. See also GetChildControlType method, 748 advanced credential storage GetChildRows, 322 Cookie-Less Forms Authentication, GetColor method, 811–12 577–79, 581 GetConfig, HttpContext object, 226 implementing, 550–52. See also login page, GetCurrent property, WindowsIdentity class, creating 593, 598–99 configuring forms authentication, GetDateTime, DataReader Method, 287 551–52 GetDesignTimeHtml method, Control overview, 550 Designers, 752, 754 ingredients of, 550 GetDirectories, 500 overview, 545–46 GetDiskFreeSpaceEx, Win32 API function, reasons for using, 546–50 502 role-based authorization with GetEditStyle method, UI type editor, 750 attaching roles, 614–16 GetElementsByTagName, XmlDocument, creating data store, 612–13 474–76 ■INDEX 955
GetEmployees( ) web method, Web Service GridLines properties, 371 example, 852 grids, 433–41, 443 GetEmployees method, Web Service overview, 433 example, 827–28, 836–37, 855–57 parent/child view, 433–36 GetEmployeesCount( ) method, Web Service parent/child view in single table, 440–41, example, 827–28, 835–36, 845 443 GetEmployeesDataSet method, Web Service parent/child/detail view, 437–38 example, 857 summaries in DataGrid, 438–40 GetEmptyDesignTimeHtml, Control Guest value enumeration, Designer, 753–54 WindowsBuiltInRole, 592 GetEmptyDesignTimeHtml method, Control GUID (globally unique identifier), 516 Designer, 753 GetErrorDesignTimeHtml method, Control H Designers, 753–54 HACK token tags, 71 GetErrors method, 342 handlers, custom section, 567 GetFileName, 504–5, 516 Handles keyword, 155 GetFiles method, 500, 801 HasChanges, DataSet version-tracking, 313 GetFullPath, 505 HasControls, Control class method, 136 GetImageUrl method, 767, 802 hash algorithms, 552, 562–63, 569 GetInt32, DataReader Method, 287 hash codes, 103, 241, 549, 562, 564 GetPaintValueSupported method, UI type HashAlgorithm class, 622 editor, 750 hashing passwords, 562–65 GetPersistInnerHtml( ) method, 747 creating password hashes, 564–65 GetPostBackEventReference method, 692–93 digest authentication, 587 GetProducts method, Web Service example, hashing passwords for web.config, 563–64 857 overview, 562–63 GetRandom( ) quote method, 206 HashPasswordForStoringInConfigFile, 558, GetRedirectUrl, 558, 561 564–65, 569 GetValue, DataReader method, 287 Hashtable class, 236–38 GetValues, DataReader method, 287 Hashtable collection, 355 GetVaryByCustomString, 268 HatchBrush, 797 GetVersionInfo, 500 Headers, HttpRequest property, 119 GetVersionInfoString, 510 Headers Collection, Trace Log, 125 GetWebPageAsString method, 766 HeaderTemplate template, 363–65 GetXxx, DataReader Method, 287 HeaderText property, ValidationSummary GIF format, 812 control, 171 global application events, 184, 190, 220, 222, HeadStyle, 370 532–33. See also global.asax file Height property, 149, 732 global assembly cache (GAC), 66, 186, 203 help, dynamic, 63, 69, 89–90 global style properties, 385 hexadecimal color numbers, 153 global.asax file, 27, 65, 184, 186, 188–92, 228, hidden columns, 387 533, 612, 614, 628, 647 hidden input field, 103
HtmlControl class, 136–37 HttpBrowserCapabilities, 685–87 HtmlInputControl class, 137–38 HttpCachePolicy class, 269 overview, 136 HttpContext object, 533 programmatically creating server controls, HttpCookie, authentication, 561 141–42 HttpRequest object, 684 Setting Style Attributes and other HttpRuntime.UnloadAppDomain method, properties, 139–41 185 HtmlAnchor object, 579 https, // Secure Sockets Layer address, 537, HtmlContainerControl class, 137 541 HtmlControl class, 136–37 HttpServerUtility class, 121–23, 243 HtmlDecode, HttpServerUtility class, 121, HttpSessionState class, 118, 248 123 HyperLink attributes, 682 HtmlEncode method, HttpServerUtility, 121, Hyperlink control, 661, 663 123, 700 HyperLink objects, 579 HtmlForm class controls, 77, 113, 138 HyperlinkColumn tag, DataGrid control, 384 HtmlGenericControl, 133, 137, 139, 143, 782 Hypertext Transfer Protocol. See HTTP HtmlInputButton, HTML Server Control, 138, 143 I HtmlInputControl class, 137–38 ICollection interface, 350, 393, 447, 718 HtmlInputFile control, 143–45, 156, 171, 175 ICredentialStore interface, 566–74 HtmlInputImage control, 156–57 ICryptoTransform interface, 624 HtmlInputText control, HTML Server ID, Control Class property, 135 Control, 139–41 ID, dynamic control, 116–17 HtmlSelect control, 354–55 ID, session, 124–25, 245–46, 248, 252 HtmlTextWriter, 674–75, 697 id attribute, HTML tag, 17 HtmlTextWriterAttribute enumeration, 675 ID property, 666 HtmlTextWriterStyle enumeration, 675 IDbTransaction interface, 410 HtmlTextWriterTag enumeration, 675 identity HTTP, 3, 31, 129, 550, 601 role-based authorization, 536 401 responses, digest authentication, 587 tracking, 923–24 context, accessing, 129 identity, Configuration setting, 198 errors, 49–50, 201 Identity objects, 591–93 HTTP handlers, 47, 184, 211–20, 420–21, 803 idleTimeout, processModel attribute, 36 configuring custom, 214–16 IEnumerable interface, 718 creating advanced, 217–20 IEnumerator interface, 722 creating custom, 213–14 IFormatter interface, 520 registering without configuring IIS, 216–17 IHTTPHandler interface, 419 HTTP modules, 184, 211–13, 220–22, 647 IHttpHandlerFactory class, 211 HTTP pipeline, extending, 210–27 IHttpModule interface, 533 configuring custom HTTP handler, 214–16 IIdentity, 550, 559 creating advanced HTTP handler, 217–20 IIdentity class, 644, 647 creating custom HTTP handler, 213–14 IIdentity interface, 536–37 creating custom HTTP module, 220–22 IIdentity object, 536 extending configuration file structure, IIPrincipal object, 536 223–27 IIS Application directory, 184 HTTP handlers and HTTP modules, IIS software, 537 211–13 ILDASM, 11–12 overview, 210–11 IList interface, 718 registering HTTP handlers without ImageButton, Basic Web control, 156–57 configuring IIS, 216–17 images HTTP POST command, 852 dynamic graphics with GDI+, 788–89 HTTP request, 31, 119, 128, 183 integrating with other content in HTTP wire encryption protocols, 586 database, 419–21 HttpApplication object, 118, 187, 191, 220, serving from database to ADO.NET, 222, 533 416–21 HttpApplication.AuthenticateRequest Image.Save method, 787, 798 events, 612, 614 ImageUrl, Basic Web control, 150, 177 ■INDEX 957
tag, 803 integrated state serialization mechanism, ImmutableObject attribute, 730 100–103 Impersonate, WindowsIdentity class, 596–99 integrated Windows authentication, 585, impersonation, 528, 530, 535, 584, 594–99 587–88, 590 configured impersonation, 596 IntelliSense, 53, 72–75 impersonation in Windows 2000, 595 intermediate language (IL), 9, 12. See also overview, 594 ILDASM programmatic impersonation, 596–99 Internet Explorer, 180, 457, 619 INamingContainer interface, 695, 703, 707 Internet Information Services. See IIS Indentation property, 461 Internet Information Services (IIS), 16, 31, 52, index-based lookup, 423 85, 183, 213, 215–17, 230, 583, 596, InferXmlSchema( ), 485 608, 617–19 inheritance, configuration, 195–96 ASP.NET architecture, 31, 38 Inherits attribute, 76, 656 account security with worker Init event, 220, 222 process, 35 initialization, 21, 97, 104–5, 185 ASP.NET execution model, 38 InitializeComponent( ) function, 105 overview, 31 InitialValue, RequiredFieldValidator Control process recycling, 35, 38 property, 165 processing requests, 32, 35 inline code model, 75 URL request, 31–32 inline frame, 782–83 configuring, 588–90 inline styles, 58 installing, 39 in-memory resources, 184 installing certificates in, 540–41 InnerHtml HtmlContainerControl property, managing websites, 42 137 creating virtual directory, 43, 45 InnerHtmlContainerControl property, 123 folder settings, 46 InnerProperty, 744 overview, 42–43 InnerText, 123, 137 virtual directories and Web InProc setting, 249–50 applications, 45 input controls, 136–38, 690–91 overview, 31 input validation controls, 161–63, 165–73 verifying ASP.NET installation, 50–51 BaseValidator class, 164–65 Internet Server Application Programming CompareValidator control, 166–67 Interface (ISAPI), 5, 32, 48. See also CustomValidator control, 170–71 ISAPI extensions; ISAPI filters overview, 161–62 interop assembly, 208 RangeValidator control, 166 Intersect method, PrincipalPermission class, RegularExpressionValidator control, 611 167–70 IntPtr objects, 597 RequiredFieldValidator control, 165–66 intranet applications, Integrated Windows using validators programmatically, 172–73 Authentication, 587 validation controls, 162–63 invisible authentication, 584 validation process, 163–64 Invoke method, 845–46 ValidationSummary control, 171 IO namespace, 512 InsertCommand event, 415 IPostBackDataHandler, 690, 692, 724 InsertCommand property, 316, 337, 344 IPostBackEventHandler, 776, 778 inserting rows, command for, 343–44 IPrincipal class, 645 installing IPrincipal interface, 536 ASP.NET, verification of, 50–51 IPrincipal objects, 550 IIS, 39 IReadOnlySessionState, 220 WSE, 930–31 IRequiresSessionState, 220 InstallPersistSqlState.sql, 252 IS NULL Filter Operator, 340 InstallSqlState.sql, 251–52 IsAnonymous property, 593 instance version of Impersonate, 598 ISAPI DLL, 618 InstatiateIn method, 703–4 ISAPI extensions, 48, 185, 212–13 integrated debugger, 842 ISAPI filters, 212–13 958 ■INDEX
IsAuthenticated, HttpRequest property, 119 frames, 779–83 IsAuthenticated property, 536, 644 frame navigation, 780–81 IsClientConnected property, HttpResponse inline frames, 782–83 object, 120 overview, 779 IsClientScriptBlockRegistered, 777 JavaScript events, 758–59 IsCookieless, HttpSessionState settings, 248 overview, 757–58 IsEnabled property, Trace object, 125 script blocks, 760–67 IsGuest property, WindowsIdentity class, 593 creating JavaScript page processor, IsInRole, 536, 591–92, 609 761–64 IsNewSession, HttpSessionState settings, 248 overview, 760–61 isolation levels, 412–14 rendering, 769–71 IsolationLevel enumeration, 412–14 using JavaScript to download image IsPersistent property of asynchronously, 764–67 FormsAuthenticationTicket class, validation routines, 162, 170–71 559 JavaScript focus method, 770–71 IsPostBack, Page class property, 22, 105, 118 JavaScript property, 685 IsReusable, IHttpHandler interface property, JET database engine, 3 213 JIT (just-in-time) compilation, 9–10 IsSecureConnection HttpRequest property, JOIN query, 323, 339 119 just-in-time (JIT) compilation, 9–10 IsSecureConnection property, 542 IsStartupScriptRegistered method, 777 K IssueDate property of keystroke recording. See macro FormsAuthenticationTicket class, keywords, 12, 69, 74, 77, 90, 177 559 IsSystem property, WindowsIdentity class, L 593 /l switch, csc.exe command-line compiler, IStateClientManager interface, 247 428 IsValid Label control, 666 BaseValidator class property, 165 LAN-based intranet applications, Integrated Page class property, 105, 165, 170 Windows Authentication, 587 ItemCommand event, 365–67, 369, 372, 400, language 450, 508
Mode property, 393 .NET cryptography classes, 622–26 mode session state setting, 249–52 .NET Framework, 7–8, 466 Mode setting, session state element, 248 .NET Framework Components tab, 678 modified URL (munged URL), 247, 252 .NET language, 673 modifiers. See regular expressions .NET reflection, 361 Modules collection, HttpApplication class, .NET standard, 662 222 .NET tab, Solution Explorer, 208 Modules window, 85 .NET Toolbox, 677 Mono 1.0, 9 network service accounts, 35 MoveNext( ) method, 277 networks, local, Integrated Windows MovePrevious( ) method, 277 Authentication, 587 Mozilla project, digest authentication, 587 NewPage.aspx, 780 MSDN, 8, 86, 88, 92, 180, 219, 275 NewPageIndex property, 394 MSDomVersion property, 685 NewRow method, 314, 332 MSIL (Microsoft Intermediate Language) NextPageText property, 393 code, 9, 12 NextPrev enumeration, 393 MSXML, creating ASP client with, 851–52 NextResult method, DataReader object, 287 MSXML2.DOMDocument object, 852 NodeType property, XmlNode object, 467, multibrowser, ASP.NET, 14–15 470 multidevice, ASP.NET, 14–15 nologo parameter, Wsdl.exe, 839 multilanguage, ASP.NET, 11–12 nonce values, digest authentication, 587 multiple attribute, Select element, 145 None, mode attribute, authentication multiple users, making files safe for, 515–16 element, 202 creating unique filenames, 515–16, 518 nonrepeatable read, 412 locking file access objects, 518–19 NonSelectableDates collection, 749 overview, 515 NonSelectableDates property, 699, 745–46 multithreading, 13
Oracle provider, 275, 281, 284, 289, 292, 294 PageProcessor.aspx, 762 OracleConnection class, 274 Page.Request.Browser.JavaScript property, ordinary folder icon, 45 774 outlining, IntelliSense and, 72–75 PagerStyle object, 393 out-of-process, 249, 255 PagerStyle property, 393 output caching, 120, 188–89, 255, 264–69, 670 pages, ASP.NET, 93–112, 114, 116–32 custom caching control, 267–68 overview, 93 fragment caching, 269 page as control container, 110–12, 114, with HttpCachePolicy class, 269 116–17 overview, 264–65 dynamic control creation, 115–17 and query string, 265–66 overview, 110 with specific query string parameters, showing control tree, 110–12, 114 266–67 Page class, 118–28 Output Type setting, Web Application accessing HTTP context in another property, 79 class, 129 OutputCache directive, 264–69, 670 overview, 118 Overline property, FontInfo class, 153 Request, 119–20 overload method, 855 Response, 120–21 overloaded version of Authenticate method, Server, 121–23 576 Session, Application, and Cache, 118–19 User, 124 P page processing, 93–103 package folder icon, 45 ASP.NET Event Model, 97–98 Page class, 77, 105, 118–28, 652. See also automatic postbacks, 98–100 pages, ASP.NET dynamic interfaces, 96–97 accessing HTTP context in another class, HTML forms, 94–96 129 overview, 93 overview, 118 view state, 100–101, 103 Request, 119–20 web forms processing stages, 104–10 Response, 120–21 cleanup, 106–7 Server, 121–23 event handling, 106 Session, Application, and Cache, 118–19 overview, 104–5 Trace, 124–28 page flow example, 107–10 User, 124 page framework initialization, 105 page flow example, 107–10 User Code initialization, 105 page framework initialization, 105 validation, 105 page initialization, 658–59 pages element, Web.config file, 198 Page Layout setting, Web Application PageSize property, 393, 395, 398 property, 79 Page.Unload, 106 page processing. See pages, ASP.NET paging records, 392–98 Page property, Control class, 135 automatic paging, 392–95 page variables, control tags how connect to, custom pager bar, 398 77–78 custom pagination, 395–98 PageButtonCount property, 393 overview, 392 Page.Controls collection, 110 PaintValue method, UI type editor, 750 Page.Disposed event, 107 ParameterDirection.Output parameter, 344 Page.FindControl, 116, 173 parameterized commands, 297–98 PageIndexChanged event, 394, 396 parameters, query string, 266–67 Page.Init event, 105–7, 110 Parent property, Control class, 135 Page.IsPostBack property, 105 parent/child view, 433–36, 440–41, 443 Page.IsValid property, 105 parent/child/detail view, 437–38 Page.Load event, 21–22, 105, 111, 116–17, ParenthesizePropertyName attribute, 730 147, 160, 239, 786 PartialCachingControl object, 670 Page.Load event handler, 360, 371, 373 Passport authentication, 202, 528, 547–49, pageOutput tracing option, 128 586 Page.PreRender, 106 Passport authentication service, 534 962 ■INDEX
Passport .NET SDK, 535 portal frameworks, 666–68, 670 PassportAuthenticationModule, 534, 537 Portal Starter Kit, 670 password position, XPath expression, 477
transferring information with, 242–43 RefreshProperties attribute, 730, 741 overview, 242–43 Register directive, 676 URL encoding, 243 RegisterClientScriptBlock method, 769, 781 using the query string, 243 RegisterStartupScript, 435, 769, 781 QueryString regular expressions, 169–70 HttpRequest property, 119 RegularExpressionValidator control, 162, TraceLog collection, 125 167–70, 555 QueryString collection, 634 RejectChanges, DataSet version-tracking, 313, 333–35 R release mode, 229 RadioButtonList control, 157–58, 350, 354–55 ReleaseRequestState, Application event, 189 RaisePostBackEvent method, 693, 778 .rem files, 47 RaisePostDataChangedEvent method, Render method, 136, 674, 680, 683, 774 690–91, 725 RenderBeginTag method, 674–75, 680, 683 RangeValidator control, 162, 166 RenderChildren method, 683 RC2 algorithm class, 624 RenderContents method, 680, 682–83, 702 RDBMS (relational database management RenderControl method, 683 system), 408, 493 RenderEndTag method, 674–75, 680, 683 Read, StreamReader, 512 RenewTicketIfOld, 558 Read method, DataReader class, 287 RepeatColumns property, 159, 369, 371 read mode, 625 RepeatDirection property, 159, 369, 371 ReadCommitted isolation level, 413 repeated-value binding, 349, 354–56, 714 ReadElementString, 472 Repeater, List control, 157 ReadEndElement, 472 Repeater control, 320, 350, 358–67, 382, 704 reading and navigating XML files, 464, DataBinder.Eval( ) method, 361–63 467–73, 475–77, 479–83 events, 365–67, 369 overview, 464–65 ItemTemplate, 359–61 searching XML documents, 474–76 overview, 358–59 searching XML documents with XPath, RepeaterItem object, 360 476–77 RepeaterItem type, 382 transforming XML files, 480–83 RepeaterItemEventArgs property, 367 using XML DOM, 465, 467–68 RepeatLayout property, 159, 369 using XmlTextReader, 471–73 Repeator control, 318–19 using XPathNavigator, 469–71 replay attacks, digest authentication, 587 validating XML files, 478–81 Replicator enumeration, ReadLine, StreamReader, 512–13 WindowsBuiltInRole, 592 read-only access, 277 Request object, 119–20 ReadOnly attribute, 729 request validation, 129–30 read-only enumeration, FileInfo and RequestDetails, Trace Log, 124 DirectoryInfo, 498 requestLimit, processModel Attribute, 37 ReadOnly property, 401–2 requestLimit, Tracing option, 128, 202 ReadStartElement, 472 requestQueueLimit, processModel Attribute, ReadString, 514 37 ReadToEnd, StreamReader, 514 request-related events, 188 ReadXml, XmlTextReader, 471, 486 requests, HTTP, 31, 119, 128, 183 ReadXmlSchema( ), 485 RequiredFieldValidator control, 162, 165–66, recursive searching logic, 116–17 555 recycle application domains, 185 ResolveRequestCache, Application event, 188 Redirect, 541, 576, 579, 619, 636 resource checking, 84–85 Redirect, Response object, 120–21 response caching, 670 RedirectFromLoginPage, 556–58, 561, 576, response events, immediate, 106 604, 619 Response object, 120–21 redirections, 619 responseDeadlockInterval, processModel Reference.cs, 842 Attribute, 37 reflection, 300 Response.OutputStream, 788 Refresh, 498 RestrictedCalendar control, 699–700, 745–47 964 ■INDEX
RestrictedDates collection, 748 schedule files, AdRotator control, 176 restrictions to database accounts, 297 schema file, 426 result sets, multiple, 290–92 schemas, XML, 458–59 .resx files, 47, 65, 228 script blocks, JavaScript, 760–67 retrieval of records using DataSet. See creating JavaScript page processor, 761–64 DataSet overview, 760–61 rich controls, 133, 174–80 rendering, 769–71 AdRotator control, 176–77 overview, 769–70 Calendar control, 174–76 using JavaScript to set control focus, overview, 174 770–71 Xml control, 178–80 using JavaScript to download image RichLabel control, 734–35, 737 asynchronously, 764–67 RichLabelFormattingOptions, 734–35, script injection attacks, 129–32 737–38 disabling request validation, 131–32 RichLabelFormattingOptionsConverter, overview, 129 example, 737, 741 request validation, 129–30 RichLabelTextType enumeration, 734 script languages, 6 Rijndael algorithm, 626–27 searching XML documents, 474–76 RijndaelManaged implementation class, 624 section handlers, 223–27, 567 Role Identifiers (RID), 591–92 Secure Sockets Layers. See SSL role-based authorization, 529, 612–16 Secure Sockets Layers (SSL), 537–43, 548, attaching roles, 614–16 556, 586 creating data store, 612–13 certificates, 537–38 overview, 612 encoding information with, 541–43 retrieving role information, 613–14 installing certificates in IIS, 540–41 Rollback, 334, 410–12 overview, 537 rollover button, 776–78 security, 621–30, 632–41, 643–48. See also round-trip, 98, 101, 121 encrypting data; Secure Sockets row Layer adding, 332–33 ASP.NET security processes, 527–32 deleting, 333, 346 authentication, 528 editing, 332 authorization, 529 inserting, 343–44 encryption, 530–31 selecting, 390–92 impersonation, 530 sorting, 387–90 overview, 527–28 updating, 345–46 authentication, 532–34 RowFilter object, 435 built-in authentication modules, RowFilter property, 326–27 533–34 Rows collection, 314, 332–33 overview, 532–33 RowState property, 333 authorization, 535–37 RowStateFilter property, 328 overview, 535 RowUpdated event, 341–42 security context, 535–37 rule ordering, 607–8 context objects, 550 rules, authorization, 601–2 extending ASP.NET authentication, 643–47 Run as Server Control, 140 custom authentication, 646–47 run scripts permission. See permissions custom identity and principal objects, runat="server" attribute, 21 644–46 runat=\"server\" attribute, 133, 137–40 overview, 643–44 of keys, 193–94 S overview, 527, 621 Save, 414, 461, 788 for query strings, 243 SaveAs method, HttpPostedFile object, 144 settings, IIS, 16, 35, 43, 45, 47, 230 savepoints, 414–15 tracking logged-on users, 639–41, 643 SaveViewState method, 689 creating test page, 642–43 scavenging, cache, 258 overview, 639–40 Sceppa, David, 451 reacting to application events, 640–41 ■INDEX 965
of view state, 103 Server.Transfer, 120–21 web services ServerVariables property, HttpRequest authenticating users, 924–26 object, 119 authorizing users, 926 Session collection, 448, 808, 859, 862 testing the SOAP authentication session hijacking attacks, 560 system, 927–28 Session object, 118, 319 SecurityException, 143, 496 Session property, 833 Select, DataTable, 323–24, 332 session state, 28, 245–52, 533, 581, 859–60 Select, XPathNavigator, 477 configuring, 249–52 SELECT query, 336–37, 360, 409 cookieless, 252 Select text string, 372 mode session state setting, 249–52 SelectCommand property, 316, 337 overview, 249 SelectedDate property, 175 timeout, 252 SelectedIndex event, 378 overview, 245 SelectedIndex property, 158, 374 session architecture, 245–47 SelectedIndexChanged event, 158, 372–73, using, 247–48 390–91, 437–38, 448, 509 session state management, 232, 245 SelectedIndexChanged event handler, 435 Session State, Trace Log, 124 SelectedItem property, 158, 160–61, 663 Session_End Application event, 190 SelectedItemStyle, 370, 372, 507 Session_Start Application method, 189 SelectionChanged events, 174 SessionID, 124–25, 245–46, 248, 252 SelectionIndexChanged event, 373 sessionState element, Configuration, 198 sensitive data, encrypting, 626–30, 632–38
SingleBitPerPixelGridFit, 789 special characters single-step debugging, in Visual Studio .NET, removal. See SQL injection attack 80–82 SELECT query, 339 single-value data binding, 714 specific-length passwords, regular Size property, FontInfo class, 153 expression, 169 sliding expirations, 256 SQL DELETE statement, 380 .sln files, 57, 65, 228 SQL injection attack, 294, 296–97, 324 SmoothingQuality property, 789 SQL query, 320 SOAP, 24, 826, 867–75, 877–89 SQL Server, 415, 570 encoding complex data types, 881–86 SQL Server provider, 275, 278, 284, 297–98 creating custom class, 883–84 SQL Server state service, 249 generating proxy, 885 SQL statements, 339 overview, 881–83 SQL UPDATE command, 379 extensions, creating, 890–900 SqlRowUpdatedEventArgs object, 342 overview, 892 SqlServer setting, 251–52 SoapExtension, 894–99 SqlTransaction class, 414 SoapExtension Attribute, 892–94 Src attribute, 420, 652, 656 SoapLog extension, 899–900 SSL (Secure Sockets Layer) encryption, 530 overview, 867–68, 890–92 standardization, in ADO.NET, 278 shaping XML of complex data types, start page, Project setting, 78 887–89 start tag, 675 SOAP encoding, 868–69 StartCap member, 794 SOAP envelope, 872–75, 877 StartFigure method, 793–94 fault messages, 874–75, 877 starts-with, XPath expression, 477 overview, 872–73 startup