Contents
Overview 1
Requirements of a Web Application 2
What is New in ASP.NET? 3
Sharing Information Between Pages 14
Securing an ASP.NET Application 24
Deployment 37
Lab 7: Creating an ASP.NET Web
Application 38
Review 39

Module 7: Creating an
ASP.NET Web
Application
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.


maintain the state of an application by saving data in a database.
After completing this module, students will be able to:
!
Describe cookie-less sessions.
!
Set up cookie-less sessions in the config.web file.
!
Use event procedures in global.asax.
!
Describe page caching.
!
Describe the various methods for maintaining state.
!
Maintain session state using session variables.
!
Share information between pages.
!
Describe how authentication works.
!
Set up authentication for an application in config.web.
!
Describe deployment in ASP.NET applications.

Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following materials:
!
Microsoft

Requirements of a Web Application
Discuss the requirements of a Web application. You could also ask students
who have experience in Web development to talk about what they think are
the major requirements for a Web application.
!
What is New in ASP.NET?
This section focuses on the new features in ASP.NET as compared to ASP.
It talks about cookie-less sessions, sections in config.web, new events and
directives in global.asax, and page caching. Since these are totally new
concepts, go through it slowly, and spend time to explain the need and
advantages of each of these.
!
Maintaining State
This section talks about the various methods used for maintaining state.
ASP.NET cache and sharing information between pages are the new
concepts. There is a demonstration on sharing information between pages to
reinforce this concept.
Students will be more familiar with session and application variables, and
saving state in a database. The section also includes a demonstration on
using session variables for saving state.
!
Security
Talk about the authentication, authorization, and impersonation. Tell
students about the difference between these. Cookie-based authentication is
totally new for students. Spend a lot of time explaining the architecture and
the data flow in cookie-based authentication.
!
Deployment
This is mostly a reinforcement of what they learned in Module 04,
"Separating Code from Content" about deploying components.

!
Set up cookie-less sessions in the config.web file.
!
Use event procedures in global.asax.
!
Set up page output caching for ASP.NET pages.
!
Share information between pages of an ASP.NET application using the
ASP.NET cache, config.web, session variables, and a database.
!
Describe how authentication works.
!
Set up authentication for an application in config.web.
!
Describe deployment in ASP.NET applications.

Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about the different aspects
of creating an ASP.NET
application.
2 Module 7: Creating an ASP.NET Web Application

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Requirements of a Web Application

Configuration is a very important aspect of any application. A central
requirement of any web application server is a rich and flexible
configuration system – one that enables developers to easily associate
settings with an installable application without having to embed values into
code, and enables administrators to easily adjust or customize these values
post-deployment.
!
Easy deployment
One of the biggest problems with applications has been their deployment. A
good Web application should be easy to deploy and should require
minimum effort.

Topic Objective
To describe the
requirements of a Web
application.
Lead-in
When designing a Web
application, you should keep
in mind some of the basic
requirements of a good Web
application.
Module 7: Creating an ASP.NET Web Application 3

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

#

What is New in ASP.NET?
!

Each active session is identified and tracked using
Session IDs
!
SessionIDs are communicated across client-server
requests using an HTTP cookie or a "Munged URL “
!
Using a cookie
$
Default mechanism for storing SessionIDs
!
Cookie-less sessions
$
Information is encoded into URLs
http://server/(h44a1e55c0breu552yrecobl)/page.aspx
http://server/(h44a1e55c0breu552yrecobl)/page.aspxEach active session within ASP.NET is identified and tracked using a 120-bit
SessionID string containing URL-legal ASCII characters. SessionID values are
generated using an algorithm that guarantees uniqueness and randomness.
SessionIDs are communicated across client-server requests using either an
HTTP cookie or a "Munged URL".
Using Cookies
Cookies are a mechanism by which data can be maintained in a file on the
user's computer. By default, SessionIDs are stored in cookies.
However, users can turn off cookies through a setting in their browser. Thus,
there is a risk that your Web application will not work if it requires session
information and a user has turned off cookies.
Using Cookie-less Sessions
The use of cookie-less sessions is a new concept in ASP.NET.

application files
!
Contains sections for each major category of ASP.NET
functionality
$
<sessionstate>, <security>, <appsettings> , <trace>
<configuration>
<trace enabled="true"
requestlimit="40" pageoutput="true"/>
</configuration>
<configuration>
<trace enabled="true"
requestlimit="40" pageoutput="true"/>
</configuration>ASP.NET configuration uses hierarchical configuration architecture. All
configuration information for an ASP.NET application is contained in
configuration files named config.web that can be placed in the same directories
as the application files. Child directories inherit the parent's settings unless
overridden by a config.web file in the child directory.
If a config.web file is present at the root directory of a Web server, for example
"Inetpub\wwwroot", the configuration settings will apply to every application in
that server.

Presence of a config.web file within a given directory or application root
is completely optional. If a config.web file is not present, then all configuration
settings for the directory are automatically inherited from the parent directory.

Topic Objective

<iisprocessmodel> Responsible for configuring the ASP.NET process model
settings on IIS Web Server Systems.
<security> Responsible for all security settings used by the ASP.NET
security HttpModule.
<sessionstate> Responsible for configuring the session state HttpModule.
<trace> Responsible for configuring the ASP.NET trace service.

ASP.NET configuration settings are represented within these configuration
sections. For example, as you saw in Module 5: Using Trace in ASP.NET
Pages, you can turn the trace feature on for an entire application in the <trace>
configuration section as follows:
<configuration>
<trace enabled="true"
requestlimit="40" pageoutput="true"/>
</configuration>

Module 7: Creating an ASP.NET Web Application 7

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Setting Up Cookie-less Sessions in Config.web
!
Session state is configured in the <sessionstate>
section of Config.web
!
<sessionstate> supports five settings:
$
inproc= "[true/false]"
$
cookieless= "[true/false]"

server. It is only required if the inproc property is set to
false.
server="[server name]" Specifies the server to use to store remote session state. It
is only required if the inproc property is set to false.
timeout="[true/false]" Specifies for how long ( in minutes) should a session be
valid. The default value is 20 minutes.

Topic Objective
To learn how to set up
cookie-less sessions in
config.web.
Lead-in
As you learned in the
previous topic, config.web
has a section for major
application functionalities.
8 Module 7: Creating an ASP.NET Web Application

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

For example, to double the default timeout of 20 minutes the following can be
added to the config.web of an application:
<sessionstate timeout="40" />

Setting Up Cookie-less Session
By default ASP.NET uses cookies to identify requests, which belong to one
session. If cookies are not available, a session can be tracked by adding a
session identifier to the URL. You can enable cookie-less sessions as follows:
<sessionstate cookieless="true" />


Application Directives
Application directives specify optional settings used by the compiler when
processing files. Application directives are located at the top of the global.asax
file.
<%@ directive attribute=value [attribute=value … ]%>

Like ASP, ASP.NET supports the use of application directives in the
global.asax file. However, ASP.NET includes additional application directives.
Import
The Import directive explicitly imports a namespace into an application,
making all classes and interfaces of the imported namespace available to the
application.
<%@ Import namespace="value" %>

You must use a single @ Import directive for each namespace you want to
import.
Topic Objective
To describe the global.asax
file.
Lead-in
Global.asax is very similar
to the Global.asa file in
ASP, with the exception of
directives and new events.
Note
10 Module 7: Creating an ASP.NET Web Application

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

The following code uses @ Import directives to import the System.Data and

to be authorized.
Application_ResolveRequestCache This event is used by the output cache
module to short-circuit the processing of
requests that have been cached.
Application_AcquireRequestState This event signals that per-request state
should be obtained.
Application_PreRequestHandlerExecute This event signals that the request handler
is about to execute.

Example
Module 7: Creating an ASP.NET Web Application 11

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Global.asax also includes events that are fired when the requested page is sent
back to the client.
Event name Description

Application_PostRequestHandlerExecute This event is first available after the
handler such as ASP.NET page or Web
service has completed its work.
Application_ReleaseRequestState This event is called when the request state
should be stored, since the application is
finished with it.
Application_UpdateRequestCache Signals that code processing is complete
and the file is ready to be added to the
ASP.NET cache.
Application_EndRequest This event is the last event called when
the application ends.
Application_PreRequestHeaderSent Provides the opportunity to add remove or

in the event procedures.
3. View
/2063/Mod07/GlobalEvent.a
spx in Internet Explorer and
explain the order of the
events.
4. Delete the global.asax file
from the root of the 2063
virtual directory.
Module 7: Creating an ASP.NET Web Application 13

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Page Caching
!
Output caching
$
Caches content generated from dynamic pages
$
Page is compiled into IL and native code
$
Native code is cached as Page class and is available to
serve for the next request
$
Page class is updatedwhen the source ASP.NET file is
changed or cache timeout happens
!
Setting the cache timeout
<%@ OutputCache Duration= "900" %>
<%@ OutputCache Duration= "900" %>

timeout