www.dbebooks.com - Free Books & magazines
Pro ASP.NET 2.0
Website Programming
■■■
Damon Armstrong
6293_FM.fm Page i Tuesday, November 15, 2005 7:29 PM
Pro ASP.NET 2.0 Website Programming
Copyright © 2005 by Damon Armstrong
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
ISBN (pbk): 1-59059-546-7
Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1
Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence
of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark
owner, with no intention of infringement of the trademark.
Lead Editor: Tony Davis
Technical Reviewer: Damien Foggon
Editorial Board: Steve Anglin, Dan Appleman, Ewan Buckingham, Gary Cornell, Tony Davis, Jason
Gilmore, Jonathan Hassell, Chris Mills, Dominic Shakeshaft, Jim Sumser
Project Manager: Denise Santoro Lincoln
Copy Edit Manager: Nicole LeClerc
Copy Editor: Julie McNamee
Assistant Production Director: Kari Brooks-Copony
Production Editor: Kelly Winquist
Composition, proofreading, and indexing: Argosy Publishing
Artist: Kinetic Publishing Services, LLC
Cover Designer: Kurt Krames
Manufacturing Director: Tom Debolski
Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor,
New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail
, or
visit
.
For information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219,
Berkeley, CA 94710. Phone 510-549-5930, fax 510-549-5939, e-mail
, or visit
.
The information in this book is distributed on an “as is” basis, without warranty. Although every precaution
has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to
any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly
by the information contained in this work.
The source code for this book is available to readers at
in the Source Code section.
You will need to answer questions pertaining to this book to successfully download the code.
6293_FM.fm Page ii Tuesday, November 15, 2005 7:29 PM
for Teresa
6293_FM.fm Page iii Tuesday, November 15, 2005 7:29 PM
6293_FM.fm Page iv Tuesday, November 15, 2005 7:29 PM
v
Contents at a Glance
Foreword
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv
About the Author
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
About the Technical Reviewer
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
■
CHAPTER 1
Configuration Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
■
CHAPTER 2
Exception Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
■
CHAPTER 3
Master Pages, Themes, and Control Skins
. . . . . . . . . . . . . . . . . . . . 93
■
CHAPTER 4
Developing Reusable Components: The Skinned
Page-Message Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
■
CHAPTER 5
User Management Tools and Login Controls for
Forms Authentication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
■
CHAPTER 6
Managing Profiles
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
■
CHAPTER 7
Building Portals Using the Web Parts Framework
. . . . . . . . . . . . . 249
■
CHAPTER 8
Effective Search Tools and Techniques for Your
Business Applications
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
■
CHAPTER 9
Building a Reusable Reporting Framework
. . . . . . . . . . . . . . . . . . . 391
■
CHAPTER 10
Web-Based Wizards: Avoiding Duplicate Data Entry
. . . . . . . . . . 437
■
CHAPTER 11
Uploading Files
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
■
CHAPTER 12
Security and Encryption
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
■
CHAPTER 13
Using HTTP Handlers: Request Processing,
Image Generation, and Content Management
. . . . . . . . . . . . . . . . . 557
■
INDEX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
6293_FM.fm Page v Wednesday, November 16, 2005 10:12 AM
vi
Contents
Foreword
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv
About the Author
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
About the Technical Reviewer
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
■
CHAPTER 1
Configuration Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
New Configuration Tools in ASP.NET 2.0
. . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Web Site Administration Tool
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
ASP.NET Property Page in IIS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Configuration Basics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Application Settings
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Connection Strings
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuration Guidelines
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Strongly Typed Configuration Classes
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
The Strongly Typed Configuration Sample Application
. . . . . . . . . . 13
Adding the Web.config File
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
The Config Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Using the Config Class in Your Code
. . . . . . . . . . . . . . . . . . . . . . . . . 16
Error Handling in the Config Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Caching Application Settings and Connection Strings
. . . . . . . . . . . 18
Custom Configuration Sections
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuration Section Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Storing Configuration Settings in a Database
. . . . . . . . . . . . . . . . . . . . . . . 33
When to Avoid the Web.config File
. . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating a Database Table to Store Configuration Settings
. . . . . . . 34
Avoiding SQL Injection Attacks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Creating the DataConfig Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Reading Configuration Values from the Database
. . . . . . . . . . . . . . 37
Writing Configuration Values to the Database
. . . . . . . . . . . . . . . . . . 38
Properties of the DataConfig Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Serializing and Deserializing Objects in the Database
. . . . . . . . . . . 41
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6293_FM.fm Page vi Tuesday, November 15, 2005 7:29 PM
■
CONTENTS
vii
■
CHAPTER 2
Exception Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Exception Management Basics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
What Are Exceptions?
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Handling Exceptions with the Try Catch Statement
. . . . . . . . . . . . . 46
Using Multiple Catch Statements
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Catching Specific Errors Using the When Clause
. . . . . . . . . . . . . . . 51
Using the Finally Keyword
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Throwing Exceptions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Creating Custom Exception Classes
. . . . . . . . . . . . . . . . . . . . . . . . . . 54
Inner Exceptions and Exception Wrapping
. . . . . . . . . . . . . . . . . . . . . 57
Error Propagation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Global Error Handling
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
IIS versus ASP.NET Errors
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Defining a Default Error Page for ASP.NET
. . . . . . . . . . . . . . . . . . . . 62
Using an ASPX Page as the Default Error Page
. . . . . . . . . . . . . . . . . 63
Defining Custom Error Pages in ASP.NET
. . . . . . . . . . . . . . . . . . . . . 64
Defining Custom Error Pages in IIS
. . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Using the Application Error Event
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Logging Exceptions for Analysis
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Choosing an Exception Logging Tool
. . . . . . . . . . . . . . . . . . . . . . . . . 67
Architecture Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Creating the ExceptionLog Table to Store Data
. . . . . . . . . . . . . . . . . 69
ExceptionLog Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
ExceptionLogCollection Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
ExceptionLogger Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Using the ExceptionLogger Class in Your Code
. . . . . . . . . . . . . . . . . 84
Reviewing Exceptions Online
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
■
CHAPTER 3
Master Pages, Themes, and Control Skins
. . . . . . . . . . . . . . . 93
Master Pages
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Creating a Master Page
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Creating Content Pages
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Accessing Master Pages from Content Pages
. . . . . . . . . . . . . . . . . 101
Defining a Default Master Page for Your Application
. . . . . . . . . . . 102
Changing Master Pages in Code
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Nested Master Pages
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Themes and Control Skins
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Creating a Theme
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6293_FM.fm Page vii Wednesday, November 16, 2005 10:14 AM
viii
■
CONTENTS
Adding a Cascading Style Sheet to Your Theme
. . . . . . . . . . . . . . . 105
Creating Control Skins for Your Theme
. . . . . . . . . . . . . . . . . . . . . . 106
Disabling Control Skins
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Creating Named Control Skins for Your Theme
. . . . . . . . . . . . . . . . 107
Applying Themes to Specific Pages or the Entire Application
. . . . 108
Programming with Themes
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
■
CHAPTER 4
Developing Reusable Components: The Skinned
Page-Message Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
New Control Features in ASP.NET 2.0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Design-Time Rendering of User Controls
. . . . . . . . . . . . . . . . . . . . . 113
Global Tag Registration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Developing Server Controls with the ControlState
. . . . . . . . . . . . . . . . . . 115
Building the ControlState Example Control
. . . . . . . . . . . . . . . . . . . 115
Creating the ControlState Demo Page
. . . . . . . . . . . . . . . . . . . . . . . 119
Viewing the ControlState Behavior in the Demo Page
. . . . . . . . . . 120
Building a Skinned Page-Message Control
. . . . . . . . . . . . . . . . . . . . . . . . 121
What Is a Skinned Control?
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
How Does the Server Control Manipulate the UserControl?
. . . . . 122
How Are Skinned Controls Implemented?
. . . . . . . . . . . . . . . . . . . . 123
Architecture of the Skinned Page-Message Server Control
. . . . . . 125
Storage Locations for UserControl Skins
. . . . . . . . . . . . . . . . . . . . . 127
Setting Up the Messaging Web Control Project
. . . . . . . . . . . . . . . . 128
The Skinned Web Control Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
The MessageDataCollection Class
. . . . . . . . . . . . . . . . . . . . . . . . . . 132
Defining a Standard Tag Prefix for Your Control Library
. . . . . . . . 140
Design Time Rendering
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Referencing the PageMessageControl in Your Web Project
. . . . . 141
Creating the PageMessageControl’s Skin Files
. . . . . . . . . . . . . . . . 142
Using the PageMessageControl
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
■
CHAPTER 5
User Management Tools and Login Controls for Forms
Authentication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Forms Authentication in ASP.NET
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Authentication Modes
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Configuring an Authentication Mode for Your Application
. . . . . . . 155
Authentication Tickets in Concept
. . . . . . . . . . . . . . . . . . . . . . . . . . 155
6293_FM.fm Page viii Tuesday, November 15, 2005 7:29 PM
■
CONTENTS
ix
Authentication Cookies
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Specifying a Default Login Page and Login Redirection URL
. . . . . 156
Other Forms Authentication Configuration Options
. . . . . . . . . . . . 156
Manually Implementing Forms Authentication
. . . . . . . . . . . . . . . . 159
Working with the Membership and Roles Objects
. . . . . . . . . . . . . . . . . . 167
The Membership Object
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
The Roles Object
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Programming with the Membership and Role Objects
. . . . . . . . . . 173
Configuring the Membership and Role Providers
. . . . . . . . . . . . . . 173
Managing Users and Security with the Web Site Administration Tool
. . 178
Opening the Web Site Administration Tool
. . . . . . . . . . . . . . . . . . . 178
Home Tab
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
The Provider Tab
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
The Security Tab
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Adding, Editing, and Deleting Users
. . . . . . . . . . . . . . . . . . . . . . . . . 189
ASP.NET 2.0 Login Controls
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Templated Controls
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Creating Templates
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
The Login Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
The LoginView Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
The Password Recovery Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
The LoginStatus Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
The LoginName Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
The CreateUserWizard Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
The ChangePassword Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
■
CHAPTER 6
Managing Profiles
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Profile Basics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
The Profile Object
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Enabling and Disabling Profiles
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Defining Profile Properties in Web.config
. . . . . . . . . . . . . . . . . . . . 213
Creating Profile Property Groups
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Implementing a Profile Property Class
. . . . . . . . . . . . . . . . . . . . . . . 215
Strongly Typed Properties
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
ProfileManager Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Working with Anonymous Profiles
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Enabling Anonymous Profile Identification
. . . . . . . . . . . . . . . . . . . . 222
When to Use Anonymous Identification
. . . . . . . . . . . . . . . . . . . . . . 225
Drawbacks of Anonymous Identification
. . . . . . . . . . . . . . . . . . . . . 226
6293_FM.fm Page ix Tuesday, November 15, 2005 7:29 PM
x
■
CONTENTS
Defining Anonymous Profile Properties
. . . . . . . . . . . . . . . . . . . . . . 227
Avoiding Anonymous Write Exceptions with IsAnonymous
. . . . . . 227
The Importance of Default Property Values
. . . . . . . . . . . . . . . . . . . 228
Creating Profile Migration Code
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Creating a Simple Targeted Advertisement
. . . . . . . . . . . . . . . . . . . . . . . 230
Defining Profile Properties to Track Content Preferences
. . . . . . . 230
Building the Targeted Advertisement Example Page
. . . . . . . . . . . 231
The Shopping Cart Custom Property
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Creating the Shopping Cart
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Defining the ShoppingCart Property in Web.Config
. . . . . . . . . . . . 237
Building a Product Display Component to Add Products
to the Cart
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Building the Shopping Cart Demo Page
. . . . . . . . . . . . . . . . . . . . . . 241
Profile Migration with the Shopping Cart
. . . . . . . . . . . . . . . . . . . . . 247
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
■
CHAPTER 7
Building Portals Using the Web Parts Framework
. . . . . . . 249
Web Parts Framework Concepts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Web Parts in Concept
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Web Part Connections
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Portal Page Display Modes
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Defining Portal Regions with Zones
. . . . . . . . . . . . . . . . . . . . . . . . . 254
User and Shared Scope
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Closing vs. Deleting a Web Part
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Hiding vs. Closing a Web Part
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Web Part Interfaces, Classes, and Controls
. . . . . . . . . . . . . . . . . . . . . . . 259
IWebPart Interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Part Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
WebPart Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
GenericWebPart Wrapper Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
WebPartManager Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
ProxyWebPartManager Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Web Part Zones
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
WebPartZone Control and Static Web Parts
. . . . . . . . . . . . . . . . . . 274
CatalogZone Control and Related Catalog Parts
. . . . . . . . . . . . . . . 278
EditorZone Control and Related Editor Parts
. . . . . . . . . . . . . . . . . . 283
ConnectionsZone Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Building an Example Web Part
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Defining Web Part Properties
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Implementing a UserControl Based Web Part
. . . . . . . . . . . . . . . . . 295
6293_FM.fm Page x Tuesday, November 15, 2005 7:29 PM
■
CONTENTS
xi
Implementing a Custom Web Part
. . . . . . . . . . . . . . . . . . . . . . . . . . 304
Advanced Web Part Topics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Adding Custom Verbs to Your Web Part
. . . . . . . . . . . . . . . . . . . . . . 310
Connection Providers and Consumers
. . . . . . . . . . . . . . . . . . . . . . . 313
Exporting Web Part Configuration Files
. . . . . . . . . . . . . . . . . . . . . . 323
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
■
CHAPTER 8
Effective Search Tools and Techniques for Your
Business Applications
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Creating the SqlQuery Tool
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Objectives and Architecture Overview
. . . . . . . . . . . . . . . . . . . . . . . 328
Enumerations in Globals.vb
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
SqlField Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
SqlFieldCollection Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Analyzing the WHERE Clause in Search of an Object Model
. . . . . 335
ISqlCondition Interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
SqlCondition Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
SqlConditionGroup Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Building the SqlQuery Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
SqlQuery Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Using a SqlQuery Object to Build Queries
. . . . . . . . . . . . . . . . . . . . 366
Executing Queries with the SqlQuery Class
. . . . . . . . . . . . . . . . . . . 370
Executing Paged Queries with the SqlQuery Class
. . . . . . . . . . . . . 371
Commonly Used Search Functions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Date Range Search
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Using the DateRangeSearch
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Keyword Search
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Using the CreateKeywords Function
. . . . . . . . . . . . . . . . . . . . . . . . . 381
Displaying Basic and Advanced Searches
. . . . . . . . . . . . . . . . . . . . . . . . 382
ISearchControl Interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Creating the Basic Search Form (SimpleForm.ascx)
. . . . . . . . . . . 383
Creating the Advanced Search Form (AdvancedForm.ascx)
. . . . . 384
Implementing the Main Search Page (EmployeeSearch.aspx)
. . . 386
Benefits of User Control–Based Search Forms
. . . . . . . . . . . . . . . . 390
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
■
CHAPTER 9
Building a Reusable Reporting Framework
. . . . . . . . . . . . . . 391
Building the Reporting Framework
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Abstract Class Primer
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
6293_FM.fm Page xi Tuesday, November 15, 2005 7:29 PM
xii
■
CONTENTS
Solution Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Database
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
The ISearchControl Interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Pagination and the IPaginationControl Interface
. . . . . . . . . . . . . . . 399
ReportFramework Abstract Class
. . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Creating a Report Using the Reporting Framework
. . . . . . . . . . . . . . . . . 422
Building Search Forms Using the ISearchControl Interface
. . . . . . 423
Creating a Paging Navigation Component
. . . . . . . . . . . . . . . . . . . . 426
Building the Report Page Layout
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Developing the Report Page Code Behind
. . . . . . . . . . . . . . . . . . . . 430
Running the Report Page
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
■
CHAPTER 10
Web-Based Wizards: Avoiding Duplicate Data Entry
. . . . 437
Wizard Control Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Layout and Parts of a Wizard Control
. . . . . . . . . . . . . . . . . . . . . . . . 438
Important Wizard Properties and Events
. . . . . . . . . . . . . . . . . . . . . 440
Adding Steps to the Wizard
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Controlling Wizard Navigation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Working with Templates
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Phonetic Searching
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Phonetic Codes and the Soundex Function
. . . . . . . . . . . . . . . . . . . 455
Phonetic Proximity Matching with the Difference Function
. . . . . . 455
Creating the Add Employee Wizard
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Business Objects and Utility Functions
. . . . . . . . . . . . . . . . . . . . . . 457
Add Employee Wizard
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Trying It All Out
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
■
CHAPTER 11
Uploading Files
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Database vs. File System Debate
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Transactional Support
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Enforcing Referential Integrity and Avoiding Broken File Links
. . . 475
Security Considerations
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Performance
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Data Backup and Replication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Programmatic Complexity
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Future Considerations
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Uploading Files
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
6293_FM.fm Page xii Tuesday, November 15, 2005 7:29 PM
■
CONTENTS
xiii
The FileUpload Control
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Saving Files with the FileUpload Control
. . . . . . . . . . . . . . . . . . . . . 479
Uploading Multiple Files
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Multiple File Uploads on the Client Side
. . . . . . . . . . . . . . . . . . . . . . 481
Saving Multiple Files on the Server Side
. . . . . . . . . . . . . . . . . . . . . 484
Storing Files in a Database
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Creating a Database Table to Store Files
. . . . . . . . . . . . . . . . . . . . . 485
Getting Files from the Client to the Server
. . . . . . . . . . . . . . . . . . . . 486
Saving a Single File to the Database
. . . . . . . . . . . . . . . . . . . . . . . . 486
Saving Multiple Files to the Database
. . . . . . . . . . . . . . . . . . . . . . . 488
Retrieving Uploaded Files from the Database
. . . . . . . . . . . . . . . . . . . . . . 490
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
■
CHAPTER 12
Security and Encryption
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Basic Security Concepts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Security Terminology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Authentication vs. Authorization
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Least Privileged Access
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Processes, Threads, and Tokens
. . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Impersonation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Delegation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Access Token and Impersonation Examples
. . . . . . . . . . . . . . . . . . 501
ASP.NET Security Architecture Overview
. . . . . . . . . . . . . . . . . . . . . . . . . 504
Sending the Initial Request via the Browser
. . . . . . . . . . . . . . . . . . 506
IIS Authorization Based on IP Address or Domain
. . . . . . . . . . . . . . 506
IIS Authentication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
The ASP.NET ISAPI Extension and the ASP.NET
Worker Process
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Application Objects and the Security Context of the Request
. . . . 509
ASP.NET Authentication Modules
. . . . . . . . . . . . . . . . . . . . . . . . . . . 510
URL Authorization Module
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
File Authorization Module
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Processing the Actual Request
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Security Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
IIS Security Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Securing Files with NTFS Permissions
. . . . . . . . . . . . . . . . . . . . . . . 522
ASP.NET Security Configuration Settings
. . . . . . . . . . . . . . . . . . . . . 526
Encrypting Sensitive Information
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Securing Configuration Settings
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Hashing Data with One-Way Encryption
. . . . . . . . . . . . . . . . . . . . . 541
6293_FM.fm Page xiii Tuesday, November 15, 2005 7:29 PM
xiv
■
CONTENTS
Encrypting and Decrypting Data with Two-Way Encryption
. . . . . 546
Using the Encryption Library
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
■
CHAPTER 13
Using HTTP Handlers: Request Processing, Image
Generation, and Content Management
. . . . . . . . . . . . . . . . . . . 557
HTTP Handler Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
IIS and the ASP.NET HTTP Pipeline Process Model
. . . . . . . . . . . . 559
Common Uses for HTTP Handlers
. . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Implementing the IHttpHandler Interface
. . . . . . . . . . . . . . . . . . . . . 564
Mapping File Extensions in IIS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Configuring an HTTP Handler in ASP.NET
. . . . . . . . . . . . . . . . . . . . 568
Processing Virtual Files with URL Rewriting
. . . . . . . . . . . . . . . . . . . . . . . 570
Creating the Report Pages
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Building the XlsReportHandler
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
HTTP Handler Design Considerations
. . . . . . . . . . . . . . . . . . . . . . . . 579
Using the XlsReportHandler to Retrieve Reports
. . . . . . . . . . . . . . . 580
Thumbnail Generation with an HTTP Handler
. . . . . . . . . . . . . . . . . . . . . . 583
Objectives and Solution Architecture
. . . . . . . . . . . . . . . . . . . . . . . . 583
Building the ThumbnailHandler
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Configuring the ThumbnailHandler
. . . . . . . . . . . . . . . . . . . . . . . . . . 591
Viewing Thumbnails
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
Content Management Backend
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
Objectives and Solution Architecture
. . . . . . . . . . . . . . . . . . . . . . . . 594
Content Database Design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Creating the ContentManagementHandler
. . . . . . . . . . . . . . . . . . . . 598
Configuring the ContentManagementHandler
. . . . . . . . . . . . . . . . . 600
Creating Content Templates using Master Pages
. . . . . . . . . . . . . . 600
Building the FrontController.aspx Page
. . . . . . . . . . . . . . . . . . . . . . 601
Building the FrontController.aspx.vb Code Behind
. . . . . . . . . . . . . 602
Web User Controls and the NoActionForm
. . . . . . . . . . . . . . . . . . . . 609
Next Steps for the Content-Management Backend
. . . . . . . . . . . . 611
Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
■
INDEX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
6293_FM.fm Page xiv Tuesday, November 15, 2005 7:29 PM
xv
Foreword
A
s I write this foreword, we are days away from Visual Studio 2005 becoming official. The soft-
ware has been “complete” for several months now and the last weeks of the project involve
scouring the code to ensure no rogue bug appears. As the multiple development teams move
their code from their team branches into escrow, the level of anticipation is reaching a
crescendo within the developer community. And rightfully so because for many developers,
ASP.NET 2.0 will revolutionize the way they build software by simplifying many of the common
tasks, in much the same way as ASP.NET 1.0 did for Active Server Page developers.
I recall a similar event when .NET 1.0 was released. Microsoft web developers had to bide
their time with Active Server Pages, which was a great technology at the time, but it was mostly
script based or interpreted. ASP.NET 1.0 changed the way developers thought about writing
their applications. For example, the new Cache API allowed developers to skip the often used
hack of storing commonly accessed data in application state memory; server controls allowed
us to take concepts of reuse found at the component layer and “componentize” the UI. Of
course, there was much, much more, but the biggest improvement by far was that ASP.NET was
built on top of the Common Language Runtime (CLR), providing ASP.NET with a host of bene-
fits ranging from garbage collection to multiple language support. Here is an interesting piece
of .NET trivia: Did you know that ASP.NET was the first product group within Microsoft to agree
to build their new platform, later to be known as .NET? How far we’ve come…
The planning for .NET 2.0, codenamed Whidbey, began before version 1.0 even shipped,
just as the planning and development for the next version, codenamed Orcas, is already
underway. An interesting aside: If you drive north from Redmond towards Canada, home of
Whistler-Blackcomb—one of the best snowboarding (skiing too) destinations in North
America—there is a restaurant at the base of these mountains called Longhorn (the Windows
Vista codename). On the way to Longhorn, as the crow flies, you’ll pass the city of Everett (code-
name of .NET 1.1) and the islands of Whidbey and Orcas.
Every adventure needs a trusted guide. In this exploration of ASP.NET 2.0, whether you are
new to technology or intimately familiar with it, Damon’s book will be a trustworthy
companion. Damon shares his experience as a professional ASP.NET 2.0 software developer
who has not only been studying ASP.NET 2.0 but has used it extensively.
The opening chapters of the book examine defensive programming concepts new to
ASP.NET 2.0, in particular those related to managing the configuration system. The ASP.NET
XML driven configuration system, aka Web.config, not only receives many new settings but
also a programmatic API for managing the system. Although the XML can still be edited
directly, the APIs now allow those settings to be managed through tools as well.
Starting in Chapter 3, Damon begins to explore some of the new user interface features of
ASP.NET 2.0. Master Pages and themes provide us with many more options for customizing the
look-and-feel of our web applications. Damon also examines page skinning, a feature that orig-
inated in ASP.NET Forums (now Community Server) and enables developers to build modular
controls whereby their UI is decoupled from their implementation.
6293_FM.fm Page xv Tuesday, November 15, 2005 7:29 PM
xvi
■
FOREWORD
Chapter 6 deals with the new Personalization features of ASP.NET 2.0. The Personaliza-
tion, Membership, Role Management, Provider Design Pattern, and Caching features are ones
I’m particularly passionate about, as I had the opportunity, while working at Microsoft, to
design these features. ASP.NET’s new Profile system is unique. Not since the days of Site Server
3.0 have developers had a robust personalization API available for their use, and this one
provides developers with an easy-to-use API, along with innovative capabilities such as load on
demand, profile property delegation through providers and, of course, strongly typed proper-
ties on the Profile object. In short, Profile is now the API of choice for storing user data.
In the later chapters, Damon assesses the new Web Parts Framework, which enables
anyone to build web portals, against the option to download or buy one. He shows how to use
the new wizard control to better control the workflow of data entry. Finally, he investigates
topics such as file uploads, security, and dynamic image creation using HTTP Handlers.
As you immerse yourself in the following pages, you’ll find this book to contain practical
examples written by an experienced software developer. And thus I present to you Pro ASP.NET
2.0 Website Programming.
Rob Howard
Telligent Systems
6293_FM.fm Page xvi Tuesday, November 15, 2005 7:29 PM
xvii
About the Author
D
amon Armstrong has been developing business applications for almost 10 years and has a
passion for just about every web-based technology on the planet. Currently, he is a technology
consultant with Telligent Systems in Dallas, Texas, where he works with some of the most
active and knowledgeable people in the .NET community, specializes in ASP.NET, and has
recently been focusing on client development projects for early adopters of ASP.NET 2.0. He is
certified in VB .NET and ASP.NET, and holds a Bachelors of Business Administration in
Management of Information Systems from the University of Texas at Dallas.
Damon lives in Carrollton, Texas, with his wife Teresa Kae and their black-lab mix Cloe.
When he’s not in front of a computer, he’s usually out playing softball, disc golf, or procrasti-
nating on some home-improvement project. He’s also a leader, along with his wife and a bunch
of other absolutely awesome people, with Carrollton Young Life. He can be contacted at
or online at .
6293_FM.fm Page xvii Tuesday, November 15, 2005 7:29 PM
6293_FM.fm Page xviii Tuesday, November 15, 2005 7:29 PM
xix
About the
Technical Reviewer
D
amien Foggon is a freelance programmer and technical author based in Newcastle,
England. He’s technical director of Thing-E Ltd., a company specializing in the development of
dynamic web solutions for the education sector, and founder of Littlepond Ltd. He started out
working for BT in the UK before moving on to progressively smaller companies until finally
founding his own company so that he can work with all the cool new technologies and not the
massive monolithic developments that still exist out there.
Damien has coauthored books for Microsoft Press and Apress and acted as a
technical reviewer for both Wrox and Apress. His first solo outing as an author, Beginning
ASP.NET 2.0 Databases (also from Apress), will be arriving soon. He can be contacted at
or online at .
6293_FM.fm Page xix Tuesday, November 15, 2005 7:29 PM
6293_FM.fm Page xx Tuesday, November 15, 2005 7:29 PM
xxi
Acknowledgments
W
riting a book is one of the most arduous tasks I have ever endured, and it would have been
unendurable without the help and support of a great number of people. Although words are
not enough, I would like to thank the following…
My wife, Teresa. Your unceasing kindness, patience, support, understanding, and love
helped me get through the long nights of coding and writing. I look forward to getting away
with you now that this is all over.
Tony Davis helped take an idea and turn it into a book. Thank you for your encouragement
and guidance in shaping this work.
Damien Foggon had the insurmountable job of ensuring the technical accuracy of the
entire book. Thank you for all your time, research, insight, and well-placed humor, and for
keeping the quality of the code and explanations up to such a high standard.
Julie McNamee, grammatical master, went through the entire book in about three weeks
and ensured the tone, style, spelling, and formatting of the text was consistent and did an abso-
lutely amazing job.
Denise Santoro Lincoln, the book’s project manager, helped keep everything on track,
which is hard to do when working with someone as prone to procrastination as I am. Thank you
for keeping on top of things even through all the chapter splitting, content rearranging, and
out-of-order submissions.
Ty Anderson, who got me into this whole ordeal in the first place. You’re not any good at
keeping a dog in your yard while I’m out of town, but your insight into publishing has been
invaluable, and your friendship even more so. Keep keeping it real.
Rob Howard, for taking the time to write the foreword for this book and for building an
awesome company where people matter and shoes are, in fact, optional.
Tony Frey and Kirk Nativi. Anywhere in the book where I mention working on a project
with someone, chances are it was one of these two. Tony helped set up the HTML formatting
for the sample application and made otherwise stagnant meetings a lot of fun with his insight-
fully sarcastic witticism. Keep the attitude. And Kirk has saved me, in one way or another, on
many a project.
Jonathon Wimberley, Nick Reed, and Matt Maloney. Why I waited two years to finish
remodeling parts of house, I do not know. And why I decided to finish when I was writing a
book, I don’t know either. But your help was invaluable on those home-improvement projects
I decided to undertake when I should have been writing.
Matt, Schall, Scott, Ted, Dave, and the rest of the Carrollton Crew. Fox rules. We’ll get
together soon and I’ll re-educate you as to why that is. Assuming Schall doesn’t get eaten by a
puma.
And finally, my parents, James and Mary Armstrong. You have always been, and continue
to be, there for me. Your dedication as parents is unparalleled. And after 500 some odd pages
and almost 200,000 written words, I know that you will never let me live down the fact I came
home in fifth grade after a keyboarding class grumbling about how I would never learn how to
type.
6293_FM.fm Page xxi Tuesday, November 15, 2005 7:29 PM
6293_FM.fm Page xxii Tuesday, November 15, 2005 7:29 PM
xxiii
Introduction
M
icrosoft revolutionized web-application development with the original release of ASP.NET,
increasing developer productivity to a level unmatched with any other technology. I have
worked with Java, Perl, PHP, Cold Fusion, and ASP 3.0, and in my experiences, projects in
ASP.NET took less time to build, were easier to maintain, simplified code reuse, and had a
better return on investment. And that was just the first release. ASP.NET 2.0 includes a number
of much needed additions that continue to set it apart as the leader in web-based development
technologies. But functionality is meaningless unless applied correctly, and so the aim of this
book is to discuss how to apply ASP.NET to solve real-world business issues.
As a consultant, I’ve had the opportunity to see a range of different applications imple-
mented to varying degrees of success, and, more importantly, a chance to reflect on what made
them succeed and fail. After looking at a number of projects, I came to realize that successful
projects tend to excel in a few common areas:
• Configuration Management: Configuration settings allow administrators to change the
behavior of an application without recompiling the source code. Applications move
from server to server. Domain names change. IP addresses get shifted around. Config-
urable applications make it easy to adapt to these changes and reduce maintenance
costs.
• Exception Management: Exceptions are an inevitable part of the development process,
and applications should handle exceptions gracefully to avoid damaging your applica-
tion’s credibility with users. You can even log exceptions and use that information to
your advantage to help identify problem areas and manage user perception by
responding to issues before customers have a chance to contact you to complain.
• Visual Appearance: You can control user perception by paying attention to graphical
detail and ensuring your site has a consistent look and feel. Consistency exudes profes-
sionalism and makes for a crisper, cleaner-looking site. Because users often judge an
application on its appearance long before they judge it on its functionality, you can use
this to your advantage to build user confidence in your application. You can also allow
users to personalize the appearance of a site to ensure it fits their particular needs and
preferences.
• Page Messaging: Displaying status information to users about actions that occur on the
page is imperative if you want them to remain informed. If an action fails, users should
be notified to ensure they don’t navigate away from the page and lose their data. If an
action succeeds, users should be notified so they don’t attempt to resubmit the informa-
tion and make a duplicate entry. Informed users make more logical decisions, which
helps keep them from breaking your applications in ways that you never imagined
possible.
6293_FM.fm Page xxiii Tuesday, November 15, 2005 7:29 PM
xxiv
■
INTRODUCTION
• Reusable Controls: Taking time at the start of a project to identify and build components
you can use throughout the rest of the development process can save you an enormous
amount of time. You also gain a higher degree of maintainability because you can update
the component from a single location.
• User Management and Security: Business applications often manage vital business infor-
mation, and it’s imperative to protect that information from falling into the wrong
hands. Applications should take full advantage of the various security mechanisms in
Windows, IIS, and ASP.NET to ensure users are properly authenticated and authorized
to avoid letting sensitive information slip through the cracks.
• Searching and Reporting: As the amount of data in an application grows, so does the
need to effectively search and display that information. Applications with well-built
searching and reporting tools make it easier to locate and view information, increasing
the effectiveness of the application as a whole.
Another realization I’ve had while analyzing projects is that excellence is not the result of
chaotic effort, but rather of design and planning followed by focused action. This is by no
means a stunning revelation because everyone knows that planning something out before you
tackle it helps you accomplish what you set out to do. But for some reason, when burdened by
budgetary restrictions and tight deadlines, developers often forgo design in the hope that fren-
zied coding will somehow bring them out in front when the dust settles. I have yet to see this
approach work.
Although the aforementioned list is far from exhaustive, focusing design efforts on these
areas, before a project begins, helps create a solid infrastructure on which to build the rest of
your application. When you have a good configuration strategy in place, then your applications
tend to be configurable. When you have an exception-management strategy defined, then your
application is more likely to handle exceptions gracefully. When you have a well-designed
visual interface, your applications are bound to look more professional. When you have page
messaging in place, your applications are more inclined to communicate effectively. In other
words, a well-built infrastructure drives you to build better applications. And building a solid
infrastructure for your applications is what this book is all about.
All the chapters in this book contain practical examples for building different portions of
an application using ASP.NET 2.0. They are drawn directly from my experience with client
engagements, so you know they are applicable in real-world scenarios. I also introduce each
chapter by outlining business benefits to the approach suggested so you know not only the
“how,” but also the “why” behind a specific design and implementation.
Who Should Read This Book?
If you are a .NET developer who wants to know how to build a solid web-based business appli-
cation using ASP.NET 2.0, then this book is for you. Inside you’ll find practical examples drawn
from real-world situations that cover configuration management, exception handling, themes,
control skins, building server controls, user management, profiles, developing against the Web
Parts Framework, keyword and phonetic searching, sorting and paging reports, building web-
based wizards, uploading files, storing binary information in a database, security, thumbnail
generation, and content management. Although this book is geared toward beginner- and
intermediate-level developers who have some experience with ASP.NET and VB .NET, even the
most experienced professionals should find something new and interesting.
6293_FM.fm Page xxiv Tuesday, November 15, 2005 7:29 PM