Changes in the System.Web Namespaces

Previous page
Table of content
Next page

ASP.NET pages now automatically validate all input sent with the request (including any Form , QueryString and Cookies collection contents) against a hard-coded list of undocumented but potentially dangerous string values, and raise an exception if any potentially dangerous content is detected . Input validation can be disabled using a Page directive: 

  <%@Page Language="VB" ValidateRequest="false" %>

or in machine.config / web.config : 

  <pages validateRequest="false" ... />

The System.Web.HttpRequest class gains a new method named ValidateInput that checks if the values submitted to the page are potentially dangerous. Used when automatic input validation is disabled for a page, and raises an exception if any potentially dangerous content is detected.

The System.Web.UI.Page class gains a new property named ViewStateUserKey to which a value that is unique to the current user can be assigned. It is encoded into the viewstate of the page, and when the page is submitted, the viewstate will only be valid if this value is present.

The ListControl , DropDownList , CheckBoxList , RadioButtonList and ListBox classes from the System.Web.UI.WebControls namespace gain a new property named SelectedValue that returns the Value property for the first selected ListItem object in the list. It can also be used to select an item in these controls by assigning the required String value to the property.

The System.Web.HttpContext.RewritePath method gains a new overload that accepts three String parameters: the new path, any extra path information, and the query string to be passed to the requested resource.

The System.Web.HttpBrowserCapabilities class gains a new method named GetClrVersions that returns an array of Version instances indicating the .NET Framework versions installed on the client.

The System.Web.HttpResponse class gains a new property named RedirectLocation that sets or returns the location that the client will be redirected to (the value of the Location HTTP header).

The System.Web.HttpRuntime class gains a new method named UnloadAppDomain that forces the current ASP.NET application to be unloaded and restarted when the next request is received.

The System.Web.HttpUtility class gains a new method named UrlPathEncode that encodes only the path section of a URL string, producing a URL in a format that is suitable for use within hyperlinks and other HTML elements within the page.

The System.Web.Mail.MailMessage class gains a new property named Fields that is a reference to a Dictionary object that containing additional information on the contents of the message that is not available from the existing properties.

The System.Web.Caching.HttpCachePolicy class gains a new method named SetAllowInBrowserHistory which, when set to True , instructs the client to cache the response in their History folder or document cache. This means that the Back and Forward commands in the browser will not request a new version of the page each time.

The System.Web.Caching.HttpCacheability enumeration gains two now values. ServerAndNoCache specifies that the content is cached at the origin server, but all other caching systems are explicitly denied the ability to cache the response. ServerAndPrivate indicates that the response is cached at the server and at the client, but nowhere else (proxy servers and other shared caching systems are not allowed to cache the response).

The System.Web.Security.FormsAuthentication class gains two new read-only properties that return information about the configuration of Forms authentication. The RequireSSL property returns a Boolean value indicating if the cookie must only be sent over a secure SSL-encrypted channel. The SlidingExpiration property returns a Boolean value indicating if the timeout is reset with each page request ( True ), or is treated as a fixed value from the initial login ( False ). Two new attributes are added to the <forms> element in machine.config and web.config that specify if SSL is required and if sliding expiration is enabled: 

  <authentication mode="Forms">   <forms requireSSL="truefalse" slidingExpiration="truefalse" ... />   </authentication>

The default <machineKey> element within the <system.web> section of the machine.config and web.config files now applies a modifier named IsolateApps to the validation and decryption keys: 

  <machineKey validationKey="AutoGenerate,IsolateApps"   decryptionKey="AutoGenerate,IsolateApps"   validation="SHA1"/>

The IsolateApps modifier causes these keys to include details of the ASP.NET application that is using Forms authentication and creating the cookie, so different applications that use Forms authentication will each generate different keys for securing their cookies and encoding viewstate in the pages.



Previous page
Table of content
Next page
Professional ASP. NET 1.1
Professional ASP.NET MVC 1.0 (Wrox Programmer to Programmer)
ISBN: 0470384611
EAN: 2147483647
Year: 2006
Pages: 243
Authors: Rob Conery, Scott Hanselman, Phil Haack, Scott Guthrie
BUY ON AMAZON
Software Configuration Management
Image Processing with LabVIEW and IMAQ Vision
Network Security Architectures
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy