sa (system administrator)
blank passwords and, 141
changing MSDE sa password, 142–43, 180
.NET QuickStart samples, 147
principle of least privilege, 146–47
SQL Server 2000 passwords, 506
Save All button, 30
Save button, 43, 45
SaveCredentials method, 381–82, 383–84
SaveViewState, 369
saving files, 30
saving templates, 139
scalability, 93, 100–101
scavenging, cache, 450–51
scope, variable, 56–57
<script runat= “server”> syntax. See code declaration blocks
Secure Communications dialog box, 160
Secure Sockets Layer. See SSL (Secure Sockets Layer)
security. See also authentication; server security
access control, 154–55
account limitations, 146–47
appSettings, 466
auditing, 155–56
authorization, 174–77
code access security, 178–79
disabling debugging, 196, 489
IIS installation and, 556
impersonation, 177–78
improvements to, 31
locking down configuration settings, 123
logging, 155–56
overview of, 127–29
passwords, 141–45, 506–7
patches, 151–54
request validation, 149–51
resources, 179–80
sensitive data storage, 107
SQL Server and, 104
SSL communications, 157–61
threats, 128–29, 147–48
tracing and, 480
validation, 148–49
ViewState and, 397
Web services, 420–21
Security Configuration and Analysis tool
improvements to Windows security, 130
overview of, 134
security templates, 138, 139–40
<securityPolicy> element, 179, 538–39
Security Templates tool
accessing, 135
creating new template, 135–38
defined, 134
Select Case statements, 63–68, 64–68
SelectCommand property, DataAdapter, 297
SelectCommand property, SqlDataAdapter, 298–99
SelectionList control, Mobile Web Forms, 268, 269– 70
<select> items, HTML controls, 230–33
semantic errors, 485
separators, Repeater control, 340–43
Server Certificate page, Web Server Certificate Wizard, 159
server controls
AdRotator control, 253–56
Calendar control, 256–59
case sensitivity, 228
data-bound controls, 266
defined, 188
hiding, 273
mobile, 266–72
overview of, 31
page lifetime and, 189–90
showing, 273
state, 107
Validation controls, 260–66
Xml, 259, 290
ServerControls.aspx, 221
server controls, custom
adding programmatically, 358–60
building with Visual Studio .NET, 352–57
classes, 349–50
creating, 348–49
event execution order, 368–69
event handling, 366–67
server controls, custom, continued
events, 365–66
functionality of, 360–63
inheriting from base class, 350–51
methods, 362–63
namespaces, 349
overriding inherited events, 367–68
overview of, 188, 347–48
postbacks, 364–65
properties, 360–61
raising events, 365–66
rendering output, 351
state maintenance, 396–97
TextBox control enhancements, 352–54
Toolbox Web control, 354–55
Web Forms, 355–57
serverErrorMessageFile attribute, <processModel>, 550
Server Explorer window, 21
Server.GetLastError method, 220
server security, 128–41. See also security
designing, 129–30
OS selection, 130–31
policies, 134–41
removing unused services, 131–34
setup and, 129–30
threats to, 128–29
server-side code
defined, 187
migration process and, 502
page lifetime and, 189
server-side comments, 187
server-side includes, 216
server-side <script> block, 69
ServerValidate property, 261
Service Releases, 570–74
Services MMC (Microsoft Management Console) snap-in, 101
services, removing unused, 132–34, 556
Session object, 87
Session state, 94–99
application scalability and, 100–101
enabling, 96, 97
limitations, 94
overview of, 94–96
read and write, 97–98
recommendations, 99
storage configuration, 101–5
SessionState.aspx, 97–98
<sessionState> element, 540–41
SetNoServerCaching method, 446
Set statements, 503, 508
Setup And Deployment Projects project type, 472
Setup Type page, MSDN Library, 566–67
SGML (Structured Generalized Markup Language), 111
shared assemblies, 358
Shared attribute, @ OutputCache directive, 203, 437–38, 443
Shortcut tasks, Task List, 22
short-term migration, 507–8
ShowAuthors.aspx, 431
ShowMessageBox property, 262
ShowSummary property, 262
ShowUsername.aspx, 170–72, 172–73
shutdownTimeout attribute, <processModel>, 550
side-by-side execution, defined, 124
SimpleDataBinding.aspx, 320
Simple Mail Transfer Protocol. See SMTP (Simple Mail Transfer Protocol)
SimpleTrace.aspx, 478–80
single quote (') character, 53
single-user applications, 127
Size property, 25
slidingExpiration attribute, <authentication>, 532
slidingExpiration attribute, <forms>, 170
smartNavigation attribute, @ Page Directive, 193
smartNavigation attribute, <pages>, 526
SmtpEmail.aspx, 242–47
SMTP (Simple Mail Transfer Protocol)
security risk of port 25, 150
setting up, 242
using server controls to send e-mail, 242–47
sn.exe, 358
SOAP
Web services based on, 31, 36
Web service security and, 420–21
XML-based Web services, 406
software, risks of installing on server, 134
Solution Explorer
Browse With option, 394
overview of, 20
testing Web forms, 14–15, 46–47
Web Forms, 40–41
Web services, 430
solutions, 14
Sort property, 318
<span> tag, 241–42
specialization, of server controls, 348
SqlCommandBuilder object, 299
SqlCommand class, 286–92
applying, 286–88
displaying data in Web page, 290
displaying XML data in Web page, 288–92
overview of, 277, 286
SqlConnection class
defined, 277
displaying data in Web page, 290
overview of, 279–82
sqlConnectionString attribute, <sessionState>, 541
SqlDataAdapter class
creating, 297–98
overview of, 277
SelectCommand property, 298–99
typed datasets, 311
SqlDataReader class, 277, 295–97, 318–19
SQL Enterprise Manager, 284
SQL Server
login, 283–84
password security and, 141
password storage, 145
sa account, 146–47, 506
trusted connections, 145, 178, 450
SQL Server Enterprise Manager utility, 143
SQL Server .NET Data Provider, 276, 277–78
SQL Server Query Analyzer, 571–72
SQLServer setting, 101, 103–4
SQL Server Web Assistant, 453–54
src attribute
@ Assembly directive, 202
@ Page directive, 193
@ Register directive, 201
inheritance from Page class, 206
Web application deployment, 467
Web services and, 408
SSL (Secure Sockets Layer)
installing certificates, 158–59
protecting communications, 157
requesting certificates, 157–58
requiring, 160–61
Web service authentication and, 421–22
staging systems, 138
standards
preventing bugs and, 486
SOAP and WSDL, 426
Standard toolbar, 27
Start button, 10–11, 14
Start Page, Visual Studio .NET, 16
STA (single-threaded apartment), 503
state. See also Application state
ASP.NET improvements, 31
client-side cookies, 105–7
maintaining in custom controls, 396–97, 401
overview of, 87
scalability and, 100–101
server control state, 107
session state, 94–99, 101–5
stateConnectionString attribute, <sessionState>, 541
StateServer (out-of-process) setting, 101, 101–3
static HTML tags, 187
Static keyword, 55
StaticObjects collection
Application object, 89
Session object, 95
statusCode attribute, <customErrors>, 530
statusMessage property, 383
Step keyword, 70
storage
deployment and, 465–66
passwords, 144–45
security and, 107
session state, 101–7
stored procedures
overview of, 295
parameters, 295
reading data with SqlDataReader and, 295–97
StreamWriter, 385
strict attribute
@ Page directive, 193
<compilation>, 522
StringBuilder class, 372, 376
strings, 371–73
structured exception handling, 74–78
Structured Generalized Markup Language (SGML), 111
<style> block, 253
Style property, 241
styles, applying to Web controls, 240–42, 273
subdirectories
IIS permissions for, 469–70
overriding configuration settings, 122
Sub procedures
input parameters and, 60–62
overview of, 60
parentheses required for, 503
syntax errors, 72–73, 485, 486–87
SYSTEM account, 146
System.Attribute, 409
System.Data, 432
System.Diagnostics, 487, 490, 498
System Properties dialog box, 572–73
System.Security.Cryptography, 145
System.Text, 372–73
System.Web, 6, 80, 88
System.Web.Mail, 200, 245
System.Web.Security, 168, 171
System.Web.Services, 408
<system.web> tag
Forms authentication, 170
URL-based authorization, 175–77
Web.config, 111–12, 123
System.Web.UI, 6, 205, 348, 399
System.Web.UI.HtmlControls, 226, 233
System.Web.UI.WebControls, 233, 253, 260, 266, 350, 353