security
anonymous access, 46, 204, 217
ASP.NET Authentication, 205–206
ASPNET account, 296
authentication for. See authentication
authorization for. See authorization
client certificates, 204
config file security, 199–200
configuration section, 189
cross-site scripting, 218–219
detecting running services, 221
Digest Authentication, 205
Forms authentication, 206, 208–211, 213–215, 296
hardening servers, 221
hashing passwords, 211
IIS for, 202
impersonation, 202, 206–208
importance of, 201
Integrated Authentication, 205
loginUrl pages, 209–211
Passport authentication, 206
passwords, 209, 211, 296
patches, 221
role-based, 212–215
tickets, Forms authentication, 209
user accounts, 296
user names, 211
validating input, 218–220
Windows Authentication, 204–205, 212–213
Windows mode authentication, 205
Windows user accounts, 296
worker process, 296
server controls
base class for, 26
binding data to. See data-binding
Calendar.aspx, 27–28
capabilities of, 27
CheckBoxList, 35–36
CompareValidator, 42
CustomValidator, 44–45
defined, 23
disabling client-side validation, 285
DropDownList, 37–38, 54–55, 285, 286
event handlers, adding, 25
event-driven model, 25
HTML element equivalents, 26
HTML type. See HTML controls
HtmlHelloWorld.htm, 23
iterating items, 285
list controls. See list controls
ListBox, 36–37
message box, client-side, 33–34
MessageBox object, 33
mobile controls. See mobile browsers
overhead from, 284
partial page caching of, 164–167
performance issues, 25
place in page structure, 23
RadioButtonList, 39–40
RangeValidator, 42–43
RegularExpressionValidator, 43–44
RequiredFieldValidator, 41
runat="server" blocks, 25, 270, 299
server-side invisibility, 34
types of, 24
uploading files, 46–47
User controls, 30–32
validation with. See validation controls
ValidationSummary, 45
values, combined, 286
varying caching by browsers, 148–149
view state with, 48–49
Web farm issues, 285
Windows.Forms namespace, 284
server variables, 249
servers
detecting running services, 221
hardening security of, 221
Server.Execute method, 14–15
Server.Transfer method, 13–14, 284
services, disabling for security, 297
session state
apartment model–threaded components, 111
ASP and ASP.NET, sharing, 268
ASP version of, 110–112, 282
ASP.NET overview, 112
authentication for SQLServer, 119–120
cookieless, 123–124
cookies with, 113
configuration section, 189
defined, 109
disabling, 122, 240
disadvantages of ASP version, 111–112
enabling, 241
global session events, 113
history of, 110–112
HTTP cookies in ASP, 111
IDs for keys to user data, 290
in-process, 112–114, 240, 289
IP affinity, 111
machine.config for, 113
machineKey settings, 121
mobile browsers with, 94–96
out-of-process. See out-of-process session state
performance issues, 239–241
race conditions, 241
read-only access to, 241
reverse proxies, 111
serialization overhead, 112, 114–115
Session-End event, 289
SessionIDs, 123–124, 290
sharing between ASP and ASP.NET, 268
speed considerations, 112
SQLServer, 114, 118–121
StateServer, 114, 116–118
timeout values, 113, 183
Web farm considerations, 111, 112, 121–122
wizards with, 17–19
Session-End event, 289
SessionIDs, 123–124, 290
Set operator, 275
side-by-side support, 227
SimpleHandler.cs sample, 5–6
SimpleModule.cs sample, 7–8
SinglePageWizard.aspx, 16–17
.soap files, ISAPI mapping of, 264
sorting data in DataGrids, 67–70
source code, viewing, 299
SQL Server
Agent, 290
authentication, 290
configuring for ASP.NET versions, 290
Query Analyzer session state, 119
session state, 114, 118–121, 240, 289
SQL Scripts installation, 290
SqlDataReader, 62
SQLServer mode of session state, 114, 118–121, 240, 289
SSL (Secure Socket Layer)
authentication with, 209
Basic Authentication requirement, 296
Forms Authentication requirement, 296
STA COM objects, 111, 237
state management
application state for. See application state
ASP session state, 110–112
cache API. See Cache API
cache state for. See cache state
controls, partial page caching of, 164–169
cookies for. See cookies
disadvantages of ASP version, 111–112
firewalls with, 289
hidden form fields for, 124
IDs for keys to user data, 290
in-process session state, 112–114, 240, 289
IP affinity, 111
out-of-process session state. See out-of-process session state
OutputCache. See OutputCache directives
per-request caching, 179–181
programmatic removal of pages, 163
request state for, 133, 291
reverse proxies, 111
session technique. See session state
Session-End event, 289
SQLServer, 114, 118–121, 289
stateless applications, 134
StateServer, 114, 116–118
static variables for, 177–179
techniques, table of, 109–110
transparency of model, 289
validation callbacks, 158–159
view state for. See view state
Web farm considerations, 111, 112, 121–122
what to cache, 172
stateless applications, 134
StateServer mode, 114, 116–118
static variable state, 133, 177–179
static variables, 110
strings, 239
styles, adding to DataGrids, 65–67
System.Configuration namespace, 195
System.Diagnostics namespace, 255
System.Windows.Forms namespace, 284