Answers for Day 18

IOTA^_^    

Sams Teach Yourself ASP.NET in 21 Days, Second Edition
By Chris Payne
Table of Contents
Appendix A.  Answers to Quiz Questions


Quiz

1:

True or False: You can access the <appSettings> section with the ConfigurationSection.AppSettings property.

A1:

True.

2:

Is it possible to view the global.asax file from your browser?

A1:

No, ASP.NET protects this file so that outside viewers cannot view it at all.

3:

What interface must a custom handler implement?

The following questions deal with the directory structure shown in Table 18.4.

Table 18.4. A Web Server Directory Structure Exercise
Application URL Physical Path
http://www.site.com c:\www\site
http://www.site.com/sales c:\www\site\sales
http://www.site.com/hr c:\www\site\sales\hr
http://www.site.com/users d:\www\misc\users

A1:

 IConfigurationSectionHandler 

The following questions deal with the directory structure shown in Table 18.4.

Table 18.4. A Web Server Directory Structure Exercise
Application URL Physical Path
http://www.site.com c:\www\site
http://www.site.com/sales c:\www\site\sales
http://www.site.com/hr c:\www\site\sales\hr
http://www.site.com/users d:\www\misc\users

4:

The sales virtual directory has a web.config with the following setting:

 <httphandlers>    <add verb="PUT, POST" path="index.aspx" type="System.Web.       UI.PageHandlerFactory" /> </httphandlers> 

If the hr directory is accessed as follows, will it inherit this setting?

http://www.site.com/hr

A1:

No, the hr directory will not inherit the setting because configuration information is processed by virtual directories, not physical path.

5:

If the hr directory is accessed as follows, will it inherit this setting?

http://www.site.com/sales/hr

A1:

No, the hr directory will not inherit the setting because the <httpHandlers> setting is not inherited by subdirectories.

6:

Suppose that the web.config in sales also has the following setting:

 <location path="hr/*.aspx">    <authorization>          <deny users="?" />    </authorization> </location> 

Is this an adequate security measure against entry into hr? Explain.

A1:

No, anonymous users could still access this directory through the hr virtual directory, www.site.com/hr, without having to supply valid credentials.

7:

Describe a better use of web.config to address the preceding question.

A1:

A better measure would be to place a web.config in the hr directory, with the necessary security measures. This would ensure that no matter how this directory was accessed, only valid users would be able to see the content. For example, place the following in c:\www\site\sales\hr\web.config:

 <authorization>    <deny users="?" /> </authorization> 

Exercise

Q1:

Set up a web.config file for a sample application that does the following:

  • Turns on debug mode for the application.

  • Sets custom errors to display an errors.aspx page.

  • Declares a section called authors with a PrimaryAuthor key with the value of your name. This section should use the DictionarySectionHandler handler.

A1:

The web.config should follow the following format:

 1:  <configuration> 2:     <configSections> 3:         <section name="authors" type="System.Web. Configuration. graphics/ccc.gifDictionarySectionHandler, System.Web"/> 4:     </configSections> 5: 6:     <system.web> 7:        <compilation debugMode="true" /> 8: 9:        <customErrors defaultRedirect="error.htmaspx" mode="off"> 10:           <error statusCode="404" redirect="error.htmaspx"/> 11:        </customerrors> 12: 13:        <authors> 14:           <add key="PrimaryAuthor" value="Chris Payne"> 15:        </authors> 16:     </system.web> 17:  </configuration> 


    IOTA^_^    
    Top


    Sams Teach Yourself ASP. NET in 21 Days
    Sams Teach Yourself ASP.NET in 21 Days (2nd Edition)
    ISBN: 0672324458
    EAN: 2147483647
    Year: 2003
    Pages: 307
    Authors: Chris Payne

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net