[ Pobierz całość w formacie PDF ]
.After this change, only usersthat pass the authentication can make use of the web service.For real-life situations, of course, we are not just going to use the Basic Authentication methodbecause it sends the username and password in clear text through the HTTP channel.We wouldchoose other methods, such as Secure Sockets Layer (SSL) underneath Basic Authentication, so thatthe data passed back and forth is secure.Available methods include:Basic AuthenticationSends the username and password to the web server in clear text.IIS authen ticates the loginagainst the database of users for the domain.Basic over SSL AuthenticationSimilar to Basic Authentication, except that the username and password are sent with SecureSockets Layer (SSL) encryption.Digest AuthenticationUses a hashing technique, as opposed to SSL encryption, to send client credentials securelyto the server.Integrated Windows AuthenticationGood for intranet scenarios only.Uses the login information of the client for authentication.Client Certificates Authenticatio nRequires each of the clients to obtain a certificate that is mapped to a user account.The useof client-side digital certificates is not widespread at this time.1476.5.2 Application SecurityA less systematic way of securing your web services involves taking security into your own hands.Youcan program your web services so that all of their methods require an access token, which can beobtained from the web service after sending in the client's username and password.The clientcredentials can be sent to the server through SSL, which eliminates the risk of sending clear-textpasswords across the wire.Through this SSL channel, the server returns an access token to the caller,who can use it to invoke all other web service methods.Of course, all of the other web methods thatyou publish have to have one parameter as the token.A simple pseudocode example of a bankaccount web service can be as follows:Web Service Bank AccountWeb Methods:Login(user id, password) returns access token or nothingDeposit(access token, account number, amount, balance) returns T/FWithdraw(access token, account number, amount, balance) returns T/FThe only method that should be on SSL is the Login method.Once the token is obtained, it can beused for other web methods.Of course, you should be able to make sure that subsequent calls usingthis token are coming from the same IP as theLogin( ) call.You can also incorporate an expiration timestamp on this access token to ensure that thetoken only exists in a certain time frame until a renewal of the access token is needed.The Microsoft.NET Cryptographic Services can be very useful if you choose this route.DES, RC2,TripleDES, and RSA encryption/decryption algorithms are supported along with hashing methods suchas SHA and MD5.These implementations in the.NET library enable developers to avoid low -levelgrunt work and focus on the application logic.6.6 SummaryIn this chapter, we've introduced you to the new paradigm of application the enterprise application.You are no longer restricted to homogeneous platforms for implementing your solutions.WithMicrosoft Web Services, your solutions can span many different platforms because the communicationbetween Web Services is done through standard Internet protocols such as HTTP and XML.Thedistributed components in Windows DNA with which you may be familiar are now replaced by WebServices.Using Web Services as components in a distributed environment allows for a heterogeneoussystem.Not only do the Web Services in your system not have to be implemented in the samelanguage, they don't even have to be on the same platform.Because of this greater interoperability,Web Services are very suitable for business-to -business (B2B) integration.148.NET Framework EssentialsChapter 7.Web FormsThis chapter introduces the next technology for providing dynamic and interactive web pages.ASP.NET takes ASP a step further to simplify the development process of web pages and enhancescalability of web applications.First, we review the conventional way of developing web applicationsusing ASP to uncover some of the pitfalls that ASP.NET overcomes.We then discuss the benefits ofASP.NET and provide a high-level survey of the classes in the ASP.NET, such as control and page,as well as the complete syntax of ASP.NET Web Forms.To wrap up the chapter, we discuss the manyaspects of ASP.NET development: how ASP.NET supports Web Services development, how to usecustom server controls, and how session management has been improved to provide more scalableweb solutions.7.1 ASPMicrosoft Active Server Pages (ASP) is a server -side scripting technology enabling dynamic webpages.An ASP page contains HTML markup and server-side scripts that dynamically generate HTMLcontent.The server-side scripts run when a reques t for the ASP page arrives at the web server.Inputsto the ASP page come from the client browsers through HTTP POST and GET methods.ASPprovides an object model to simplify developers' tasks.Besides using objects from the ASP objectmodel, such as Application, Server, Request, Response, and Session, developers can also use anyother COM components available on the server.If you've already been developing web applications using ASP, you probably agree that it is very easyto end up with intertwined, possibly conflicting HTML markups and server-side scripts.The poorencapsulation model of ASP pages makes them difficult to manage and reuse.Attempts have beenmade to improve upon this model, including server -side include files and parameterized functions inscripts; however, these attempts come with trade-offs such as time, the management of a network ofinclude files, the performance impact of having nested includes, as well as object ID and variable -scope management.Developers that deal with cross-brow ser web applications also run into problems generating HTMLaccording the client's browser capability.Most of the time, we end up generating only the simplestHTML tags and client-side scripts, which can be understood by many browsers, and foregoing thefeatures of the more advanced browsers.The resulting web application can be only as good as theworst browser it supports [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

nvs.xlx.pl