Asp+ Learning notes 5

Asp+| Notes VIII. Deployment applications

VS7 compiles a project into a DLL file, a NGWS assembly, an assembly that can be used on a machine and placed
Global cache, for all applications to access, can also be placed in an application of the assembly cache, only one application to access.
Asp+ allows you to refer to a class dynamically, simply by providing its assembly and class name, format:
Assemlyname#classname

Ix. Security

1). Certification and Authorization
In addition to using the authentication services provided by Windows, Asp+ provides a service that makes it easy to implement a form based authentication.
It works based on cookies, so the client browser must support cookies. It should be noted that the Asp+ authentication service is subordinate to the
Authentication services for IIS.
Asp+ provides two types of authentication services, one based on file ACLs and the other based on URLs. Based on the URL of the cultivation in
Configuration file.
The <authentication> elements in the configuration <security> section can have the following values:
None: No Certification
Windows:nt Users/Groups
Cookie: Turn an unauthorized user to a specific landing page. One of the most common methods.
Passport: Passport services must be installed.

Cases:
<configuration>
<security>
<authentication mode= "Cookie"/>
</security>
</configuration>

2). Windows-based authentication
When it is adopted, a WindowsPrincipal object is appended to the request object. The program can determine whether the current user
A type of role, such as:
if (User.IsInRole ("Administrators"))
......
You can also obtain a user name, such as:
User.Identity.Name;
User.Identity.Type;

3). form-based authentication
a). Select cookie mode to prevent anonymous access:
<authentication mode= "Cookie"/>
<authorization>
<deny users= "?" />
</authorization>
B. Configure the landing page, encrypt the key, and the cookie name, in the child elements of <authentication>:
<cookie decryptionkey= "AutoGenerate" loginurl= "Login.aspx". Aspxcookiesdemo "/>
Note that loginurl can be a remote machine, but decryptionkey must be the same on both machines. Descryptionkey
Set to AutoGenerate then asp+ automatic selection. However, if there are multiple applications on a single machine, it is best to specify. At the same time, different applications
You should also use a different cookie name. Because all of the application settings cookies on the same machine will be sent back by the client, they cannot have the same name.
c). Provide landing page
D. After verification (using your own validation mechanism, such as comparing records in the database), use the following line:
Cookieauthentication.redirectfromloginpage (username,persistence)
Return to the previous page of the landing page.
This sentence also sets the cookie so that the Asp+ authentication service after it believes that the user has been authenticated.
If you do not want to go to the original page, but rather a specific page, such as landing the user's optional menu page, you must use a different method,
Cookies can be set with Cookieauthentication.setauthcookie, with Cookieautentication.getauthcookie
To get cookies.
In addition, the second argument in the line above is a bool value that indicates whether to keep the cookie permanently, and if false,
The cookie disappears when the user closes the browser.
Use Cookieauthentication.signout to clear cookies, corresponding users to exit the login.
In addition to the above procedures to implement their own authentication process, you can also use the configuration file to enable asp+ to help you complete the verification. In
<authentication> section:
<credentials passwordformat= "SHA1" >
<user name= "White" password= "ASPFSSA98527357" >
</credentials>
Then the program calls Cookieauthenticationmanager.authenticate, providing the username and password as parameters, you can
By asp+ help you determine whether the user is legal.
The encryption algorithm supports CLEAR,SHA1,MD5.

4). The role of certification advocates
Can be targeted at users, or for roles (groups), such as:
<authorization>
<allow users= "Towhite@263.net"/>
<allow roles= "Admins"/>
<deny users= "*"/>

Multiple user names are separated by commas ",".
You can also refine the request method:
<allow verb= "POST" users= "White,saillor"/>
where, * on behalf of any person,? On behalf of anonymous users.

X. Internationalization, localization Application

A string that uses the inner base class of UNICODE,NGWS inside Asp+ is also Unicode. A specific encoding can be supported to implement the conversion.
Site properties can be accessed through the CultureInfo class, where CurrentCulture is the default value of the function associated with the site.
And CurrentUICulture is a resource data format on the site, for example:
<%=cultureinfo.currentculture.nativename%>
<%=cultureinfo.currentuiculture.nativename%>
Some of the site-related classes provide formatted output, such as:
<%=datetime.now.format ("F", NULL)%>
<%=datetime.now.format ("F", New System.Globalization.CultureInfo ("de"))%>

You can configure a directory, such as:
<configuration>
<globalization
fileencoding = "Utf-8"
requestencoding = "Utf-8"
responseencoding = "Utf-8"
Culture = "en-US"
UICulture = "de"
/>
or in the page directive:
<%@ Page Culture = "fr" UICulture = "fr" responseencoding = "Utf-8"%>
Within the page can also be changed at any time, using thread.currentculture modification, that is, the same page can use
Many kinds of coded output.

1). Setting culture and coding
The Chinese culture should be set to: ZH-CN

[1] [2] Next page