Shulou(Shulou.com)06/02 Report--

Small make up to share with you ASP.NET server control authorization sample analysis, I believe most people do not know how, so share this article for everyone's reference, I hope you read this article after a great harvest, let's go to understand it!

As you know, the Microsoft. NET Framework has a built-in extensible licensing structure that provides optimized licensing for ASP.NET server controls. In addition, this authorization implementation can be extended to create custom authorization schemes, such as:

Simple licensing scheme-only checks for valid licensing data to determine whether to enable the control.

Per-use licensing scheme-license expires after a certain usage count. This scenario can be used with a demo version of the control. After the license expires, application developers can register (and purchase) your control and then receive an unexpired license.

Enable the ASP.NET Server Control authorization scheme on a page only if the request comes from a specific client, such as the local computer. This scenario can be used to implement a trial version of the control.

Licensing schemes that rely on encryption to prevent license data spoofing by application developers.

ASP.NET Server Control Licensing Requirements

ASP.NET server control licensing schemes must meet the following requirements:

◆ Support non-compilation schemes. ASP.NET Web applications often use the dynamic compilation model, so there is no precompiled assembly associated with the application. Authorization mechanisms should not rely on finding licenses embedded as assembly resources in an application's assembly.

Support runtime authorization. Page developers use visual design-time tools and simple text editors to develop their own pages. Authorization mechanisms cannot rely on design-time checks and must provide run-time validation. Furthermore, runtime authorization implementations should not have dependencies on any (optional) design-time authorization implementations.

◆ Support permission cache mechanism. Ideally, license data should be retrieved only once per application, rather than for every page request, because retrieval logic involves expensive operations such as opening files and decrypting information. Licenses should be created the first time they are needed and cached for later reuse on the server. You can still verify cached licenses each time you use them to implement a usage-based licensing scheme.

◆ Support XCOPY deployment. ASP.NET enables page developers to deploy their Web applications simply by copying files between computers on the network. Licensing schemes should not rely on registries or other machine-specific resources that prohibit simple XCOPY deployment.

For simplicity, we used the term server control in the previous list. However, licensing requirements apply to all ASP.NET server components. Similarly, the ASP.NET control licensing scheme described in this article applies to other ASP.NET server components.

Authorized Control Walkthrough

ASP.NET Server Control Licensing involves three key elements:

◆ Code supporting authorization in controls

◆ License data

Examining licensing data, licensing, and validating licensed classes when using controls later

Authorized Server Controls

The LicensedLabel server controls listed below are derived from the ASP.NET System.Web.UI.WebControls.Label control and have licensing support added to them. The code shown in bold provides authorization functionality.

// LicensedLabel.cs // using System; using System.ComponentModel; using System.Web.UI.WebControls; namespace LicensedControls { [ LicenseProvider(typeof(ServerLicenseProvider)) ] public class LicensedLabel : Label { public LicensedLabel() { LicenseManager.Validate(typeof(LicensedLabel)); } } }

This example illustrates that to support authorization, you must add the following to the code of any server component:

In the constructor of the control, call the static method Validate of the System.ComponentModel.LicenseManager class and pass it as a parameter to the component's type. If the control does not have a valid license, LicenseManager's Validate method throws a System.ComponentModel.LicenseException. Alternatively, in the constructor, you can call the static method IsValid of the LicenseManager class so that no exception is thrown. Call the IsValid method if you want to enable the control without a valid license (as is the case on the lite version).

Apply the System.ComponentModel.LicenseProviderAttribute metadata attribute to your component and pass it the type of license provider (class derived from System.ComponentModel.LicenseProvider) that performs component licensing. The ASP.NET Server Control Licensing Infrastructure section of this article shows the implementation of ServerLicenseProvider, the license provider for the LicensedLabel control.

As Figure 1 shows, the changes you must make to the control to support authorization are minimal. The real licensing functionality is in the license provider class, which I'll explain later.

Figure 1. Error generated when LicensedLabelTest.aspx page attempts to use LicensedLabel without a valid license

If you've implemented licensing in Windows Forms controls, you might be surprised to find that LicensedLabel doesn't handle its licenses. This is because LicensedLabel uses a license provider that caches licenses on the server.

permission data

License data provides information that is validated by the authorization structure and incorporated into the license. You can provide license data in many different ways, such as expiration dates, usage counts, or unique keys. The type and location of license data is specified by a particular licensing scheme. License data is usually provided in a file with the.lic extension. The license data for the LicensedLabel control in Figure 1 resides in a file named LicensedControls.LicensedLabel.lic, which contains only the text "LicensedControls.LicensedLabel is licensed."

Use authorized controls on pages

The ReadMe documentation provided with the code examples in this article describes how to build them.

Using LicensedLabel controls in pages

1. Copy the LicensedControls assembly (containing LicensedLabel controls) to the\Bin directory of your application. What if you are using Microsoft Visual Studio? . NET and adds a reference to the Licensed Controls project to your Web application project.

2. Copy the LicensedControls.LicensedLabel.lic file to the Licenses\LicensedControls\1.0.0.0 directory of your application.

You should now be able to use controls from any page in your application.

The following code shows a page that uses the LicensedLabel control.

LicensedLabel Sampletitle> head>

p> form> body> html>

To see if ASP.NET Server Control Licensing is taking effect, delete the LicensedControls.LicensedLabel.lic file or move it to another location. Rebuild the application or make a change that causes the application to restart. The effect of this step is to clear the license cache managed by ServerLicenseProvider, the license provider specified in the LicensedLabel control's metadata. Request LicensedLabelTest.aspx page in browser. This page generates the error shown in Figure 1.

. NET Framework Authorization Structure

The following figure (Figure 2) illustrates the authorization structure of the. NET Framework. You can see the main steps that occur when a page attempts to instantiate the LicensedLabel control described in the previous section. Although the actual steps occur in the context of server controls, the diagram shows the classes that make up the. NET Framework authorization structure, as well as the key steps common to any runtime authorization scheme. The exact steps performed by the license provider are specific to the specific licensing scheme implemented by the provider. For example, as described in the ASP.NET Server Control Licensing Infrastructure section of this article, the license caching functionality shown in the figure is specific to ServerLicenseProvider. Classes shown in bold are. NET Framework classes, and classes shown in italics are derived classes of implementations.

Figure 2. Authorization Structure of. NET Framework

The main steps to implement ASP.NET Server Control Licensing include:

1. Authorized control calls static method System.ComponentModel.LicenseManager.Validate in its constructor. (The control can also call the static method LicenseManager.IsValid in its constructor.) In this case, the return type differs from that shown in the figure and no exception is thrown.)

2. The LicenseManager. Validate method examines the component's metadata to obtain the license provider type from the LicenseProviderAttribute attribute applied to the component. License Provider class must derive from System. Component Model.LicenseProvider class.

3. LicenseManager instantiates the license provider class (whose type is specified in the System.ComponentModel.LicenseProviderAttribute metadata attribute), passes the component's type to the license provider, and indicates whether the component is used at design time or runtime.

4. The license provider looks for licenses for the component in the license cache. If a license is found, the license provider validates the license. Note that license cache lookup and license storage are not general requirements, but are specific to ServerLicenseProvider -the license provider we have implemented.

a. (First time only) License provider gets license data and validates it. If the data is invalid, the license provider throws a System.ComponentModel.LicenseException exception.

b. (First time only) If the license data is valid, the license provider creates a license (class derived from System.ComponentModel.License). In addition, the license provider validates the license and stores it in the license cache if it is valid.

5. The license provider returns a valid license to the license manager or throws a license exception.

The LicenseManager. Validate method returns a valid license or passes a license exception to the calling code.

7. If LicenseManager returns a valid license, the constructor initializes the class and the control is instantiated. Otherwise, the constructor passes a LicenseException exception to the code that tries to instantiate the control. The error messages shown in the diagrams in the Licensed Controls walkthrough section of this article are generated by the ASP.NET runtime, which handles license exceptions passed by the constructor of a licensed control when the page uses the control without a valid license.

Initial creation refers to the first instantiation of a component in a Web application. Steps 4a and 4b do not occur if another instance of the component is created on the same page or on another page in the application (in the same request or in a later request). For performance reasons, ServerLicenseProvider caches licenses on a per-application basis (rather than per page or per session).

The design of authorization structures in the. NET Framework makes it difficult (but not impossible) to exploit components illegally. If a user tries to use an authorized component without permission, authorization makes it obvious to the user that the component is being used illegally. Authorization does not produce evidence of component tampering.

The authorization structure in the. NET Framework is provided by the following four classes in the System.ComponentModel namespace:

LicenseManager: This class is responsible for instantiating the license provider specified in the component's metadata. The license manager also passes the license provider the type of component and the authorization context indicating whether the component is to be used at design time or run time. You don't need to know more about LicenseManager than calling the Validate or IsValid methods of the LicenseManager class in the component's constructor.

LicenseProviderAttribute: This attribute specifies the type of license provider responsible for creating and validating component licenses. You must apply this attribute to components that support authorization.

LicenseProvider: This class contains the core functionality of any licensing scheme-the tasks of issuing and validating licenses. To implement authorization support, you must create a custom license provider by deriving from LicenseProvider and implement the abstract method GetLicense of the base class to provide authorization logic.

License: This class is a software abstraction of license data (such as license data contained in.lic files). To implement a license class, you must derive from the License class and implement the abstract attribute LicenseKey of the base class. In the next section of this article, we'll implement a license class that works with ServerLicenseProvider.

The. NET Framework provides a default implementation of the license provider in the System.ComponentModel. LicenseFileProvider class. The license provider relies on visual designers, such as Visual Studio. NET, to obtain ASP.NET server control licensing data at design time and during compilation, embedding licensing data as a resource in the assembly of applications that use licensed components. The LicenFileLicenseProvider class can be used by Windows Forms controls, but it does not meet the licensing requirements for ASP.NET server controls described in the Licensing requirements for ASP.NET server controls section of this article.

The above is "ASP.NET server control authorization sample analysis" all the contents of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.