Shulou(Shulou.com)06/03 Report--

.net Compilation module

Before serving a request, ASP.NET first needs to compile the code into the appropriate assembly. These assembly files have a .dll extension. With the ASP.NET module in IIS 7.0, you can control how the server compiles ASP.NET code.

.net Globalization module

Globalization means that when developers set up an application, they need to make the application available in a globalized multi-language culture and be able to run in multiple regions. By completing the localization process, we can customize the globalized application to determine the specific language and location in which the application runs. Using the process of globalization, we can make a code base applicable to multiple regions, while also providing linguistic and cultural background information for specific regions.

.net Trust Levels module

The ASP.NET Code access Security (code access security,CAS) policy is implemented by setting the trust level of the application. CAS can determine the permissions granted to an application in the server. If the code that needs to be deployed is given elevated access to the server, how to set up the CAS becomes a very important task. If the code that needs to be deployed modifies the server's file system, CAS must be strictly controlled in order to prevent incorrect access.

CAS has two types of trust: full trust (full trust) and partial trust (partial trust) if an application has full trust permissions, the application can access the required resources in the server and complete all operations, in which case the application can only be restricted by the security settings of the operating system.

In the default settings, we can use five different trust levels: full (Full), Advanced (High), Intermediate (Medium), low (Low), and minimum (Minimal).

Application Settings module

With the Application Settings module, the configuration data of the application can be saved in the web.config file in the format of key / value pairs. The values determined by these settings are valid throughout the application, so they are valid anywhere in the Web application. Modifying configuration data is a very simple task because it is centrally stored in the configuration file.

It is important to keep in mind that any change to the .NET setting will result in an appDomain recycling, thus affecting the entire server.

Connection string

The connection string can be used to establish a communication connection between the application and the database. The connection string includes not only the server, database name, and user, but also the password that the application uses to communicate with the database.

Computer key

ASP.NET uses computer keys to protect cookie data for Forms authentication and state data for page views. The computer key itself is a hash value that can be used to encrypt cookie data and page view state data. The computer key can be used to run the session outside the process. Although we can set computer keys at the server level or even at the file level, by default, computer keys are locked at both the server level and the Web site level. If a Web site can run on multiple Web servers, these keys can be shared between different servers.

ASP.NET uses two types of computer keys: authentication keys and decryption keys. The authentication key can be used to create a message authentication code (Message Authentication Code,MAC), and with MAC, we can verify the integrity of the data. The authentication key can be attached after the Forms authentication cookie or after the view state data. The decryption key can be used to encrypt and decrypt Forms authentication ticket and view state data.

If you want to use the authentication key on multiple servers, you need to create a separate authentication key and then share the authentication key among multiple servers. If you want to use a decryption key on multiple servers, you need to create a separate decryption key and then share the decryption key among multiple servers.

Pages and controls

ASP.NET can identify and process the basic elements used in the running of the page. ASP.NET can also support the use of custom controls that are reusable and processed on the server side. Therefore, the server code can be used to configure the Web page properties of ASP.NET.

Providers module

ASP.NET and applications created with .NET Framework can use databases to save information. To map the application to the database schema, you need to use a software module called Provider. For applications and databases, the Provider software module is equivalent to the hardware abstraction layer. By using the Provider module, IIS 7.0 can install a custom database access module and also support the modification of the standard ASP.NET database access module. You can use three different database access roles: .NET Roles, .NET Users, and .NET Profile.

Database providers for .NET Roles roles can create authorization stores, SQL roles, and Windows token provider types. The .NET Users database provider can be used to create Active Directory member types and can also be used to create SQL membership provider types. The .NET Profile can be used to create SQL profile providers.

Session state

IIS 7.0uses session state to track the pages that users browse as they visit the site, and can distinguish between relevant users by creating a session ID,IIS for each user. HTTP is a stateless protocol, so the server does not need to hold information about variables that were previously used to service requests. IIS 7.0 can use ASP.NET session state to save and extract data, which provides some information for users roaming Web sites.

Pattern

We can set the session state using the following five modes:

(1) Not Enabled mode

In this mode, the Web site does not use session state.

(2) In Process mode

In this mode, the session state in memory is bound to the worker process of the application, and In Process mode is also the default mode of IIS 7.0. When the system provides response to the session state, the response speed of the system is the fastest in this mode. However, the disadvantage of using In Process session state is that more data needs to be saved in the session, so it needs to consume more memory, which may eventually lead to server performance degradation.

If you save session state in In Process mode, you must keep in mind that when the worker process is recycled, all data stored in memory will be lost. If the application needs to continue to use session-state data, it must use other session-state modes.

IIS 7. 0 has the Aspnet_state.exe service installed. By default, the service is not running. If you need to save session state in In Process mode, you must run the Aspnet_state.exe service.

(3) Custom mode

When saving session state using Custom mode, an out-of-process session can use a custom handler to create a connection to the database. When using custom handlers, session state can be saved in a database other than MS SQL, such as Oracle or Access. You can also use a database schema that is not provided by the .NET Framework to manage session state. In order to use a custom handler, a complete session state provider must be implemented in the / collection.

(4) State Server mode

The second way to save session state out of process is to use State Server mode. In State Server mode, we can make the state service process run either on the same server or on an external server. Maintaining data in State Server mode requires a separate worker process, which is separate from the worker process that the ASP.NET application is running.

If the status service runs on the same server as the Web Web site, the Web Web site can support running Web garden. If the Web site runs on multiple servers, you must specify a server to run the status service program, which can share the status data of all Web servers.

Similar to the In Process pattern, the State Server pattern requires the use of Aspnet_state.exe services.

(5) SQL Server mode

The final mode for saving session state is the SQL Server mode, which requires the use of an SQL Server database. The SQL Server mode is similar to the State Server mode: it can run on the same server as the Web server, where the server can support either a Web garden; or an external server, and the server can support an Web Farm. Advantage: even if the work process is recycled, the session data still exists.

In order to save session-state data using SQL Server mode, we also need to get the Aspnet_state.exe service up and running automatically. In addition, SQL Server mode requires running the InstallSqlState.sql script to configure session state. The script is saved in the C:\ Windows\ Microsoft.NET\ Framework\ v2.0.50727 directory.

Settings related to cookie

Cookie is a text file that stores user information, including authentication information, and records the user's preferences for browsing the site. One way to track session state is to use cookie. The Cookie is saved on the customer's computer and is used by the Web server. When a client makes a request to the server, the cookie is placed in the HTTP header and sent to the server along with the request.

We can set cookies to use one of the following four modes:

(1) Auto Detect mode

If the browser supports cookie, then Auto Detect mode will enable cookie. If a mobile device is connected to a Web server and the mobile device disables cookie, then cookie cannot be used. If a desktop or laptop is connected to a Web server and cookie is disabled on that desktop or laptop, the session state is saved in URL.

If you are using Auto Detect mode, you need to set the session ID to be regenerable. In this way, * * users will not have sufficient time to obtain cookie, nor will they have sufficient time to use cookie to * Web server and illegally obtain the content in the server. The default survival time of Cookie is 20min, and you can modify this time property to reduce the default lifetime of cookie to a safe level.

(2) Use Cookies mode

If you use the Use Cookies mode, you can use the session cookie during the session to associate the session information with the user information.

(3) Use Device Profile mode

If the customer browser supports the use of cookie, the Use Device Profile mode can save the session state with cookie. If the customer does not support the use of cookie in the browser, then this mode cannot use cookie. If the device supports using cookie, the session state will still use cookie no matter how the user sets cookie.

The session ID should be set to regenerative for the same reason as the Auto Detect mode.

(4) Use URI mode

After using URI (Uniform Resource Identifier, uniform Resource Identifier) to save session state, you can embed the session ID as a query string in URI. URI is then redirected to the original URL. The above URI is required throughout the session.

Although the Use URI mode eliminates the defects of cookie, the Use URI mode still has its own defects. Web pages cannot be bookmarked, and we cannot use absolute URL without losing session state.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.