Evjen c12.tex V2 - 01/28/2008 2:25pm Page 617 Chapter 12: Introduction to the Provider Model <! Removed for clarity > </eventMappings> </healthMonitoring> </system.web> </configuration> In this example, the errors that occur are captured and not only written to the event log, but are also e-mailed to the end users specified in the provider definition. One very interesting point of the Simple- MailWebEventProvider is that this class inherits from the BufferedWebEventProvider instead of from the WebEventProvider as the EventLogWebEventProvider does. Inheriting from the BufferedWebEvent- Provider means that you can have the health monitoring system build a collection of error notifications before sending them on. The < bufferModes> section defines how the buffering works. System.Web.Management.TemplatedMailWebEventProvider The aforementioned SimpleMailWebEventProvider does exactly what its name states — it sends out a simple, text-based e-mail. To send out a more artistically crafted e-mail that contains even more infor- mation, you can use the TemplatedMailWebEventProvider . Just like the SimpleMailWebEventProvider , you simply define the provider appropriately in the < healthMonitoring > section. The model for this is presented in Listing 12-19. Listing 12-19: The TemplatedMailWebEventProvider definition <providers> <clear /> <add name="EventLogProvider" type="System.Web.Management.EventLogWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add name="TemplatedMailProvider" type="System.Web.Management.TemplatedMailWebEventProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" template=" /mailtemplates/errornotification.aspx" from="website@company.com" to="admin@company.com" cc="adminLevel2@company.com bcc="director@company.com" bodyHeader="Warning!" bodyFooter="Please investigate ASAP." subjectPrefix="Action required." buffer="true" bufferMode="Website Error Notification" maxEventLength="4096" maxMessagesPerNotification="1" /> </providers> The big difference between this provider declaration and the SimpleMailWebEventProvider is shown in bold in Listing 12-19. The TemplatedMailWebEventProvider has a template attribute that specifies the location of the template to use for the e-mail that is created and sent from the health monitoring system. 617 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 618 Chapter 12: Introduction to the Provider Model Again, details on using the templated e-mail notification in the health monitoring system appear in Chapter 33. System.Web.Management.SqlWebEventProvider In many instances, you may want to write to disk when you are trapping and recording the Web events that occur in your application. The EventLogWebEventProvider is an excellent provider because it writes these Web events to the Windows event log on your behalf. However, in some instances, you may want to write these Web events to disk elsewhere. In this case, a good alternative is writing these Web events to SQL Server instead (or even in addition to the writing to an event log). Writing to SQL Server gives you some benefits over writing to the Windows event log. When your application is running in a Web farm, you might want all the errors that occur across the farm to be written to a single location. In this case, it makes sense to write all Web events that are trapped via the health monitoring system to a SQL Server instance to which all the servers in the Web farm can connect. By default, the SqlWebEventProvider (like the other SQL Server-based providers covered so far in this chapter) uses SQL Server Express Edition as its underlying database. To connect to the full-blown version of SQL Server instead, you need a defined connection as shown in Listing 12-20. Listing 12-20: The LocalSql2005Server defined instance <configuration> <connectionStrings> <add name="LocalSql2005Server" connectionString="Data Source=127.0.0.1;Integrated Security=SSPI" /> </connectionStrings> </configuration> With this connection in place, the next step is to use this connection in your SqlWebEventProvider dec- laration in the web.config file. This is illustrated in Listing 12-21. Listing 12-21: Writing Web events to SQL Server 2005 using the SqlWebEventProvider <configuration> <system.web> <healthMonitoring> <! Other nodes removed for clarity > <providers> <clear /> <add name="SqlWebEventProvider" type="System.Web.Management.SqlWebEventProvider,System.Web" connectionStringName="LocalSql2005Server" maxEventDetailsLength="1073741823" buffer="true" bufferMode="SQL Analysis" /> </providers> 618 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 619 Chapter 12: Introduction to the Provider Model </healthMonitoring> </system.web> </configuration> Events are now recorded in SQL Server 2005 on your behalf. The nice thing about the SqlWebEvent- Provider is that, as with the SimpleMailWebEventProvider and the TemplatedMailWebEventProvider , the SqlWebEventProvider inherits from the BufferedWebEventProvider. This means that the Web events can be written in batches as opposed to one by one. This is done by using the buffer and buffer- Mode attributes in the provider declaration. It works in conjunction with the settings applied in the < bufferModes > section of the < healthMonitoring > declarations. System.Web.Management.TraceWebEventProvider One method of debugging an ASP.NET application is to use the tracing capability built into the system. Tracing enables you to view details on the request, application state, cookies, the control tree, the form collection, and more. Outputting Web events to the trace output is done via the TraceWebEventProvider object. Setting the TraceWebEventProvider instance in a configuration file is illustrated in Listing 12-22. Listing 12-22: Writing Web events to the trace output using TraceWebEventProvider <configuration> <system.web> <healthMonitoring> <! Other nodes removed for clarity > <providers> <clear /> <add name="TraceWebEventProvider" type="System.Web.Management.TraceWebEventProvider,System.Web" maxEventLength="4096" maxMessagesPerNotification="1" /> </providers> </healthMonitoring> </system.web> </configuration> Remember, even with the provider in place, you must assign the provider to the particular errors you are wishing to trap. This is accomplished through the < rules > section of the health monitoring system. The IisTraceWebEventProvider is the same except that the tracing information is sent to IIS rather than the ASP.NET tracing system. System.Web.Management.WmiWebEventProvider The last provider built into the health monitoring system is the WmiWebEventProvider .Thisprovider enables you to map any Web events that come from the health monitoring system to Windows Man- agement Instrumentation (WMI) events. When passed to the WMI subsystem, you can represent the events as objects. This mapping to WMI events is accomplished through the aspnet.mof file found at C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 . 619 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 620 Chapter 12: Introduction to the Provider Model By default, the WmiWebEventProvider is already set up for you, and you simply need to map the Web events you are interested in to the already-declared WmiWebEventProvider in the < rules > section of the health monitoring declaration. This declaration is documented in web.config.comments file in the CONFIG folder of the Microsoft .NET Framework install on your server. This is illustrated in Listing 12-23 (the WmiWebEventProvider is presented in bold). Listing 12-23: The WmiWebEventProvider definition in the w eb.config.comments file <configuration> <system.web> <healthMonitoring> <! Other nodes removed for clarity > <providers> <clear /> <add name="EventLogProvider" type="System.Web.Management.EventLogWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add connectionStringName="LocalSqlServer" maxEventDetailsLength="1073741823" buffer="false" bufferMode="Notification" name="SqlWebEventProvider" type="System.Web.Management.SqlWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add name="WmiWebEventProvider" type="System.Web.Management.WmiWebEventProvider, System.Web,Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </healthMonitoring> </system.web> </configuration> Remember, the wonderful thing about how the health monitoring system uses the provider model is that it permits more than a single provider for the Web events that the system traps. Configuration Providers A wonderful feature of ASP.NET 3.5 is that it enables you to actually encrypt sections of your configu- ration files. You are able to encrypt defined ASP.NET sections of the web.config file as well as custom sections that you have placed in the file yourself. This is an ideal way of keeping sensitive configuration information away from the eyes of everyone who peruses the file repository of your application. By default, ASP.NET 3.5 provides two possible configuration providers out of the box. These providers are defined in the following list: ❑ System.Configuration.DpapiProtectedConfigurationProvider : Provides you with the capa- bility to encrypt and decrypt configuration sections using the data protection API (DPAPI) that is built into the Windows operating system. 620 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 621 Chapter 12: Introduction to the Provider Model ❑ System.Configuration.RsaProtectedConfigurationProvider : Provides you with the capabil- ity to encrypt and decrypt configuration sections using an RSA public-key encryption algorithm. These two providers used for encryption and decryption of the configuration sections inherit from the ProtectedConfigurationProvider base class. This is illustrated in Figure 12-15. Figure 12-15 You can find information on how to use these providers to encrypt and decrypt configuration sections in Chapter 32. Next, you review each of these providers. System.Configuration.DpapiProtectedConfigurationProvider The DpapiProtectedConfigurationProvider class allows you to encrypt and decrypt configuration sections using the Windows Data Protection API (DPAPI). This provider enables you to perform these encryption and decryption tasks on a per-machine basis. This is not a good provider to use on a Web farm. If you are using protected configuration on your configuration files in a Web farm, you might want to turn your attention to the RsaProtectedConfigurationProvider . If you look in the machine.config on your server, you see a definition in place for both the DpapiProtectedConfigurationProvider and the RsaProtectedConfigurationProvider .The RsaPro- tectedConfigurationProvider is set as the default configuration provider. To establish the Dpapi- ProtectedConfigurationProvider as the default provider, you might use the web.config file of your application, or you might change the defaultProvider attribute in the machine.config file for the < configProtectedData > node. Changing it in the web.config is illustrated in Listing 12-24. Listing 12-24: Using the DpapiProtectedConfigurationProvider in the web.config <configuration> <configProtectedData defaultProvider="DataProtectionConfigurationProvider"> <providers> <clear /> <add name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Continued 621 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 622 Chapter 12: Introduction to the Provider Model description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt" useMachineProtection="true" keyEntropy="RandomStringValue" /> </providers> </configProtectedData> </configuration> The provider is defined within the < configProtectedData > section of the configuration file. Note that this configuration section sits outside the < system.web > section. The two main attributes of this provider definition are the useMachineProtection and the keyEntropy attributes. The useMachineProtection attribute by default is set to true , meaning that all applications in the server share the same means of encrypting and decrypting configuration sections. This also means that appli- cations residing on the same machine can perform encryption and decryption against each other. Setting the useMachineProtection attribute to false means that the encryption and decryption are done on an application basis only. This setting also means that you must change the account that the application runs against so it is different from the other applications on the server. The keyEntropy attribute provides a lightweight approach to prevent applications from decrypting each other’s configuration sections. The keyEntropy attribute can take any random string value to take part in the encryption and decryption processes. System.Configuration.RsaProtectedConfigurationProvider The default provider for encrypting and decrypting configuration sections is the RsaProtectedConfig- urationProvider . You can see this setting in the machine.config file on your application server. Code from the machine.config file is presented in Listing 12-25. Listing 12-25: The RsaProtectedConfigurationProvider declaration i n the machine.config <configuration> <configProtectedData defaultProvider="RsaProtectedConfigurationProvider"> <providers> <add name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="NetFrameworkConfigurationKey" cspProviderName="" useMachineContainer="true" useOAEP="false" /> <add name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt" 622 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 623 Chapter 12: Introduction to the Provider Model useMachineProtection="true" keyEntropy="" /> </providers> </configProtectedData> </configuration> The RsaProtectedConfigurationProvider uses Triple-DES encryption to encrypt the specified sections of the configuration file. This provider only has a couple of attributes available to it. These attributes are detailed a bit further on in the chapter. The keyContainerName attribute is the defined key container that is used for the encryption/decryption process. By default, this provider uses the default key container built into the .NET Framework, but you can easily switch an application to another key container via this attribute. The cspProviderName attribute is only used if you have specified a custom cryptographic service provider (CSP) to use with the Windows cryptographic API (CAPI). If so, you specify the name of the CSP as the value of the cspProviderName attribute. The useMachineContainer attribute enables you to specify that you want either a machine-wide or user-specific key container. This attribute is quite similar to the useMachineProtection attribute found in the DpapiProtectedConfigurationProvider . The useOAEP attribute specifies whether to turn on the Optional Asymmetric Encryption and Padding (OAEP) capability when performing the encryption/decryption process. This is set to false by default only because Windows 2000 does not support this capability. If your application is being hosted on either Windows Server 2008, Windows Server 2003, or Windows XP, you can change the value of the useOAEP attribute to true . The WebParts Provider Another feature of ASP.NET 3.5 is the capability to build your applications utilizing the new portal framework. The new portal framework provides an outstanding way to build a modular Web site that can be customized with dynamically reapplied settings on a per-user basis. Web Parts are objects in the Portal Framework that the end user can open, close, minimize, maximize, or move from one part of the page to another. Web parts and the new portal framework are covered in Chapter 17. The state of these modular components, the Web Parts, must be stored somewhere so they can be reis- sued on the next visit for the assigned end user. The single provider available for remembering the state of the Web Parts is System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider ,whichpro- vides you with the capability to connect the ASP.NET 3.5 portal framework to Microsoft’s SQL Server 2000/2005/2008 as well as to the new Microsoft SQL Server Express Edition. This single class for the portal framework inherits from the PersonalizationProvider base class. This is illustrated in Figure 12-16. You will find the defined SqlPersonalizationProvider in the web.config file found in the .NET Framework’s configuration folder ( C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ CONFIG ). This definition is presented in Listing 12-26. 623 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 624 Chapter 12: Introduction to the Provider Model Figure 12-16 Listing 12-26: The SqlPersonalizationProvider definition in the web.config file <configuration> <system.web> <webParts> <personalization> <providers> <add connectionStringName="LocalSqlServer" name="AspNetSqlPersonalizationProvider" type="System.Web.UI.WebControls.WebParts. SqlPersonalizationProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> <authorization> <deny users="*" verbs="enterSharedScope" /> <allow users="*" verbs="modifyState" /> </authorization> </personalization> <transformers> <add name="RowToFieldTransformer" 624 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 625 Chapter 12: Introduction to the Provider Model type="System.Web.UI.WebControls.WebParts.RowToFieldTransformer" /> <add name="RowToParametersTransformer" type="System.Web.UI.WebControls.WebParts. RowToParametersTransformer" /> </transformers> </webParts> </system.web> </configuration> As you can see the provider declaration is shown in bold in Listing 12-26. As with the other SQL Server– based providers presented in this chapter, this provider works with SQL Server Express Edition by default. To change this to work with SQL Server 2000, 2005, or 2008, you must make a connection to your database within the < connectionStrings > section and make an association to this new connection string in the SqlPersonalizationProvider declaration using the connectionStringName attribute. Configuring Providers As you have seen in this chapter, you can easily associate these systems in ASP.NET 3.5 to a large base of available providers. From there, you can also configure the behavior of the associated providers through the attributes exposed from the providers. This can easily be done through either the system-wide con- figuration files (such as the machine.config file) or through more application-specific configuration files (such as the web.config file). You can also just as easily configure providers through the GUI-based configuration systems such as the ASP.NET Web Site Administration Tool or through the new ASP.NET MMC snap-in. Both of these items are covered in detail in Chapter 32. An example of using the ASP.NET MMC snap-in Windows XP to visually configure a provider is presented in Figure 12-17. Figure 12-17 625 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 626 Chapter 12: Introduction to the Provider Model From this figure, you can see that you can add and remove providers in the membership system of your application. You can also change the values assigned to individual attributes directly in the GUI. Summary This chapter covered the basics of the provider model and what providers are available to you as you start working with the various ASP.NET systems at your disposal. It is important to understand the built-in providers available for each of these systems and how you can fine-tune the behaviors of each provider. This provider model allows for an additional level of abstraction and permits you to decide for yourself on the underlying data stores to be used for the various systems. For instance, you have the power to decide whether to store the membership and role management information in SQL Server or in Oracle without making any changes to business or presentation logic! The next chapter shows how to take the provider model to the next level. 626 . as the ASP. NET Web Site Administration Tool or through the new ASP. NET MMC snap -in. Both of these items are covered in detail in Chapter 32 . An example of using the ASP. NET MMC snap -in Windows. Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt" 622 Evjen c12.tex V2 - 01/28/2008 2:25pm Page 6 23 Chapter 12: Introduction. being hosted on either Windows Server 2008, Windows Server 20 03, or Windows XP, you can change the value of the useOAEP attribute to true . The WebParts Provider Another feature of ASP. NET 3. 5