The MMIT Mobile Controls In version 1.1 of the .NET Framework, the ASP.NET mobile controls from the MMIT are inte- grated into the class library and can be used directly, without requiring a separate installation. The two namespaces System.Web.Mobile (the core classes and authentication and error-handling features) and System.Web.UI.MobileControls (the controls themselves) are now an integral part of the .NET Framework. There is also a namespace System.Web.UI.MobileControls.Adapters , which contains the core control adapter classes that you can use to build you own mobile controls. By default, ASP.NET does not create pages that are suitable for use with the mobile controls, and you still have to add the same “extra information” to the page to use these controls. This involves specifying that the page itself should be an instance of the MobilePage type, which allows multiple forms to exist on a page and provides integration with the core mobile capabili- ties: <%@Page Inherits=”System.Web.UI.MobileControls.MobilePage” Language=”VB”%> You must also continue to specify the tag prefix and the assembly that contains the mobile controls by using a Register directive, so that the controls can be identified. The usual prefix is “mobile” , as in this example: <%@Register TagPrefix=”mobile” Namespace=”System.Web.UI.MobileControls” Assembly=”System.Web.Mobile”%> This means that existing version 1.0 pages that use the MMIT will function just the same on version 1.1, with no changes required to the code except where it uses other classes (for example, classes from the System.Data namespaces) that have changed in version 1.1. Running Version 1.1 Applications on Version 1.0 If you write an application to run on version 1.1 of the .NET Framework and avoid using any features that are new or changed in version 1.1, you will be able to run that application on version 1.0. However, unless you are strictly limited to using only version 1.0 on the server that will host the application, you should consider always running on the latest version of the .NET Framework to benefit from the latest security fixes and performance enhancements. How ASP.NET Selects the Runtime Version IIS uses the concept of mappings (sometimes called script mappings or application mappings) to decide how to process a file or resource when it is requested through the WWW Service. You can view and change the mappings for a Web site or a virtual Web application in the Mappings tab of the Application Configuration dialog for a Web site. To open the Application Configuration dialog, you open the Properties dialog for the Web site, select the Home Directory tab, and click the Configuration button (see Figure 12.4). 12 Side-by-Side Execution in ASP.NET 488 17 0672326744 CH12 5/4/04 12:25 PM Page 488 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 489 How to Specify the ASP.NET Version for Individual Applications The mappings for ASP.NET pages and resources point to the file aspnet_isapi.dll , which is responsible for processing these pages and resources. If you have more than one version of the .NET Framework installed, the mapping will point to the version of aspnet_isapi.dll that will be used, and this determines which version of the .NET Framework classes and ASP.NET runtime will process the resources. In Figure 12.4, you can see that version 1.1 will be used (the full version number is 1.1.4322). How to Specify the ASP.NET Version for Individual Applications As you have seen in the preceding section, all you have to do to force ASP.NET resources to be executed under a different version of the .NET Framework is change the mapping to point to aspnet_isapi.dll in the appropriate [version] folder of the .NET Framework. One way to do this is to manually edit the entries; however, you have to repeat this process for several file types (all the extensions for ASP.NET, such as .aspx , .asmx , .asax , and .ascx ). A far easier way to force ASP.NET resources to be executed under a different version of the .NET Framework is to use the aspnet_regiis.exe application registration utility that is provided with every version of the .NET Framework. This utility can be used for several tasks related to script mappings in IIS, including updating the mappings for some or all of the Web sites and Web applications configured within IIS. Installing ASP.NET Without Updating Script Mappings The Dotnetfx.exe setup program executes the aspnet_regiis.exe utility automatically when you install the .NET Framework and when you uninstall it. However, you can prevent aspnet_regiis.exe from being executed, and hence maintain the existing script mappings, by FIGURE 12.4 Viewing the script mappings in Internet Information Services Manager. 17 0672326744 CH12 5/4/04 12:25 PM Page 489 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. running the Dotnetfx.exe setup program from a command window and specifying the special parameter sequence, as shown here: Dotnetfx.exe /c:”install /noaspupgrade” This means that you can install the latest version of ASP.NET without disturbing any existing applications and then update individual applications as and when required by using the aspnet_regiis.exe utility. When you create a new Web application, the version currently set up for the default Web site within which the new application is created is used for the new applica- tion until you specifically change it. Again, you can use the aspnet_regiis.exe utility for this. Remember that if the version of ASP.NET you are installing is older than the most recent version already installed, the setup program does not automatically execute aspnet_regiis.exe —and so the existing script mappings are not updated. Using the aspnet_regiis.exe Tool to Configure Runtime Versions The aspnet_regiis.exe tool is supplied with each version of the .NET Framework and is located in the %windir%/Microsoft.NET/Framework/[version]/ folder. The version of the tool is different for each version of the .NET Framework, so you must use the correct one, depending on what configuration changes you want to make. For example, to configure an application to use version 1.0 of the .NET Framework, you must run the version of aspnet_regiis.exe from the folder %windir%/Microsoft.NET/Framework/v1.0.3705/ . You run the aspnet_regiis.exe utility from a command window. As shown in Table 12.1, aspnet_regiis.exe accepts a range of parameters that determine the configuration changes it makes. Note that you can use this tool to create the aspnet_client folder for your Web sites and populate it with the required client-side script files, and you can also use it to set the script mappings or display information about the versions of ASP.NET that are installed. In Windows Server 2003, with IIS 6.0, you must also manage the Web service extensions to allow ASP.NET to serve pages. You’ll learn more on this topic later, but you can see in Table 12.1 that the aspnet_regiis.exe utility can set these for you as well. TABLE 12.1 The Command-Line Parameters for the aspnet_regiis.exe Utility Parameter Description -i Registers this version of ASP.NET, adds the matching Web service extension to IIS 6.0, and updates the mappings for all Web sites and Web applications to point to this version of aspnet_isapi.dll. -ir Registers this version of ASP.NET but does not update Web site and Web application mappings. -enable Is used with the -i or -ir parameters to set the status to Allowed for the Web service exten- sion it installs for ASP.NET (version 1.1 and above with IIS 6.0 and above only). -s <path> Updates the mappings for all Web sites and Web applications at the specified path and updates any applications nested within this path to point to this version of aspnet_isapi.dll (for example, aspnet_regiis.exe -s W3SVC/1/ROOT/ProAspNet). -sn <path> Updates the mappings for all Web sites and Web applications at the specified path, but not those nested within this path, to point to this version of aspnet_isapi.dll. 12 Side-by-Side Execution in ASP.NET 490 17 0672326744 CH12 5/4/04 12:25 PM Page 490 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 491 How to Specify the ASP.NET Version for Individual Applications -r Updates the mappings for all Web sites and Web applications configured within IIS to point to this version of aspnet_isapi.dll. Does not register this version of ASP.NET or add a Web service extension. -u Unregisters this version of ASP.NET and removes the Web service extension. Any existing mappings for this version are remapped to the highest remaining version of ASP.NET that is installed on the machine. -ua Unregisters all versions of ASP.NET on the machine. -k <path> Removes all mappings to all versions of ASP.NET for all Web sites and Web applications at the specified path and any applications nested within this path (for example, aspnet_regiis.exe -k W3SVC/1/ROOT/ProAspNet). -kn <path> Removes all mappings to all versions of ASP.NET from the specified path but does not remove those nested within this path. -lv Lists all versions of ASP.NET that are installed on the machine, along with the current status (Valid or Invalid) and path to aspnet_isapi.dll for that version (when the status is Valid). -lk Lists the paths of all the IIS metabase keys that contain ASP.NET mappings, together with the version each one is mapped to. Does not include any keys that inherit ASP.NET mappings from a parent key. -c Installs the client-side scripts for this version into the aspnet_client subfolder of every IIS Web site directory. -e Removes the client-side scripts for this version from the aspnet_client subfolder of every IIS Web site directory. -ea Removes the client-side scripts for all versions of ASP.NET from the aspnet_client subfolder of every IIS Web site directory. -? Prints the help text in the command window. One issue to be aware of is that installing the .NET Framework adds to your PATH environment variable the path to the utilities folder. Therefore, depending on the order in which you installed the .NET Framework versions, you might find that typing just aspnet_regiis will not run the version you expect or require. To get around this, you need to enter the full path to the version of aspnet_regiis.exe that you want or edit your PATH environment variable to change the order of the paths or add the one you need. To edit your PATH environment variable, you open the System applet by selecting Start, Settings, Control Panel; then you click the Environment Variables button in the Advanced tab of the System Properties dialog. Listing Versions, Web Sites, and Application Roots As an example of using aspnet_regiis , the following command uses the -lv (list versions) param- eter to list the versions of the .NET Framework that are installed on the machine by printing the path to the aspnet_isapi.dll file for each version and showing which is the default (root) entry in IIS: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322>aspnet_regiis -lv 1.0.3705.0 Valid TABLE 12.1 Continued Parameter Description 17 0672326744 CH12 5/4/04 12:25 PM Page 491 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. ➥ C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll 1.1.4322.0 Valid (Root) ➥ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll To get a list of the Web sites and virtual Web applications, together with the version that each one is currently mapped to, you can use the -lk (list keys) parameter: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322>aspnet_regiis -lk W3SVC/ 1.1.4322.0 W3SVC/1/ROOT/ 1.1.4322.0 W3SVC/1/ROOT/MSMQ/ 1.1.4322.0 W3SVC/1/ROOT/Printers/ 1.1.4322.0 W3SVC/1/ROOT/ASPNETInsiders/ 1.1.4322.0 Updating the ASP.NET Runtime Configuration To demonstrate how to change the mappings for Web sites and Web applications, the following command shows how you can use the -s (script-map) parameter (the path can be obtained using the -lk parameter as shown in the preceding section): C:\WINDOWS\ \v1.0.3705>aspnet_regiis -s W3SVC/1/ROOT/ASPNETInsiders Start installing ASP.NET DLL (1.0.3705.0) ➥ recursively at W3SVC/1/ROOT/ASPNETInsiders Finished installing ASP.NET DLL (1.0.3705.0) ➥ recursively at W3SVC/1/ROOT/ASPNETInsiders Now the mappings for the virtual application root named ASPNETInsiders and all nested virtual applications are configured so that they will execute under version 1.0 of the .NET Framework. One point to watch here is that because IIS 6.0 was not available when version 1.0 of the .NET Framework was created, the aspnet_regiis tool does not install ASP.NET 1.0 in the Web service extensions section of IIS 6.0. You have to create this entry manually (as shown in the following section) and set the status to Allowed . Installing the ASP.NET Client-Side Script Folder When you create a new Web site, the aspnet_client subfolder that contains the client-side scripts required by some ASP.NET server controls is not automatically added to that Web site. You can ensure that it is present and correctly populated with the required scripts for all Web sites by using the -c option of aspnet_regiis.exe : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322>aspnet_regiis -c ASP.NET and IIS 6.0 on Windows Server 2003 IIS 6.0 on Windows Server 2003 contains a new extra layer of security for the Web service, in the form of Web service extensions. Basically, Web service extensions are subsets of the script 12 Side-by-Side Execution in ASP.NET 492 17 0672326744 CH12 5/4/04 12:25 PM Page 492 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 493 ASP.NET and IIS 6.0 on Windows Server 2003 mappings that are installed on the machine, with the option to block requests for files that have the file extension specified in that mapping set. You have to ensure that the status for the Web service extension that specifies the version of ASP.NET you are using for your applications is set to Allowed . If it isn’t, the client will simply receive a “Page not found” response—even though the page exists and the user has requested the correct URL. IIS 6.0 Web Service Extensions To configure Web service extension settings in IIS 6.0, you open Internet Information Services Manager and select the Web Service Extensions folder. You can see in Figure 12.5 that the Web service extension for version 1.1 of ASP.NET is configured within the list and has its status set to Allowed so that it can handle requests. This is because this machine was specified as an applica- tion server when the Windows Server 2003 operating system was installed. FIGURE 12.5 Managing the Web service extensions in IIS 6.0 on Windows Server 2003. To add a new extension for a different version of the .NET Framework, you click the Add a New Web Service Extension link. Then you type the name of the extension in the New Web Service Extension dialog, check the option Set Extension Status to Allowed, and click the Add button. In the Add File dialog that appears, you navigate to the appropriate .NET Framework version folder and select the aspnet_isapi.dll file (see Figure 12.6). After you click OK twice, the new Web service extension appears in the list. Now any ASP.NET pages or resources that are configured to use this version of the .NET Framework—in other words, applications that specify this version of aspnet_isapi.dll in their script mappings—will run (see Figure 12.7). 17 0672326744 CH12 5/4/04 12:25 PM Page 493 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. IIS 6.0 Application Pools If you try to run ASP.NET applications that are configured to use different versions of the .NET Framework on the same machine under Windows 2003 and IIS 6.0, you must either segregate them by version in different application pools or disable application pooling altogether and run in IIS 5.0 isolation mode (described later in this chapter, in the section “Using IIS 5.0 Isolation Mode in IIS 6.0”). By default, IIS 6.0 uses a common process for all the applications running in the same application pool. If applications in the same application pool try to use different versions of ASP.NET, you’ll see the Server Application Unavailable page and the error message shown in Figure 12.8 appears in the Application section of the event log. To get around this, you can create a new application pool and then assign the applications that require different versions of the .NET Framework to different pools. You can run all the applica- tions that use the same version of the .NET Framework in the same application pool, or you can create multiple application pools and allocate your applications between them. 12 Side-by-Side Execution in ASP.NET 494 FIGURE 12.6 Adding a new Web service extension. FIGURE 12.7 A new Web service extension in Internet Information Services Manager. 17 0672326744 CH12 5/4/04 12:25 PM Page 494 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 495 ASP.NET and IIS 6.0 on Windows Server 2003 Creating a New Application Pool To create a new application pool, you right-click the Application Pools folder in Internet Information Services Manager and select New; then you select Application Pool. Next, you enter the name for the new application pool in the Add New Application Pool dialog that appears, and you select the first option button to use the default settings. Alternatively, if you have created a template for application pools, you can base the new one on that by selecting the second option button (see Figure 12.9). FIGURE 12.8 The error messages when multiple versions of ASP.NET are not configured in separate application pools. FIGURE 12.9 Creating a new application pool in IIS 6.0. Allocating ASP.NET Applications to an Application Pool To assign a Web site or virtual Web application to an existing application pool, you just have to select it in the Properties dialog for the site or application. In the Home Directory tab or the Virtual Directory tab of the Properties dialog, you use the drop-down Application Pool list at the bottom of the dialog to specify which application pool you require (see Figure 12.10). 17 0672326744 CH12 5/4/04 12:25 PM Page 495 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Using IIS 5.0 Isolation Mode in IIS 6.0 You can configure IIS 6.0 to run in IIS 5.0 isolation mode. In this mode, the application-pooling feature that is turned on by default in IIS 6.0 is disabled, and applications run under the same process isolation model as in IIS 5.0. If you enable IIS 5.0 isolation mode, you can run ASP.NET applications that execute under different versions of the .NET Framework without having to create separate application pools. To enable IIS 5.0 isolation mode, you open the Properties dialog for the Web Sites folder and check the Run WWW Service in IIS 5.0 Isolation Mode option (see Figure 12.11). When you close the Properties dialog, IIS prompts you to restart the service to put the new setting into effect. 12 Side-by-Side Execution in ASP.NET 496 FIGURE 12.10 Selecting the application pool for an ASP.NET Web application. FIGURE 12.11 Specifying IIS 5.0 isolation mode in IIS 6.0. 17 0672326744 CH12 5/4/04 12:25 PM Page 496 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 497 Summary However, in IIS 5.0 isolation mode you do not benefit from many of the improvements in IIS 6.0, including better process management and deadlock detection. You should avoid using IIS 5.0 isolation mode unless it is absolutely necessary. Summary This chapter looks at how the .NET Framework allows you to run multiple versions side-by-side and select which version each application should run under. This is a huge advance over previ- ous versions of ASP, where you had to perform a full server upgrade and shift all your applica- tions to the newly installed version. Along with the fundamental changes that the .NET Framework provides, such as freedom from reliance on COM components and “DLL hell,” ASP.NET side-by-side execution also solves many issues you had to cope with in the past. In particular, running and testing different versions of your Web sites and Web applications are now much easier and much more controllable. You can move an application from one version of the .NET Framework to another quickly and easily. As well as side-by-side execution, this chapter also looks at the changes to the namespaces in the .NET Framework that are relevant to ASP.NET and Web applications. There are many minor changes between versions 1.0 and 1.1, and there are quite a lot of bug fixes, but only a few of these affect applications when you migrate from one version to another. This chapter summa- rizes the changes that are most likely to affect your applications and how you can get around the issues these changes raise. Finally, this chapter looks at the latest version of the Windows operating system, Windows Server 2003, and the way it affects ASP.NET applications. The better performance and robustness of IIS version 6.0 certainly make it worth considering an upgrade to Windows Server 2003. 17 0672326744 CH12 5/4/04 12:25 PM Page 497 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... provided that those files are served by ASP.NET In order to bring a file type under the control of ASP.NET and thus forms authentication—you need to do two things: n Map the file type to ASP.NET in Internet Information Services (IIS) n Define which HttpHandler implementation you would like ASP.NET to use to handle requests for that file type To map the file type to ASP.NET, you select Control Panel, Administrative... the sign-in page with SSL Once the user has signed in, the encryption provided by ASP.NET by default will protect the user’s subsequent requests Of course, if you include a sign-in control on several pages, you will need to protect all those pages Building a Reusable Sign-in Control The standard way to do sign-in in ASP.NET applications that use forms authentication is to provide a sign-in Web form... control earlier in this chapter, in the section “Building a Reusable Sign-in Control.” Protecting Non -ASP.NET Content If you now use this control wherever you want an internal hyperlink in the application, the authentication ticket parameter will be added to the query string of the link Protecting Non -ASP.NET Content You usually use forms authentication to control access to a Web application itself—mainly... Passwords 508 Persistent Authentication Cookies 514 Using Forms Authentication in Web Farms 516 Cookieless Forms Authentication 519 Using forms authentication is a great way Protecting Non -ASP.NET Content 523 to create ASP.NET applications that require users to sign in to perform certain operations The features provided by forms authentication make it quick and easy to create a secure authentication system... controls that are in this user control This is why the CausesValidation property of the SignInButton control was set to False: You are calling the Validate methods of the validators rather than having ASP.NET do it automatically when the LinkButton controls are clicked You call the Validate methods of the validators because you do not want the sign-in control to be affected by the validation states... from signing the user in, even if the username and password TextBox controls were valid This is a problem for any user control that you want to operate independently of other parts of the page because ASP.NET groups all validators into a single collection under the Page object You could explicitly call the Validate methods on the two validators, but we thought it would be worth showing some general... following is the button click event from the code-behind file for a simple Web form that has a text box, a button, and two labels on it to accept a password and generate hashes in the two formats that ASP.NET can use: Private Sub GenerateHashes_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) _ Handles GenerateHashes.Click MD5Label.Text = “MD5: “ + _ FormsAuthentication.HashPasswordForStoringInConfigFile... body.Append(“&Date=”) body.Append(dateTimeTicks) body.Append(“&Check=”) body.Append(hash) email.Body = body.ToString Persistent Authentication Cookies By default, each user will be able to continue to use an ASP.NET application that is configured with the default forms authentication settings after logging in until one of two things occurs: The user does not make a request for a period of time set by the timeout... ensure that the elements of the servers’ configurations match Second, you need to ensure that all the servers use the same keys for encrypting and validating authentication tickets By default, ASP.NET auto-generates these keys at random, which obviously does not lead to the servers in a Web farm having matching keys You therefore need to explicitly set the values You do this through the ... clients might not be set up to support cookies Users whose client does not accept cookies will not be able to sign in to an application that relies on cookies to persist the authentication ticket The ASP.NET development team realized that this could be a problem and built the forms authentication system so that it is not limited to using cookies If a cookie with the correct name is not found, the forms . C:WINDOWSMicrosoft .NET Frameworkv1 .1. 4322>aspnet_regiis -lk W3SVC/ 1. 1.4322.0 W3SVC /1/ ROOT/ 1. 1.4322.0 W3SVC /1/ ROOT/MSMQ/ 1. 1.4322.0 W3SVC /1/ ROOT/Printers/ 1. 1.4322.0 W3SVC /1/ ROOT/ASPNETInsiders/. section): C:WINDOWS v1.0.3705>aspnet_regiis -s W3SVC /1/ ROOT/ASPNETInsiders Start installing ASP. NET DLL (1. 0.3705.0) ➥ recursively at W3SVC /1/ ROOT/ASPNETInsiders Finished