ASP.NET provides built-in role-based security similar to other .NET applications through use of the Web.config file. The Web.config file defines security providers and policies at the application level. Higher level policy files take precedence, allowing administrators to control shared servers. ASP.NET compiles to managed code for faster execution and integrated security and debugging compared to older ASP technologies. It also provides features like automated testing, dynamic updating, and output caching.

1. Website Security
ASP.NET is compiled to managed code before
executing, so web pages can utilize the same
role-based features as other .NET applications.
Web.config can define built-in ASP.NET security
providers such as “Forms”, “Windows” or set
event handlers for custom providers.
Web.config is an “application” level security policy
file. Settings in higher level policy files take
precedent, so administrators of shared web
servers can breath.

2. Security & Managed Code
Evidence-based security means that there is no
guarantee your code has sufficient permission to
run when the user executes it!
.NET classes are free-threaded.

3. ASP.NET
Programming model can handle client-side events on
the server as if they happened on the server.
Design-time provides GUI configuration of controls
on the page. Microsoft provides controls that are
fast and scalable for .NET (vs. VS6).
Compiled code means 2-5 times faster execution.
Session State is now fast and scalable.

4. ASP.NET Change Management
• Version code just like any other .NET application!
• Debug Using Trace! (instead of Response.Write)
• Automated Unit Testing!
• Deploy Assemblies Without Source Code!
– Protect your Intellectual Property!
• Publish web applications with simple XCopy!
– Goodbye FrontPage Extensions!
• Dynamic Code Replacement - Without Rebooting!
• Concurrently Run Different Versions of Business
Objects Side-By-Side!
• Script Builds from Source Control

5. ASP.NET Cool Features
Output Caching is automatic, but configurable by
user, query, time or underlying data source AND at
either the page or control level.
ASP and ASP.NET can run in the same directory but
do not share state.
Use any .NET language. Use structured exception
handling as implemented in the language.
Debug from web pages down into business objects.

6. Writing XML Web Services
Use the WebService directive in .ASMX pages. Code behind
uses the WebMethod attribute and inherits from
System.Web.Services.WebService.
.NET will use reflection to automatically generate a WSDL and
a simple human-readable testing and documentation page.
Also, you can publish any COM+ object or .NET assembly by
registering it in COM+ and checking a box. COM+ can
use .NET remoting instead of HTTP for .NET to .NET calls.
SQL and Exchange 2000 both provide XML Web Services
access methods to their data.

7. Web Services
Imports System.Web.Services
<WebService(Namespace := "http://tempuri.org/")> _
Public Class Service1
Inherits System.Web.Services.WebService
<WebMethod()> Public Function HelloPerson(ByVal
YourName As String) As String
HelloPerson = "Hello, " & YourName & "."
End Function
End Class

8. Consuming XML Web Services
All Web Services are late-binding.
Static bindings are Web References. Use them just
like a referenced assembly. IntelliSense works!
Dynamically bind to services at run-time by using
UDDI and/or Disco.
If necessary, configure proxy server and credentials
in machine.config.
Consume .NET Web Services from any platform.

9. Consuming Web Services

10. ASP.NET Web Form

11. Web Services
Private Sub Button_Click(ByVal sender As
System.Object, ByVal e As System.EventArgs)
Handles Button.Click
Dim ws As New HelloService.Service1()
Results.Text &= ws.HelloPerson(strName.Text)
& "<br>"
End Sub

12. Touchless Desktop Deployment
DEMO

13. Issues
Only Windows 2000 and XP as servers.
Windows 98 or better as clients. CE support
is in beta and will be a subset.
Transparency of Source Code – MSIL is
relatively easy to reverse engineer to source
code. Obfuscators and encryption will solve
this in the future.
Security of .NET is still questioned based on
past experience with Microsoft.

14. .NET Myths
Myth: Passport is required for authentication in .NET. BizTalk
is required for XML Web Services. Windows CALs are
required for access to “authenticated” IIS applications.
Myth: J# is another Microsoft attempt to corrupt Java.
Myth: The Microsoft .NET Pet Store benchmark proves
ASP.NET is 15-28 times faster, requires ¼ the CPU, ¼ the
code and supports 6-8x as many users as J2EE.
Related Myth: Oracle’s latest Java Pet Store proves J2EE on
Oracle is faster than .NET
Myth: .NET is a huge mental leap for VB developers.