security configuration
Transcript of security configuration
![Page 1: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/1.jpg)
By-Teach4u.in
![Page 2: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/2.jpg)
Content1. Web.config2. Why Applications?3. IIS
1. Role in handing a request4. .NET
1. Applications2. Application Object 3. Global.asax
5. Configuration files1. Machine.config2. Web.Config
![Page 3: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/3.jpg)
What is Web.Config File? Configuration file is used to manage various
settings that define a website. The settings are stored in XML files that are separate from your application code. In this way you can configure settings independently from your code. Generally a website contains aingle Web.config file stored inside the application root directory. However there can be many configuration files that manage settings at various levels within an application.
![Page 4: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/4.jpg)
Why Applications?Dark ages (pre-2003)
Server crashes not unusual Single failure bring down whole system
Worse yet: Memory leaks
Cause IIS hang Stop serving pages
Required manual intervention(reboot)
![Page 5: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/5.jpg)
Why ApplicationsToday (Windows Server 2003 & later)
Applications still crash Applications are compartmentalized OS handles gracefully
System rarely affectedOS monitors application health
Recycles unhealthy processesResult: system stable & reliable
![Page 6: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/6.jpg)
IIS Overview
![Page 7: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/7.jpg)
IIS ApplicationsFolders may be configured as “Applications”
IIS configuration interfaceEach application is assigned to an Application Pool
Each application pool has a unique Windows processSpecify error handling, timeouts, etc. for each
application
Benefit:Compartmentalize applicationsReduces dependencies
Improves reliabilityAllows application specific settings
Error handling, log files, filters, headers, timeouts… 100’s of settings
![Page 8: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/8.jpg)
Applications SettingsConfiguration settings:
Web.config Application level settings Located in root folder
Machine.config Settings common to all applications
Application event handlersGlobal.asax file
Located in root folder
![Page 9: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/9.jpg)
ASP.NET Configuration.config files
Hierarchical configurationSimilar to CSS
Inheritance Child has precedence over parent
Machine.configRarely need to modify
![Page 10: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/10.jpg)
Web.ConfigXML file
Case sensitiveCamel casing
Configure:Application settingsError handlingTimeoutsSessions…etc. etc.Authenticationdocumentation
Security .config files not served
![Page 11: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/11.jpg)
Global.asaxHandles application & session events
15+ events Application_startApplication_errorSession_start
Located in root folder of applicationTriggered each page requestOptional
![Page 12: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/12.jpg)
Global.asaxExample:
Create new application on serverweb.config: sourceglobal.asax: sourceTestPage.aspx: source, output
![Page 13: security configuration](https://reader035.fdocuments.in/reader035/viewer/2022062313/55c581f3bb61eb03398b45b9/html5/thumbnails/13.jpg)
SummaryConfiguration Objectives:
Flexibility Security Reliability Convenience
IIS Handles requests
Application Application object Events: global.asax
Configuration Machine.config Web.config