Chapter 20: Common Technology Scenarios: .NET security, performance, manageability and communication features
How do you determine which technological features should be present in any application? This chapter looks at advancements that will help make you increase you VB.NET application performance, as it becomes more secure, manageable, and scaleable. The key scenarios include VB.NET security implementation (IPrincipal interface, IIdentity interface property, cryptographic objects), VB.NET application manageability (configuration files), .NET deployment process features, multithreading, ASP.NET page caching and ADO.NET.
How can I protect my applications from security attacks?
Security attacks are very common, and nobody wants to have an unsecured application running in their organization. That is why the .NET Framework provides classes that help to manage security situations: they make it easy to implement role-based security in your application. Implementing and enforcing security consists of two parts: authentication and authorization. This is achieved by implementing custom principal and identity classes based on the IPrincipal and IIdentity interfaces.
How does the implementation of the IIdentity interface work?
The UserIdentity type implements the IIdentity interface, which requires you to implement three properties:
- Name. This returns the name of the identity. You need to call the shared function strCreateMyIdentity() and pass it a hash table with all of the user information. This method then returns an instance of your identity.
- IsAuthenticated. This returns a value, whether or not the user has been authenticated. If you allow anonymous access, you set it to false for anonymous users.
- AuthenticationType. This returns the type of authentication. WindowsIdentity returns NTLM, while GenericIdentity returns an empty string or the type specified when you instantiated GenericIdentity.
What is a Principal object?
A Principal object is a holder for all the roles the user belongs to (according to the active authentication mechanism). Any .NET class that implements the IPrincipal interface is a valid Principal object. The IPrincipal interface exposes the Identity property (which returns the underlying Identity object) and the IsInRole method.
What is the use of cryptographic objects in the .NET Framework?
They support well-known algorithms and their common uses, including hashing, encryption, and generating digital signatures. These objects are designed to allow you to easily incorporate these basic capabilities into more complex operations, such as signing and encrypting a document.
What cryptographic algorithms does the .NET Framework support?
The cryptographic algorithms supported include:
- Rivest Shamir Adelman (RSA) and Digital Signature Algorithm (DSA) public key (asymmetric) encryption. Asymmetric algorithms operate on fixed buffers. They use a public key algorithm for encryption and decryption.
- Data Encryption Standard (DES), TripleDES, and RC2 private key (symmetric) encryption. Symmetric algorithms are used to modify variable length buffers and perform one operation for periodical data input.
- Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1) hashing. MD5 is a one-way hash algorithm. It always produces a 128-bit hash value for variable length input data.
What are the main features of the Security Application Block?
- It reduces the requirement to write boilerplate code to perform standard tasks.
- It helps maintain consistent security practices, both within an application and across the enterprise.
- It eases the learning curve for developers by using a consistent architectural model across the various areas of functionality provided.
- It provides implementations that you can use to solve common application security problems.
- It is extensible; it supports custom implementations of security providers.
How are configuration files used in VB .NET?
You can use configuration files to configure .NET applications without compiling them. These configuration files help you to store application variables and configuration values, just as you could with earlier versions of Visual Basic (by using .ini files and later, registry settings). In addition, Visual Basic .NET configuration files allow you to keep properties for visual components so they can be dynamically changed by just editing a text file.
Configuration files can contain different types of information, depending on the type of application that will use them. A configuration file for a .NET client application will be significantly different from those for a .NET server application: the configuration file will contain different sections, attributes, and values.
How can I configure a client application that communicates with a remote server application?
Typically, you need to perform the following tasks:
- Configure the client application security policy. By default, applications that run in an intranet are not allowed to access other servers in the intranet. You must set the required permissions to allow the client to access other servers.
- Configure assembly binding. If the application uses shared third-party components, you might need to indicate specific versions of the components to be used by the client application.
- Configure remoting. You must indicate the server address to the client application. You can use the .NET Framework Configuration tool to complete this task.
What deployment features does the .NET Framework offer?
The .NET Framework offers different ways to deploy your application, including:
- XCOPY deployment. This is the easiest way to deploy an application built on the .NET Framework. To use XCOPY, you copy the assemblies to the installation path. This is a good option if your application does not require additional files to be installed or any customization to be performed on the client computer.
- Setup projects. The .NET Framework provides a more powerful way to deploy your application than XCOPY deployment. Setup projects allow you to deploy the application and any necessary files. They also provide a detailed structure of the target file system.
- Messages and information displayed during the installation process
- No-touch deployment. This option allows you to make the assemblies of your application available online on a Web server. Target (client) computers can connect to the server and download the latest version of those assemblies each time the application is executed. The assemblies are copied to the server or Web directory that is trusted by the .NET runtime and by the Internet browser on the client computer. No-touch deployment requires client computers to have a permanent Web connection to the server.
I heard the .NET Framework tracing and logging mechanisms are available through two classes in the System.Diagnostics namespace: Trace and Debug. What is the difference between them?
Both classes contain the same properties and methods. The difference between them is that Debug is available only when the application runs in Debug mode, while Trace is available in both Debug and Release modes. This means that the code you write using the Debug class cannot be executed in the Release configuration.
What performance considerations should I take into account when building .NET applications?
These are the most important:
Exception Handling Considerations
Exception handling is a key aspect of developing applications on the .NET Framework. It allows you to easily and gracefully recover from errors that could easily crash an application. However, exception handling can be expensive in terms of system resources. For this reason, you should exercise restraint when using exceptions in your applications.
String Handling Considerations
When a string is altered, the original string is garbage collected, and a new object is created to hold the changed string. This may not be an issue for a small number of changes, but an excessive number can tax the system.
The .NET Framework includes the StringBuilder class, which is a special class designed to be used when you manipulate string objects. The StringBuilder class includes methods for altering the contents of a string. It is contained in the System.Textnamespace.
Data Base Access Considerations
The .NET Framework recommends that you tune for database access by using only the functionality that you need, and that you design for a disconnected approach. With this approach, you make several connections in sequence, instead of holding a single connection open for a long time. In addition, Microsoft recommends an n-tier strategy for maximum performance, as opposed to a direct client-to-database connection strategy. Consider this recommendation as part of your design philosophy, because many of the technologies in the .NET Framework are optimized to take advantage of a multi-tiered architecture.
What does ‘multithreading’ mean?
Multithreading, or free-threading, refers to the ability of a program to execute multiple threads of operation simultaneously. Multithreading can be a powerful tool to use in component programming. By writing multithreaded components, you can create components that perform complex calculations in the background while leaving the user interface free to respond to user input.
Can I use caching to improve the performance of my Web pages?
Yes. Caching is a well tested and successful technique for performance improvement. HTML pages can be cached to improve their loading speed. A more indirect example of caching is connection pooling, which provides an efficient way to manage connections and share them across different service requests. In connection pooling, whenever a connection request is received, the connection pool checks if there is an existing idle connection that can be used to fulfill the request.
What else should I know about caching ASP.NET pages?
The following are some of the key concepts for caching ASP.NET pages:
- Know how to set the expiration policy.
- Know where to set the location of the cache.
- Know when you should cache multiple versions of a page.
- Know when you should cache portions of ASP.NET pages.
- Determine when you should cache application requests.
- Always notify an application when an item is removed from the cache.
What does ‘marshaling’ mean?
Marshaling is the process of converting information for communication between threads. In COM, marshaling is used when data moves across context boundaries such as operating system processes or computers.
What is the definition of Web Proxies?
Web proxies are components that reside on the client computer. They facilitate the client’s communication with a Web service and are responsible for transparently issuing requests to the Web service and interpreting the results for the client.
What are Service Agents and what advantages do they offer?
A service agent is a service that helps your application work with other services.
The agent runs topologically close to the application consuming the service. It helps both to prepare requests sent to a service and to interpret responses from the service. Service agents offer the following advantages:
- Error handling. Service agents can be designed to recognize the errors that a service can produce, which can greatly simplify integration efforts.
- Data handling. A service agent can cache data from the service in a correct and knowledgeable manner. This can greatly improve response times from a service, reduce load on the service, and permit applications to work when disconnected (offline).
- Request validation. Service agents can check the input document of a service request to ensure correctness prior to submission, allowing obvious errors to be caught without the lag time and server load of a roundtrip. On the other hand, the service still requires validating all requests on receipt.
- Intelligent routing. Some services can use agents to send requests to a specific service instance based on the content of the request.
Can you provide me with basic information about the ODBC and OLE DB components?
The ODBC and OLE DB components can be described as follows:
- ODBC. The Microsoft Open Database Connectivity (ODBC) interface is a C programming language interface that allows applications to access data from a variety of database management systems. Applications that use this API can access relational data sources only.
- OLE DB. OLE DB is a comprehensive set of low-level COM interfaces for accessing a diverse range of data in a variety of data stores. OLE DB providers exist for accessing data in database systems, file systems, message stores, directory services, workflow, and document stores.
How can I upgrade a Visual Basic 6.0 application that accesses ODBC or OLE DB data sources to Visual Basic .NET?
You must upgrade the programmer interface used to interact with the data source. Depending on the data source, this interface will be DAO, RDO, or ADO. Information on how to upgrade DAO, RDO, and DAO code is provided in Chapter 12, “Upgrading Data Access.” However, if the resources are available to do so, it is recommended that you upgrade any data access interfaces to ADO.NET.
What are the main advantages of ADO.NET?
- Interoperability. All data in ADO.NET is transported in XML format. The data is provided as a structured text document that can be read by anyone on any platform.
- Scalability. ADO.NET promotes the use of disconnected datasets, with automatic connection pooling bundled as part of the package.
- Productivity. ADO.NET can improve overall development time. For example, typed DataSets help you work more quickly and allow you to produce more bugfree code.
- Performance. Because ADO.NET provides disconnected datasets, the database server is no longer a bottleneck and application performance is improved.
How is ADO.NET any different from ADO?
- In ADO, the in-memory representation of data is the Recordset. In ADO.NET, it is the DataSet. A Recordset works as a single table. In contrast, a DataSet is a collection of one or more tables. In this way, a dataset can mimic the structure of the underlying database. Because the DataSet can hold multiple, separate tables and maintain information about relationships between them, it can hold much richer data structures than a recordset, including self-relating tables and tables with many relationships
- Transmitting an ADO.NET DataSet between applications is much easier than transmitting an ADO disconnected Recordset. To transmit an ADO disconnected Recordset from one component to another, you use COM marshaling. To transmit data in ADO.NET, you use a DataSet, which can transmit an XML stream.
- In ADO, you scan sequentially through the rows of the recordset using the ADO MoveNext method. In ADO.NET, rows are represented as collections, so you can loop through a table as you would through any collection or access particular rows by using an ordinal or primary key index. DataRelation objects maintain information about master and detail records and provide a method that allows you to get records related to the one you are working with.
- In ADO.NET, you open connections only long enough to perform a database operation, such as a Select or Update. You can read rows into a dataset and then work with them without staying connected to the data source. In ADO, the Recordset can provide disconnected access, but ADO is designed primarily for connected access.