翻译文献-配置应用程序

CONFIGURINGANAPPLICATIONONEELEMENTSEEMSTOBEMISSINGFROMTHEVISUALBASICNETCODESHOWNINLISTING43ALTHOUGHIVEOFTENEXTOLLEDTHEVIRTUEOFUSINGOPTIONEXPLICIT,IDIDNTUSEITINTHISEXAMPLE,WHICHCANBEDONEBYSETTINGEXPLICIT“TRUE“INPAGEICANASSUREYOUTHATTHEPAGEDOESREQUIREVARIABLESTOBEDECLAREDIMISSEDONEOFTHEREFERENCESTOLOOPWHENCONVERTINGTHEAPPLICATIONFROMCTOVISUALBASICNETANDANERRORPAGEDIDINFACTAPPEAR。THISERRORMESSAGECONTAINSQUITEABITMOREINFORMATIONTHANASPERRORMESSAGESHAD,ANDITINCLUDESTHESECTIONOFCODETHATPRODUCEDTHEERROR,WITHTHELINEINWHICHTHEERROROCCURREDDISPLAYEDINREDBYDEFAULT,THISDETAILEDERRORMESSAGEWILLAPPEARONLYONTHEMACHINEONWHICHTHEAPPLICATIONISRUNNINGTHISISGOODDEFAULTBEHAVOIRBECAUSEITSPOSSIBLETHATTHESOURCECODEDISPLAYEDCOULDINCLUDEINFORMATIONABOUTDATABASEUSERNAMESANDPASSWORD,ORWORSESOIFIDIDNTSETEXPLICITTOTRUE,WHYDIDIGETTHEERRORMESSAGEABOUTTHEUNDERSTANDVARIABLEBADLYREPORTEDINTHISEXAMPLEAS“EXPECTEDANEXPRESSION“THEANSWERISTHEWEBCONFIGFILEINADDITIONTOSPECIFYINGEXPLICTANDSTRICTONEACHPAGE,WEBCONFIGPROVIDESANAPPLICATIONGLOBALWAYTOCONFIGURETHESEANDOTHERAPPLICATIONSETTINGSLISTING45SHOWSASIMPLEWEBCONFIGFILELISTING45SIMPLEWEBCONFIGFILE,WITHEXPLICITANDSTRICTSETTO“TRUE“,ELIMINATINGTHENEEDFORSETTINGTHESEONEACHVISUALBASICNETPAGEIFYOUREFAMILIARWITHXML,YOULLRECOGNIZELISTING45ASASIMPLE,WELLFORMEDXMLDOCUMENTINCHAPTER8,WELLDISCUSSXML,BUTINTHEMEANTIME,YOULLNEEDTOBEAWAREOFTHEFOLLOWINGASPECTSOFXMLXMLALWAYSUSESMATCHEDSTARTANDENDTAGS,UNLIKEHTML,WHICHALLOWSOMISSIONOFMANYENDTAGSFORSOMETAGS,THESTARTANDENDTAGSCANBEREPRESENTEDASASINGLETAGFOREXAMPLE,THEFOLLOWINGTAGISVALIDXMLISCASESENSITIVETHUS,THEFOLLOWINGTAGISNOTVALID,BEACAUSEISNOTSEENASACLOSINGTAGFORALTHOUGHEARLYBETASOFTHENETFRAMEWORKWEREFORGIVINGABOUTCASEOFATTRIBUTESVALUESFOREXAMPLE,TRUEANDTRUEWERECONSIDEREDTHESAME,FROMBETA2ONWARD,THECONFIGURATIONFILESARE,CORRECTLY,COMPLETELYCASESENSITIVEXMLVALUESAREENCLOSEDINQUOTATIONMARKSTHUS,THEFOLLOWINGTAGISNOTVALIDXMLISTHEPREFERREDDATALANGUAGEOFTHENETFRAMEWORKASOFTHISWRITING,HOWEVER,NOAUTOMATEDADMINISTRATIVETOOLISAVAILABLEFOREDITINGTHEWEBCONFIGFILETHISISNTATERRIBLEPROBLEMBECAUSEXMLISANEASYFORMATTOFOLLOW,BUTITDOESMEANTHATYOULLNEEDTOMANUALLYTWEAKTHESEFILESUSINGANORMALEDITORPROGRAMSUCHASNOTEPADKNOWNAFFECTIONATELYASNOTEPADNETTOSOMEOFTHEEARLYASPNETADOPTERSIWONTCOVERALLTHEMANYPOSSIBLECONFIGURATIONOPTIONSBECAUSETHEYREDESCRIBEDINTHENETFRAMEWORKSOFTWAREDEVELOPMENTKITSDKDOCUMENTATIONHOWEVER,IWILLGOTHEIMPORTANTCONFIGURATIONOPTIONSANDTHEIRIMPLICATIONSANDEXPLAINEACHOFTHESECTIONSOFWEBCONFIGFILEWHEREDOESTHEWEBCONFIGFILEGOONEOFTHEFRUSTRATIONSFORASPPROGRAMMERSISTHEODDPATCHWORKOFFILESTHATGROWSUPAROUNDANYCOMPLEXWEBSITEWITHASP,THEONLYCONFIGURATIONFILEWASGLOBALASA,ANDINFACT,THISSIMILARTOTHEASPNETGLOBALASAXFILEASPBEGINNERSOFTENASK,“WHEREDOIPUTTHEGLOBALASAFILE“ITTURNSOUTTHATINPRACTICEYOUHADTOPUTAGLOBALASAFILEINALMOSTEVERYDIRECTORYINASPNET,THEWEBCONFIGFILEPROVIDESAMECHANISMTHATSHOULDALLOWMANYSITESTOHAVEFARFEWERREDUNDANTCONFIGURATIONSETTINGSWITHINEACHVIRTUALSITETHEREISAROOTCONFIGURATIONFILE,INTHESAMEFORMATASTHEWEBCONFIGFILES,NAMEDMACHINECONFIGTHISFILEISINCLUDEDWITHTHENETFRAMEWORKANDCONRTAINSMANYDEFAULTSETTINGSITISLOCATEDUNDERTHEWINDOWSROOT,INTHEWINDIRMICROSOFTNETFRAMEWORKCONFIGFOLDERALLOTHERDIRECTORIESONTHESITEINHERITSETTINGSFROMTHISROOTFILEANDFROMALLWEBCONFIGFILESTHATEXISTHIGHERINTHELOGICALHIERARCHYFOREXAMPLE,ONEPOSSIBLEELEMENTSENCTIONINTHEWEBCONFIGFILEISAPPSETTINGSTHISSECTIONISNORMALLYUSEDTOMAKECERTAINVARIABLESAVAILABLETOALLPAGESWITHINANAPPLICATION,TOMULTIPLEAPPLICATIONSIFTHEVARIABLEEXISITSINAVIRTUALDIRECTORYWITHOTHERAPPLICATIONSLOCATEDLOGICALLYUNDERIT,OREVENTOALLAPPLICATIONSONTHEMACHINEIFTHEAPPSETTINGSSECTIONISLOCATEDINTHEMACHINECONFIGFILEINDIVIDUALAPPSETTINGSVALUESCANBEOVERRIDENBASEDONTHELOCATIONOFTHEWEBCONFIGCONTAINSTHEFOLLOWINGSECTIONWITHINTHETAGSSUPPOSEFURTHERTHATTHEREISAVIRTUALDIRECTORYNAMEDTESTTHATHASTHEFOLLOWINGSECTIONWITHINTHETAGSIFTHESEARETHEONLYAPPSETTINGSSECTIONSONTHEMACHINE,ANYPAGETHATRETRIEVESTHE“DSN“KEYFROMAPPSETTINGSWILLRECEIVETHEVALUE“MYDSN“,EXCEPTANYPAGEWITHINTESTAPPLICATIONPAGESWITHINTHETESTAPPLICATIONORDIRECTORIESLOGICALLYLOCATEDBELOWTESTWILLRECEIVETHEVALUE“MYLOCALDSN“CAUTIONIFHACKINGINTHEREGISTRYISNTENOUGHFUNFORYOUANDYOURELOOKINGFORANEWWAYTOHOSEYOURMACHINE,DOTRYIMPROPERLYNESTINGSECTIONSOFTHEWEBCONFIGFILESALTHOUGHTHISWILLMESSUPONLYYOURASPNETAPPLICATIONS,ITWILLTHOROUGHLYMESSTHEUPITSPOSSIBLETHATFUTUREVERSIONSOFASPNETWILLBEMOREFORGIVINGOFSUCHERRORS,BUTTHECURRENTVERSIONISNOTSTARTINGWITHBETA2OFASPNET,ALLWEBCONFIGFILESAREALSOCASESENSITIVETHISREQUIREMENTISREASONABLEFROMTHESTANDPOINTTHATAWELLFORMEDXMLFILE,THATSAID,THENEEDFORCASESENSITIVITYCANSTILLBEAPAINTHEAUTHENTICATIONSECTIONASPNETALLOWSYOUTOAUTHENTICATEUSERSINANUMBEROFWAYSANEXAMPLEOFTHEAUTHENTICATIONSECTIONOFTHEWEBCONFIGFILE,SETUPFORFORMSBASEDAUTHENTICATION,ISSHOWNHERETHEOPTIONSFORTHEMODEATTRIBUTEOFTHETAGARELISTEDINTABLE42TABLE42OPTIONSOFTHEMODEATTRIBUTEOPTIONDESCRIPTIONDONTTRYTHISATHOMEIMAGINE,IFYOUWILL,ARESOURCETHATSPHYSICALLYLOCATEDATCSUBDIR1SUBDIR2RESOURCEASPXVIRTAULDIRECTORY1ISMAPPEDTOCSUBDIR1,ANDVIRTAULDIRECTORY2ISMAPPEDTOCSUBDIR1SUBDIR2IFYOUACCESSRESOURCEASPXVIAHTTP/LOCALHOST/VIRTUALDIRECTORY1/SUBDIR2/RESOURCEASPX,YOUCOULDACCESSTHEFILEWITHCOMPLETELYDIFFERENTSETTINGSTHANIFYOUUSEDHTTP/LOCALHOST/VIRUALDIRECTORY2/RESOURCEASPXYOUCANDOTHISBECAUSETHEHETINHERITANCEOFCONFIGURATIONINFORMATIONFROMWEBCONFIGISNTBASEDONTHEPHYSICALDIRECTORYHIERARCHYBUTRATHERONTHELOGICALHIERARCHYDEFINEDBYTHEVIRTUALDIRECTORYSTRUCTUREOBVIOUSLY,AVOIDINGTHISKINDOFSETUPISIMPORTANTTOENSURETHATALLACCESSTOARESOURCEUSESTHESAMESETOFCONFIGURATIONSETTINGSTHECONFIGURATIONFILESCONTAINMANYSECTIONSWHATFOLLOWSINTHISSECTIONISANALPHABETICLISTINGANDDESCRIPTIONOFTHESIGNIFICANTSECTIONS,ALONGWITHANEXAMPLEHEREANDTHERETOCLARIFYTHINGSASNEEDEDFORMSUSESAUSERPROVIDEDFORMTOGATHERIDENTIFYINGINFORMATIONWINDOWSUSESWINDOWSAUTHENTICATIONTOOBTAINTHEIDENTITYOFTHEUSERPASSPORTUSESMICROSOFTPASSPORTAUTHENTICATIONNONEUSESNOAUTHENTICATIONWINDOWSAUTHENTICATIONINASPNETISSIMILARTOWINDOWSAUTHENTICATIONINEARLIERVERSIONSOFASPWINDOWSAUTHENTICATIONGENERALLYPIGGYBACKSONIISSUPPORTFORAUTHENTICATIONUSINGTHEWINDOWSUSERDATABASEONEADDITIONISTHEUSEOFWINDOWSAUTHENTICATIONINADDITIONTOSPECIFICUSERANDROLEAUTHORIZATION,ASDISCUSSEDINTHENEXTSECTIONPASSPORTAUTHENTICATIONUSESANEXTERNALUSERDATABASECOMPUTERSUSINGPASSPORTAUTHENTICATIONMUSTHAVETHEPASSPORTSDKINSTALLEDASPNETPROVIDESAWRAPPERAROUNDTHEPASSPORTSDKFORMSBASEDAUTHENTICATIONISCOMMONLYUSEDFORINTERNETAPPLICATIONS,WHEREITSLIKELYTHATNOTALLUSERSWILLBEMEMBERSOFAWINDOWSDOMAINALTHOUGHTHISTYPEOFAUTHENTICATIONCANBEIMPLEMENTEDUSINGTRADITIONALASP,ASPNETMAKESFORMSBASEDAUTHENTICATIONMUCHEASIERBYCREATINGAFORMALIZEDFRAMEWORKTOSUPPORTITASPNETDIFFERENCESINASP,THESTANDARDMETHODFORCONDUCTINGFORMSBASEDAUTHENTICATIONISTOUSETHESESSION_ONSTARTEVENTHANDLER,PLACEDINGLOBALASATOREDIRECTNEWSESSIONSTOALOGINPAGETHISMETHODDOESNTACALEWELLBECAUSETHESESSIONSTATEINASPCANTBEMAINTAINEDACROSSAWEBSERVERFARMTHEFORMSBASEDAUTHENTICATIONMETHODPROVIDESACLEANERWAYTOENSURETHATUSERSARELOGGEDINNOTEWHENMOSTOFTHEATTRIBUTESWITHINALLTHECONFIGURATIONFILESARESPECIFIED,THEYARESPECIFIEDUSINGCAMELCASING,MEANINGTHATTHEINITIALLETTEROFTHEATTRIBUTENAMEISLOWCASEBUTTHEINTIALLETTEROFEMBEDDEDWORDSARECAPITALIZED,FOREXAMPLELOGINURLTHISCONVENTIONISDIFFERENTFROMSOMEEARLIERPUBLICBETAS,INWHICHTHESAMEATTRIBUTEMIGHTHAVEBEENSPECIFIEDUSINGPASCALCASING,RESULTINGINLOGINURLWHENFORMSBASEDAUTHENTICATIONISSPECIFIED,THESUBTAGCANBEUSEDTHETAGHASTHEATTRIBUTESLISTEDINTABLE43TABLE43ATTRIBUTESOFTHETAGATTRIBUTEDESCRIPTIONLOGINURLTHEURLTOWHICHUNAUTHENTICATIONUSERSAREREDIRECTEDTHISURLCANBEONTHESAMEMACHINEORONADIFFERENTMACHINE,BUTIFITSONADIFFERENTMACHINE,THEDECRYPTIONKEYISANATTRIBUTEOFTHETAGINMACHINECONFIGNAMETHENAMEOFTHECOOKIETOUSEFORAUTHENTICATIONPURPOSESIFMORETHANASINGLEAPPLICATIONONMACHINETHEUSESFORMSBASEDAUTHENTICATION,THECOOKIENAMESHOULDBEDIFFERENTFOREACHAPPLICATIONASPNETUSES/ASTHEPATHOFTHECOOKIETIMEOUTTHENUMBEROFMINUTESFOREXPIRATIONOFTHECOOKIETHECOOKIEWILLBEREFRESHIFHALFTHETIMEOUTNUMBEROFMINUTESHASELAPSEDANEFFORTREDUCETHENUMBEROFWARNINGSUSERSWILLGETABOUTRECEVINGCOOKIES,IFTHEYHAVECOOKIEWARNINGTURNEDONBECAUSECOOKIESCANBEREFRESHED,THETIMEOUTVALUEMIGHTLOSEPRECSIONTHUS,YOUCANTABSOLUTELYDEPENDONACOOKIETIMINGOUTINEXACTLYTHENUMBEROFSECONDSSPECIFIEDBYTHETIMEOUTATTRIBUTETHEDEFAULTVALUEIS30PATHTHEPATHFORCOOKIESDEFAULTTO/THISATTRIBUTECANBECHANGEDBYSPECIFYINGAVALUEINTHETAGORCANBECHANGEDPROGRAMMATICALLYPROTECTIONTHETYPEOFCOOKIEPROTECTIONALLOWEDVALUESAREVALIDATION,ENCRYPTION,NONE,ANDALLVALIDATIONVALIDATESTHECOOKIEDATABUTDOESNTENCRYPTITENCRYPTIONENCRYPTSTHECOOKIESDATABUTDOESNTVALIDATEITNONEDOESNEITHERALLTHEDEFAULTBOTHENCRYPTSTHECOOKIEDATAANDVALIDATESIT,DETECTINGANYALTERATIONINTRANSITFORALLBUTTHELEASTIMPORTANTDATA,THEDEFAULTISAREASONABLECHOICE,ATTHECOSTOFSOMEPERFORMANCENOTEWHYVALIDATETHECOOKIEBECAUSETHECOOKIECANBEUSEDTOTIEINTOINFORMATIONTHATSHOULDNTBESHARED,VALIDATINGTHECOOKIEDATAANDREJECTINGITIFITHASBEENTAMPEREDWITHCANENSURETHATNOONECAN,SAY,“HIJACK“ANTHORSHOPPERSSHOPPINGCARTASIMPLEEXAMPLEOFFORMSBASEDAUTHENTICATIONISSHOWNINLISTING46,47,AND48THISSIMPLEMINDEDEXAMPLEUSESAHARDCODEDUSERNAMEANDPASSWORDWITHINLOGINASPX,ASSHOWNINLISTING46THESELISTINGALSOINTRODUCEANEWCLASSOFUSERINTERFACEOBJECTSINLISTING46,THEBUTTONUSEDONTHESCREENISNTASTANDARDHTMLSUBMITBUTTONOREVENASTANDARDHTMLBUTTONBUTRATHERANASPBUTTONWELLEXAMINETHESEOBJECTSINMUCHGREATERDETAILINCHAPTER5FORNOW,JUSTASSURETHATTHEYBEHAVEASYOUMIGHTEXCEPTANDJUSTTAKEITONFAITHTHATTHEONCLICKEVENTCAUSESTHECODEINLOGIN_CLICKATTHETOPOFTHEPAGETOBEFIREDSOMEOFTHEDETAILSWITHINLOGIN_CLICKINLISTING46ARENTIMPORTANT,BUTTHECALLTOFORMSAUTHENTICATREDIRECTFORMLOGINPAGEISTHEFIRSTPARAMETERPASSEDTOTHISMETHODISTHENAMEOFTHEUSER,OBTAINEDFROMUSEREMAILVALUE,USINGMAGICNOTYETDECRIBEDSEECHAPTER5FORMOREINFORMATIONONGETTINGVALUESFROMSERVERCONTROLSTHESECONDPARAMETER,HARDCODEDTOFALSEHERE,INDICATESTHATAPERSISTENTCOOKIESHOULDNTBEUSEDHTMLVOIDLOGIN_CLICKOBJECTSENDER,EVENTARGSE/AUTHENTICATEUSERTHISSAMPLEACCEPTSONLYONEUSERWITH/ANAMEOFDOUGPROGRAMMINGASPNETANDAPASSWORDOF/PASSWORDIFUSEREMAILVALUE“DOUGPROGRAMMINGASPNET“ELSEMSGTEXT“INVALIDCREDENTIALSPLEASETRYAGAIN“LOGINPAGEEMAILPASSWORDLISTING46ALOGINPAGEFORAUTHENTICATIONSAMPLELOGINASPXLISTING47ALSOSHOWSAPEDESTRAINEXAMPLEWELL,PEDESTRAINONCEYOUUNDERSTANDHOWALLTHEASPNETFORMMAGICWORKSANDYOULLLEARNALLABOUTTHATINCHAPTER5THEFORMSIMPLYIDENTIFIESTHEUSERANDALLOWSTHEUSERTOLOGOUTVOIDPAGE_LOADOBJECTSRC,EVENTARGSEWELCOMETEXT“HELLO,“USERIDENTITYNAMEVOIDSIGNOUT_CLICKOBJECTSENDER,EVENTARGSEFORMSAUTHENTICATIONSIGNOUTRESPONSEREDIRECT“LOGINASPX“USINGCOOKIESAUTHENTICATIONLISTING47ARESTRICTEDPAGEFORAUTHENTICATIONSAMPLETHATALLOWSYOUTOLOGOUTDEFAULTASPXLISTING48ISTHECONFIGURATIONFILEFORTHISAPPLICATION,NAMEDWEBCONFIGTHISTOOISAPLAINVANILLAFILETHEAUTHENTICATIONSECTIONISTHEPARTWEREINTERESTEDIN,ANDITSESSENTIALLYTHESAMEASTHEAUTHENTICATIONTAGSHOWNEARLIERALSOOFINTERESTISTHEAUTHENTICATIONTAG,WHICHISRELATEDTOAUTHENTICATIONASWELL,ASDESCRIBEDINTHENEXTSECTIONNOTETHISWEBCONFIGFILEMUSTBEATTHEROOTOFTHEWEBAPPLICATIONDIRECTORYINIISALSO,THEDIRECTORYMUSTBECONFIGUREDASANAPPLICATIONDIRECTORY,NOTAVIRTUALDIRECTORYLOGINURL“LOGINASPX“PROTECTION“ALL“TIMEOUT“60“/LISTING48CONFIGURATIONFILEFORAUTHENTICATIONSAMPLETHERESONEMOREPOSSIBLETWISTTOFORMSBASEDAUTHENTICATIONWITHINTHETAGS,ACREDENTIALSSECTIONISALLOWED,WHEREUSERANDPASSWRODINFORMATIONISALLOWEDFOREXAMPLE,THESELINESCOULDBEADDEDTOTHEAUTHENTICATIONSECTIONOFTHEWEBCONFIGFILESHOWNINLISTING48THETAGHASONEATTRIBUTE,NAMEDPASSWORDFORMATTHEPOSSIBLEVALUESFORTHEPASSWORDFORMATATTRIBUTEARESHOWNINTABLE44TABLE44OPTIONOFTHEPASSWORDFORMATATTRIBUTEOPTIONDESCRIPTIONCLEARSTORESPASSWORDSINCLEARTEXTTHISVALUEISNOTATALLSECURE,BUTITISCONVENIENTFORTESTINGSHA1SHASTANDSFORSECUREHASHALGORITHMSHA1STORESPASSWORDSASSHA1DIGESTSSHA1USESA160BITHASHSIZESHA1WASDESIGNEDTOCORRECTAPROBLEMINTHEORIGINALSHAALGORITHMMD5STORESPASSWORDSASMD5DIGESTSMD5PRODUCESA128BIT“FINGERPRINT“THISVALUEISMUCHMORERELIABLETHANATRANDITIONALCHECKSUMTOVALIDATEAUSERNAMEANDPASSWORDFROMTHEFORM,THEFORMNEEDSTOCALLTHEAUTHENTICATIONMETHODOFTHESYSTEMWEBSECURITYFORMSAUTHENTICATIONCLASSTHEAUTHORIZATIONSECTIONAFTERTHESYSTEMHASIDENTIFIEDAUSER,YOUMIGHTWANTTOCONTROLWHETHERTHEUSERISALLOWEDTOUSETHEAPPLICATIONTHEAUTHORIZATIONSECTIONENABLESYOUTODOEXACTLYTHATBYUSINGANDTAGS,WHICHCANSPECIFYINDIVIDUALUSERS,ORGROUPSOFUSERS,CALLEDROLESUSINGWINDOWSNTGROUPSTOBEMAPPEDTOROLESTHEANDTAGSARESEARCHEDUNTILTHEFIRSTMATCHISFOUNDFORTHEUSERBEINGAUTHORIZEDIFTHEFIRSTMATCHISINTHETAG,THEUSERISALLOWEDIFTHEFIRSTMATCHISINTHETAG,THEUSERISDENIEDACCESSISDENIEDIFNOMATCHINGRULEISFOUNDINGENERAL,FORSITESWHEREAUTHORIZATIONISIMPORTANT,ATAGSHOUDBEPRESENTTOMAKETHEDENIALEXPLICITTHECUSTOMERRORSECTIONFORDEVELOPERS,ONEOFTHEPROBLEMSWITHASPISALACKOFCLARITYINERRORMESSAGESASPNETHASADDRESSEDTHISISSUEBYCREATINGFARBETTERERRORBUTALSOACOUPLELINESBEFOREANDAFTERTHISADDITONALINFORMATIONISIMPORTANTBECAUSEOFTENANERRORONONELINEISINFACTCAUSEDBYANERRORONTHEPREVIOUSLINE。THISERRORPAGEPROVIDESACOUPLELINKSATTHEBOTTOMTHATAREUSEFULTOTHEDEVELOPERTHEFIRSTISSHOWDETAILEDCOMPILEROUTPUTCLICKINGTHISLINKSHOWSTHEOUTPUTTHATWOULDBESEENIFTHECOMMANDLINECOMPILERWERECALLEDDIRECTLYTHISOUTPUTCANBEUSEFULIFTHEREAREWARNINGSTHATOCCURBEFORETHEERRORTHATMIGHTGIVECLUESTOEXACTLYWHATSHAPPENINGTHESIMPLELOGINASPXPAGESHOWNINLISTING46ISEXPANDEDTOOVER400LINESOFDETAILEDLISTINGASASPNETTAKESTHESOURCEPROVIDEDBOTHTHECODEANDTHEHTMLSOURCEANDPRODUCESTHECODEREQUIREDTOCREATETHEPAGEUNDERSTANDINGTHISCODEISNTESSENTIAL,BUTITCANBEUSEFULINSOMEDEBUGGINGSITUATIONSONETHINGYOUSHOULDNOTICEABOUTTHEERRORPAGEISTHATINSHOWINGTHECONTEXT,ITACTUALLYSHOWSTHEUSERNAMEANDPASSWORDTHATTHELOGINPAGEISEXPECTINGOFCOURSE,THISEXAMPLEISCONTRIVEDNOONEWOULDUSESUCHA“SECURITY“SYSTEMINAREALAPPLICATIONHOWEVER,PEOPLEMIGHTHAVEOTHERCODETHATTHEYDPERFERUSERSNOTSEE,SUCHASDATABASEUSERNAMESANDPASSWORDSEMBEDDEDINCONNECTIONSTRINGSEMBEDDINGCONNECTIONSTRINGSINTOTHEAPPLICATIONISABADIDEAFORLOTSOFREASONS,BUTINANYEVENT,PREVENTINGEXPOSUREOFSOURCECODETOUSERSISALWAYSAGOODIDEA译文配置应用程序在列表43中显示的是从VISUALBASICNET代码中遗漏的一组元素。尽管我经常称赞使用OPTIONEXPLICIT（外选项）的优点，但是在这个例子中我没有在PAGE中使用设置EXPLICIT“TRUE“。我能确保页面需求变量被声明当程序从C转换到VISIUALBASICNET以及错误页面出现的时候我错过了一个请求。这个错误信息比ASP错误信息所包括的信息更多，而且它还包括部分产生错误的代码，这些错误以红线标注显示。通过默认，这个详细错误信息只在当程序正在运行时出现。这种默认很好，因为源代码显示包括关于数据库用户名和密码的信息，甚至更多。所以如果我不设置EXPLICIT为TRUE，为什么我得到是关于未申报的变量（在这个例子严重警告，像是“异常“）的错误信息呢答案是WEBCONFIG文件。另外，在每一个页面指定EXPLICIT和STRICT,WEBCONFIG提供配置这些和其他应用设置APPLICATIONGLOBAL方法。列表45是一个简单的WEBCONFIG文件。列表45简单的WEBCONFIG文件，EXPLICIT和STRICT均设置为“TRUE“,排除在每一个VISUALBASICNET页面都设置这些属性的需要。如果你对XML熟悉，你就会意识到列表45是一个简单，友好框架的XML文档。在第8章，我们将讨论关于XML的相关内容，但是与此同时，需要了解下列关于XML方面的内容；XML使用匹配的开始和结束标签，不像HTML那样，可以允许很多的结束标签。对于一些标签，开始和结束标签可以被作为一个标签同时使用。例如，下面标签是有效的XML,是区分大小写的。因此，下面的标签是无效的，因为不是的结束标签尽管NETFRAMEWORK早期的测试版本不计较属性值（例如，TRUE和TRUE被认为是相同的），但是从第2个测试版本开始，配置文件是正确且完全区分大小写的。XML值在引用标记中是被附带的。因此，下面的标签是无效的XML是NETFRAMEWORK首选的数据语言。在写的同时，仍然没有可用的自动管理工具去编辑WEBCONFIG文件。这不是严重的问题，因为XML有一种容易遵循的格式，但是那就意味着你需要通过用编辑程序手动操作这些文件例如NOTEPAD（被人熟知的NOTEPADNET，它是早期ASPNET）。我不会覆盖所有可能的配置选项，因为它们在NETFRAMEWORKSDK文件中被描述；可是，我会利用重要的配置选项和它们的含意，以及解释WEBCONFIG文件中的每个部分。WEBCONFIG文件去哪了对于程序员其一的挫折是在任何复杂的ASPNET网站中所出现的不固定拼凑的文件，这个唯一的配置文件GLOBALASA,而且事实上，这个文件与ASPNETGLOBALASA文件相似。ASP创始者常问，“我把GLOBALASA文件放在哪”实际上你不得不把GLOBALASA文件放在几乎每个目录下。在ASPNET中，WEBCONFIG文件提供一个允许很多站点在每个虚拟站点拥有少数多余配置设置的机制。有一个与WEBCONFIG文件相同后缀的根配置文件，名为MACHINECONFIG。NETFRAMEWORK包括这个文件并且文件包括很多的默认设置。它位于WINDOWS根目录下，在WINDIRMICROSOFTNETFRAMEWORKCONFIG文件夹中。所有在站点上的其他目录继承这个根文件和所有在更高逻辑层存在的WEBCONFIG文件的设置。例如，一个WEBCONFIG文件的组成部分APPSETTINGS。这个部分通常用于产生某些变量，对于一个应用程序的所有页面，对于多样的应用程序（如果变量存在于一个其他应用程序逻辑位于的虚拟目录下），甚至对于机器上所有的应用程序（如果APPSETTINGS部分位于MACHINECONFIG文件中）。单独的APPSETTINGS值基于WEBCOFNIG文件在层里的位置可以不被考虑。假设，例如，MACHINECONFIG包含以下部分在标签中）再假设有一个虚拟目录名为TEST，含有以下部分在标签中如果这些是在机器上唯一的APPSETTINGS部分，任何从APPSETTINGS重新得到KEY为“DSN“的页面将会接收到VALUE为“MYDSN“，除了在TEST应用程序里的页面。在TEST应用程序或是在TEST逻辑目录下的页面将会接收到VALUE为“MYLOCALDSN“。警告如果在注册表里创建对于你来说乐趣不够而且你正在寻找一个新的方法操纵你的机器，而尝试不正确地嵌套部分WEBCONFIG或是MACHINECONFIG文件。尽管这些仅是弄乱ASPNET应用程序，但是也会彻底地弄糟它们。或许有可能将来ASPNET的版本会解决像这样错误，来ASPNET的版本会解决像这样的错误，但是现在的版本做不到。从ASPNET的测试2版本开始，所有的WEBCONFIG文件也是区分大小写的。从一个友好框架XML文件是区分大小写的的观点来说，需求是合理的。那也就是说，对于区分大小写的需要仍然是个努力中的问题。不要在家里尝试这个想象一下，一个资源的物理路径是CSUBDIR1SUBDIR2RESOURCEASPX。虚拟目录1映射到CSUBDIR1,而且虚拟目录2映射到CSUBDIR1SUBDIR2。如果你通过HTTP/LOCALHOST/VIRUALDIRECTORY1/SUBDIR2/RESOURCEASPX访问RESOURCEASPX，可以访问到比你用HTTP/LOCALHOST/VIRUALDIRECTORY2/RESOURCEASPX完全不同设置的文件。可以这样操作，因为配置信息的继承来自于不基于物理目录层的WEBCONFIG，但是在虚拟目录结构所定义的逻辑层上。显而易见地，为了确保使用相同配置设置资源的所有访问，这种安装是很重要的。配置文件包含很多部分。按首字母以及重要部分的描述来排列，这些部分都带有这样和那样的例子来阐明它们的用途和意义。AUTHENTICATION部分ASPNET允许你用很多方法去鉴别用户。举一个WEBCONFIG文件中AUTHENTICATION部分的例子，表单验证,如下标签中MODE选项属性在表42中列出。表42选项MODE属性选项描述FORMS使用用户提供表单来收集辨识信息WINDOWS用WINDOWS验证获取用户信息PASSPORT用MICROSOFTPASSPORT验证NONE无验证ASPNET里的WINDOWS验证与ASP较早版本里的WINDOWS验证相似。WINDOWS验证通常在IIS上使用WINDOWS用户数据库支持验证。除了特殊用户和角色验证还有利用WINDOWS验证，在下个部分进行讨论。身份验证使用外部用户数据库。电脑使用身份验证必须安装PASSPORTSDK。ASPNET在PASSPORT周围提供了一个SDK包的界面。表单验证通常用于INTERNET应用，可能不是所有用户都是WINDOWS领域下的成员。尽管这种验证类型通过用传统ASP实现的，但是ASPNET使表单验证更容易通过创建形式化的框架去支持它。ASPNET的不同之处在ASP中，操作表单验证的标准方法是使用SESSION_ONSTART事件处理，代替GLOBALASA重定向新的SESSIONS到登录页面。这种方法不能很好的衡量，因为在ASP中会话状态不能越过WEB服务域被维持。表单验证方法提供一个更干净的方法去保证用户登陆。注意当在所有配置文件的大部分属性是特定的时候，都指定用CAMELCASING形式，意思是属性名首字母为小写但是含有意义的单词首字母为大写，例如LOGINURL。这个规定与一些更早的公共测试版本不一样，同样的属性可以用PASCALCASING形式，结果是LOGINURL。当特定表单验证的时候，可以使用标签，在表43已列出标签属性表43标签属性属性描述LOGINURL匿名用户被重定向的URL。这个URL可以在相同或不同的机器上使用，但是如果想在不同的机器上使用，在两台机器上DESCRYTIONKEY属性必须是相同。DESCRYPTIONKEY是MACHINECONFIG里标签的一个属性。NAMECOOKIE名称用于验证。如果在机器上多于一个以上的应用程序使用表单验证，每个应用程序的COOKIE名称应该不同ASPNET使用/作为COOKIE的路径。TIMEOUT分钟数使用COOKIE来储存。如果一半TIMEOUT分钟数已经过去COOKIE将刷新如果用