Trust Levels in ASP.net

  • Written by Ajay Pathak
  • Posted May 5, 2010 at 6:31 pm

Trust levels let you define security rules. They define what types of operations an application can perform, such as reading from disk or accessing the registry. Each trust level has an associated policy file, except for Full trust. When an application runs with Full trust, code access security places no restrictions on the resources and operations that the application is allowed to access. Access to resources is based on operating system security and Microsoft Windows® access control lists (ACLs). Full trust is mapped to an internal handler, so it is not possible to edit the user rights to perform operations for an application. Full trust is effectively the absence of an application domain policy, and therefore it never has an associated policy file.

To protect ASP.NET applications, you can restrict access to resources and the operations that they can perform. You do this by setting the <trust> element to a predefined trust level in either the machine-level Web.config file or the application’s Web.config file.

The following list describes the predefined trust levels:

Full 

Applications that run at Full trust level can execute arbitrary native code in the process context in which they run. Because of the inherent risks that come with running in Full trust mode, this mode is not recommended in a shared environment except when every Web site uses its own application pool and application pool identity.

Important   The default trust level is Full trust. You should evaluate the security requirements for your environment and set the trust level appropriately.

High 

Code in High trust applications can use most .NET Framework permissions that support partial trust. This mode is often appropriate for trusted applications that you want to run with fewer user rights in order to mitigate risks. For example, this level provides the same access as Full trust, but restricts access to unmanaged code and COM interop.

Medium

Code in Medium trust applications can read and write in its own application directories and can interact with Microsoft SQL Server™ databases. However, by default, the user rights that are needed to access OLE DB and ODBC are not granted to Medium trust applications. Medium trust is the recommended setting for a shared server, because it allows connections to SQL Server databases and restricts most other user rights to the application root structure.

Low 

Code in Low trust applications can read its own application resources but cannot make any out-of-process calls, such as calls to a database, to the network, and so on. By using Low trust, you effectively lock applications down to their application directory and remove all access to system resources.

Minimal

Code in Minimal trust applications can execute but cannot interact with any protected resources. Minimal trust may be appropriate for mass hosting sites that want to support dynamic generation of Hypertext Markup Language (HTML) and isolated business logic.

The definition of the trust levels is essentially the same from ASP.NET version 1.1 through version 4. However, some of the user rights or operations that can be granted at each trust level vary slightly. For example, in ASP.NET 2.0 and later, Medium trust code can enable access to OLE DB APIs.

For information about how to run ASP.NET applications in a hosted environment, including trust levels and code access security, download the Microsoft Solution for Windows-based Hosting version 3.5 tool kit from the Microsoft download center. For information about hosting environments and architecture, see the Hosting Guidance for the Microsoft Web Platform on the IIS.net Web site.

No Comments
Filed under: ASP.net

Expert SQL Server 2008 Development

  • Written by Ajay Pathak
  • Posted April 14, 2010 at 7:56 am

No Comments
Filed under: SQL Server

Identifying the exceptions thrown from a given method

  • Written by Ajay Pathak
  • Posted March 2, 2010 at 8:28 pm

.Net runtime throw a number of exceptions so it becomes really important to understand which exceptions may be thrown by a given base class library method. .Net Framework SDK contains a list of exceptions a given member may throw. Visual Studio 2008 allows you to view the list of all exceptions thrown by a base class library member (if any) simply by hovering your mouse cursor over the member name in the code window.

Identifying the exceptions thrown from a given method

No Comments
Filed under: Visual Studio

Backup And Restore Database SQL Script for SQL Server

  • Written by Ajay Pathak
  • Posted February 22, 2010 at 7:52 pm

Its a very common task to backup and restore SQL Server databases. SQL Server Management studio offers a GUI for performing backup and restore but following queries would be very useful for backup and restore if you are not having access to SQL Server Management Studio

Backup Script

BACKUP DATABASE  database_name  TO DISK = ‘C:\example.bak’ WITH FORMAT;

Restore Script

RESTORE DATABASE ‘DATABASE_NAME’ FROM DISK =’C:\EXAMPLE.BAK’

No Comments
Filed under: SQL Server

Download Visual Studio 2010 and .NET Framework 4 Training Kit – February Release

  • Written by Ajay Pathak
  • Posted February 12, 2010 at 6:51 pm

The Visual Studio 2010 and .NET Framework 4 Training Kit includes presentations, hands-on labs, and demos. This content is designed to help you learn how to utilize the Visual Studio 2010 features and a variety of framework technologies including:

  • C# 4.0
  • Visual Basic 10
  • F#
  • Parallel Extensions
  • Windows Communication Foundation
  • Windows Workflow
  • Windows Presentation Foundation
  • ASP.NET 4
  • Windows 7
  • Entity Framework
  • ADO.NET Data Services
  • Managed Extensibility Framework
  • Visual Studio Team System

This version of the Training Kit works with Visual Studio 2010 RC and .NET Framework 4 RC.

  • Supported Operating Systems: Windows 7; Windows Server 2008; Windows Vista

Visual Studio 2010 RC .NET Framework 4 RC.

Instructions

Download and launch the self-extracting package. The Training Kit will uncompress to the selected folder and launch a HTML browser for the content.

Download Visual Studio 2010 and .NET Framework 4 Training Kit – February Release

No Comments
Filed under: Visual Studio

Windows Identity Foundation

  • Written by Ajay Pathak
  • Posted January 13, 2010 at 8:03 pm

The Windows Identity Foundation helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integrated .NET tools.Windows Identity Foundation helps .NET developers build claims-aware applications that externalize user authentication from the application, improving developer productivity, enhancing application security, and enabling interoperability. Developers can enjoy greater productivity, using a single simplified identity model based on claims. They can create more secure applications with a single user access model, reducing custom implementations and enabling end users to securely access applications via on-premises software as well as cloud services. Finally, they can enjoy greater flexibility in application development through built-in interoperability that allows users, applications, systems and other resources to communicate via claims.

Download Windows Identity Foundation

No Comments
Filed under: SDK

Office 2010 Developer Training Kit Available for Download

  • Written by Ajay Pathak
  • Posted December 15, 2009 at 6:29 pm

Office 2010 Developer Training Kit Microsoft Office 2010 Beta is a broadly extensible platform for building information worker productivity solutions and developing for Office with Visual Studio 2010 Beta 2 makes this easy. The Office 2010 Developer Training Kit content is designed to help developers get started building solutions, from add-ins to full featured Office Business Applications (OBAs), using Visual Studio 2010 with Office 2010 and SharePoint 2010 as the core platform.

This training kit is an offline complement to the Office Learning Center and provides links to the videos but the hands-on labs (HOLs), source code and presentations will be conveniently available on the local machine. The possibilities and scenarios that are now available with Office 2010 and Office coupled with SharePoint 2010 are very exciting.

Each of the HOLs in the training kit have a number of exercises to incrementally present the concepts and help the developer build their skills. The labs included in the training kit are:

  • Getting Started with Office 2010 Development

  • Office 2010 UI Customizations

  • Client Workflow

  • Security and Deployment

  • Open XML

  • InfoPath and Forms Services

  • Business Connectivity Services

  • Office 2010 Service Applications

  • Developing BI Applications

There will be more to come, so stay tuned to the Office Learning Center on Channel 9. And don’t forget to check for new resources coming online at the Office Developer Center on MSDN. Lastly, be sure to check out the SharePoint 2010 Developer Training Kit as well on the Channel 9 SharePoint Learning Center.

Download Office 2010 Developer Training Kit

No Comments
Filed under: Office

Understanding Method Overloading in C#

  • Written by Ajay Pathak
  • Posted December 14, 2009 at 7:30 pm

Like other Programming languages C# also supports method overloading. Method overloading is a feature found in various programming languages such as Ada, C#, C++, D and Java that allows the creation of several methods with the same name which differ from each other in terms of the type of the input and the type of the output of the function. [According to wikipedia]

Method Overloading Example

Suppose in our application we want to add to two integers, double, float and long. The first way is to create unique methods for each addition operation or call a single method name with distinct set of arguments.

The Visual Studio IDE will provide you assistance while calling overloaded method.

method overloading

Code Snippet
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5.  
  6. namespace Method_Overloading
  7. {
  8.     class Program
  9.     {
  10.         static void Main(string[] args)
  11.         {
  12.             Console.WriteLine("**********************************Method Overloading Demo**********************************");
  13.             Console.WriteLine("Add two int :" + Add(1, 1));
  14.             Console.WriteLine("Add two Double :" + Add(1.0, 1.0));
  15.             Console.WriteLine("Add two float :" + Add(11.12, 1.123));
  16.             Console.WriteLine("Add two long :" + Add(234561, 11235678));
  17.             Console.ReadLine();
  18.  
  19.         }
  20.         private static  Int64 Add(int num1, int num2)
  21.         {
  22.             return num1 + num2;
  23.         }
  24.         private static double Add(double num1, double num2)
  25.         {
  26.             return num1 + num2;
  27.         }
  28.         private static float Add(float num1, float num2)
  29.         {
  30.             return num1 + num2;
  31.         }
  32.         private static long Add(long num1, long num2)
  33.         {
  34.             return num1 + num2;
  35.         }
  36.     }
  37. }

Method overloading does not depends upon the return type of method, if you are having two methods with unique name with equal number of arguments and of same type with different return type than these methods are not overloaded method instead they are same methods and compiler will give error at compile time.

method overloading error

No Comments
Filed under: C#

Data Type Conversion in .Net

  • Written by Ajay Pathak
  • Posted December 5, 2009 at 4:58 am

Some times it is required to convert data from one base data type to another base data type. The Convert Class converts a base data type to another base data type. Convert class throw a FormatException when the attempt was made to convert a String to other base data type and String value is in not proper format. To Handle FormatException we can use Convert class convert method inside try catch block but there is another better way of doing the same thing is to use TryParse to avoide runtime errors and eliminate the need of Try Catch block.

TryParse method is available for all .Net base data type including Boolean, Char, SByte, Byte, Int16, Int32, Int64, UInt16, UInt32, UInt64, Single, Double, Decimal, DateTime and String. There are two overloaded versions of TryParse method is available for each .Net base data type.

Boolean.Try Parse

Converts specified String value to equivalent Boolean Value. Return True if Conversion is successful otherwise return False.

Byte.TryParse

Converts Specified String value to equivalent Byte Value. Return True if conversion is successful otherwise return False.

TryParse works in the same way for other base type also.

Code Snippet
  1. Dim Result As Boolean
  2.         Dim ByteResult As Byte
  3.         Dim BooleanResult As Boolean
  4.         Dim IntegerResult As Integer
  5.         Dim DoubleResult As Double
  6.         Dim InputString As String = "1"
  7.  
  8.         Result = Byte.TryParse(InputString, ByteResult)
  9.         If Result = False Then
  10.             Console.WriteLine(InputString & " is not converted into Byte" & vbCrLf)
  11.         Else
  12.             Console.WriteLine(InputString & " is converted to Byte : " & ByteResult & vbCrLf)
  13.         End If
  14.  
  15.         InputString = "True"
  16.         Result = Boolean.TryParse(InputString, BooleanResult)
  17.         If Result = False Then
  18.             Console.WriteLine(InputString & " is not converted to Boolean : " & vbCrLf)
  19.         Else
  20.             Console.WriteLine(InputString & " is converted to Boolean : " & BooleanResult & vbCrLf)
  21.         End If
  22.  
  23.         InputString = "12345"
  24.         Result = Integer.TryParse(InputString, IntegerResult)
  25.         If Result = False Then
  26.             Console.WriteLine(InputString & " is not converted to Integer" & vbCrLf)
  27.         Else
  28.             Console.WriteLine(InputString & " is converted to Integer : " & IntegerResult & vbCrLf)
  29.         End If
  30.  
  31.         InputString = "12345.111"
  32.         Result = Double.TryParse(InputString, DoubleResult)
  33.         If Result = False Then
  34.             Console.WriteLine(InputString & " is not converted to Double : " & vbCrLf)
  35.         Else
  36.             Console.WriteLine(InputString & " is converted to Double : " & DoubleResult & vbCrLf)
  37.         End If

No Comments
Filed under: Code

Silverlight 4 Beta Documentation is Now Available for Download

  • Written by Ajay Pathak
  • Posted November 30, 2009 at 7:24 pm

Silverlight Beta 4 documentation is already available on MSDN website and developers can also access Silverlight Beta 4 documentation offline.

Download Silverlight Beta 4 Documentation

Silverlight Beta 4 Documentation on MSDN

No Comments
Filed under: Silverlight
« Go backView more »