Integrated Web Applications

1

© Keith Vander Linden, 2005

Poor usability definitely drives people away. Life is too short for difficult web sites. Users have been burned enough in the past by bad sites, so most of them have concluded that if a site is too difficult on the first few pages, then it will probably not be worth an extended stay. So they leave. Leaving is the one thing that’s easy on the Web. - Jakob Nielson, interview, Database Management, Riccardi, p. 31.

2


Integrated Web Applications

● The technologies discussed so far are used to implement web applications.

● Integrated applications must be designed.● Technical Issues: (Chapter

11)

– Integrating web forms into an application– Sharing data across an application– Securing an application– Information integrity and recovery

3


Web Application Design

● You must determine:– The information requirements– The user requirements– The security requirements

● General Guidelines:– Focus on the content, not the form.– Design for usability.– Keep it simple.

4


Back to the main page

Secure Section

5


Jakob NielsenDesigning Web Usability

● Developed discount usability engineering

● Focused much recent effort on website usability

● http://www.useit.com/

image from www.useit.com

What’s theBig Idea

6


Navigation

● Applications contain multiple web pages and web forms. Navigation mechanisms:– Standard web pages support hyperlinks.– Web forms, however, post back to

themselves by default.

● ASP.Net provides two mechanisms that transfer control from one form to another:– Response.Redirect(“aNewURL”)– Server.Transfer(“aNewForm”)

7


Response Class Redirects

server

Network

client

IIS Server

File System

ApplicationProcessor

1&2. The user initiates a program that executes a response redirect and the application processor sends a new URL.

3&4. The client requests the new URL and the appropriate server returns it.

8


Server Transfers

server

Network

client

IIS Server

File System


1&2. The user initiates a program that executes a server transfer and the application processor creates/sends back the new form.

9


User Sessions● HTTP is a stateless protocol:

– HTTP requests are treated independently.– User sessions must be implemented on top

of HTTP.● ASP.Net supports three types of state:

– View State

– Application State

– Session State

10


View State● ASP.Net uses view state to represent

the state of the page and its controls.● The information is:

– Stored/transferred in the state bag, which is exchanged over the web in hidden fields.

– Accessed with ViewState(“aName”)● View state is not well-suited for:

– Large amounts of data– Hard-to-serialize data– Secure information

11


Application State● ASP.Net uses application state to

represent global information shared by all sessions of a web application.

● The information is:– Declared/stored in the global.asax

file– Accessed with Application(“aName”)

12


Session State● ASP.Net uses session state to

represent information associated with a single user session.

● The information is:– Stored in web server memory,

separately from the ASP.Net process– Indexed by a session ID, stored either

in the URL or in a cookie– Accessed with Session(“aName”)– Discarded at the end of the session

14


Cookies

● Are small files, stored on the client machine, that are associated with a specific domain.

● They are:– < 4K in size– temporary

or persistent● Pose privacy

concerns

15


3rd Party Cookies

server1

Network

client

DoubleClick Customer

1. The user requests a page from a DoubleClick customer site.

5. Double-click returns a customized advertisement (setting a cookie).

server2

DoubleClick

database

3. Client requests the image from DoubleClick (sending a cookie).

2. The site returns a page that contains an image URL from DoubleClick.

4. DoubleClick records the fact that you visited the customer site.

16


Lou Montulli Cookies

● Introduced in Netscape 1.1 in 1995

● Named them after UNIX magic cookies

● Wrote this preliminary spec

image from www.epinions.com

http://home.netscape.com/newsref/std/cookie_spec.html

17


Security

● Web applications must be secured.● Key issues:

– Authentication

– Authorization

● ASP.Net implements two-layered security:– Web server– Application server

18


Authentication● Authentication determines who the

user is.● It is generally implemented with loginIDs and

passwords.● ASP.Net supports 4 authentication types:

– Anonymous access– Windows Authentication– Passport Authentication– Certificate Authentication– Forms Authentication

19


Anonymous Access● If a user is not authenticated, they

are considered anonymous.● The resources available to these

users are limited only by:– What the web server has access to– What the web server allows the user to

access

20


Windows Authentication● This method uses the MS Windows-

based authentication built into IIS.● The user must:

– Use the Windows platform– Have a Windows account on the server

● This is the default setting.

21


Passport Authentication● Passport authentication uses a

centralized authentication service provided by Microsoft.

● It allows a user to use a single login account for a number of websites.

● It requires that the websites register for Passport service.

22


Certificate Authentication● Certificate authentication is based on

digital keys installed on a computer.● Features:

– Certificates are generally issued by a 3rd party.

– Their operation is seamless to the user.– They are secured with public-key

encryption.

23


Forms Authentication● ASP.Net forms authentication allows

the system to authenticate users once per session.

● It doesn’t require that:– the user have a Windows login– the application register for Passport

service

● It secures access to any ASP.Net form in a directory designated as secure.

24


server

Network

client

IIS Server

File System


1. The user requests a web form in a secure folder.

4. The application processor posts back either the requested page or an error page, depending on whether the authentication is successful.

Forms Authentication (cont.)

2&3. If the user is anonymous, the application processor posts back a login form and collects authentication information.

28


Authorization● Authorization determines what

resources the authenticated user may access.

● ASP.Net allows an application to restrict authorization based on:– Files– URLs

Date post:	07-Jan-2016
Category:	Documents
Upload:	leiko
View:	32 times
Download:	0 times

Integrated Web Applications

Documents