英文文献
An Introductory Guide to Building and Deploying More Secure Sites with
https://www.doczj.com/doc/8b6084450.html, and IIS
SUMMARY
https://www.doczj.com/doc/8b6084450.html, and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of https://www.doczj.com/doc/8b6084450.html, and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security.
There's an old adage among developers that says building security into software is like paying taxes. You know it's important and you know you must do it sooner or later, but you put it off as long as you can and when you finally do it, you do so only because you have to. You might not go to jail for building insecure applications, but security is no less important because of it. In many applications—Web applications in particular—security isn't a luxury; it's a necessity.
Security is a big deal in network applications because by nature those applications are available to (and vulnerable to misuse by and attacks from) a larger population of users. When the network to which an application is deployed is the Internet, security becomes even more important because the list of potential users grows to about four billion. Web security is a broad and complicated subject. Much of the ongoing research in the field has to do with hardening Web servers against attacks. Microsoft? Internet Information Services (IIS) administrators are all too aware of the past security holes in IIS and of several patches and security updates from Redmond. But this article isn't about protecting servers from buffer overruns and other hack attacks; rather, this article is about using https://www.doczj.com/doc/8b6084450.html, to build secure sites that serve up pages only to authorized users.
Most sites built with https://www.doczj.com/doc/8b6084450.html, fall into one of three categories:Sites whose content is freely available to everyone.
Internet sites that serve the general population but require a login before displaying certain pages.eBay is a great example of such a site. Anyone can browse eBay and view the ongoing auctions, but when you place a bid, eBay requires a user name and password. eBay also has a feature named "My eBay" that lets you review the auctions you've bid on. Because My eBay pages are personalized for individual users and because they contain private information such as maximum bid prices, you must log in before viewing them.
Intranet sites that expose content to a controlled population of users—for example, a company's employees—who have accounts in a Windows? domain (or set of domains). Sometimes these sites support a limited degree of Internet access, too, so authorized users can access them from anywhere an Internet connection is available.
Sites that fall into the first category require no special protection beyond what the Web server provides. Sites in the second and third categories require some form of application-level security to identify authorized users and prevent illicit accesses. https://www.doczj.com/doc/8b6084450.html, provides that application-level security. It works in conjunction with IIS and the Windows security subsystem to provide a solid foundation for building secure sites. And it builds on what IIS has to offer to make deploying secure sites as easy as possible.
This is the first in a two-part series on building secure Web sites with https://www.doczj.com/doc/8b6084450.html,.
In this installment, you'll learn how https://www.doczj.com/doc/8b6084450.html, integrates with IIS and Windows and how the three can be combined to protect resources using Windows authentication and access control list (ACL) file authorizations. Part two of this article will cover
https://www.doczj.com/doc/8b6084450.html, forms authentication—a cool new feature of https://www.doczj.com/doc/8b6084450.html, that lets you secure sites using a combination of form-based logins and URL resource authorizations.
Understanding Web Security
At the application level, Web security is first and foremost about securing pages so that they can't be retrieved by unauthorized users—for example, preventing
non-managers from viewing pages containing salary data and performance evaluations on the company intranet or preventing other people from viewing your
My eBay pages. At a slightly deeper level, you might want to know who requested the page so you can personalize it for that individual. Either form of protection requires two overt actions on the part of the application: identify the originator of each request and define rules that govern who can access which pages.
A Web server identifies callers using a mechanism called authentication. Once a caller is identified, authorization determines which pages that particular caller is allowed to view. https://www.doczj.com/doc/8b6084450.html, supports a variety of authentication and authorization models. Understanding the options that are available to you and how they interrelate is an important first step in designing a site that restricts access to some or all of its resources or that personalizes content for individual users.
Authentication
Authentication enables the recipient of a request to ascertain the caller's identity. The caller might claim to be Bob, but you don't know he really is Bob unless you authenticate him. https://www.doczj.com/doc/8b6084450.html, supports three types of authentication: Windows authentication, Passport authentication, and forms authentication.
When Windows authentication is selected, https://www.doczj.com/doc/8b6084450.html, looks to IIS for help. IIS does the hard part by authenticating the caller. Then it makes the caller's identity available to https://www.doczj.com/doc/8b6084450.html,. Let's say Windows authentication is enabled and Bob requests an ASPX file. IIS authenticates Bob and forwards the request to https://www.doczj.com/doc/8b6084450.html, along with an access token identifying Bob. https://www.doczj.com/doc/8b6084450.html, uses the token to make sure Bob has permission to retrieve the page he requested. https://www.doczj.com/doc/8b6084450.html, also makes the token available to the application that handles the request so that at its discretion, the application can impersonate Bob—that is, temporarily assume Bob's identity—to prevent code executed within the request from accessing resources that Bob lacks permission to access.
For Web applications, Windows authentication is typically used in the following scenarios:
Your application is deployed on the company's intranet and everyone who uses it has an account that they can use to log in and access network resources.
Your application is primarily intended for use on the company intranet, but you'd also like it to be possible for employees to be able to log in and use the application remotely—that is, from outside the firewall.
译文:
一个为构建更安全https://www.doczj.com/doc/8b6084450.html,和IIS网站的入门指南
概要:https://www.doczj.com/doc/8b6084450.html,和Microsoft Internet信息服务(IIS)的共同努力,使构建安全的Web站点变得轻而易举。但要想将其做好,你必须知道他们两个如何相互
关联以及他们为获得一个网站的资源所提供的操作方式。这篇文章分为两部分,其中第一部分作为https://www.doczj.com/doc/8b6084450.html,的入门阐述了网络安全基础知识,包括Windows身份验证和ACL授权的教程演示。文章在安全措施和认证方法的范围内进行了讨论,包括基本身份验证,摘要式身份验证,以及基于角色的安全性。
在开发人员之间流传着一句古老的谚语:在软件中建立安全保障就像纳税。你知道这是重要的,你知道你迟早要这样做,但你尽自己可能把它推迟,直到最后不得不做的时候你才去做。您可能没有因为建设不安全的应用程序而进监狱,但是安全保障并没有因此变得不重要。在许多应用中(特别是网络安全应用程序)安全保障不是一种奢侈品,而是一个必需品。
网络应用安全问题是一个很重要的问题,是因为本质上这些应用(并且容易受到攻击和误用)对于绝大部分的用户是开放的。当应用程序部署在互联网上时,安全变得更加重要,因为潜在用户名单增长到约4亿。网络安全是一个广泛而复杂的课题。领域内许多正在进行的研究不得不应对网络服务器攻击。微软因特网信息服务(IIS)管理员都太在意IIS过去的安全漏洞和几个来自微软的补丁和安全更新。但是,这篇文章不是关于防止缓冲区溢出和其他黑客攻击服务器,而是关于使用https://www.doczj.com/doc/8b6084450.html,来建立这种服务只对授权用户服务的安全网站。
大部分用https://www.doczj.com/doc/8b6084450.html,技术建成的网站分为三类,网站的内容是免费提供给大
家的。
因特网网站为广大用户提供一般的服务,但在显示某些网页时需要用户登录。易趣网就是一个很好的例子。这样的网站,任何人都可以浏览易趣和查看正在进行的拍卖,但是你要想出价,就需要用户名和密码登陆。易趣网还拥有一个功能名为“我的易趣”,可以让您查看您的出价记录。因为我的易趣页面中的个性化及因为它们含有最高出价等私人信息,你必须登陆后才可以查看它们。
内联网网站,只将内容展现给限定的用户(例如,一家公司的员工)——那些有账号的人(或域帐户设置控制人口)。有时,这些网站支持有限度的互联网接入,也使授权用户可以从任何地方访问他们有效的互联网。
第一类网站属于不需要什么Web服务器服务以外的特别的保护。在第二和第三类网站需要一些应用程序级的安全形式,确定授权的用户和防止非法访问。https://www.doczj.com/doc/8b6084450.html,提供了该应用程序级安全性。与IIS和Windows安全子系统一起,它
可以为一个安全网站的建设奠定坚实的基础。它建立在IIS提供的功能的基础上,使网站上的安全部署尽可能容易。
这是使用https://www.doczj.com/doc/8b6084450.html,建立一个安全站点的两个步骤之一。在这一部分中,您
将了解https://www.doczj.com/doc/8b6084450.html,如何与IIS和Windows连接,以及如何将这三个部分整合结合
起来用以保护资源使用Windows身份验证和访问控制列表(ACL)文件授权。
这篇文章的两部分将涵盖的https://www.doczj.com/doc/8b6084450.html,窗体身份验证,一个很酷的新功能,让您
的https://www.doczj.com/doc/8b6084450.html,使用的是基于表单的登录名和URL资源的授权组合的安全网站。
了解Web安全
在应用级,Web安全首先是有关保护使他们不能检索由页-例如防止浏览载
有关于公司Intranet薪金数据和性能评价的网页或防止其他非管理员用户未经许可查看您的“我的易趣”网页。在一个稍微深层次上讲,你可能想知道谁需要查看页面,以便您可以个性化设置。任何保护形式需要定义两个关于该应用部分行动:查明每项请求的发端人和定义谁可以访问哪些网页。
一个Web服务器识别来电者使用所谓的身份验证机制。一旦来电者被确认后,授权确定哪些特定呼叫者允许查看网页。https://www.doczj.com/doc/8b6084450.html,支持的身份验证和授权模型品种。他们是如何相互联系构建一个网站来理解哪些选择是可用的是重要的,是限制访问某些资源或全部或个人用户的个性化内容的第一步。
认证
认证是接受请求,以确定来电者的身份。打电话者可能声称是鲍勃,但你不知道他是不是真的鲍勃,除非你验证他。https://www.doczj.com/doc/8b6084450.html,支持三种类型的身份验证:Windows验证,Passport身份验证和形式验证。
当选择Windows身份验证时,https://www.doczj.com/doc/8b6084450.html,将找到IIS寻求帮助。IIS努力验证呼叫方。然后,它把来电者的身份提供给https://www.doczj.com/doc/8b6084450.html,。比方说,Windows身份验
证被启用,并且鲍勃请求一个ASPX文件。IIS验证鲍勃和请求转发到https://www.doczj.com/doc/8b6084450.html,
以及一个访问令牌识别鲍勃。https://www.doczj.com/doc/8b6084450.html,使用令牌来确保鲍勃有权限来检索他要求的网页。https://www.doczj.com/doc/8b6084450.html,还使该应用程序处理该请求,以便在其酌情权下令牌可用,
应用程序可以伪装成乙,也就是暂时假定Bob的身份,以避免在访问资源,鲍勃没有权限访问请求执行的代码。
对于Web应用程序,Windows身份验证通常用于以下情况:
1.您的应用程序部署在公司的内部网,每个需要使用它的人都有一个账户,
他们可以用它来登录并访问网络资源。
2.您的应用程序主要用于对公司内部网的使用,但你也希望它可以让员工远
程(也就是从外部防火墙) 登录应用程序。
Extreme https://www.doczj.com/doc/8b6084450.html, 1.1Web Deployment Projects When ASP was first released, Web programming was more difficult because you needed IIS to serve your ASP pages. Later, https://www.doczj.com/doc/8b6084450.html, 2.0 and Visual Studio? 2005 made everything easier by introducing the Web site model of development. Instead of creating a new project inside Visual Studio, the Web site model lets you point to a directory and start writing pages and code. Furthermore, you can quickly test your site with the built-in https://www.doczj.com/doc/8b6084450.html, Development Server, which hosts https://www.doczj.com/doc/8b6084450.html, in a local process and obviates the need to install IIS to begin developing. The beauty of the Web site model is that you can develop your Web application without thinking about packaging and deployment. Need another class? Add a .cs file to the App_Code directory and start writing. Want to store localizable strings in a resource file? Add a .resx file to the App_GlobalResources directory and type in the strings. Everything just works; you don't have to think about the compilation and deployment aspect at all. When you are ready to deploy, you have several options. The simplest choice is to copy your files to a live server and let everything be compiled on-demand (as it was in your test environment). The second option is to use the aspnet_compiler.exe utility and precompile the application into a binary release, which leaves you nothing but a collection of assemblies, static content, and configuration files to push to the server. The third option is to again use aspnet_compiler.exe, but to create an updateable binary deployment where your .as*x files remain intact (and modifiable) and all of your code files are compiled into binary assemblies. This seems to cover every possible scenario, leaving the developer to focus simply on writing the Web application, with packaging and deployment decisions to be made later when the application is actually deployed. There was a fair amount of backlash against this model, however, especially from developers who were used to their Web projects being real projects, specified in real project files, that let you inject pre-and post-build functions, exclude files from the build process, move between debug and release builds with a command-line switch, and so on. In response, Microsoft quickly introduced the Web Application Project or WAP, initially released as an add-in to Visual Studio 2005, and now included in Visual Studio 2005 Service available for download from https://www.doczj.com/doc/8b6084450.html,/vstudio/support/vs2005sp1. WAP provides an alternative to the Web site model that is much closer to the Visual Studio .NET 2005 Web Project model. The new WAP model compiles all of the source code files during the build process and generates a single assembly in the local /bin directory for deployment. WAP also makes it much easier to incrementally adopt the new partial class codebehind model
毕业设计(论文)外文资料翻译 学院 专业 学生姓名 班级学号 外文出处 附件:1.外文资料翻译译文;2.外文原文 指导教师评价: 1.翻译内容与课题的结合度:□优□良□中□差2.翻译内容的准确、流畅:□优□良□中□差3.专业词汇翻译的准确性:□优□良□中□差4.翻译字符数是否符合规定要求:□符合□不符合 指导教师签名: 年月日
附件1:外文资料翻译译文 非常https://www.doczj.com/doc/8b6084450.html, 1.1Web 部署项目 当ASP 第一次发布时,Web 编程还比较困难,因为需要 IIS 来处理 ASP 页。后来,https://www.doczj.com/doc/8b6084450.html, 2.0 和 Visual Studio? 2005 通过引入网站开发模型使一切工作都变得容易了。借助该网站模型,您不必在 Visual Studio 中创建新项目,而是可以指向一个目录并开始编写网页和代码。此外,您还可以使用内置的 https://www.doczj.com/doc/8b6084450.html, Development Server 快速测试站点,https://www.doczj.com/doc/8b6084450.html, Development Server 将 https://www.doczj.com/doc/8b6084450.html, 寄宿在一个本地进程中,并消除了必须安装 IIS 才能进行开发这一先决条件。该网站模型的魅力在于您在开发 Web 应用程序时无需考虑打包和部署。需要其他类时怎么办?向 App_Code 目录添加一个 .cs 文件即可开始编写。希望将可本地化的字符串存储在资源文件中时怎么办?向 App_GlobalResources 目录添加一个 .resx 文件并键入字符串。一切都顺顺当当;您根本就不必考虑编译和部署方面的事情。 在准备进行部署时,您有多种可选方案。最简单的方案是将文件复制到主运行服务器并按要求编译每一个文件(和在测试环境中一样)。第二种方案是使用 aspnet_compiler.exe 实用工具将应用程序预编译为二进制版本,之后将只剩下要放到服务器上的一组程序集、静态内容和配置文件。第三种方案也使用 aspnet_compiler.exe,但要创建一个可更新的二进制部署,其中 .as*x 文件保持不变(并且可修改),而所有代码文件都编译为二进制程序集。 这似乎涵盖了每一种可能的情况,开发人员可以一心一意地编写 Web 应用程序,而在以后实际部署时再作打包和部署决定。不过,此模型也遭到了相当大的反对,特别是那些习惯了自己开发的 Web 项目是在实际项目文件中指定的实际项目的开发人员的反对,这些项目允许注入生成前和生成后函数、从生成过程排除文件以及使用命令行开关在调试和发布版本之间进行切换等操作。有鉴于此,Microsoft 迅速推出了 Web 应用程序项目(即 WAP),最初它是作为 Visual Studio 2005 的插件发布的,现在包含在 Visual Studio 2005 Service Pack 1 (SP1) 中,Visual Studio 2005 Service Pack 1 (SP1) 可从https://www.doczj.com/doc/8b6084450.html,/vstudio/support/vs2005sp1 下载。 WAP 可替代与 Visual Studio .NET 2005 Web 项目模型非常接近的网站模型。新的WAP 模型会在生成过程中编译所有源代码文件,并在本地的 /bin 目录中生成一个用于部署的程序集。WAP 还使得增量采用 https://www.doczj.com/doc/8b6084450.html, 2.0 引入的新的分部类代码隐藏模型变得更
附录Ⅰ英文文献翻译 Moving from Classic ASP to https://www.doczj.com/doc/8b6084450.html, ABSTRACT https://www.doczj.com/doc/8b6084450.html, is Microsoft new offering for Web application development, innovation within https://www.doczj.com/doc/8b6084450.html, have resulted in significant industry popularity for this product. Consequently there is an increased need for https://www.doczj.com/doc/8b6084450.html, education. The Web Application Development is a third year undergraduate course. To meet the demands of both industry and students, we have changed the focus of this course from Classic ASP to https://www.doczj.com/doc/8b6084450.html,. This paper reports this move. The significant features of https://www.doczj.com/doc/8b6084450.html, and the motivations for this move are discussed. The process, the problems encountered, and some helpful online learning resources are described. Key words: Web Application Development, Classic ASP, https://www.doczj.com/doc/8b6084450.html,, Move, https://www.doczj.com/doc/8b6084450.html, 1. INTRODUCTION https://www.doczj.com/doc/8b6084450.html, is not just a new version of ASP. It provides innovation for moving Windows applications to Web applications. Web services and the .NET framework have made the vision of the Web as the next generation computing platform a reality. With server controls, Web forms and “code-behind”, we can develop a Web application by using a complete object-oriented programming (OOP) model. This increases the popularity of https://www.doczj.com/doc/8b6084450.html, in industry. The industry project is the final course of the Bachelor of Computing Systems (BCS) degree at UNITEC, in which students undertake a real-world project. We have observed a rapid growth of https://www.doczj.com/doc/8b6084450.html, related industry projects in our school. The Web Application Development (WAD) paper is a third year undergraduate course. It was originally offered using ASP 2.0 and ColdFusion. To meet the demands from both industry and students, we have changed the course content to cover https://www.doczj.com/doc/8b6084450.html,, Visual https://www.doczj.com/doc/8b6084450.html, (https://www.doczj.com/doc/8b6084450.html,) and ColdFusion. This change commenced with the first semester of 2003. This paper will examine the features of https://www.doczj.com/doc/8b6084450.html, and explain why these are unique. The motivations for moving to https://www.doczj.com/doc/8b6084450.html, are discussed by analyzing the current situation of https://www.doczj.com/doc/8b6084450.html, related to industry projects in our school, analyzing the results of short surveys on students, and
C# Programming for the Beginner Welcome to C# and the world of Windows, Internet and World-Wide-Web programming with Visual Studio and the .NET platform! This book is the second in our new .NET How to Program series, which presents various leading-edge computing technologies in the con- text of the .NET platform. C# is the next phase in the evolution of C and C++ and was developed expressly forMicrosoft’s .NET platform. C# provides the featu res that are most important to program-mers,suchasobject-orientedprogramming,strings,graphics,graphical-user-inte rface(GUI) components, exception handling, multithreading, multimedia (audio, images, ani-mation and video), file processing, prepackaged data structures, database processing,Internet and World-Wide-Web-based client/server networking and distributed computing.The language is appropriate for implementing Internet- and World-Wide-Web-based appli-cations that seamlessly integrate with PC-based applications. The .NET platform offers powerful capabilities for software development and deploy-ment, including independence from a specific language or platform. Rather than requiringdevelopers to learn a new programming language, programmers can contribute to the samesoftware project, but write code using any (or several) of the .NET languages (such as C#,Visual Basic .NET, Visual C++ .NET and others) with which they are most competent. Inaddition to providing language independence, .NET extends program portability byenabling .NET applications to reside on, and communicate across, multiple platforms—thus facilitating the delivery of Web services over the Internet. The .NET platform enablesWeb-based applications to be distributed to consumer-electronic devices, such as cellPrefaceXXXIXphones and personal digital assistants, as well as to desktop computers. The capabilities thatMicrosoft has incorporated into the .NET platform create a new software-development par-adigm that will increase
毕业设计(论文) 外文文献翻译 文献、资料中文题目:非常https://www.doczj.com/doc/8b6084450.html, 文献、资料英文题目:Extreme ASP.NE 文献、资料来源: 文献、资料发表(出版)日期: 院(部): 专业: 班级: 姓名: 学号: 指导教师: 翻译日期: 2017.02.14
毕业设计(论文)外文资料翻译 学院 专业 学生姓名 班级学号 外文出处 附件:1.外文资料翻译译文;2.外文原文 指导教师评价: 1.翻译内容与课题的结合度:□优□良□中□差2.翻译内容的准确、流畅:□优□良□中□差3.专业词汇翻译的准确性:□优□良□中□差4.翻译字符数是否符合规定要求:□符合□不符合 指导教师签名: 年月日
附件1:外文资料翻译译文 非常https://www.doczj.com/doc/8b6084450.html, 1.1Web 部署项目 当ASP 第一次发布时,Web 编程还比较困难,因为需要 IIS 来处理 ASP 页。后来,https://www.doczj.com/doc/8b6084450.html, 2.0 和 Visual Studio? 2005 通过引入网站开发模型使一切工作都变得容易了。借助该网站模型,您不必在 Visual Studio 中创建新项目,而是可以指向一个目录并开始编写网页和代码。此外,您还可以使用内置的 https://www.doczj.com/doc/8b6084450.html, Development Server 快速测试站点,https://www.doczj.com/doc/8b6084450.html, Development Server 将 https://www.doczj.com/doc/8b6084450.html, 寄宿在一个本地进程中,并消除了必须安装 IIS 才能进行开发这一先决条件。该网站模型的魅力在于您在开发 Web 应用程序时无需考虑打包和部署。需要其他类时怎么办?向 App_Code 目录添加一个 .cs 文件即可开始编写。希望将可本地化的字符串存储在资源文件中时怎么办?向 App_GlobalResources 目录添加一个 .resx 文件并键入字符串。一切都顺顺当当;您根本就不必考虑编译和部署方面的事情。 在准备进行部署时,您有多种可选方案。最简单的方案是将文件复制到主运行服务器并按要求编译每一个文件(和在测试环境中一样)。第二种方案是使用 aspnet_compiler.exe 实用工具将应用程序预编译为二进制版本,之后将只剩下要放到服务器上的一组程序集、静态内容和配置文件。第三种方案也使用 aspnet_compiler.exe,但要创建一个可更新的二进制部署,其中 .as*x 文件保持不变(并且可修改),而所有代码文件都编译为二进制程序集。 这似乎涵盖了每一种可能的情况,开发人员可以一心一意地编写 Web 应用程序,而在以后实际部署时再作打包和部署决定。不过,此模型也遭到了相当大的反对,特别是那些习惯了自己开发的 Web 项目是在实际项目文件中指定的实际项目的开发人员的反对,这些项目允许注入生成前和生成后函数、从生成过程排除文件以及使用命令行开关在调试和发布版本之间进行切换等操作。有鉴于此,Microsoft 迅速推出了 Web 应用程序项目(即 WAP),最初它是作为 Visual Studio 2005 的插件发布的,现在包含在 Visual Studio 2005 Service Pack 1 (SP1) 中,Visual Studio 2005 Service Pack 1 (SP1) 可从https://www.doczj.com/doc/8b6084450.html,/vstudio/support/vs2005sp1 下载。 WAP 可替代与 Visual Studio .NET 2005 Web 项目模型非常接近的网站模型。新的WAP 模型会在生成过程中编译所有源代码文件,并在本地的 /bin 目录中生成一个用于部署的程序集。WAP 还使得增量采用 https://www.doczj.com/doc/8b6084450.html, 2.0 引入的新的分部类代码隐藏模型变得更
毕业设计(论文)外文 资料翻译 题目: 概述 院系名称:信息科学与工程学院 专业班级:计算机科学与技术05级6班 学生姓名:学号: 指导教师:教师职称: 起止时间:地点
概述 当ASP第一次发布时,Web编程还比较困难,因为需要IIS来处理ASP页。后来,和Visual Studio?2005通过引入网站开发模型使一切工作都变得容易了。借助该网站模型,您不必在Visual Studio 中创建新项目,而是可以指向一个目录并开始编写网页和代码。此外,您还可以使用内置的Development Server快速测试站点,Development Server将寄宿在一个本地进程中,并消除了必须安装IIS才能进行开发这一先决条件。下面从不同的方面来介绍技术。 类库 是微软.NET framework整体的一部分,它包含一组大量编程用的类,满足各种编程需要。因为Visual Basic、JScript和C++这些编程语言的很多功能具有重叠性。举例来说,对于每一种语言,你必须包括存取文件系统、与数据库协同工作和操作字符串的方法。此外,这些语言包含相似的编程构造。都能够使用循环语句和条件语句。即使用Visual Basic写的条件语句的语法和用C++的不一样,程序的功能也是相同的。对于多种语言来说维持这一功能需要很大的工作量。那么对所有的语言创建这种功能一次,然后把这个功能用在每一种语言中岂不是更容易。然而.NET类库不完全是那样。它含有大量的满足编程需要的类。举例来说,.NET类库不仅包含处理数据库访问的类和文件协同工作,操作文本和生成图像,而且还包含更多特殊的类用在正则表达式和处理Web协议。此外.NET framework,也包含支持所有的基本变量数据类型的类,比如:字符串、整型、字节型、字符型和数组。 .NET framework是庞大的。它包含数以千计的类。(超过3,400)幸运地是,类不是简单的堆在一起。.NET framework的类被组织成有层次结构的命名空间。 一个命名空间包含一组逻辑的类。举例来说,涉及到与文件系统协同工作的类就集合在命名空间中。命名空间被组织成一个层次结构(一棵逻辑树)。树根就是SYSTEM 命名空间。这个命名空间包含基本的数据类型的所有的类,例如:字符串、数组,还包含提供随机数字和日期的类。 你通过完整的类的命名空间能唯一识别任何的类在.NET framework中的位置。例如,指定找到一个the File class类,按如下操作: .文件 指命名空间,而文件指定特定的类。
外文原文翻译: https://www.doczj.com/doc/8b6084450.html, C#版
ASP(动态服务器主页)是一种较新的技术,它已经过几个阶段的发展(进化).它是怎么诞生的呢?在七年前,它作为一种简单的方法来往普通网页里添加动态内容。自从那时以后,它的发展势头强劲:作为高级网页程序的开发平台,包括:电子商务网站、基于事件驱动的门户网站和你在网上能看到的其他所有东西。https://www.doczj.com/doc/8b6084450.html, 2.0 是ASP的最新版本,而且拥有最让人激动的更新。在https://www.doczj.com/doc/8b6084450.html,帮助下,在网络编程时,开发者不再把一大堆HTML源码和脚本代码杂乱地放在同一页面上。你可以完全使用代码和工具(Visual Studio 2005)来创建网页程序。这些创新的代价仅仅是多学一些东西。你要学一些高级开发工具(Visual Studio)和工具包(the .NET Framework),而且你需要精通一门编程语言,如C#。网络发展的演化因特网是在1960年末在试验中诞生的。它的目标是:建立一个真实的、有弹性的信息网络——可以经受的起若干数量的电脑的崩溃,而不至于阻断其他电脑的正常通信。经得起潜在的重大灾难(如核武器攻击)。美国国防部提供了刚开始的研究基金。最早的因特网局限在教育机构和从事国防的单位。它因为作为学术研究的一种工具而繁荣,它让全球的研究人员可以彼此共享信息。到了1990初,伟大的“猫”诞生了,它通过电话线工作,从此,因特网向商业用户打开了大门。在1993年,第一个HTML浏览器诞生了,标志着因特网革命的到来。我们很难把最早的网页称为网页序。第一代的网页看起来更像小册子:主要由固定的H TML页面构成,这些也都需要手动修改。一个简单的HTML页面有点像一个字处理文档——它包含了格式化的内容,可以在你的电脑上显示,但是并不完成其他任何功能。上面的就是一个最简单的例子,文档包括头信息和单行文本。一个HTML文档有两种类型的内容:文本和标记(告诉浏览器如何格式化)。这些标记很容易辨认,因为它们总是出现在< 和 >之间。HTML定义了不同级别的标题、段落、超链接、斜体和粗体格式、水平线等。举个例子:
出自:Chris Hart,Jokn Kauffman,David Sussman.《Beginning https://www.doczj.com/doc/8b6084450.html,2.0 with C# 》 [M].Wrox,2006:125-131. 英文原文 Authentication One area not yet discussed is that of how the authentication works for this application, and what options are available in https://www.doczj.com/doc/8b6084450.html, for authentication. The examples so far have relied on what’s known as Forms authentication. So, what is Forms authentication, and what are the other options available? ?Forms authentication: Login requests are made by filling in a form on a web page and submitting that form to the server. When the server receives the request, a cookie is written to the user’s local machine, and this cookie is passed back to the server by the browser along with each request that is sent so that the user remains authenticated for as long as is required. ?Windows authentication: Login pages pass user credentials to a web server (IIS only, not the web server built into VWD). The web server then handles the authentication using whichever method is configured on the virtual directory that the application is running within. IIS hooks in to the Windows operating system and Active Directory domain structures, which means that it can rely on user profiles that are stored externally, and use standard Windows credentials to login to the site. Depending on the configuration of your site, and depending on which user account you used to log in to your machine, you may not even have to log in to the site directly, because your current Windows credentials can be passed to the web server automatically for authentication. This is really handy when it comes to developing intranet applications. ?Passport authentication:Login credentials are passed to a Microsoft Passport server where user profiles are stored centrally. You may be familiar with this from logging in to a Hotmail account. And because you can configure Windows to log on to a Passport account on startup, you can access your Hotmail inbox without even having to type a password. Forms Authentication Model. This section looks at how Forms authentication works. Consider the following scenario: ?The user—let’s call him Bob—wants to view Page A, which can’t be accessed by anonymous users, so when Bob tries to view Page A, the browser instead displays a login
C#编程语言外文翻译文献 (文档含中英文对照即英文原文和中文翻译) 译文: C# 编程语言概述 1.C,C++,C#的历史 C#程序语言是建立在C和C++程序语言的精神上的。这个账目有着很有力的特征和易学的曲线。不能说C#与C和C++相同,但是因为C#是建立在这两者之上,微软移除了一些成为更多负担的特征,比如说指针。这部分观看C和C++,在C#中追踪它们的发展。 C程序语言原本是被定义在UNIX操作系统中的。过去经常编写一些UNIX 的应用程序,包括一个C编译器,最后被用于写UNIX自己。它普遍认可在这个学术上的竞争扩展到包含这个商业的世界,脑上。最初的Windows API被定义与使用C同Windows代码一起工作,并且直到今天至少设置核心的Windows操作系统APIS保持C编译器。 来自一个定义的观点,C缺乏一个细节就像Smalltalk这类语言也包含的一
样,一个对象的概念。你将会学到更多的关于对象的内容在第八章“写面向对象的代码”一个对象作为一个数据的收集并且设置了一些操作,代码可以被C来完成,但是对象的观念并不能被强制出现在这个语言中。如果你想要构造你的代码使之像一个对象,很好。如果你不想这么做,C也确实不会介意。对象并不是一个固有的部分在这门语言中,很多人并没有花很大的经历在这个程序示例中。 当面向对象的观点的发展开始得到认可之后,思考代码的方法。C++被开发出,包含了这种改良。它被定义去兼容C(就像所有的C程序同样也是C++程序,并且可以被C++编译器编译)C++语言主要的增加是提供这种新的概念。C++又额外提供了的类(对象的模板)行为的衍生。 C++语言是C语言之上的改良体,不熟悉的不常用的语言上,例如VB,C 和C++是很底层的,而且需要你错大量的编码来使你的应用程序很好的运行。理和错误检查。和C++可以处理在一些非常给力的应用程序中,码工作的很流畅。被设定的目标是保持对C的兼容,C++不能够打破C的底层特性。 微软定义的C#保留了很多C和C++的语句。码并且能想对快地识别代码。对于C#来说一个很大的优势是它的设计师并没有让它去兼容C和C++。当这看起来或许是个错误的处理时,事实上是一个好消息。C#剔除了一些使得C和C++工作起来很困难的东西。始怪癖和在C中发现的缺陷。C#正在开始一个清洁的石板并且没有任何兼容需求。因此它能够保持前辈的强项并且丢弃使得C和C++程序生存困难的弱点 2. 引进C# C#这门在.NET体系中被引进的全新语言,是从C++衍生出来的。然而,C#是一门流行的,面向对象的(从头到尾)类型安全的语言。 语言特征 下面的部分提供了一个快速的视角关于C#语言的一些特征。如果它们中的某些概念对你来说很陌生,不要着急,所有的东西都将在后续章节中详细说明。 类 在C#中,所有的代码和数据都必须被附在一个类中。你不能在类外定义一个变量,同样的你也不能写任何不在类中的代码。当一个类的对象被创建并且运行时,类就被构造了。当类的对象被释放时,类也就被销毁了。类提供了单继承,所有的类最终从基类获取的东西就是对象。随着时间的推移,C#提供了有版本的技术去帮助你的类的形成来保养代码的兼容当你使用你更早期的类的代码的时候。
WhereC#FitsIn Inonesense,C#https://www.doczj.com/doc/8b6084450.html,istot heWindowsenvironment.JustasMicrosofthasbeenaddingmoreandmorefeaturestoWindo wsandtheWindowsAPIoverthepastdecade,VisualBasicandC++haveundergoneexpansio n.AlthoughVisualBasicandC++haveendedupashugelypowerfullanguagesasaresultofthi s,bothlanguagesalsosufferfromproblemsduetothelegaciesofhowtheyhaveevolved. InthecaseofVisualBasic6andearlier,themainstrengthofthelanguagewasthefactthatitw assimpletounderstandanddidn’tmakemanyprogram mingtaskseasy,largelyhidingthedeta ilsoftheWindowsAPIandtheCOMcomponentinfrastructurefromthedeveloper.Thedown https://www.doczj.com/doc/8b6084450.html,,anddesignedwithacleanslate.VisualC#.NETisther esult.Officially,MicrosoftdescribesC#asa“simple,modern,object-oriented,andtype-safe programminglanguagederivedfrom CandC++.”Mostindependentobserverswouldprobablychangethatto“derivedfromC,C+ +,andJava.”Suchdescriptionsaretechnicallyaccuratebutdolittletoconveythebeautyorele ganceofthelanguage.Syntactically,C#isverysimilartobothC++andJava,tosuchanextentt hatmanykeywordsarethesame,andC#alsosharesthesameblockstructurewithbraces({})to markblocksofcode,andsemicolonstoseparatestatements.ThefirstimpressionofapieceofC #codeisthatitlooksquitelikeC++orJavacode.Behindthatinitialsimilarity,however,C#isal oteasiertolearnthanC++,andofcomparabledifficultytoJava.Itsdesignismoreintunewithm
C# 语法表现力强,而且简单易学。C# 的大括号语法使任何熟悉C、C++ 或Java 的人都可以立即上手。了解上述任何一种语言的开发人员通常在很短的时间内就可以开始使用C# 高效地进行工作。C# 语法简化了C++ 的诸多复杂性,并提供了很多强大的功能,例如可为null 的值类型、枚举、委托、lambda 表达式和直接内存访问,这些都是Java 所不具备的。C# 支持泛型方法和类型,从而提供了更出色的类型安全和性能。C# 还提供了迭代器,允许集合类的实施者定义自定义的迭代行为,以便容易被客户端代码使用。在C# 3.0 中,语言集成查询(LINQ) 表达式使强类型查询成为了一流的语言构造。 作为一种面向对象的语言,C# 支持封装、继承和多态性的概念。所有的变量和方法,包括Main方法(应用程序的入口点),都封装在类定义中。类可能直接从一个父类继承,但它可以实现任意数量的接口。重写父类中的虚方法的各种方法要求override关键字作为一种避免意外重定义的方式。在C# 中,结构类似于一个轻量类;它是一种堆栈分配的类型,可以实现接口,但不支持继承。除了这些基本的面向对象的原理之外,C# 还通过几种创新的语言构造简化了软件组件的开发,这些结构包括: ?封装的方法签名(称为“委托”),它实现了类型安全的事件通知。 ?属性(Property),充当私有成员变量的访问器。 ?属性(Attribute),提供关于运行时类型的声明性元数据。 ?内联XML 文档注释。 ?语言集成查询(LINQ),提供了跨各种数据源的内置查询功能。 在C# 中,如果必须与其他Windows 软件(如COM 对象或本机 Win32 DLL)交互,则可以通过一个称为“互操作”的过程来实现。互操作使C# 程序能够完成本机C++ 应用程序可以完成的几乎任何任务。在直接内存访问必不可少的情况下,C# 甚至支持指针和“不安全”代码的概念。 C# 的生成过程比C 和C++ 简单,比Java 更为灵活。没有单独的头文件,也不要求按照特定顺序声明方法和类型。C# 源文件可以定义任意数量的类、结构、接口和事件。 下列各项是其他C# 资源: