In computing and security, authentication is a term used to describe the process of identifying someone or something by comparing them to whom or what they are supposed to be. One of the most common authentication processes includes providing a password or other login information (Whatis.com – Authentication, 2006). Authentication should not be confused with authorization. The latter is a term used to describe which permissions are assigned to a person or thing. For example, someone must be given authorization to access certain resources. Then the process used to identify the person as being who they claim to be would be accomplished by some form of authentication (Whatis.com – Authorization, 2006).
There are also more advanced techniques of authenticating someone’s identity, such as biometric technologies, which are able to authenticate a person’s identity by scanning some unique biological characteristic, such as fingerprints or eye retinas. A common form of authentication used for Internet transactions utilizes digital certificates, which are provided by a Certificate Authority. Digital certificates and Certificate Authorities (CA) are components of a larger system known as a public key infrastructure (PKI). Using an algorithm, a CA creates a private key and then issues public keys through digital certificates. For transmission to occur, data is encrypted using a cryptography method. Public keys can be distributed and used for authenticating an objects identity, such as a computer or person. The public key must be compared against the private key and they must match in order for something to be authenticated. Once an object is authenticated, the data can be decrypted (Whatis.com – PKI, 2006).
There are several built-in authentication options available in ASP.NET. Custom authentication methods can be developed as well. Some of the built-in methods supported by ASP.NET include Form-based authentication and Passport authentication. Integrated Windows authentication is a common method, which uses Windows credentials to verify a user’s identity. Windows authentication is flexible and easy to implement. It is not necessary to hard-code anything because IIS controls the authentication process (ASP 101 – Security Features in ASP.NET, 2006).
Resources:
Whatis.com – Authentication. (2006). Retrieved July 27, 2006 from http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211621,00.html
Whatis.com – Authorization. (2006). Retrieved July 27, 2006 from http://searchappsecurity.techtarget.com/sDefinition/0,,sid92_gci211622,00.html
Whatis.com – PKI. (2006). Retrieved July 27, 2006 from http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.html
ASP 101 – Security Features in ASP.NET. (2006). Retrieved July 27, 2006 from http://www.asp101.com/articles/cynthia/authentication/default.asp
SQL stands for Structured Query Language. It is a programming language designed to allow the viewing and manipulation of data within a database (Wikipedia – SQL, 2006). There several proprietary versions of the Structured Query Language, primarily because each major database system vendor has created their own version. For instance, Microsoft has created Transact-SQL or T-SQL which is used to interact with SQL Server databases (Wikipedia – Transact-SQL, 2006) and Oracle has created SQL*Plus which is used to interact with Oracle databases, but all versions have certain similarities and share syntax to some extent (Basic Introduction to SQL*Plus, 2006). Understanding the fundamentals of SQL is typically all that is needed in order to understand and use SQL statements.
A SQL statement is a string of text, which is interpreted to build a command that is run against a database or database system. There are many SQL commands available, which allow you to perform a variety of actions. For instance, using various SQL statements, you can view, edit, and delete data within tables as well create and delete entire databases. The four most common SQL commands used to query databases are SELECT, INSERT, UPDATE, and DELETE. Other commands allow you to perform complex statements, such as the JOIN command, which allows running queries against multiple tables simultaneously. A typical SELECT statement specifies a column or columns and a table or tables using a JOIN statement. You can also use keywords such as WHERE and LIKE to specify parameters, which limit the data that is returned.
The following SQL statement would return all rows of data from a table called tblUsers where the fldFirstName is equal to “John”.
SELECT * FROM tblUsers WHERE fldFirstName = ‘John’
If I were interviewing an ASP.NET programmer as a candidate for an ASP.NET development position, I would most likely expect them to have a working knowledge of SQL and at least one major database system such as SQL Server or Oracle. ASP.NET is used primarily to create dynamic web applications, many of which interact with backend database systems. It is important that the developer of an ASP.NET web application be accustomed to working with databases. This will most definitely require knowledge of SQL (W3Schools – Web Building, 2006).The main difference between a web designer and a web developer is that a web designer focuses primarily on the interface design of a website; therefore, they would not necessarily need experience programming in ASP.NET or SQL. However, a web developer is typically responsible for creating the code, which makes a website functional and dynamic. By virtue of the term “ASP.NET programmer”, it is assumed that the duties, which would fall under such a title, would include web development as well as web design. I would expect any seasoned web developer to have experience writing applications, which interact with databases using SQL statements.
Resources:
Wikipedia – SQL. (2006). Retrieved on July 19, 2006 from http://en.wikipedia.org/wiki/SQL
Wikipedia – Transact-SQL. (2006). Retrieved on July 19, 2006 from http://en.wikipedia.org/wiki/Transact-SQL
Basic Introduction to SQL*Plus. (2006). Retrieved on July 19, 2006 from http://www-it.desy.de/systems/services/databases/oracle/sqlplus/sqlplus.html.en
W3Schools – Web Building. (2006). Retrieved on July 19, 2006 from http://www.w3schools.com/site/site_intro.asp
An event is a message that signifies that something has happened (MSDN – Events in Visual Basic, 2006). Once an Event occurs, the Event can be handled by using an Event Handler. An Event Handler is a method that contains code, which is executed when a specific event occurs (TopXML : Handling Events, 2006). Events can be based on user input or they can be raised manually by writing code to do so. The .NET Framework contains several built in Events such as the Click event. When a user clicks on an object, if the object contains an Event Handler for the Click event, then the code within the Event Handler will be executed. Custom Event Handlers can also be created by the developer (MSDN – Raising an Event, 2006).
Although there are some similarities in the way events are handled using WebForms vs. WinForms, there are also some significant differences. Some events that are available for WinForms controls are not available for WebForm controls and vice versa, however, like WinForms, WebForms can be coded using any .NET language. (WDVL: WebForms, 2006). The main difference between events in WebForms vs. WinForms has to do with the way controls interact with the application. For instance, in WinForms applications the controls are always client-side, but with WebForms, the controls can be run on the server but rendered on the client. Similarly to WinForms, code can be added “behind” WebForm pages and controls based on Events (Find Tutorials, 2006).
Just like WinForms, when an event is raised on a WebForm, the Event Handler executes the code within the Event Handler Method. The difference is that, instead of executing immediately on the client, a message is sent to the web server, the event is handled on the server and then a message containing the output is sent back to the client from the server (TAKempis – ASP.Net Fundamentals, 2006).
Resources:
MSDN – Events in Visual Basic. (2006). Retrieved July 14, 2006 from http://msdn2.microsoft.com/en-us/library/ms172877.aspx
TopXML : Handling Events. (2006). Retrieved July 14, 2006 from http://www.topxml.com/dotnet/handling_events.asp
MSDN – Raising an Event. (2006). Retrieved July 14, 2006 from http://msdn2.microsoft.com/en-us/library/wkzf914z.aspx
WDVL: WebForms. (2006). Retrieve July 14, 2006 from http://www.wdvl.com/Authoring/Tools/NET/net2_4.html
Find Tutorials. (2006). Retrieve July 14, 2006 from http://tutorials.findtutorials.com/read/category/85/id/162
TAKempis – ASP.Net Fundamentals. (2006). Retrieved July 14, 2006 from http://www.takempis.com/aspnet_fundamentals.asp
In general programming terms, a component is a reusable piece of code that can also be referred to as a class. However, classes and components are not necessarily the same thing. The main difference between a class and a component is that a component is graphical class, which is built into the IDE and can be dragged and dropped onto a class object (Classes vs. Components, 2006). A class may not necessarily be considered a component, but a component can be considered a class. A class is typically part of a larger entity known as a namespace. In the same respect, a namespace is simply a collection of classes. Classes are inherent in the object-oriented programming model. They are used as descriptors for objects. Objects are instances of classes. Different object-oriented languages have built-in classes. The .NET Framework is unique in that it offers set of built in namespaces and classes that are language independent. This means that whether you are coding in Visual Basic, C# or any other .NET language, they all make use of the same namespaces and classes. In addition, custom classes can be created to the developer’s specification. In any case, objects or instances of classes contain what are known as properties. Property types are inherent to the class that the object belongs to but each instance of an object can contain different property values (MSDN – TextBox Class, 2006). Here is an example of how to define a property value for an object, which is an instance of a class and part of an overall namespace
System.Windows.Forms.txtTextBoxObject.Text = “value”
Using the example above, the following statements are true
- System.Windows.Forms is the namespace
- TextBox is the class or component
- txtTextBoxObject is the object or instance of the TextBox class
- .Text is the property
- “value” is the property value for the object or specific instance of the TextBox class
In the example shown above the data type of the .Text property is string. Depending on the object and its available properties, the data type of a property may be a data type other than string. It may be a Boolean, integer, dataset, or even a custom defined data type. Property values can also be converted when assigned to a property of an object. For instance, a string value can be converted to an integer value which may actually be required if the property data type is integer. It is a good idea to add Option Explicit On and Option Strict On to class objects before actually coding them. Option Explicit On requires that all variables and their data types be explicitly declared (MSDN – Option Explicit, 2006). Option Strict On requires that values and their data types must be not be implicitly converted (MSDN – Option Strict, 2006). In other words, you must explicitly convert values to specific data types. Using these options decreases the possibility and frequency of runtime errors.
One of the most advantageous aspects of using components is the reusability factor. It is an extreme disadvantage to have to rewrite code repeatedly. Using components or classes and creating objects, then modifying each object and its properties as necessary can save a lot of time and energy when developing applications that use multiple objects with similar properties. Another advantage is that you do not always have to write your own code or develop your own components. There are many classes and components available that other developers have created which you can obtain and use in your own application. Some of these classes or components you may be able to download from the Internet free even. Some of the more complex classes you may have to purchase, but in many cases, the expense is worth not having to spend the time developing them from scratch.
The two main types of class data are Hidden and Exposed. Exposed data is available to the author and to the developer as well, but Hidden data is available only to the author of the class. The difference between an author and a developer is that the author is responsible for creating classes but the developer simply uses instances of classes. If while creating a class, the author specifies data as Hidden, then that data will not be accessible to the developer. Specifying the visibility of a variable determines whether it is Hidden or Exposed (DSU.edu – Instructor’s Notes). The visibility types for variables are Public, Friend, and Private. Public variables are exposed and accessible by other projects and classes. Friend variables are exposed to classes inside the same project but hidden to classes in other projects. Private variables are hidden from all other classes and only available from within the same class it is declared.
Resources:
Classes vs. Components. (2006). Retrieved July 2, 2006 from http://www.vbip.com/books/1861007167/chapter_7167_10.asp
MSDN – TextBox Class. (2006). Retrieved July 2, 2006 from http://msdn2.microsoft.com/en-us/library/system.windows.forms.textbox.aspx
MSDN – Option Explicit. (2006). Retrieved July 2, 2006 from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vblr7/html/valrfoptionexplicitrequireexplicitdeclarationofvariables.asp
MSDN – Option Strict. (2006). Retrieved July 2, 2006 from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vblr7/html/valrfoptionstrictenforcestricttypesemantics.asp
DSU.edu – Instructor’s Notes. (2006). Retrieved July 2, 2006 from http://courses.dsu.edu/cis251/VBNET/Ch%2012%20NOtes.htm
