Unit 5: Advanced server side issues

Database connectivity
For data incentive applications, we need a resilient connection to backing store. Every
languages/frameworks have their own conventions and driver sets to connect to database. In .NET,
ADO.NET (Active Data Object) has responsibility to connect to relational databases like Oracle, Sql
server, MySql etc. ADO.NET is also a part of the .NET Framework and is used to handle data access
services in .NET platform.
You can use ADO.NET to access data by using the new .NET Framework data providers which are:
 Data Provider for SQL Server (System.Data.SqlClient).
 Data Provider for OLEDB (System.Data.OleDb).
 Data Provider for ODBC (System.Data.Odbc).
 Data Provider for Oracle (System.Data.OracleClient).

ADO.NET is a set of classes that expose data access services to the .NET developer. The ADO.NET classes
are found in System.Data.dll and are integrated with the XML classes in System.Xml.dll. There are two
central components of ADO.NET classes: the DataSet, and the .NET Framework Data Provider.
Data Provider is a set of components including:
 the Connection object (SqlConnection, OleDbConnection, OdbcConnection, OracleConnection)
 the Command object (SqlCommand, OleDbCommand, OdbcCommand, OracleCommand)
 the DataReader
object (SqlDataReader, OleDbDataReader, OdbcDataReader, OracleDataReader)
 and the DataAdapter Object (SqlDataAdapter, OleDbDataAdapter, OdbcDataAdapter,
OracleDataAdapter).
DataSet object represents a disconnected cache of data which is made up of DataTables and
DataRelations that represent the result of the command.

For above set of classes we need to use raw sql queries for select, insert, update and delete:
Assuming Student table in db

--Selection
select * from Student

--Inserting into table

insert into Student values ('Ramesh Niraula', 'ktm-89', 'AB+', 9845876, '1945-02-02');

--Updating table row

update Student set Name='Ram Niraula' where Id=2;

--delete a table row

delete from Student where Name = 'Ram Niraula';

We also need to provide a connection string for a database used. Something like:
public string conString = @"Provider=Microsoft.Jet.OLEDB.4.0;DataSource=..\\..\\PersonDatabase.mdb";

OR in web.config configuration file as:

<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial

Catalog=aspnet-WebApp-20141201101220;Integrated
Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-WebApp-20141201101220.mdf"
providerName="System.Data.SqlClient" />

<add name="TestEntities"
connectionString="metadata=res://*/Models.DbTest.csdl|res://*/Models.DbTest.ssdl|res://*/
Models.DbTest.msl;provider=System.Data.SqlClient;provider connection string=&quot;data
source=(LocalDb)\v11.0;initial catalog=DbTest;integrated
security=True;pooling=False;multipleactiveresultsets=True;application
name=EntityFramework&quot;" providerName="System.Data.EntityClient" />

Today’s database development in .NET world uses ORM (Object Relational Mapping) tools like Entity
Framework (EF), NHibernate etc. These tools provide productivity to a developer abstracting ADO.NET
data access methods. We have already used EF in our basic projects using entity data model of entity
framework (EF) database-first where EF created context and model classes as:

public partial class TestEntities : DbContext

{
public TestEntities()
: base("name=TestEntities") //TestEntities is connection string
{
}

public DbSet<Student> Students { get; set; }

}
And student model,

public partial class Student

{
public int Id { get; set; }
public string Name { get; set; }
public string Address { get; set; }
public string BloodGroup { get; set; }
public Nullable<int> Cell { get; set; }
public Nullable<System.DateTime> DOB { get; set; }
}
Then it is just the matter of querying models,
private TestEntities db = new TestEntities();
var students = db.Students.ToList();
var student = db.Students.Find(id);
db.Students.Add(student);
db.SaveChanges();
…other operations works similarly

File Handling
We already did a dictionary project where we use a plain text file as a data source. Text data is fetched
using API (Application Programming Interface) from System.IO (in .NET). This namespace provides
bunch of reader/writer classes to handle files and directories.

StreamReader r = new StreamReader(Path.Combine(

System.Web.HttpContext.Current.Request.PhysicalApplicationPath,
"App_Data\\Data.txt"));
var allWords = r.ReadToEnd();
r.Dispose();

Instead of streamReader, we could have used BinaryReaders, TextReaders etc provided by System.IO.

Form Handling
Html forms can be handled by ASP.NET MVC pretty easily to collect some data from the user:
<form action="/test/addstudent" method="post">
<label>Name</label>
<input id="Name" name="Name" type="text" value="">
<label>Address</label>
<textarea id="Address" name="Address"></textarea>
<label>Blood Group</label>
<input id="BloodGroup" name="BloodGroup" type="text" value="">
<label>Phone Number</label>
<input data-val="true" data-val-number="The field Cell must be a number." id="Cell"
name="Cell" type="text" value="">
<label>Date of birth</label>
<input data-val="true" data-val-date="The field DOB must be a date." id="DOB"
name="DOB" type="text" value="">
<br />
<input type="submit" value="Create">
</form>

OR using Html Helpers given Razor view engine, same form can be created as:

@using (Html.BeginForm("AddStudent","Test", HttpVerbs.Post))

{
<label>Name</label>
@Html.TextBoxFor(x => x.Name);
<label>Address</label>
@Html.TextBoxFor(x => x.Address);
<label>Blood Group</label>
@Html.TextBoxFor(x => x.BloodGroup);
<label>Phone Number</label>
@Html.TextBoxFor(x => x.Cell);
<label>Date of birth</label>
 @Html.TextBoxFor(x => x.DOB);

<input type="submit" value="Create" />

}

The view file containing above code must be strongly typed (Ability to accept some model) to gather
form data as:

@model WebApp.Models.Student

Then in controller action,

[HttpPost]
public ActionResult AddStudent(Student model)
{
TestEntities database = new TestEntities();
database.Students.Add(model);
database.SaveChanges();
return View();
}

Authentication
Authentication is the process of obtaining identification credentials such as name and password from a
user and validating those credentials against some authority. If the credentials are valid, the entity that
submitted the credentials is considered an authenticated identity. Once an identity has been
authenticated, the authorization process determines whether that identity has access to a given
resource.
ASP.NET implements authentication through authentication providers, the code modules that contain
the code necessary to authenticate the requestor's credentials. The topics in this section describe the
authentication providers built into ASP.NET.

Term Definition

Windows Authentication In this methodology ASP.NET web pages will use local windows users and groups to
(Integrated Windows authenticate and authorize resources. Provides information on how to use Windows
Authentication) authentication in conjunction with Microsoft Internet Information Services (IIS) authentication
to secure ASP.NET applications.

Forms Authentication Provides information on how to create an application-specific login form and perform
authentication using your own code. A convenient way to work with forms authentication is to
use ASP.NET membership and ASP.NET login controls, which together provide a way to collect
user credentials, authenticate them, and manage them, using little or no code.

Passport authentication Passport authentication is based on the passport website provided

(OpenId authentication) by the Microsoft, Google, Facebook and Twitter. So when user logins with
credentials it will be reached to the passport website where authentication will
happen. If Authentication is successful it will return a token to your website.

Anonymous access If you do not want any kind of authentication then you will go for Anonymous
access.