ASP.NET uses external configuration files to store detailed information about the application. For example, the web.config file stores information such as:
- Database connection string
- Globalization settings
One of the best practices in ASP.NET is to save your database connection strings in the web.config file instead of hard-coding it into your code. This allows you to change database servers easily, without needing to modify your code. As an additional protection, it is always better to use integrated Windows security to access your database, rather than using SQL Server authentication and thus including your SQL server credentials in the connection string.
The following code segment shows part of web.config, containing a database connection string:
<configuration xmlns="http://schemas.microsoft.com/ .NetConfiguration/v2.0"> <connectionStrings> <add name="pubsConnectionString" connectionString="Data Source="(local)"; Initial Catalog=pubs;Integrated Security=True" providerName="System.Data.SqlClient" /> </connectionStrings> <system.web> ...
However, it's not such a good idea to save your connection strings as plain text in web.config; you should ideally encrypt the connection strings so that it leaves no chance for a potential hacker to easily get more information about your database server.
In ASP.NET 2.0, Microsoft has taken this further by allowing you to encrypt the connection strings in web.config, all without much plumbing on your part. Two Protection Configuration Providers are available in .NET 2.0 to allow you to encrypt your connection strings (as well as other sections in web.config):
To learn how to encrypt your database connection string in ASP.NET 2.0, check out www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html.
ASP.NET 2.0 represents a huge leap over ASP.NET 1.x. The new features in ASP.NET 2.0 can be grouped into three broad categories: new controls and control functionality, improvements to the Page framework, and new services and APIs (see Table 1).
ASP.NET 2.0 ships with several new controls to make the life of a web application developer easier. In ASP.NET 2.0, there are now new controls that help you to perform data access, site navigation, login, and personalization using Web Parts.
Earlier you had a glimpse of some of the controls (TextBox, Label, and Button) shipped in ASP.NET. Figure 10 shows the controls shipped with ASP.NET 2.0. They are categorized based on their functionalities.
Figure 10. The various controls in ASP.NET 2.0
ASP.NET 2.0 supports some useful additions to its Page framework, such as visual inheritance, technically known as Master Pages. Besides Master Pages, ASP.NET 2.0 also supports "theming" through themes and skins, allowing you to maintain a consistent look and feel for your websites. Another noteworthy feature in ASP.NET is the improved support for localization, which reduces the amount of work you need to do to internationalize your web applications.