.NET XML KB Articles
HOWTO
Access a Web Service in a Windows Application by Using Microsoft Visual Basic .NET
KB: 818364 |
|
This step-by-step article describes how to access a Web service in a Microsoft Visual Studio .NET Windows application by using Microsoft Visual Basic .NET.
|
Serialize an Object to XML by Using Visual C# .NET
KB: 815813 |
|
This step-by-step article describes how to serialize an object to XML by using Visual C# .NET. This method is useful for persisting the state of an object. This method is also useful for cloning an object by de-serializing the XML back to a new object.
|
Apply an XSL Transformation from One XML Document to Another by Using Visual C++ .NET
KB: 815653 |
|
This step-by-step article shows you how to apply an Extensible Stylesheet Language (XSL) Transformation (XSLT) to an Extensible Markup Language (XML) document by using the XslTransform class to create a new XML document. XSL is an XML-based language that is designed to transform one XML document into another XML document or an XML document into any other structured document.
|
Create the Web.config File for an ASP.NET Application
KB: 815179 |
|
This step-by-step article describes how to create the Web.config file for an ASP.NET application. The .NET Framework, and ASP.NET in particular, uses XML-formatted .config files to configure applications. This practice is a departure from conventional registry and metabase configuration mechanisms. There is currently no Microsoft Management Console (MMC) snap-in or other Microsoft-provided administration tool that you can use to create and to modify .config files. This article describes how to create the Web.config file that is used to control the behavior of individual ASP.NET applications.
|
Set Up Multi-Server ASP.NET Web Applications and Web Services
KB: 815162 |
This step-by-step article discusses how to set up multi-server ASP.NET Web Applications and Web services. For most uses of ASP.NET, a single server can handle all requests in a timely manner. However, many environments must deploy multiple servers to handle consistently high volumes of traffic, to support processor-intensive applications, to respond to sudden bursts in traffic, or to meet redundancy requirements.
In the simplest form, you can deploy Web pages that consist only of static HTML pages and images in a multi-server configuration by copying the files to multiple Web servers and then configuring a load balancing mechanism to distribute requests between the Web servers.
As the Web site complexity increases, the difficulty of synchronizing files and configurations between the servers also increases. Dynamic sites require multiple servers to have access to a single database and to share state information among themselves. This article describes how to design multi-server ASP.NET solutions that include databases and sessions.
 |
Test ASP.NET Web Services with the Web Application Stress Tool
KB: 815160 |
This article describes how to test ASP.NET Web services with the WAS tool. The WAS tool generates an artificial load on a Web server. The purpose of the WAS tool is to: measure responsiveness
- test scalability
- tune performance
The WAS tool simulates requests from multiple users with Web browsers. While ASP.NET Web services are not intended to be used by Web browsers, ASP.NET Web services do generate browser-friendly pages. Therefore, ASP.NET Web services can be tested by using the WAS tool. To simulate Web service requests by using the WAS tool, follow these steps
|
Limit the Web Services Protocols that a Server Permits
KB: 815150 |
This step-by-step article describes how to limit the protocols that a Web service supports.
XML–based Web services exchange XML documents to communicate. This exchange can occur across any type of application-layer protocol. By default, ASP.NET Web services are exposed through four different protocols: HttpSoap, HttpPost, HttpGet, and Documentation. In many cases, only a subset of these four protocols is required. For example, Web services typically use only the HttpSoap protocol for communications. In these circumstances, if you remove the unused protocols, you increase the security of the application by decreasing the attack surface. This article describes how to disable Web services protocols that are used to communicate with an ASP.NET application.
|
Disable the Documentation Protocol for ASP.NET Web Services
KB: 815149 |
This step-by-step article describes how to disable the documentation protocol for ASP.NET Web services.
ASP.NET Web services facilitate the development of Web services clients by automatically generating documentation that describes how to communicate with the Web service. Web services that have the documentation protocol enabled generate an HTML-formatted page when a browser request is received. This HTML-formatted page describes the following information:
- The operations that are supported
- The parameters that each operation accepts
- The type of data that should be passed in those parameters
The documentation protocol also generates an XML-formatted Web Services Description Language (WSDL) file. This file is designed to allow applications to understand how to structure requests to the Web service.
This information can be very useful to developers, especially developers who create clients for public Web services. However, revealing detailed information about the functionality of private Web services increases the risk that the Web service will be misused by a malicious attacker. The Documentation protocol always describes all functions and parameters of a Web service — even if only a subset of those functions are intended to be publicly accessible.
|
Lock Down an ASP.NET Web Application or Web Service
KB: 815145 |
This step-by-step article describes how to lock down an ASP.NET Web Application or Web Service. Web applications are frequently the target for malicious attacks.
There are many steps that you can take to reduce the risk that is associated with hosting a Web application. At a high level, ASP.NET applications benefit from the same security measures as conventional Web applications. However, the ASP.NET file name extensions and the use of security require special consideration. This article describes several key mechanisms for securing ASP.NET Web applications.
|
Audit the Security of an ASP.NET Web Application or Web Service
KB: 815144 |
This step-by-step article describes how to audit the security of an ASP.NET Web Application or an ASP.NET Web Service.
The security of a system decreases as new elements are added to the system’s ideal configuration. New application installations, software updates, temporary configuration changes, and troubleshooting change aspects of a system’s security configuration. Whether intentional or unintentional, these changes may cause the system to no longer meet security requirements. To reduce this effect, perform regular audits of the system security configuration. Document and evaluate any changes to the security configuration that have been introduced to the system. When necessary, reverse these changes.
This article describes the key configuration settings that affect an ASP.NET application. Document these settings when you first configure your system in its clean state. Perform regular audits to compare the current settings against the original settings. These audits help you to prevent the system’s security from degrading over time. This article does not describe how to configure these settings.
|
Pass Current Credentials to an ASP.NET Web Service
KB: 813834 |
|
This step-by-step article describes how to pass the user's current credentials to an XML Web service that was created by using ASP.NET. The DefaultCredentials property of the CredentialCache class contains the system credentials of the current security context. For client applications, these credentials represent the user name, the password, and the domain of the user who is currently logged on. Client credentials are not passed automatically. To pass the client's Windows security context to a Web service, you must set the Credentials property of the Web service proxy to CredentialCache.DefaultCredentials.
|
Pass Node Sets to Inline XSLT Script Functions by Using Visual Basic .NET
KB: 812198 |
|
This step-by-step article describes how to pass a node or nodes to an inline script function in the Microsoft .NET Framework. You can use inline script blocks or an XSLT extension object to pass a node to a function. In the .NET Framework, nodes are passed as System.Xml.XPath.XPathNodeIterator. In the .NET Framework, you cannot unload assemblies that you create and load by using inline script in XSLT. Microsoft recommends that you do not use inline script blocks. You may use XSLT extension objects. For more information, see the "References" section of this article.
|
Format DateTime and Date Values in the XML Extracted from an ADO.NET DataSet by Using Visual Basic .NET
KB: 811767 |
This step-by-step article describes how to format DateTime and Date values in the XML that is extracted from an ADO.NET DataSet object. In ADO.NET, the DateTime and Date values of DataTable columns are written in the XSD DateTime and Date formats when the DataSet is saved as XML. The standard XSD DateTime and Date formats are CCYY-MM-DDThh:mm:ss and CCYY-MM-DD, respectively, because the underlying XSD schema of the DataSet maps the DateTime and Date columns of the database to the DateTime and XSD Date data types.
To generate XML where DateTime and Date values are represented in the required custom formats, use either of the following methods: Use the XmlConvert class, or Apply an XSLT transformation (XSLT) on the XML representation of DataSet data.
|
Performance Tune an XSLT Style Sheet in Visual Studio .NET Using System.Xml
KB: 331026 |
|
With the XsltMajic.exe application, you can profile XSLT style sheets that you use in Visual Studio .NET. With the profile results of the XSLT style sheet you can performance tune the transformations.
|
Pass Node Sets to Inline XSLT Script Functions by Using Visual C# .NET
KB: 330602 |
|
This step-by-step article describes how to pass a node or nodes to an inline script function in the .NET Framework. You can use inline script blocks or an XSLT extension object to pass a node to a function. In the .NET Framework, nodes are passed as System.Xml.XPath.XPathNodeIterator. In MSXML, nodes are passed as an IXMLDOMNodeList object to inline XSLT script functions.
|
|
|
