Authentication

The Authentication tab is for defining .Net authentication modes, such as Forms or Passport. To determine which mode the application uses, select the type from the Authentication mode drop menu.

The Windows authentication mode basically assigns any IIS authentication methods to the application, such as Basic, Digest, NTLM, or certificates.

The Forms authentication mode tells .NET that this application will be validated through a login script page. Any application page that is accessed by a user which was not first validated with an authentication cookie is re-routed back to this login screen until the correct credentials are provided.

Forms authentication for your application simplifies life: you do not have to place code at the top of every page to keep unauthorized users out. It instead serves as a central authentication point to keep unwanted users from accessing pages.

When you select the Forms mode, the Forms authentication property fields become active, as in Figure 5. Give the cookie a name and provide the login URL. If you want the cookie to be both validated and encrypted, select "All" for the protection type to invoke maximum protection. Set the expiration time that the cookie is active before expiring in the Cookie timeout field. Enabling sliding expiration tells the .NET compiler to reset the expiration time if more than half of the timeout interval has elapsed when a request is made.

The Membership section allows you to add membership providers, which are classes that manage user data in association with a designated data source. For example, the AspNetSqlMembershipProvider is a .NET provider class derived from the MembershipProvider base class of the system.web.security namespace that manages user data in an SQL database.

By having all your user data accessed directly from the database and not from memory when called upon, you improve server performance. The performance gain becomes more significant with the number of users for which your application has to manage information.

To define other member providers that may be custom classes, click the Add Provider button to give the details. These classes have functions that allow you to create, retrieve, reset and encrypt, and modify user data in the data source specified by the class.

The Roles section is much like the Membership provider section, in that instead of adding membership roles, when enabled, you are adding role providers. Role providers allow you to develop custom role membership classes that allow your application to create, modify, assign or remove roles from a data source like SQL server. The RoleProvider class allows you to do these and other operations on role data.

Application

The Application tab allows you to define application settings such as the default page language, encoding types, and impersonation.

In the first section, select the default page language for the application. If your application is to have a theme to control and page style, give the name of this skin file (.skin) containing these style settings in the "Page theme default" field. If the application has a master page to serve as a template for page headers, footers, and navigation bars for other pages, give the name of the master file containing this code in the "Page master default" field.

Having a master template using. NET's built-in application themes is a considerable time saver. You only need to make changes to the master template code and have it take effect for all page instances throughout the application.

Enabling debugging turns on the .NET compiler trace debugger for identifying which class, method or object is the culprit during runtime errors. Set the "Request execution timeout" to higher number of seconds if you want the application to extend request execution times. This is handy if you're traversing a lot of data with large queries that may need more execution time then the default setting allows for.

The Globalization settings section allows you to define how your application character encodes user request headers, response headers, and file encoding. The default value of utf-8 for Request and Response coding works in most situations. To change your encoding to handle multilingual requests and responses, change this value from utf-8 to ucs-4. File encoding contains extra control characters that cannot be used by HTML headers. For this reason, Windows-1252 is the character coding type used for Windows components that handle files.

The culture settings are codes that pertain to locale information such as the associated language, sub-language, calendar, and cultural conventions for a particular country or region. For example, the default value af-ZA would return information for South Africa when your application uses classes of the System.Globalization namespace.

Culture settings are very useful for e-commerce applications. Based on a user's region, you can have your application automatically return information they'll understand in her own language without any extensive coding.

The Identity Settings section allows you to impersonate an account for all users requesting the application. For example, if you have an account with explicit permissions to application resources that you want all users requesting your application to have, assign the account to impersonate in this section. When the user requests the application, she will, in effect, be using the user credentials you specify assuming that account's identity.

State Management

You can set all your state management app settings from this tab (shown in Figure 6).

In the Session state settings section, set your state mode type to either Off, Inpoc, StateServer, SQLServer, or Custom. Turning state mode off prohibits the application from using session variables. If you want your application to handle sessions like classic ASP, then use InProc.

StateServer mode allows your application to transfer session to other servers. This setting is typically used in a load balanced clustered server environment. It's the best choice for large multi-tiered applications that need mission critical uptime. Your session is not limited to just one computer, as it is with the InProc setting.

SQLServer mode tells your application that all persistent data is stored in a SQL database instead of in memory. The advantage here is that this mode will optimize your memory if you have a lot of persistent information.

In this article, you learned how to easily set up your application for performance and optimization from the ASP.NET tab. The ASP.NET tab is only available with the .NET Framework 2.0. It's a time-saver, as you do not have to configure the .NET configuration files manually or even know the syntax for that matter. I recommend using this tab to configure all your .NET applications, as it will save you a lot of time and effort.