Summary

You have covered a lot of territory in this chapter. You learned all about deployment and configuration, and took a crash course on security topics as well.

Deployment is as easy as using XCOPY or FTP to transfer files from your development computer to the target computer. There are, however, additional tools that help you deploy easier and faster, such as the Windows Installer and CAB files. Each of these can be used to package the components in your application and deliver them quickly to the target computer, taking the guesswork away from the user. You can also execute applications and distribute CAB files via Internet Explorer.

Configuration settings in .NET are stored in .config files. These are simple XML-formatted text files that store any sort of configuration information you want. The special appSettings element provides a central location and easy access for settings. You can use the ConfigurationSettings.AppSettings or GetConfig methods to read in configuration values from your application.

ASP.NET configuration is done with the web.config file. This is also an XML file. All ASP.NET settings go into the <system.web> subelement. Table 13.1 lists the various settings available to you.

Security is an important concept in .NET; it is integrated throughout every part of the framework through various mechanisms. Code access security is used to verify that questionable code should be executed. This prevents otherwise trusted users from executing malicious code, intentionally or not. Role-based security is like code access security, but applies to users instead of code. This scheme prevents unauthorized users from accessing protected resources.

Both code access and role-based security can be implemented via declarative or imperative methods. The first is used to request or prevent access to an entire portion of your application—such as an assembly or class. Imperative methods are used when you aren't sure prior to execution whether a user will attempt to access protected resources, but will need to access non-protected ones.

Finally, ASP.NET security is implemented in three stages: authentication, authorization, and impersonation. All these settings are configured easily through the web.config file with the <authentication>, <authorization>, and <identity> elements.