
BlueDragon 7.1: Deploying CFML on ASP.NET and the Microsoft .NET Framework 17
has its own BlueDragon admin console and can be configured independently. Of
course, each may also have its own .NET configuration settings (as enabled in the
web.config file, discussed in 6.3). These multiple admin consoles all also inhe-
rit from a single, central bluedragon.xml file, as discussed in section 5.2.2.
• Leveraging IIS Application Protection (Pooling)
o In Windows 2003 using IIS 6, it’s possible to designate multiple .NET web
applications (and by association a CFML web applications) to be isolated from
each other using “Application Pooling”.
• Leveraging .NET Sandboxing
o Additionally, it’s possible to configure a web application so that it cannot access
files and directories outside the web application directory space. Information
about this and other .NET security practices is presented at:
• Leveraging .NET Login Security
http://msdn.microsoft.com/en-us/library/ms998372.aspx
o It is possible to configure web applications in the .NET framework so that when
an ASP.NET page is requested, authentication security can be performed auto-
matically, using either a form, or database, or Windows authentication. Because
CFML pages process through the same pipeline as ASP.NET pages, CFML page
requests are secured this way as well. An example of enabling ASP.NET page re-
quest security is offered here:
• Leveraging built-in integration with Performance Monitor
http://www.dotnetjunkies.com/quickstart/aspplus/doc/formsauth.aspx
o The Windows Operating System offers a Performance Monitor tool that permits
observing, logging, and tracing (detecting events) regarding performance of both
.NET and IIS, as well as ADO.NET, and many other important features. You can
leverage this reporting and tracing, without change to your CFML code, as dis-
cussed in section 8.3.3.
• Custom error handling
o It is possible to configure web applications in the .NET framework so that custom
error pages are presented to the user for such http error codes as 404 (file not
found) or 500 (server error). Such errors can also be configured to only be han-
dled this way for remote requests, while local requests (such as from the develop-
ers machine) are processed normally. For more information, see:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/handlingerrs.aspx
Komentáře k této Příručce