Windows Web Hosting FAQs

ASP.NET MSSQL Hosting FAQ’s

Login & Security
The windows hosting website will make use of “Forms Authentication”. The website may make use of “Roles” (introduced into ASP.Net 2.0). However, there are some concerns over the security of certain data and some web pages / forms. For example, if you consider the “Login” page, when the user enters her credentials and submits the login page form, the credentials – including the password – are transmitted over the Internet to the web server in plain text. That means any hacker sniffing the network traffic can see the username and password. I would like to know what the windows hosting supplier does to prevent this? For example, can the network traffic be encrypted by using Secure Socket Layers (SSL)? This would ensure that the credentials (as well as the entire page’s HTML markup) are encrypted from the moment they leave the browser until they are received by the web server.
As far as I understand, I will only need to use SSL on the “Login” page and on other pages where the user’s password would otherwise be sent over the Internet in plain text. I do not want the entire site under SSL, as I believe this would be overkill and result in a slow user experience.
Obviously, this is something that needs to be clarified with any windows web hosting supplier. It is my understanding that I would not need to worry about securing the forms authentication ticket since, by default, it is both encrypted and digitally signed to prevent tampering.

IIS and URL Authentication
The “UrlAuthorizationModule” is managed code that is part of the ASP.NET runtime. Prior to version 7 of Microsoft’s Internet Information Services (IIS) web server, there was a distinct barrier between IIS’s HTTP pipeline and the ASP.NET runtime’s pipeline. In short, in IIS 6 and earlier, ASP.NET’s UrlAuthorizationModule only executes when a request is delegated from IIS to the ASP.NET runtime. By default, IIS processes static content itself – like HTML pages and CSS, JavaScript, and image files – and only hands off requests to the ASP.NET runtime when a page with an extension of .aspx, .asmx, or .ashx is requested.

IIS 7, however, allows for integrated IIS and ASP.NET pipelines. With a few configuration settings you can setup IIS 7 to invoke the UrlAuthorizationModule for all requests, meaning that URL authorization rules can be defined for files of any type. Additionally, IIS 7 includes its own URL authorization engine. In a nutshell, in versions prior to IIS 7, URL authorization rules are only applied to resources handled by the ASP.NET runtime. But with IIS 7, it is possible to use IIS’s native URL authorization feature or to integrate ASP.NET’s UrlAuthorizationModule into IIS’s HTTP pipeline, thereby extending this functionality to all requests. I would therefore like to know which version of IIS is being used currently and, if version 7 is not currently being used, when this is likely?

Emails
The website will need the facility to send e-mails from within the website application. This will be both as part of the integral functionality but also for error notifications. I will need to know that any potential windows hosting supplier can provide this and moreover what support there is for being able to send emails from my hosted site (e.g., visitor fills out a contact form and this is automatically emailed to an email address of my choice etc).
Also, does the windows hosting including SMTP server usage for sending emails?

Backups
Please provide me with full details of you backup policies and/or options (including SQL Server data). Are your backups off-site?

Support
Please provide me with full details of your technical support policies, including all relevant details and these in particular: -
• An overview of your service levels;
• Response times;
• Times when support is available;
• Is support available via e-mail or live chat?;
• Are any preinstalled scripts of any kind supplied?
• How many subdomains can I have?
• Do you supply a browser-based file manager?
• How frequent is your backup and is that offsite?
• What is you policy and procedure in event of server failure?
• Do you offer any webmail?
• Does the windows hosting package support streaming media?
• Can I use Flash and Shockwave on the website?
• I will want to run scripts against my hosted SQL Server database remotely from my PC - is this possible?

Segnala presso:

This entry was posted on Tuesday, March 11th, 2008 at 10:56 am and is filed under ASP MSSQL Hosting, ASP.NET Hosting, Cheap Windows Hosting, Windows Web Hosting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.