ASP.NET Themes and Skins
A theme is a collection of property settings
that allow you to define the look of pages and controls, and then apply the
look consistently across pages in a Web application, across an entire Web
application, or across all Web applications on a server.
Themes are made up of a set of elements: skins, cascading style sheets (CSS), images, and other resources. At a minimum, a theme will contain skins. Themes are defined in special directories in your Web site or on your Web server
Skins
A skin file has the file name extension .skin and contains property settings for individual controls such as Button, Label, TextBox, or Calendar controls. Control skin settings are like the control markup itself, but contain only the properties you want to set as part of the theme. For example, the following is a control skin for a Button control:
<asp:button runat="server" BackColor="lightblue" ForeColor="black" />
You create .skin files in the Theme folder. A .skin file can contain one or more control skins for one or more control types. You can define skins in a separate file for each control or define all the skins for a theme in a single file.
There are two types of control skins, default skins and named skins:
- A default skin automatically applies to all controls of the same type when a theme is applied to a page. A control skin is a default skin if it does not have a SkinID attribute. For example, if you create a default skin for a Calendar control, the control skin applies to all Calendar controls on pages that use the theme
- A named skin is a control skin with a SkinID property set. Named skins do not automatically apply to controls by type. Instead, you explicitly apply a named skin to a control by setting the control's SkinID property. Creating named skins allows you to set different skins for different instances of the same control in an application.
Themes can also include graphics and other resources, such as script files or sound files. For example, part of your page theme might include a skin for a TreeView control. As part of the theme, you can include the graphics used to represent the expand button and the collapse button.
Typically, the resource files for the theme are in the same folder as the skin files for that theme, but they can be elsewhere in the Web application, in a subfolder of the theme folder for example. To refer to a resource file in a subfolder of the theme folder, use a path like the one shown in this Image control skin:
<asp:Image runat="server" ImageUrl="ThemeSubfolder/filename.ext" />
You can also store your resource files
outside the theme folder. If you use the tilde (~) syntax to refer to the
resource files, the Web application will automatically find the images. For
example, if you place the resources for a theme in a subfolder of your
application, you can use paths of the form ~/SubFolder/filename.ext to refer to resource files, as in the
following example.<asp:Image runat="server" ImageUrl="~/AppSubfolder/filename.ext" />
There are Three type Theme files
1) Page Themes
2) Global Themes
Page Themes
A page theme is a theme folder with control
skins, style sheets, graphics files and other resources created as a sub folder
of the \App_Themes folder in your Web site. Each theme is a different sub folder
of the \App_Themes folder. The following example shows a typical page theme,
defining two themes named Blue Theme and Pink Theme.
MyWebSite
App_Themes
BlueTheme
Controls.skin
BlueTheme.css
PinkTheme
Controls.skin
PinkTheme.css
Global Themes
A global theme is a theme that you can apply
to all the Web sites on a server. Global themes allow you to define an overall
look for your domain when you maintain multiple Web sites on the same server.
Global themes are like page themes in that
they include property settings, style sheet settings, and graphics. However,
global themes are stored in a folder named Themes that is global to the Web
server. Any Web site on the server, and any page in any Web site, can reference
a global theme.
Themes can cause security issues when they are used on your Web site. Malicious themes can be used to:
- Alter a control's behavior so that it does not behave as expected.
- Inject client-side script, therefore posing a cross-site scripting risk.
- Alter validation.
- Expose sensitive information.
- The mitigations for these common threats are:
- Protect the global and application theme directories with proper access control settings. Only trusted users should be allowed to write files to the theme directories.
- Do not use themes from an untrusted source. Always examine any themes from outside your organization for malicious code before using them on you Web site.
- Do not expose the theme name in query data. Malicious users could use this information to use themes that are unknown to the developer and thereby expose sensitive information.
Example : ASP.NET Themes and Skins
step 1:File-->New-->Website-->location HTTP-->Ok.
step 2: go Solution Explore--> right click--> rename folder App_Themes folder--> Add New item in Theme folder .css and .skin files
Skin file look like
Css file look like
source file
output:
.
0 comments:
Post a Comment