I have a simple yet not so easy question. (So, I suppose)
I have a current DurandalJS application in production. I am generating my views using C# Razor syntax. So, I am still using my controller to pass the HTML to the client. Rather complicated to get setup using routes/areas/etc but it has been working.
I am using server side for only one real reason. (other then validation, but we can ignore that for now as I am sure model validation has improved and there are ways to handle this now)
Lets say I have a button. And I only want to show that button on the screen if the user is an admin. Now, of course I can use KnockoutJs (or Auelia/Angular/whatever) to find out the users roles and "hide" the button. But as far as I know, the button is still inside the HTML? (it is in Durandal, not sure if the newer libraries handle this different). So, currently I use server code to do the check then the HTML gets rendered without the button.
Knowing how many people use SPA type libraries, what are most of you doing for simple use cases like this?
Oh, yes, on the server for the return API call, we would have security anyway, so assuming someone activated the button it would not work anyway, I simply do not want my users ever seeing it.
Related
I am in the process of revamping a website using ASP.NET C# web forms. I have very little experience on the matter, and wondered. Is there best practice for showing or hiding form elements based on what is selected on other elements in the form in ASP.NET using c#? For example, if I select option 1 from a drop down list, then an additional text box appears. Right now I am using jQuery to accomplish this. Which leads me to my second question as I am not sure how I will validate. Is there a best/preferred practice for validating form fields in ASP.NET? I have seen validation using knockout.js, ASP:RequiredValidation control, etc, but would like to know general consensus.
The best you can use are the native ASP validators, as they validate both on client and server side.
For what you describe, you might be in a certain escenario where the requiredFieldValidation and the others validators won't be enough, as you have to use your own complex logic for validation.
In this case, and just to be sure, i would validate both on the server side with CustomFieldValidators and client side using jQuery as you're already doing.
For simple validations like, a field that cannot be empty or a regular expression matching validation the other native asp validators do the trick.
Note that this is for security purposes only, the advantage of this validators is that they validate both on client and server side, if you only validate on client side, and rely on that for you application's security, it might be exposed if someone disables JavaScript in the browser to bypass client-side validation.
In our project, we use lot of User Controls. None of them supports AJAX. We use UpdatePanel for partial page rendering. There is no proper client side functions for the controls.
I used to create normal JS functions in the ascx page itself. I guess it is not the standard way to add client functionality to a User Control. However i can achieve all the things which i required , with out using any such standards. But when considering the maintainability, it is tough & it is hard to make changes & not scalable.
So i want to learn the proper way to create AJAX enabled User Controls. Just like how Telerik & other 3rd party controls create User Controls. What is the recommended way to create such controls by Microsoft.
Could you be more specific about the problem with Update Panel??
To use inbuilt ajax,
1. You need a ScriptManager
2. Put all necessary controls within Update Panel
Since you are using User Controls, its better to add ScriptManager in the main page where the User Control is added. Otherwise it might give an error saying multiple ScriptManager found.
UpdatePanel uses AJAX and is easy to use, however, if you want true client side controls, i.e. only call the server when you need too, then it's probably best to look elsewhere.
If you want to write your own controls, I'd recommended reading about some JavaScript design patterns, specifically the module pattern. If you have decent JavaScript skills, it's extremely easy to create controls with the help of jQuery - may as well make it a jQuery plugin. You might want to check out some client side MVC/MVVM frameworks like AngularJS or Knockout might be enough, because at least they'll help you with data bindings so it's less painful to manage the data on the client side and get it back to the server.
But, unless you're doing some that no one else has done before, why not use some existing controls by Telerik or DevExpress for example?
Example of module pattern (there's a bunch of different ways to do module pattern, this is just one):
var myModule = {
/* PROPERTIES */
prop1: 'sdfsdf',
prop2: 123,
/* FUNCTIONS */
func1: function () {
alert('!!!');
}
}
/* example use of module */
alert(myModule.prop1);
myModule.func1();
You'll also need to have a good understanding of events in JavaScript. For example, if you wanted to create a client side grid (there's millions already available for free), you'd need to handle click and text changed types of events. i.e. to handle paging, sorting, filtering and any other feature you might want out of your grid.
Edit: just created a basic JSFiddle to give you an example of a really basic client side control using a jQuery plugin. It doesn't work perfectly, but thought it might give you an idea of where to start if you wanted to try making your own controls.
http://jsfiddle.net/pwqmenwx/1/
I am new at C#.Net and i have one question that i couldn't manage to find on the internet. When should i use a classic combination of html + javascript + css instead of using an aspx page with a code behind?
As i experienced since i started .net , i found that aspx pages and code behind is a huge ease for developers. I didnt need any piece of javascript code since i started. There must be something wrong. I think i am missing a point. Can you answer my question and tell me some examples that i must use html+javascript+css instead of aspx + aspx.cs or vice versa??
Have a nice day.
Javascript is a client side technology, running only in the browser, whereas ASP.NET runs on the server side. These allow you to achieve different and complementary things.
With a classic server side language, any user interaction that you want to respond to must typically be posted across the internet from the browser to your server. It is then processed by the server, which responds with a new page for the browser to load. This generally means that the response time for the user is slower, though you will have access to a much richer programming environment on the server.
With a client side language, everything is processed on the browser. This allows for faster feedback to the user, though at the expense of working within the much more restricted programming environment that the browser gives you, and with no access to stuff your application may depend on, such as your database.
Of course, the lines are blurred somewhat when you make an AJAX request (usually a call written in Javascript that makes a request to the server, receives the response, and updates the page dynamically).
You mention that you have not used any Javascript so far. Perhaps as a starting point you'd like to investigate validating user input on the client side? This way, errors are caught and reported to the user immediately without the cost of the round trip to the server. http://www.tizag.com/javascriptT/javascriptform.php
Both client side and server side technologies can be powerful and useful. Use a combination of them both to give the best experience for the user.
In my experience, using Javascript/jQuery in .NET has been for UI and client-side validation purposes. If you are building an app that does not require Javascript to meet your client's requirements, then take advantage of what .NET has to offer. However, implementing Javascript is not that hard, so feel free to use what you prefer and is in the best interest of the client. You can still write and use Javascript in an ASPX page.
One of your considerations might well be speed. Javascript in a web-page will run on a site visitor's browser. Code-behind runs on the server hosting the page.
from my experience the main aim to use the companion of html,css,javascript with asp.net when the client needs is for a web app that acts exactly like win app
that u don't need to flush over the page to the server and come back again
Points you are missing
Code behind is not what makes ASP.NET; you can make a web app with all C# code right into the aspx files.
If you choose ASP.NET and C# for a web app, all your pages should be aspx ones, except for very specific and not very common situations.
You need to understand the difference between server side scripting and client side scripting. ASP.NET is a server side scripting technology while javascript is a client side only one. Take a look.
You can create aspx pages that are as simple as you want -even without any relevant serverside scripting- and thats all right.
Attempt to answer
You use the word must, so:
You must use aspx instead of only javascript if you want any kind of server side processing.
You must use an html file with plain javascript, jquery and css if there is the specific requeriment to do so, wich would be very uncommon. That could be a situation where a) the page should be as fast as it can possible be b) you don't mind everyone to be able to see your full code by just selecting view source on the browser c) there is no need at all for server side processing d) you don't mind about the little extra mix of technologies on your web application.
You use Javascript/JQuery to perform operations that does not need any server side processing like validating controls for a range or for empty values, some fancy UI stuff. It is much faster than the code behind because it does not post back to server however you could use UpdatePanel aspx server control to have partial post back and avoid reloading the page.
As a web developer you should always use combination of server-side processing and client-side processing. Working logic and application processes on the client-side allows browser based applications to seem more responsive and to have more "snappiness" to them.
If you are looking for highly customizable and high performance pages, then I would go with html + javascript + css and make calls to some webservice. This way you are not restricted by asp.net controls. Also, there are a lot of caveats with standard out of the box web forms that can lead to page performance issues and overhead - ViewState being one. You can also design your own asp.net controls as well, but there is some learning curve.
It really boils down to personal preference (there isn't anything in one that you can't do in the other) : Fundamentals vs Abstraction. To me javascript has always felt somewhat cumbersome when used in conjunction with webforms, however, with mvc it is a lot more natural, as it would be with a standard html + javascript + css page.
When you want to create static pages you can use html+css+javascript instead aspx.
In case you want things more dynamic you have to use aspx with cs.
For more info go http://www.w3schools.com/aspnet/aspnet_pages.asp
I'm building a basic web application in ASP.NET 4.0 with C# in Visual Studio 2010 Pro. I'm still very new to C#, and am used to Delphi coding. My website already has registration/login, and although I use some asp.net controls, a majority of my pages are dynamically loaded from my SQL database and I manually compile the HTML code from C# and insert it into the document.
Now what I would like to do is implement a poll - or a vote box - an 'object' which can be re-used in different pages. My website's master page already has a permanent left panel which has things which show on every page. One of these will be a small box with a vote of a few questions.
All I need to know is how do I begin to build an independent plugin control for a web page like this? I don't necessarily mean a separate DLL or anything, my existing one can handle everything. But I'd like to re-use the same little voting box in different pages too. So I'm assuming this will be considered a separate page, in a way, which is probably about 120 pixels wide by 80 high. Each vote will be limited to either login account or ip address (which I already have access to). So this solution must interact with the existing asp.net application.
So how do I begin the 'backbone' of such a plugin which can be re-used in multiple pages? I do not plan on distributing this plugin, and I don't even know if this is the correct term for what I need. Just a 'box' which can be 're-used' on multiple pages - which must interact with the asp.net app.
To better explain what I mean, imagine how Facebook has the plugin where you can embed some general info about likes and such. I'd like to make my own box like this - and even be able to embed it in other websites.
It sounds like you just need to make the poll into a user control. The documentation should get you started with them. A control can access everything an ASP.NET page can when it comes to the login information. It won't handle embedding into other pages though – embeddable active content that authenticates against your site is a nontrivial problem.
As I said in the comment, if most of your HTML is creates as a blob that's opaque to ASP.NET, it will probably be nontrivial to insert a user control into the middle of it.
I'm currently converting our company database application from VB to ASP.NET. This is pretty much my first ASP.NET application, and I had a question about security. I would like some users to have the ability to add or edit data, while other users can only view and print reports. Now, as I understand it, in ASP.NET, I can use form-based authentication to restrict access to certain pages, but what I really would like to do is use the same web page for not only viewing the data, but also editing it (using a grid view). I don't see how I can do that using forms-based authentication without having separate (but similar) web pages in different folders, each with it's own level of security.
I guess I could always use the same web page, then check the users roles to determine if I should enable the 'edit' button or not. Is that a good (and common) programming practice?
Thanks
Checking the role membership is an accepted way of doing it. Do not however just check when you display the button, check during the response to the event it triggers as well, just in case someone tries to bypass event validation.
User.IsInRole() is what you need. As mentioned, check this at each step - users can fake any kind of HTTP response, so every server-side method needs security checks.
Don't just check whether to enable or or not... You must also check it when the edit button is clicked.
I would implement my own custom RoleProvider (MSDN Article). And then have different roles that describe the different access levels on your application, and like blowdart said check when buttons, panels are being diplayed whether the user has access or not to that resource.
Can I recommend using monitoring SQL Profiler (or similar) when you are testing the page if you are using a database? You'll be surprised the amount of calls the db gets for a seemingly trivial page load.
Also, please check security trimmings in ASP.NET. Worth having a look.
Cheers.