As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am currently developing a ASP.NET MVC4 website, and I would like to know whats the best practices storing the logged-on user's data (include privileges) and authorize the user securely, being able to access this data in both my views and controllers.
One thing to important mention - I am NOT using the Membership class (I've saw that its an overhead for me to use it, and I would like to implement the exact things I need and learn from the process).
The only way I thought to do it is storing all the data inside the session object, and having a wrapper to the session object (static class) and use it like SessionManager.IsLoggedIn(), SessionManager.GetUserPriviliges() or simply creating a method that returns hard-typed UserSessionData SessionManager.GetSessionData() that contains all the data required.
This is one way to use it in both controllers and views. Shall I derive from Controller and create a RolesController which stores UserSessionData so I won't need to call it again and again in my controllers?
I guess I won't be able to use the common AuthorizedAttribute so I will have to implement it by using the session wrapper (Is it safe to use only the session data? since I am not using the 'official' authorization method and therefore I don't really know how it should be implemented).
As you see, I have an idea but since its my first time doing it I would like to learn about the best practices and the way it should be done correctly. I will be thankful if you will explain your answers since I want to get the complete idea and I haven't done it before in MVC.
Thanks in advance!
It is not safe to do anything you've described. Static classis are dangerous in asp.net because they are not multi-user safe. Static classes are shared between all threads in the app, including threads running other users requests.
Just use the default mamebership until you know what you're doing. You will just be creating a vulnerable architecture otherwise.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I work at a small startup as a Data Scientist, and I'm looking for ways to make my analysis a bit more visible/useful to the organization. I'd like to be able to put up a simple web service which allows internal users to run my scripts remotely. They should be able to input a few parameters via a very simple UI, and they should have the option to have the results appear in the browser window (after a possibly long wait), or have them emailed. Results may be a few pdf figures, and they may be Excel spreadsheets (maybe more exotic in the future, but this is it for now).
The scripts are going to be all in Python, which will handle the analysis.
So, I'd like to know what the pros and cons are of using C#/WCF vs. something like Django or Python. I have significant experience in C# working in the Client-side code base here, but I have much less experience with WCF. All of my analysis work is done in Python (and R, to a lesser extent). The main goal is to not take all of my time building a fancy web service/UI---the front end just has to be friendly enough to not intimidate the marketing people. I don't have to worry about encryption, the server will be behind our firewall. I'm pretty platform agnostic, but I think the servers are all Windows based, if this helps.
Thanks in advance.
For extra credit, how does your answer change if some of my scripts are in F#?
You might consider using the Django web framework. You could set up a small app with your python scripts as different views. https://www.djangoproject.com/
And if you don't want to put that much effort into creating a friendly UI you could use twitter bootstrap. http://twitter.github.com/bootstrap/
Then just run the app internally to gather and display data either via HTTP GETs or via e-mail.
edit: I'm sorry I did not read carefully "pros and cons are of using C#/WCF vs. something like Django". I recently made a Django app and it was fairly straight forward.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I know my way around the basics of KnockoutJS, and i can easily make a single page really dynamic... But i am to build a new web application, and i'm looking for advise on how to make making the entire webapplication dynamic where every viewModel and html-template is loaded dynamicly, with no full page requests, but the URL should still indicate what page i am on, eather with a hashtag followed by a path, or something better?
I'm a bit confused:
Is there some framework that plays nice with knockoutJs that helps
achive this?
Can i achive this without worring about KnockoutJS?
Is it just a matter of tweaking the viewModel to dynamicly load and dispose other viewModels
and templates, in a smart way?
What is the best practis, what do i do?
Any pointers, links or tips on this is much appreciated, thanks!
Here is an example, notice how the URL changes, and the new content animates in, how do they do it?
https://www.pokki.com/app/Little-Alchemy
Btw. I use ASP.Net MVC.
There are a few things you are asking for here.
Routing framework
External templates.
There's a simple plugin to help you with the latter: Knockout.js External Template Engine
For the former, there are some routing frameworks available that play nicely with KO. You still generally need to do something with the fetching/creation/disposal of child ViewModels. The routing framework may help you with this, or it may just handle monitoring the events that would normally cause a navigation, and call functions that you supply.
I'd like to see a full drop-in routing framework that allows for more declarative definition of url → ViewModel mapping, but haven't found anything that is truly easy as yet.
The one I have started using is called Path.js, but you still have do do a fair bit of glue code.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm looking for an existing datamap and/or MySQL script that can migrate data between TYPO3 and Joomla. Obviously, both CMS use MySQL and that's great, but I'm wondering if there is already a document/script that takes the elements from TYPO3 database and puts them in the Joomla database.
I'm planning to write my own migration program in C# so if anyone has some code snippets for that, it would also be helpful.
Forget that, there are too many differences to make it possible... TYPO3 instances are built typically with many various extension + pages + content elements etc. Although Joomla's initial structure is quite simple (as far as I remember) when you are adding new plugins it changes in many different ways. Conclusion is simple if somebody wrote such 'mapper' between his TYPO3 and his Joomla most probably will not work in any other combination.
How many pages are there in the TYPO3 ? if less than 100 I wouldn't waste a time for any programm, just copy/paste it in common editing mode.
If more, I think that would be best solution to write a TYPO3 extension (PHP), which will get all required data from some page using it's parsers, configs etc and will convert it to JSON (or even pure SQL insert statements) with structure understandable in Joomla. Keep in mind that many elements can be quite different in the database - than on the client's side. The best example are internal links which in DB are saved just as ID's of pages to which they are pointing. You need to resolve it on the TYPO3 side, or you'll need to learn how relations are built in TYPO3's database to do the same task in your C# application.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have to take a key decision about our web site organization/architecture.
Here is my context.
Our main web site will be available in different countries. Even if the Business is nearly the same, there are some region-specific features. Of course it concerns translations, but also master/layouts and business process. These difference are because of different legislations. At the beginning we will have 4 or 5 derivations, but the target could be 20.
A simple comparison could be Stackoverflow and the Stack Exchange Network. Main features are quite the same between website, but there are site-specific business rules.
To my mind, there are basically two possible approachs :
Having a single web site that manage region/country-specific features.
The will keep core features on the same site, but will involve coupling between all regions. There is also a risk of "IF" in the code. Devs & Maintainability is optimal (unique fix for all) but risky (could break others). A way to do this is a combinaison of portable areas and a custom view engine (generic view template in parent folder and derivation in a sub folder)
Having one web site per region/country
There will be a common web site that will be implemented. There will have some common components but each web site will have its own lifecycle; Devs & Maintainability is easier but costly (if there are many derivations)
Please Note, another impact of this organization is deployment and avaibility.
What is the best way to organize this ?
Edit :
We already have some experiences in MVC and as a general guideline, we are aware of MVC Best Practices : thin controllers, DI, ViewModels, Action Filters, ...
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
We are about to create an API so that our customers can connect to us, subscribe to a service and then consume that service. what is the best way to implement this? we work in C#, .NET. We want something like this:
we will provide a username and password to our customer to connect with our API. (how to implement this, using database?)?
after successful connection , customer will subscribe to our service. (how to check that customer is already connected? )
after subscription customer can calls API methods.
kindly tell me the best way.
Have you ever look servicestack ? It's awesome ,totally DTO based and very easy to create API for .net
Please look out my blog post about that
Check this thread for authentication options in ServiceStack.
https://groups.google.com/d/topic/servicestack/U3XH9h7T4K0/discussion
Look at example here
A simple solution is to supply a Login method, your customers must call this one with username and password before consume the service, you can issue a token to the client once username/password validated, usually stored in a database; then the client can call your API method with the token attached for each request so you can check whether the client has called Login method or not; the token will be destroyed after the client finished using service by either providing a Logout method or setting up a expire time for each token.
This is for your consideration. About "best" way, I think there's no such one way best for all situation. You will find the best way for you.
This might inspire you or prove useful.
http://visualstudiogallery.msdn.microsoft.com/b1d767d9-d6bf-41ee-89a8-313d338e63b6
There are also some links in there that talk about using API keys so you can control who's using your api why that's essential.