Membership.ApplicationName is a static string.
My issue is that if i want to change this value to interogate the membership of another application on the same database, the change is permanent, meaning the Application Name for the current site has now globally changed to this value.
In a perfect world i could call Membership.GetUser($username, $ApplicationName), but such a function doesnt exist.
Can anyone offer any ideas?
The Membership.ApplicationName is global by design. The MSDN documentation states that if you need an application that can change this value, it should be a single user app.
http://msdn.microsoft.com/en-us/library/system.web.security.membership.applicationname.aspx
(Read the Caution section under Remarks)
There are two alternatives to solving your problem:
1) Create a separate application for administering the users.
2) Write a custom Membership Provider that has the method you suggested. You would need to write the data access layer as well but the DB structure is well defined so it shouldn't be too hard to do.
Related
For starters, please forgive me and please correct me on my terminology. I am quite sure of the correct words to use for what I am trying to accomplish.
I have been given the task of building an ASP.Net Razor web site. It is something new to me. I am very proficient in PHP and ASP Classic. What I need to be able to figure out is how to declare a variable that is accessible everywhere. I do not know if in the .net world you call it a global variable or application variable or something else. But, here is how I would do this in Classic ASP.
In Classic ASP, I would have a file named VarFunct.asp. It would be the file that I declare my variables and have various functions I would access from anywhere. I would include the VarFunct.asp file on all of my pages. Anyway this is what I am really trying to do (written in how I would do it in Classic ASP)…
SelLoc = Request("SelLoc")
If Len(Trim(SelLoc)) = 0 Then
SelLoc = "All"
End If
In this case, Request("SelLoc") could be Request.QueryString or Request.Form. Then anywhere in my website I could use the variable SelLoc. So, in short... I need to be able to set a variable. Check to see if it is set by Request.Form, if not, check Request.QueryString, if not set the value to “All”. How do I write this? And where do I put it?
When I created the website using Visual Studio 2012, I selected ASP.NET Web Site (Razor V2).
This seems like it should be such a basic fundamental task of any website that has any kind of server side programming, but trying to find information and documentation online is near impossible, but probably because I am not using the correct terms for my question. I have not found any Razor tutorials that talk about setting variables that can be used globally across the website.
If someone could please help me out here by either telling me what I need to do or point me to a good tutorial, that would be great.
what you are looking for is called Static Class/Member
This will allow you to store and share data for the whole application.
BUT! since web server is multi-threaded, you wouldn't want to do this or else you might run into the case where the data is overwritten by another request before you finished the current one.
If you need to pass data from controller to your View you can use ViewBag dynamic object
If you need to use the data anywhere else (for example in a helper class) then do
HttpContext.Current.Application["VariableName"] = something
It is basically a dictionary and each request will have a different Application object
There are several ways of doing this.
For your example I would assume that this particular variable can be different for different users that are using the application at the same time. This is more of a Session scope than Application scope.
In this case you could simply use inheritance and make a base controller and/or base view model class that all your other controllers and/or view models inherit from. This way you can pass it back and forth between the view and controller and read/update it whenever you need to.
You could also use the Request and HttpContext and Session objects that are built into asp.net, if they fit your need. A brief overview of some of their functionality can be found here: https://learn.microsoft.com/en-us/aspnet/web-pages/overview/api-reference/asp-net-web-pages-api-reference --- google searching specific ones yields tons of results.
If you truly want Application scope, you can of course use a static class for you utilize static methods. Then you don't need to include the class in every other class, but you would need to fully name qualify the method when you call it.
I would not recommend static variables at this level though. I can't imagine very many things that would need to change for every single user that you would change while the application instance is running. Most of these sorts of items that we use are caches (generally db lookups and such, that we don't want to retrieve from the db each time, and RARELY get updated). If you utilize caches, be very aware of your thread safety when updating them. Here is an msdn on caching: https://msdn.microsoft.com/en-us/library/aa478965.aspx --- Or application configuration settings, like the application environment. We pull most of those from a config file, and they are read only, we don't change them within a running instance of the application.
I have a C# WPF desktop application and I need to keep track of the current user of the program (not the Windows User, just the user registered in the program, by a registration form and saved in the programs own Data Base).
I am looking for the best way to handle this, and looking on the web just shows me ASP.NET examples or how to get the Window's current logged user. Right now I can think of these options:
Make a global variable that can be accessed inside the whole app and hold the user there.
Make a DB table to hold the current logged user after the login is validated, so checking that table everywhere in the program will give me logged user.
Use some kind of Class already made for this, but I have no knowledge about and you guys will tell me about it.
I like more option #1, but I would like to know if there is any "common" and "recommended" way of doing it before jumping into coding it.
I'd recommend creating a User class that defines a user with all the info you need. Then create an instance when the user logs in, and pass that instance around as a parameter to functions etc that need it.
If you can find a .Net class that already does this, that'd be great, too! I've used Windows/Active Directory authentication in some apps, and that dovetails nicely with .Net. https://www.google.com/search?q=c%23%20active%20directory%20authentication
Here are a few objections I have to the other options:
Global variables - tend to clutter code. They also tend to violate the Single-Responsibility principle
DB table - adds complexity as you have to clean up from an unclean application exit. Also adds a little more storage requirement
Single-Responsibility principle: https://en.wikipedia.org/wiki/Single_responsibility_principle
I am developing an ASP.NET MVC 5 application and I need to manage some global parameters, which are basically just a set of key-value-pairs. My requirements are the following:
Initial values are read from a server config file.
Parameters are available in every controller for both reading/writing and adding/deleting (like a new parameter can be added if certain controller is executed).
Parameters should surface subsequent request (either residing in Session or serialized in QueryString).
I should be possible to see and easily manage them (CRUD) using a special admin webpage.
My "brute force" approach for this would be just to implement a static class with List<Tuple<string,string>> to keep the settings, use System.Web.Configuration.WebConfigurationManager to populate initial values, use static properties to store and retrieve the list in a session variable and design a separate controller and view for managing the settings.
But this looks like re-inventing the wheel to me. Is there any (not necessarily full-fledged) pre-existing solution (in ASP.NET, or as a NuGet package) I might rest my efforts upon? Or maybe I am missing something fundamental in ASP.NET?
UPDATE: Depending on the nature of the parameter, some of them might have the lifetime of the Application, whereas some of them are bound to the current user session. Therefore they need to be either preserved in a Session object or "passed through" in every request.
That sounds like the most common approach, I don't see anything wrong with using session variables.
I'm trying to figure out the correct way to implement and code the following using desing patterns, or a good object oriented solution:
There is an user class which can contains a variable set of permits, each one enables him to do different action on the application. The idea is to be able tell a certain user object to, for example delete an order, if he has any permits that enable him to do so, do it and if not, to raise an exception.
If someone has a place where to read about this, it's helpfull too.
thanks
There are built in functions for permission in C#/.NET.
The access requirements on a function is set through the PrincipalPermissionAttribute class, or inside the code with PrincipalPermission. To prevent a method from being called unless the current user is a member of the Administrators role, the following attribute is used (sample from MSDN):
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
static void CheckAdministrator()
{
Console.WriteLine("User is an administrator");
}
Both these checks against the current identity of the calling thread. So what you need to do is to implement the IPrincipal interface to allow your users to be set as the thread identity. Then you can use standard .NET PrincipalPermission to check security. It works exactly as you want - if the security demand is not met, an exception is thrown.
If one user can have multiple permits, each permit allows different execution tasks, then you might wanna have a look at decorator pattern.
although it depends a lot on your requirements.
some time ago we implemented impersonation into our application (a DMS system). We did this because the users should not have access to the physical files of the document pages.
So the user logs into our application, gets impersonated to a special user so he can access the files he needs from within our application.
When this impersonation was planned we didn't think that it would be a great thing: The user impersonates one time and everything is fine. We implemented the code into the existing methods where it was needed (just sth. like Impersonation=true or Impersonation=false).
This was wrong: Impersonation had to set off and on on several places (for example, when the user wants to send a document as an email you have to set impersonation off to use the user's mail profile) so whenever we add a new functionality we have to test with and without impersonation.
Because I have additional functionality to implement I would like to extinct this behaviour to get a clean approach. But I don't really have an idea what could be best approach.
First thing that comes into my mind would be the state pattern, but this would result in an impersonated class and a not-impersonated class for all classes where impersonation takes effect. This would increase the number of classes.
Other thing would be method pointers: When using impersonation call impersonated version of function, else call not-impersonated version of function.
This would lead to more methods. Better than state pattern approach? I don't think so.
So, what would be your approach to get a clean solution?
(I already thought about using threads but this seems to be very complicated)
Hope you can help me.
Regards,
inno
Sounds like a crosscutting aspect - maybe aspect oriented programming?
Well one option would be to define what the default behavior should be such as impersonation on for the user. This default behavior would happen at time of login to the system. When the user performs other behaviors in the system such as sending a document as email this could be encapsulated in a service where the service takes the user as an argument and then uses the impersonation necessary for that feature. To take your example:
var emailService = new emailService();
//inside the service call it would apply the impersonation necessary for the operation
emailService.send(user, new Attachment(documentToSendViaEmail));