I'm in early phase of building a RIA with ExtJS and ASP.NET MVC.
Users in the system will have numerous different user rights that restrict which elements are visible and what actions user can make.
For example in the user managment section, only superuser should be able to promote user to 'admin' status. So the 'add admin status' -button shouldn't be visible to users who are not superusers.
What would be the best way to dynamically create (or parse) the ExtJS components at the server side with the right composition of elements depending on users rights? These components would then be loaded to the viewport via AJAX-requests.
The example was very minimalistic, but I hope you get my drift. The real life situations are (of course) far more compex and I'd like to find a solution that's intuitive and maintainable.
Why not just use standard logic in the page to exclude buttons etc. from the UI? On the server side you already know what the user's entitled to do. Is there really a reason to use AJAX requests to conditionally populate the UI? IMO such population should only occur as a result of user actions (e.g. expand a tree node).
Related
Goal:
I am trying to create a permissions page that assigns permissions to roles based on the controls in the webforms throughout the application. I am trying to write the code that would create a string of controls for a given page. The page name would be passed in as a string.
This post below is very similar to what I am looking for although it was written for a windows form application in VB.NET. I am hoping to find a solution in C# and applicable to webforms. http://www.dreamincode.net/forums/topic/222439-list-of-all-controls-in-project-vbnet/
This next post also seemed to be what I was looking for but the suggestion of find in files doesn’t work as I would like the code to be more generic and extend as I add pages or controls to forms instead of hard-coded:
Get List of Controls on each WebForm in an Assembly
General Idea:
My idea is to have a user select a role from a drop down list. Then the user would select a page in the application from a drop down list. The SelectedIndexChanged would then query the webform class of the page selected and produce a grid listing the names of the controls on that page and another drop down list of permissions that could be assigned. When the user was done editing the controls and permissions, they would click save and the information would be saved to the database.
When a forms authenticated user loaded the page, the page would query the database for permissions on each of the controls and based on the user’s role and permission would either have readonly, edit, or not visible status assigned to that control. My final goal is for the end user administrators to be able to manage the permissions in the application instead of having a broad set of roles and permissions or having to do custom one-off work based on a customer’s needs. Please note that this would be the only page where I am trying to access controls on other pages.
I am trying to list all controls in an ASP.NET project or namespace since in my case there is only one namespace in my current project. I have found plenty of examples listing the controls on the current form but have not found any code that can do it site-wide.
I have also been able to list all the webform classes that I have:
How to get all classes within namespace?
But it doesn't seem that you can then go and query that class for the controls that are defined there - if someone could solve this piece, I think that would get me to the next step.
What I have Tried:
One was to instantiate the webform itself and then loop through the
controls all programmatically. This was not successful at least the
way that I was doing it. Webform1 wf = new Webform1(); I also tried
adding a constructor and a method to then go and loop through the
controls.
I also tried instantiating the webform class through the
Activator.CreateInstance I tried following the example at this page:
Instantiate an object with a runtime-determined type
Example:
Page o = (Page)System.Activator.CreateInstance(Type.GetType(pageName));
foreach (Control c in o.Controls)
lblMessages.Text = lblMessages.Text + c.ClientID.ToString() + "<BR>";
This was also not successful. It did compile but I would get a control count of zero and of course no controls.
The final method, which I am trying to avoid is a manual method of
collecting the controls on the pages in my application (which
should be static once in production) and then still having the permissions page and the administrator assign the permissions to the
role at that point.
Finally:
Any help pointing me in the right direction of being able to dynamically fine-tune permissions to controls would be much appreciated even if that includes looking at a different way to handling permissions.
That is the basic architecture of CMSs.
Using Activator.CreateInstance is on the right track. But there are a lot more into it such as persistence of control states between posts.
Please look into DotNetNuke in which controls are loaded dynamically.
If this is too hypothetical and needs to be somewhere else, please let me know.
I have a project that needs specific gridviews to appear on multiple pages. Instead of copying and pasting the gridviews on each of the pages I thought creating a user control for each specific gridview or create a page for each gridview and then use iframes would be my best options.
I have not used either extensively so I am looking to the SO community's experience, are there known problems with using user controls and/or iframes when it comes to:
validation
communication between user control/iframe and parent page
ajax/updatepanels containing user control/iframe
thanks in advance
Since a gridview is essentially a user control (that's very flexible), I would first explore doing this with neither of your options. If possible, use the standard gridview and let your data layer do most the work. However, assuming you already know that... but your requirements require one or the other of your options, here are things to consider.
An iframe is easy to implement but unless your need is really simplistic in terms of user interaction, the user control will be the most flexible. Another downside to an iframe is it's size (you're essentially loading two pages). The downside of user controls are the upfront time in building them.
Based on your criterion:
1. validation - can do with either option but you'll have more flexibility with a user control
2. communication between user control/iframe and parent page - much easier with user control unless query string parms will do the trick
3. ajax/updatepanels containing user control/iframe - again user control
I'm building a basic web application in ASP.NET 4.0 with C# in Visual Studio 2010 Pro. I'm still very new to C#, and am used to Delphi coding. My website already has registration/login, and although I use some asp.net controls, a majority of my pages are dynamically loaded from my SQL database and I manually compile the HTML code from C# and insert it into the document.
Now what I would like to do is implement a poll - or a vote box - an 'object' which can be re-used in different pages. My website's master page already has a permanent left panel which has things which show on every page. One of these will be a small box with a vote of a few questions.
All I need to know is how do I begin to build an independent plugin control for a web page like this? I don't necessarily mean a separate DLL or anything, my existing one can handle everything. But I'd like to re-use the same little voting box in different pages too. So I'm assuming this will be considered a separate page, in a way, which is probably about 120 pixels wide by 80 high. Each vote will be limited to either login account or ip address (which I already have access to). So this solution must interact with the existing asp.net application.
So how do I begin the 'backbone' of such a plugin which can be re-used in multiple pages? I do not plan on distributing this plugin, and I don't even know if this is the correct term for what I need. Just a 'box' which can be 're-used' on multiple pages - which must interact with the asp.net app.
To better explain what I mean, imagine how Facebook has the plugin where you can embed some general info about likes and such. I'd like to make my own box like this - and even be able to embed it in other websites.
It sounds like you just need to make the poll into a user control. The documentation should get you started with them. A control can access everything an ASP.NET page can when it comes to the login information. It won't handle embedding into other pages though – embeddable active content that authenticates against your site is a nontrivial problem.
As I said in the comment, if most of your HTML is creates as a blob that's opaque to ASP.NET, it will probably be nontrivial to insert a user control into the middle of it.
I am working on a B2B portal web app, where i need to display upcoming news , products and company info on regular interval (say as slideshows and tickers).
For example :
Scenario 1. I need to display the latest company(registered in this week) in a marquee style. Where companies will be pulled out from database.
Scenario 2: I have some products categorized as hot products, that will be displayed as slideshow on the home or somewhere else.
I know using Jquery and Static pages its possible. But i havent idea about how to do this with ASP.Net databaound controls like grid, repeaters, datalist etc. We are not in favour of purchasing third party controls, instead it will be a last resort for us.
Please help me through buil-in controls. Any help will be highly appreciated.
You should decide whether you want to do with JQuery Widgets or ASP.NET controls (or third party ASP.NET controls like Telerik). Can you use both - yes you can, but you are only going to add more complexity to your app because ASP.NET controls don't know about your JQuery Widgets and you have to provide the glue to tied them both and keep them synched up. So if you decide to build everything in JQuery - convert your static html pages to .aspx pages then add additional serverside functionality to return the data. For AJAX behavior, you can use what is called Page Methods in ASP.NET or write seperate Script Services. You will make use of what is called a ScriptManager. That way you can keep your existing markup and rely on ASP.NET to provide you with Data. The other alternative is to convert everything to ASP.NET Controls - and rely on the builtin or third-party control suite to provide the functionality.
I'm currently converting our company database application from VB to ASP.NET. This is pretty much my first ASP.NET application, and I had a question about security. I would like some users to have the ability to add or edit data, while other users can only view and print reports. Now, as I understand it, in ASP.NET, I can use form-based authentication to restrict access to certain pages, but what I really would like to do is use the same web page for not only viewing the data, but also editing it (using a grid view). I don't see how I can do that using forms-based authentication without having separate (but similar) web pages in different folders, each with it's own level of security.
I guess I could always use the same web page, then check the users roles to determine if I should enable the 'edit' button or not. Is that a good (and common) programming practice?
Thanks
Checking the role membership is an accepted way of doing it. Do not however just check when you display the button, check during the response to the event it triggers as well, just in case someone tries to bypass event validation.
User.IsInRole() is what you need. As mentioned, check this at each step - users can fake any kind of HTTP response, so every server-side method needs security checks.
Don't just check whether to enable or or not... You must also check it when the edit button is clicked.
I would implement my own custom RoleProvider (MSDN Article). And then have different roles that describe the different access levels on your application, and like blowdart said check when buttons, panels are being diplayed whether the user has access or not to that resource.
Can I recommend using monitoring SQL Profiler (or similar) when you are testing the page if you are using a database? You'll be surprised the amount of calls the db gets for a seemingly trivial page load.
Also, please check security trimmings in ASP.NET. Worth having a look.
Cheers.