We have SharePoint 2010 application with contains Custom Web Parts. A single web part usually contain around 200 UI fields. Some of them are enabled and few are disabled with default values that will be loaded based on the logged in user.
Recently we came across an issue, user while submitting the application can use FireBug/DOM Explorer or some other developer tool and can tweak the disabled fields which finally submits the wrong values to the database.
We are trying to use Session Variables to store these default values and while storing them to database taking these values from Session instead of taking them from UI form.
Please let me know whether there is any better way to prevent such hacks in SharePoint?
Related
I have been tasked with making my company's Web App available offline. Before I move to the actual development phase, I want to be sure that my current strategy will not turn out to be a bust.
I first thought about using html5 app cache but after doing some tests I found that it seems to not cache the server side operations but the actual html that is rendered (Please correct me if I'm wrong). This will not work because the rendered html depends upon who is currently logged in. From my tests, it always rendered the html as if the last person that logged in (online) is logging in.
My current strategy is this:
I cache only the login page and an offline (.html) page to correspond to each aspx page that will need to be available offline. Every successful login (online) results in creating or updating Web SQL Database or IndexDB (depending on browser) with all data needed for that person to operate offline including a table that will be used for login credentials. In this way the only requirement for logging in offline is logging in with your login credentials at least one time.
My concern is that I am overcomplicating it. In order to make this work, I will need to create an html page for each current page (a lot of pages) and I will have to rewrite everything that is currently being done on the server in JavaScript including validation, database calls, populating controls such as dropdown lists and data grids, etc. Also everything that I change in the future will require a subsequent offline change.
Is there an established best practice for what I am trying to do that I am overlooking or am I venturing into new ground?
Please refer to these links, which gives you some insight on what is to be achieved. I'm not sure these are best practices, but these will be good starting point.
http://www.c-sharpcorner.com/UploadFile/aravindbenator/offline-mvc3-application/
http://www.developerfusion.com/article/84438/isolated-storage/
I need to develop a web based product. Features of this will be available to users based on subscription categories like Basic Version /Premium Version / Enterprise Version. I would like to maintain single source for these subscription categories.
Here my question is,
How to design web application, which has features enabled based on configuration / subscription categories?
Thanks in Advance
This is very general question, and I will answer generally.
You can assign Roles to your registered users, and then you check using the IsUserInRole to
see what you going to show and what not.
To gain speed you can assign the permission to the user session and not always call the IsUserInRole
You can open and close some part of your page using the Panel and the Visible of it. Also close the Viewstate of the Panels that are hidden.
Alternative you can use UserControls that inside of them you check if the user have permission to see it or not, and you hide it OnInit, and also disable the ViewState of it.
And of course if a full page is not permitted you can always make a full redirect.
So a full page can have Panels, and UserControls, and the views of it depend from the user level.
You will not be able to get this readymade , you have to design the application based on the technology you are using.
I had similar kind of project going on in which we store the list of feature in database and when the page initializes loads the feature list in session.
On various pages we are showing/hiding controls based on the feature availability.
Offcourse Single feature can also have category based on the User Roles that we can check using FormAuthentication methods and change the page server side accordingly.
Let me know if you have any specific approach in mind and have question related with it.
I want to design and develop a web base software that enable user to report a problem or discussion using ASP.NET and SQL server.
This application might has many forms. For example Form A for reporting bug for software 1 and etc.
I don't want to create a table for keeping data per form.
Solution that comes to my mind is making UserControl per form. and when user chooses a form application loading target usercontrol.
Now I have challenge for save and restore data that user entered into target usercontrol.
What is your suggestion ?
What do you suggest instead of using UserControl ?
I have also review using XML to keeping forms structures but I think its hard to create UI from XML .
I can not see the difficulty in saving and restoring your data.
If you use user control, then I assume you want to reuse it in other forms as well, or it doesnt make any sense.
Or what you want is to load asp.net controls dynamically?
Then step by step:
Firstly create a proper form page you need, then convert it into several user controls (according the business logic).
Reuse user controls you just converted in other forms based on XML
config files, or URL, or query string or session. In XML you can specify the method name you going to call for saving or retrieving data. (That's the structure of one of projects I worked on)
Hoep it helps.
How to: Convert Web Forms Pages into ASP.NET User Controls
I'm at a client site where they have an application which began in SharePoint and is slowly migrating away to a very custom ASP.NET application. Some of their data elements are still hosted within SharePoint lists, two of which currently in question are some "Notes" and "Tasks" (fairly simple data elements in their SharePoint setup, nothing special about them). One of the things I need to be able to do from within ASP.NET is to automatically create some new items for these lists and add them from code.
So far it's pretty easy. I found the existing web part which handled the editing for those items, attached the debugger to it, tracked how it got its values and what it added to the list, etc. However, one of the fields being added to the list item isn't quite as obvious. In the existing web part UI, the field looks like this:
Essentially, it's a field for entering a user from the current Windows domain. The book icon opens a pop-up which allows the user to search for a name, etc. In my current testing, I'm running as local Administrator on a development machine. So I just look for "admin" in the pop-up and it populates the field with "[machine name]\Administrator" as expected. Then, in debugging, the value that gets pulled from the field and entered into the SharePoint list item is "1" as opposed to a name or anything like that.
I assume that "1" is an identifier for the local admin account. Makes sense, after all. But my question is, how can I get that identifier for the current logged-in user in code? I've found code to get the current user's name, but not any kind of numeric (even though it's a string) ID.
Additionally, this wouldn't just be happening inside of an ASP.NET application context. There's also a WPF client application for laptops which would be generating these list items and synchronizing them back to the server when connected. I'm currently operating on the assumption that the client user would be logged in with a proper domain account known to the server.
I imagine this is pretty easy, I just haven't stumbled across what I need quite yet.
I suppose you're looking for this:
int userId = SPContext.Current.Web.CurrentUser.ID;
By the way, this is the internal Id assigned by SharePoint to the user. To get this Id from a WPF application, you could deploy a WebService inside SharePoint that would return this Id. Or you can even query the SharePoint database, but I'm not sure if it's safe :-)
I'm writing a pretty straight forward ASP.NET MVC web app: only a couple of CRUD pages, some folders where clients can browse documents and just 3 or 4 roles. The website will be used in a B2B scenario, where every client will have their "own" website.
At this point, the only thing that will change in the website, from client to client is the content (ie. the documents, and the rows of data they'll see). If this is the case, what's the best way to manage roles across all of my clients? I'm looking for the simplest possible solution because this is a proof of concept and I don't want to invest a lot of time right now.
What if it's not just the content that changes? Maybe some clients will want a few custom static pages. At this point, is my only option replicating the entire website? I'm leery of this because it'll become hard to maintain if I get a lot of clients.
I'd appreciate any help... I just don't want to shoot myself in the foot; I'm sure someone has done this before.
I create Virtual Directories in IIS for each client, all pointed back to the same folder where my ASP.NET code resides.
This allows me to support several dozen nearly-identical "web sites," each with their own database that is basically identical in form, only differs in data.
So, my site URLs look like:
http://mysite.com/clientacme/
http://mysite.com/clientbill/
http://mysite.com/clientcharlie/
There are two key implementation details I worked out for this:
I use the Virtual Directory folder name to determine which DSN my code reads from. This is accomplished by creating a simple static method that injects the folder name into a DSN string template. If you want to use the same database to store everyone's data, you can use the folder name as a default filter in your queries.
I store the settings for each web site (headers and footers, options, links to custom reports, etc.) in a simple "settings" table in each database (key, value) rather than in the web.config (which is shared). This allows me to extend the code base over time to customize the experience for each client without forking the code.
For user authentication, I use Basic authentication, and I keep usernames, passwords, and roles in a table in each database.
The important thing is that if you use different SQL Server databases for each client's content, you need to script any changes to your database tables, indexes, etc. and apply them across all databases at the same time (after testing of course). One simple way to do this is to maintain an Excel sheet with a table of database names and a big "SQL" cell at the top. Beside each database name, create a formula to "USE databasename;" and then concat the SQL code at the top.
I'm not sure if this answers your question completely, but as far as maintaining custom "static" pages I found myself implementing a system on a client's MVC website where the client can create "Pages" from their admin control panel and each Page has a collection of "PageContent" entities which consist of a Title and and HTML content field (populated using a WYISWYG editor). Upon creating a page the MVC application maps http://yoursite.com/Page/Page-Url-Specified-By-The-User to that page and renders its content there. Obviously, the pages are dynamic, but as far as the client can tell they have created a brand new custom page with little or no effort.