I am using master pages for authorization. I have three different user types: Readers, Authors and Admins.
I have a Main.Master which has the fundamental things of my pages. Then I have,
Reader.Master
Author.Master
Admin.Master
These inherited from the Main.Master. I am checking if the user really logged in (Session is not null) and if the UserType is true in Reader.Master, Author.Master, Admin.Masters Page_Init() functions.
First question: Is that a good practice? Please consider that I have zero experience of using other ASP.NET built-in stuff for user management, authorization etc..
Second question: There are some pages like ForgotPassword.aspx which all UserTypes should access the same page. In my structure, I need to create three different pages inherited from three different Master's. How to solve this issue?
To your first question: I use it similar. I'm not sure if it is a good solution but it works for me.
Second question: You can define ContentPlaceHolder in your master pages.
<asp:ContentPlaceHolder ID="MyId" runat="server" />
In your aspx site you define for each ContentPlaceHolder one Content container.
<asp:Content ContentPlaceHolderID="PageContent" runat="server">
<!-- content for this area -->
</asp:Content>
If you define in your three user type master pages ContentPlaceHolder with the same ID you can use in a page like Forgot.aspx the same content for each master page.
Second question: There are some pages like ForgotPassword.aspx which all UserTypes should access the same page. In my structure, I need to create three different pages inherited from three different Master's. How to solve this issue?
Create User.Master and Guest.Master with same way and you will have masters for all kind of users.
User.Master will check only if user is logged in.
well, authentication in master pages is acceptable, if not the best practice. I have seen many books that start with these kind of tutorial. however you may face some issues when your website scales, also handling authentication related data in other than pages like in haldlers or global.asax can be a pain.
However this kind of authentication will be OK when the scope of website is limited and you doesn't require advanced function.
regarding you 2nd question then yes what you are getting is the side effect of the method being used. what you can do is create only one page using any of three masterpages. in that master page where you are checking for authentication, there you get the name of the page, and if the page name is same as forgot.aspx or what ever just ignore get out of the normal process.
eg
if (System.IO.Path.GetFileName(Request.PhysicalPath).ToLower() == "forgot.aspx")
{
}
else
{
doauthentication();
}
just make it as a normal webform page without master page, users can't log in if they forgot password, you only need to show them a normal page like the login page
Related
I am trying to make a member based website in which I will need to keep the HEADER and certain other elements fixed on every page of the site.
I am familiar with the concept of MasterPages in Asp.net, and SHTML however I find it a bit confusing and tedious to use them for a website.
I want to know that are their some other ways to achieve the same feat in a way other than SHTML or MasterPages, one that is more refined and easy to implement?
Create User Control In your Application and Register Your User Control in your Page(like .aspx).
<%# Register TagPrefix="UC" Src="~/UserControl.ascx" TagName="mycontrol" %>
and Use Like control.
<UC:mycontrol ID="my" runat="server" />
You need to get acquainted with the concept of UserControls. Read here for a complete understanding: MSDN LINK
User controls are powerful functionality of ASP.NET. With the help of the user control you can reuse the Design as well as code in the application.
This another link provides very basic introduction of UserControls and finally ends up creating a one:http://asp.net-tutorials.com/user-controls/introduction/
I am currently using a perl script that concatenates header/content/footer files together. However this is a bit OTT so I am in the process of converting to iframes. All you need do is add a line to the top of each page...
<iframe border=0 src="http://mysite.com/header.html"></iframe>
You can adjust the size of the frame if needed.
If you don't like master pages, you could always try Dreamweaver templates, which auto generates the template contents on each page using the templates.
im using asp.net with c#,
I want to check whether a user is on certain active directory group.
Im doing this check:
if (HttpContext.Current.User.IsInRole(ConfigurationSettings.AppSettings["Group"]))
{
}
The thing is: where do I place this code?
The site has several pages and I want the validation to be on all pages.
Do I put this on the master page?
Thanks.
What do you want to do if the user is not in the required role? Depending on the answer to that question, you could:
check it in the Master page
check it in a base Page from which your Page code-behind classes derive
check it in global.asax, for example in the Application_AuthorizeRequest event handler
... etc ...
I have some pages that have content that is relevant to both logged in users and non logged in users. For example, pages with contact information, privacy policies, etc. All the pages have your typical navigation menu but the thing is logged in users normally see a different navigation menu bar than non logged in users.
What is the best way to do this in ASP.net?
So far, possible solutions include the following:
Displaying the content using a pop up window. The page will contain no menu and is just some basic page doesn't need to check what type of user is seeing it.
Programmatically changing the master page depending on whether the user is authenticated or not. However, there are some variables on one of the master pages that need to be accessed but isn't touched at all by non logged in users.
Putting the content in a user control and sticking this user control on two separate pages to be displayed to the appropriate user.
I'm not really a fan of #1 because users visiting the site for the first time may have some type of popup blocker or have javascript disabled.
I know #2 is possible by having the page use some type of base class that has inherited from MasterPage. However, I've read that this might not be the best design since now one of the pages has access to variables that isn't really necessary.
The third method sounds reasonable but then there'd be two separate ASPX files.
Is there a proper way of doing this? Or another method I haven't thought of yet?
edit
To clarify, logged in users need to set certain variables in their master pages where non logged in users do not. The reason for this is that there is a user control that displays a special navigation menu that will highlight certain items depending on these variables.
For example, the user control requires a string to determine which item to highlight. A page with profile information will provide "profile" as a parameter that will highlight the "Profile" item on the menu.
The menu in the user control is generated dynamically based on data from the database. The menu items are grouped by category and are displayed with an appropriate heading that is also pulled from the DB.
Programmably changing the master page is easy; just supply the correct URL on pre init, set
protected override void OnPreInit(..)
{
if (this.User != null) {
if (this.User.Identity.IsAuthenticated)
this.MasterPageFile = "~/loggedin.master";
else
this.MasterPageFile = "~/notloggedin.master";
}
}
No base class needed for this.
User control approach would work too, but changing master page file is really easy to do.
EDIT: If you have properties to set or get from the master, you could have the code-behind file implement the interface, and check if the this.Master reference is of that interface type.
HTH.
I have a certain page and depending on an administrator role a lot of extra validation controls have to be inserted. However I don't want to take the risk that a validator gets turned on for other users.
What I was thinking is to use some form of "Visual inheritance" but I don't know which path to choose. Perhaps have separate .aspx pages which inherit from the same class (which inherits from Page)?
Side note: this has to be done in webforms, not mvc.
Extra information: The problem I'm trying to solve is the separation of roles and the impact on the page without having to duplicate the page and having to maintain any changes in both. There are clients who get to see the vanilla page and admins can see the same information but with added validation controls. However these validation controls should not be seen by the clients. Also some more information can be seen but that could be handled by using rolebased viewing of certain user control.
Anyone has an idea about this?
Why don't you want to use master pages? Master pages do exactly what you want to do - they can even "inherit" from each other (in a manner of speaking).
I would suggest that you use master pages to do what you want.
ASP.NET master pages allow you to
create a consistent layout for the
pages in your application. A single
master page defines the look and feel
and standard behavior that you want
for all of the pages (or a group of
pages) in your application. You can
then create individual content pages
that contain the content you want to
display. When users request the
content pages, they merge with the
master page to produce output that
combines the layout of the master page
with the content from the content
page.
If the problem you are trying to solve is role based viewing of controls and you are using the builtin asp.net membership/roles providers, you could use the LoginView control to manage the visibilty of the admin stuff:
<asp:LoginView runat="server" ID="LoginView">
<RoleGroups>
<asp:RoleGroup Roles="Admin">
<ContentTemplate>
Special Admin content
<asp:RequiredFieldValidator></asp:RequiredFieldValidator>
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
Often such problems can be solved by splitting the page into user controls (.ascx). It can become a bit messy, but gets the job done.
Inheritance of pages is difficult, although possible. What you must realize, is that one .aspx page cannot inherit from another .aspx page. This is because of how the ASP.NET compiler works: your .aspx XML markup is compiled into a class that derives from your code-behind class. Since this only happens at runtime, you cannot have another .aspx page inherit from it, because the class is simply not there when the code-behind is being compiled.
What you can do is to create another class that inherits from Page and make your .aspx code-behind classes inherit from that. That is possible, but note that this class will not have an .aspx XML part - you will have to instantiate all the controls yourself, as well as assign their properties. In most cases this will be quite messy.
VS2005, ASP.NET, C#, IIS6
Hello friends,
I have a master page divided into three sections i.e. header, details, footer.
The header section contains web user control having AJAX tab container. We are showing or hiding tabs according to user previleges. Initially only one tab is active showing user to log in. When the user logs in other tabs are activated.
I have used <%# OutputCache Duration="120" VaryByParam="none" %> within my user control. When the user logs in NullReferenceException is generated on one of the method within that control.
When I remove the OutputCache, everything works fine.
Could someone guide me what should i do?
Thanks in advance
The "easy" way to fix this is to check if the value is null, if it is null create it.
A better way would be to find out why it is null.
One possibility is that the first time that page is called there is a parameter that determines that one of the controlls should not be created. The second time it is called it is called with a parameter that say that the controll is required, but it is using a cached version of the page that does not have that controll.