Hi ive asked this over on the offical asp.net forums aswell though it would hurt to ask here to.
First some background information (feel free to skip it)
i've only recently started learning asp.net web pages
To start i picked up a few books, that went through web security register/login etc. Using the WebSecurity class.
A while back I made my own website to sell/distribute my own software. This was done using php & mysql.
However ive been wanting to update this as well as build a few more product oriented websites. And just use the main site as a store.
I could do this in php but I would need to brush up on it first. Which given my situation isn’t the best use of my time. As lots of jobs ask for experience using asp.net as well as several years programming experience part of the reason I decided to try and develop my own software. But it it doesn’t work out ill need a job which is why I started learning asp.net.
Now the problem
For my existing site I chose to generate a string of random letters and numbers to use as ids for products, customers etc. I do the same in my software as well instead of using the auto increment in the data field so id 1,2,3 etc.
instead I have strings like a3hgt4ssf, 3243dfsa, sdas342d.
Initially things started okay using following the book using WebSecurity and along with the role provider to deal with logins, creating users, restricting access etc.
Then I found out I had to use the auto incrementing ids. So I started creating my own web security and role provider based upon theirs same functions etc.
But now im stuck initially I stored some data in cookies loggedIn, customerid, username no password then I just checked for the is login cookie. This was how the books did it when I first started learning web development but I moved to software and haven’t followed it to much over the years (lack of time).
Now im not sure if I should be using cookies (same as before) or not, or should I use sessions which expire when the browser closes (as far as I know)
My main concern being security i'm using paypal to process payments. So I think that makes it less of an issue but still.
Im also aware of the size of the .net framework, so I don’t want to reinvent the wheel if features are already available to the accomplish what I need.
Related
I am a little confused as to how the identity framework works. For example in VS 2013 we can create an MVC application that the authentication is individual user accounts. Once we create it we can register with a username and password. But what if we wanted to have also a DOB in the registration or some other fields such as email or phone etc? Can we do this with the identity framework? What about the way the data base is structured, can we have a custom structure? Or if I want this should I be using forms authentication? Also what is the difference between the Identity framework and Forms authentication in terms of authentication?
Although your post has already been marked as answered, I’d like to add a little more info for future readers.
The first thing we need to understand with VS and Microsoft is that they’ve always tried to provide us with Templates to help us get started. There are many Pros and Cons to using Templates but the idea is that it gets you started quickly without having to manually include stuff yourself.
The idea of Templates is great but to the untrained eye, it provides Microsoft an opportunity to include stuff that THEY think you’ll need or better yet, what your application will need.
This opportunity includes promoting products such as Identity, Knockout.js etc...
In short, Microsoft is not wrong in doing that since the majority of the people do not second guess what is included in their project and because they…well…trust Microsoft.
A great analogy is when you purchase a new computer from a major retailer. When you arrive home and start your computer, you quickly notice that you have a bunch of pre-installed software running in the background (that you never asked for).
To the untrained eye, they will never realize that these are running in the background and their computer will work regardless. But for someone that is aware, he will most likely uninstall all of them and have a cleaner plate.
So Templates are similar to this...
As for the rest of your questioning, I’m sure by now you’ve found the answers.
Even though Microsoft sells ASP Identity as a single solution, Forms Authentication and Identity (Membership) are two distinct frameworks that work together, but serve different purposes:
Forms Authentication manages authentication session/cookies.
Membership/Identity is the store for user information (credentials, user demographics, etc.)
Look here for some additional information and links.
I find a few topics on this, but they point to too-generic documentation or, for the link that seemed most pertinent so far, don't work.
(I'll refer to all the built-in functionality for membership/roles in .NET as "Membership" here on out.)
Using .NET 4.0 and Visual Web Developer 2010 Express and SQL Server 2005.
I'm creating a website where, in order to sign up, you need to be a paying member. I've already created the database that holds all membership info, and I've already created the form where they sign up, as well as the pages where they themselves or site admins can manage their account info. I've also even created a class for authenticating them and checking for permission on pages based on level of access (roles).
I'm hoping for a clear, concise explanation of either of these options:
• Point "Membership" at the place where username/password are stored, disallowing it from auto-creating its own db. (I'll then go back through my site and replace my own custom authentication in the few places I have it with official .NET "Membership".)
• Or still run my own custom authentication, but in that process, say to "Membership", "Hey! User known as "username" and of role "member" is now authenticated. Note that in your own special place, assign them that role, and know what to do with it when I ask you hereafter." Could this be "Forms Authentication API"?
There's more to the account than just username/password/role. I know I can add more fields to accounts created using .NET but I also really don't want to use some randomly created, self-contained, disjointed database just for the sake of handling logins.
I have not yet learned the basics of "Membership", though I'm getting darn close in my process of learning .NET; and I can't spend the time right now making progress on that for personal reasons, but I have to proceed with making this site. I would like to be able to use many of the benefits that come along with .NET security, like being able to exclude users from folders using web.config, etc.
Mostly I'm just seeking assurance it will be possible for me to backpedal after I get some other aspects of the project shored up, but before I make it live, and without having to rewrite half of the membership forms and splitting that data into several databases and figuring out how to use "Membership" for either pieces of it or all of it when a member signs up.
Possible?
If I understand you correctly, what you are working on is similar to something I am working on here.
We have a custom authentication scripts in ColdFusion and I am creating a second .NET System with Membership login.
The way I went about it was to move all the user/role/profile information into Membership's tables and created an additional tblUserProperties table which holds all other information that the Membership standard tables cannot hold.
I have recoded the ColdFusion queries to point to the new Membership tables.
This way, if a user change password from either system, the logins will work from the other system as well.
I think keeping two systems/tables that do the same thing (authentication) is risky because of the password change reasons. There could be more, but why can't you just simply change your custom code to point to where Membership is pointing? That way you can use Membership provider to its full potential.
We’re currently evaluating development with Sitecore 6 for a project. The client already bought it, so using another CMS isn't an option. The proposed setup would have Sitecore as our site’s content data provider; which would be consumed by a site built in ASP.Net MVC 3. We’d use Sitecore’s libraries to retrieve data from the Sitecore database on the server side.
In some cases, we also may want to consume content data via client side AJAX calls. I’ve been working on prototypes for this to see what data I can get back from a custom proxy service. This service calls GetOuterXml on the item, converts the Xml to JSON, and sends back the JSON to the calling script. So far, I’m finding using this method limiting; as it appears GetOuterXml only returns fields and values for fields that were set on the specific item, ignoring the template’s standard value fields and their default values for example. I tried Item.Fields.ReadAll(), still wouldn’t return the standard values. Also, there are circular references in the Item graph (item.Fields[0].Item.Fields[0]...); which has made serialization quite difficult without having to write something totally custom.
Needless to say, I've been running into many roadblocks on my path down this particular road and am definitely leaning toward doing things the Sitecore way. However, my team really wants to use MVC for this project; so before I push back on this, I feel its my responsibility to do some due diligence and reach out to the community to see if anyone else has tried this.
So my question is, as a Sitecore developer, have you ever used Sitecore as purely a content data provider on the client-side and/or server-side? If you have, have you encountered similar issues and were you able to resolve them? I know by using Sitecore in this way; you lose a lot of features such as content routing/aliasing, OMS, the rendering and layout engine; among other features. I’m not saying we’re definitely going down this path, we’re just at the R&D phase of using Sitecore and determining how it would best be utilized by our team and our development practices. Any constructive input is greatly appreciated.
Cheers,
Frank
I don't have experience with trying to use Sitecore solely as a data provider, but my first reaction to what you're suggesting is DON'T!
Sitecore offers extremely rich functionality which is directly integrated into ASP.Net and configured from within the Sitecore UI. Stripping that off and rebuilding it in MVC is lnot so much reinventing the wheel as reinventing the car.
I think that in 6.4 you can use some MVC alongside Sitecore, so you may be able to provide a sop to your colleagues with that.
Background:
I am an intermediate web app developer working on the .Net Platform. Most of my work has been defined pretty well for me by my peers or superiors and I have no problem following instructions and getting the job done.
The task at hand:
I was recently asked by an old friend to redo his web app from scratch. His app is extremely antiquated and he is getting overwhelmed by it breaking all the time. The app in question is an inventory / CRM application and currently each customer requires a new install of the app (usually accomplished by deploying it on a different domain on the same server and pointing to a new database).
Currently if any client wants any modifications to the forms such as additional fields, new features, etc my friend goes in and manually adds those fields to the forms, scripts, database etc. As a result all installs of this application are unique. There is no one singular source repository and no one single version of this app. Generally new features are overtime rolled into the other sites, but still this is done on an individual site by site basis.
I will be approaching this on a very modular basis. Initially I will be coding a module that will query an external web service for some data, display and store it, and periodically update it automatically. The next module will likely be for storing and displaying inventory data. This way I want to over time duplicate the current feature set of his app 100% but do it incrementally.
The Million Dollar Questions
I want to make the app have user
configurable form fields. The user
should be able to go to an admin
page, create a new forms page of a
certain category, and then specify
what fields he wants in there. He
could say 'create a new text field
called Item # and make it a
requirement" and that will get
stored somewhere. All forms will be
dynamically rendered to screen based
on what the user has configured. Is
this a good way to go about the
problem of having no idea what a
customer could want in a form? and
thus be able to store and display
form data of any sort ? What sort of
design pattern should I follow here?
I am familiar with asp.net and
the .net framework in general and
have decent knowledge of javascript,
html, silverlight, jquery, c# etc
etc. I can work my way around web
apps in a good way, but I am not
sure what sort of framework or tech
I should use to accomplish this
task. Would ASP.net 3.5 webforms be
the way to go? or should I look into
ASP.NET MVC? Do I use jquery and ajax for
complete decoupling of frontend and
backend ? or will a normal asp.net
page with some spattering of ajax
thrown in working with a codebehind
be the order of the day?
Just looking for general advice before I start.
I am currently thinking of using ASP.NET 3.5 webforms, jquery for clientside animation, ui, manipulation and data validation, and sqlserver + a .net or wcf webservice for backend.
Your advice is much appreciated as always.
I've recently implemented a white-label ecommerce system for an insurance company that allowed each partner to choose their own set of input fields, screens, and order the flow of the application to suit their individual needs.
Although it wasn't rocket science, it added complexity and increased development time.
Consider the user configuration aspect very carefully In hindsight both my client and their clients in turn, would have been happy with a more rigid system.
As for the tech side of your question, I developed my project in VS2005, using asp.net webforms and webservices with a SQLserver back end, so the stack that you're looking at is definitely capable of delivering a working product. ASP.net MVC will almost certainly help as far as testability goes.
The biggest thing I would change now if I was going to start again would be to replace the intermediate webservices with message based services using nServiceBus, MassTransit or the like. While the webservices worked fine, message based communication should be quicker and more reliable.
Finally, before you start to code, make sure that you understand the current system's functionality inside and out. If the new system doesn't do something that the old system did, it will be pretty obvious to the end users straight away.
This may sound a bit general, but I have a startup that is working on an ASP.NET (greenfield) suite of software applications. We are aiming to spend a substantial amount of time in the architecture phase to develop a strong foundation for our software. I was wondering if anyone has any advice, anything we should focus on or any suggestions for areas we should focus on to build a better suite.
Some things we are focusing on right now:
1. Session state requirements - should sessions be sticky or should we take server clustering session migration into account.
2. User login authentication - what are the major concerns in this space - LDAP, AD, custom SQL authentication systems etc.
3. The DAL - ORM vs Stored Proc
4. Integrating multiple ASP.NET applications in a single software suite. How it should look/feel. How it should be architected, etc.
I would appreciate any advice from any architects out there that have built similar systems from the ground up.
I know there are lots of solutions to session, but if you can create your framework to be session-free, you will avoid a lot of potential headaches. (There are lots of session-free options, but an obvious one is a hidden form field, somewhat like ViewState.)
Just some quick notes. I can't get too detailed since we went through this exercise where I worked last year - and I don't work there any more!
Start from the beginning using Enterprise Library, especially the Logging and Exception Handling application blocks. I've also found their Unity dependency injection library to be very useful.
Consider using Visual Studio Team Foundation Server. It's not just for source control, but can create you a complete continuous integration solution, complete with integrated bug tracking, code quality tracking, etc. If you've got the time and people, it's well worth a man-month to learn how to do an initial deployment.
You may want to buy one or more licenses of one of the Visual Studio Team System editions. You don't need these versions in order to use TFS, but they work well with it.
Consider globalization right from the start. Same with customization, if your suite will run on customer premises and be customizable by them.
You haven't said how large your team is, or is expected to be. If it's large enough, you'll want to spend at least a man-week learning a bit about what's available to you in terms of Visual Studio Extensibility. Your developers (and maybe also your QA folks) will all but live in Visual Studio, so the ability to customize it to meet your needs can be a big win. Whether it's just some macros and maybe some customized project or item templates, or whether you want to do add-ins or more, Visual Studio is very extensible.
Be certain to use WCF for any web services work. The older ASMX web service technology is now considered by Microsoft to be "legacy software".
Finally, be sure to find out whether you qualify for BizSpark, "A program that provides Software, Support and Visibility for Software Startups." And does so almost for free.
I saw a demo of Silverlight 3 at the PhillyDotNet User Group last night - WOW. Wow for business applications, not graphic applications. There is a learning curve, but you get a lot for it. For example, the demo showed a grid being bound to a table without needing to write any code.
Right out of the box you had sorting, editing, paging, etc. But it wasn't the lame stuff you normally get and then have to rework. For example the paging was smart enough to write the sql that would only bring back the 20 rows you needed for the page.
The demo continued with him putting a detail form on the page for editing. Again no code, but it was smart enough to know that it had the same datasource as the grid on the page. So as you were moving row to row on the grid - the detail form was showing the current row (and it was very fast).
Both the grid and the detail form were editable and as you changed a field in one the other would reflect the new value. The editing was smart enough to validate the field on its own. So you couldn't put a letter in a field that was an integer type, etc. It also limited the number of characters that could be entered based on the column size found in the database. All the date fields on the detail form automatically had a calendar next to them. You get the idea - no coding for any of this.
If this weren't enough, it can be used to build occasionally connected applications. So he showed how he updated a few records on a few different pages, had the option to revert back a field later (ctrl-Z), and then at the end submitted all the changed records to be saved.
Also, they said it works with Linq2SQL and the entity fraimwork.
So if I were building a new product now, I would really look into this as a way of differentiating my product. And I suspect that if you don't do it with Silverlight now, you will be rewriting it in a few years anyway.
Here is a link to a demo (not the one I saw.)
Some general thoughts. If you'd like me to expound on any of these, let me know.
Inheriting from a custom subclass of
Page instead of Page itself is a
great way to share functionality
across your site.
Nested MasterPages are good.
Charting: I've tried DevExpress,
Syncfusion, and MSChart control and
all have their own issues.
The built-in forms authentication is
pretty good. Building a site that
allows both integrated authentication
and forms authentication is tricky
but can be done.
I've tried using cross page postbacks
and I'm still not sure if I like
them.
Localization takes a lot of time
Come up with a good structure for your App_Themes and css.
Use Elmah to track unhandled exceptions