It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
i m writing the code:
string query = "Select * from AdminLogin where username='" + name +
"' and password='" + password + "'";
DataSet ds = BusinessLogic.returnDataSet(query);
foreach (DataRow dr in ds.Tables[0].Rows)
{
if (dr[0].ToString() == name && dr[1].ToString() == password)
{
Response.Redirect("~/Home.aspx");
}
else
{
//Here I want to write the code that will open a message box
//that will tell to user that username and password does not match.
}
}
By message box I'm assuming you mean a javascript alert. I'm not a big fan of posting back with javascript functions. I think its messy, and that javascript should only be used when dealing with client-side actions.
I would actually recommend to use a placeholder and a literal control for this. You could have the following in your webform:
<asp:placeholder id="phLoginFailed" runat="server" visible="false">
<div class="loginfailed">
Login failed
</div>
</asp:placeholder>
This placeholder could be styled like a popup, or displayed within your page using CSS.
Then change your C# to:
else
{
phLoginFailed.Visible = true;
}
Also, its worth mentioning, your SQL query is prone to SQL Injection. You should use parameterised queries.
And you should encrypt passwords when storing them in the database for security purposes.
This is not as easy as it sounds. Basically, you have two options:
Send some JavaScript to the client (for example, using RegisterClientScriptBlock) which calls the JavaScript alert(...); method.
Alternatively, use an ASP.NET component that "looks like" a popup. One example is the ModalPopup component in the ASP.NET Ajax Control Toolkit.
ClientScript.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')", true);
or if it is used outside page scope
then
Page page = (HttpContext.Current.Handler as Page);
if (page!=null)
{
page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "key", "alert('Wrong username or password')", true);
}
just write this line where you want o show message
this.Page.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')",true);
Edited code
if (dr[0].ToString() == name && dr[1].ToString() == password)
{
Response.Redirect("~/Home.aspx");
}
else
{
this.Page.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')",true);
//Here I want to write the code that will open a message box
//that will tell to user that username and password does not match.
}
Related
I am mainlining one asp.net Project, this project is configured in IIS. The website is open for everyone, when i review the code in asp.net page, its checking window login "enterprise id" and allowing all users to view the all the aspx pages.
Now, my management team requested us to restrict those who are under junior level employees.(Junior engg, Developer, software engg).
I have written the query, passing enterprise id and validate grade, if its junior level , returning "0" values,else returning "1" values.
My questions is, I do not want go and edit each page and check this query and restrict each page.
can you please suggest , how can i implement simplest and best way to restric the users.
Thanks,
--------------------------------------- Update on 09/24/2015
Index.aspx
protected void Page_Load(object sender, EventArgs e)
{
string UserStatus = UtilFunctions.ValidateUser();
Response.Write(UserStatus);
if (UserStatus == "0")
{
Response.Write("<div><font color=red><h1>You are not authorized to view this page</h1></font></div>");
Response.End();
}
}
Utilifunctions.cs
public static String ValidateUser()
{
string CurrentUser = getLoggedOnUser();
using (System.Data.SqlClient.SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestDB"].ConnectionString))
{
using (SqlCommand myCommand = myConnection.CreateCommand())
{
myConnection.Open();//Opens the Connection
myCommand.CommandText = "Select Permission From Temp_Validate Where EnterpriseId='" + CurrentUser + "'";
SqlDataReader IDReader = myCommand.ExecuteReader(); //Gets the ID
IDReader.Read();
string UserStatus = IDReader["Permission"].ToString();
IDReader.Close();
return UserStatus;
}
}
I implemented the above functionalite in my index.aspx page, if the userstatus equal to "0" , it will display the "You are not authrized to view this message" and it will end.
I have around 30 aspx page,its currently running in Production. I do not want go include the same code (index.aspx) in every page load to stop the user validation.
could you please suggest how can i implement without editing all pages.
Updated on 09/28 : Utilifunction.cs
public static String getLoggedOnUser()
{
String user = HttpContext.Current.User.Identity.Name.Substring(HttpContext.Current.User.Identity.Name.IndexOf("\\") + 1);
if (user == "") user = "anonymous";
string UserStatus = IsValidUser(user);
if (UserStatus == "0")
{
HttpContext.Current.Response.Redirect("PSF_Error.aspx", true);
}
return user;
}
public static String IsValidUser(string currentUser)
{
using (System.Data.SqlClient.SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["Test"].ConnectionString))
{
using (SqlCommand myCommand = myConnection.CreateCommand())
{
//Gets email of the creator of current user
myConnection.Open();//Opens the Connection
myCommand.CommandText = "Select Permission From Temp_Validate Where EnterpriseId='" + currentUser + "'";
SqlDataReader IDReader = myCommand.ExecuteReader(); //Gets the ID
IDReader.Read();
string UserStatus = IDReader["Permission"].ToString();
IDReader.Close();
return UserStatus;
}
}
}
Index.aspx
Page_load
{
string CurrentUser = UtilFunctions.getLoggedOnUser();
}
You have a few options, here:
1) Set up role-based access with Owin or AspNet.Identity. This is probably your best option, but I couldn't find a good tutorial for you. Those packages are well-documented, however, and I'm sure you can figure them out with some effort.
2) Build a Roles table, and customize access yourself. The best example I found was here: http://www.codeproject.com/Articles/875547/Custom-Roles-Based-Access-Control-RBAC-in-ASP-NET
3) Redirect unauthorized users without the use of roles. So something like:
public ActionResult SecurePage(User u)
{
if(u.level == "junior"){
return RedirectToAction("CustomErrorPage");
} else {
return View();
}
}
I'm not sure that that option is terribly secure, but it should work.
Hope that helps!
after setting up roles you can use a web.config file in every directory specifying authorization and/or use the 'location' element in the web.config file.
First off, sorry about the confusing code. I've been using MVC, and you've clearly posted your code behind.
I don't think that you can achieve what you are trying to do, without adding your code to each page, or learning about roles. You could reduce some code duplication in a number of clever ways, but I can't think of anything that doesn't seem like a total hack.
If you want to, say, put all of your secure pages in the same directory, and restrict low-level access to that directory, you are going to have to filter by specific users or, if you can implement them, roles. As I understand it, the deny and allow nodes in your web.config file are setting server side (so IIS, probably) authorization rules, so the keywords and rules you can use are limited. Check this page out, for some basics:
http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config
While it is likely POSSIBLE to build a rule based on values in your DB, doing so would probably be far more work than it would be worth.
Sorry that I can't offer a more satisfactory answer, but I would recommend: 1) Get to work, and add a check to the code behind for each page, or 2) (and I highly suggest this option) close this question, and post another, about implementing roles in .net, and assigning roles to users, in code. If, say, you can use your login page to assign every junior-level user the custom role of Junior, and place all of your secure pages in a directory named SecurePages you could add the following code to your web.config, and achieve exactly what you are trying to do:
<location path="SecurePages">
<system.web>
<authorization>
<deny roles="Junior">
<deny users="*">
</authorization></system.web></location>
Good luck!
I seem to be having a lot of issues reading a cookie from an old classic asp web application. we are slowly upgrading this web app to .net. The cookie holds some user information which also is used to tell the app that the person has authenticated successfully.
I try and read it like so:
Response.Cookies["mycookie"].Path = "/";
string strCookieText = Request.Cookies["mycookie"].Value;
Sometimes it seems to bring data back other times not but it is not consistent. I have also tried applying the same path when the cookie is created on the classic asp side but that seemed to really throw a wrench in the old app as then the classic asp side had a lot of challenges reading and finding the cookie.
So i figured i would create a function that would read in a classic asp page whos sole intent is to read the cookie. I don't like this method at all but I am out of ideas at this point. The issue here seems to be that it always comes back empty. I know there is data there however via fiddler and if i go to the actual site and hit the page. I am guessing this must be some pathing issue again perhaps or something like that that when i try and read it via .net it finds nothing.
here is my funciton that trys to read the page:
public CCookie validateCookie()
{
CCookie ckCCookie = new CCookie();
string strReadCookiePage = "";
strReadCookiePage = GetHtmlPage("HTTP://MYPAGE/readcookie.asp");
string[] strCarriageReturn = { "\n" }; //we are splitting on this character
string[] strPageSplit;
strPageSplit = strReadCookiePage.Split(strCarriageReturn, StringSplitOptions.RemoveEmptyEntries);
string strCookieLength = "-2";
foreach (string strValue in strPageSplit)
{
if (strCookieLength == "-1")
{
break;
}
if (strValue.Contains("<div id='arrayLength'>"))
{
strCookieLength = findStringValue(strValue, "<div id='arrayLength'>", "</div>");
}
if (strValue.Contains("<div id='VendorID'>"))
{
ckCCookie.UserVendorID = findStringValue(strValue, "<div id='VendorID'>", "</div>");
}
if (strValue.Contains("<div id='UserID'>"))
{
ckCCookie.UserID = Convert.ToInt64(findStringValue(strValue, "<div id='UserID'>", "</div>"));
}
if (strValue.Contains("<div id='LogonType'>"))
{
ckCCookie.LogonType = findStringValue(strValue, "<div id='LogonType'>", "</div>");
}
if (strValue.Contains("<div id='UserType'>"))
{
ckCCookie.UserType = findStringValue(strValue, "<div id='UserType'>", "</div>");
}
}
//not able to validate the cookie
if (strCookieLength == "-1")
{
//Response.Redirect("REDIRECT TO HAVE THEM LOG IN");
}
return ckCCookie;
}
why isn't this working do you guys think. I need this to consistently work. I know i could save state to dbase but I don't want to do this this way as I think i should be able to read this thing.
any ideas or thoughts on how to make this work?
Because of the way that cookies are stored they generally can't be shared between apps, like Classic ASP to ASP.NET.
I did find this article on MSDN that discusses solutions to the problem.
Personally, I would use a hidden field method to pass the cookie over, picking it up from the relevant control on the other side (ASP.NET).
-- EDIT --
Just so long as the hidden control resides in you form tags, you can try something like this (which is pretty much what ASP.NET does for it's __VIEWSTATE)...
<form id="myForm" method="post" action="myAspNetPage.aspx">
<all_the_controls_i_need_on_my_form>
...
...
</all_the_controls_i_need_on_my_form>
<input id="cookieData" name="cookieData" type="hidden" value="<%= cookieData %>" />
</form>
The VBScript...
Dim cookieData
cookieData = Request.Cookie("MyCookie")
Obviously if you have several cookies that you want to pass in this way then you may need to concatenate them for splitting later...
Const C_SEPERATOR = "|"
Dim cookieData
cookieData = _
"MyCookie1=" & Request.Cookie("MyCookie1") & C_SEPERATOR & _
"MyCookie2=" & Request.Cookie("MyCookie2") & C_SEPERATOR & _
"MyCookie3=" & Request.Cookie("MyCookie3") & C_SEPERATOR & _
"MyCookie4=" & Request.Cookie("MyCookie4")
The above example could obviously be automated by introducing a For..Next loop, but this is simply an example. Note, also, that I have simply taken for granted that none of your cookies use the vertical bar character (C_SEPERATOR); if they do, then you'll have to find an alternative character.
On the other side, in your ASP.NET app you can the read the value from the post data and split it up...
Private Const C_SEPARATOR = "|"
...
...
Dim tCook As String = Request.Form("cookieData")
Dim cookeiData() As String
If tCook<>"" Then cookieData = String.Split(tCook, C_SEPERATOR)
It's not the best solution - I'm sure that Lankymart will have something far better up his sleeve, but this will work.
PS: Apologies - I've just realised that I've done all this in VBScript. It should be pretty straightforward to convert to JScript, though.
I have registration form and button. OnClick - I call function on server side which make a validation of user's zip code at Database with Zipcodes. If validation passed successfully - user's data stored in Database (here I continue use server function). But if ZipCode does not match - I call Javascript function where I ask if user still wants to save his data to DB. and If yes - I save it using Ajax request. Problem is when I call Javascript function - firstly it should receive user's data on client side. But when reading data happens - I receive an error "Unable to get property 'value' of undefined or null reference". But user's data still exist at the form's fields. It seems that the data that read by the server from the form once - reset somewhere - and can not be read a second time on the client.
Here is my ASP Form
<body>
<form id="frmZipValidation" runat="server">
<div>
<asp:Label runat="server">Registration Form</asp:Label>
<asp:TextBox runat="server" ID="txtbxName"></asp:TextBox>
<asp:TextBox runat="server" ID="txtbxZipCode"></asp:TextBox>
<asp:DropDownList runat="server" ID="DDLCountry">
<asp:ListItem Text="Select country" Value="Select" Selected="True"></asp:ListItem>
<asp:ListItem Text="USA" Value="USA"></asp:ListItem>
<asp:ListItem Text="Canada" Value="Canada"></asp:ListItem>
</asp:DropDownList>
<asp:TextBox runat="server" ID="txtbxState"></asp:TextBox>
<asp:TextBox runat="server" ID="txtbxCity"></asp:TextBox>
<asp:Button runat="server" ID="btnSubmit" Text="Submit" OnClick="btnSubmit_Click"/>
</div>
</form>
</body>
Here is my Server Side
public partial class Default : System.Web.UI.Page
{
string Name;
string ZipCode;
string Country;
string State;
string City;
bool IsMatch;
Addresses dbAddresses = new Addresses();
User newUser;
protected void Page_Load(object sender, EventArgs e)
{
if (Request["Action"] != null && Request["Action"].Trim() != "")
{
if (Request["Action"] == "AddUser")
{
AddUser(Request["Name"], Request["ZipCode"], Request["Country"], Request["State"], Request["City"]);
}
}
}
private void AddUser(string UserName, string UserZip, string UserCountry, string UserState, string UserCity)
{
newUser = new User(UserName, UserZip, UserCountry, UserState, UserCity);
dbAddresses.Users.Add(newUser);
dbAddresses.SaveChanges();
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (IsValid)
{
ZipCode = txtbxZipCode.Text;
Country = DDLCountry.Text;
State = txtbxState.Text;
City = txtbxCity.Text;
Name = txtbxName.Text;
IsMatch = false;
List<ZipCode> ZipC = (from z in dbAddresses.Zips
where z.Zip == ZipCode
select z).ToList();
//If ZipCode entered by client do not exists at Database return false
if (!ZipC.Any())
{
IsMatch = false;
}
else
{
for (int i = 0; i < ZipC.Count; i++)
{
if (ZipC[i].Country.ToString() == Country)
{
if (ZipC[i].State.ToString() == State)
{
if (ZipC[i].City.ToString() == City)
{
AddUser(Name, ZipCode, Country, State, City);
//Message to the user that all saved successfully
Page.ClientScript.RegisterClientScriptBlock(typeof(Page), "1", "<script>alert('Your data was saved successfully!');</script>");
IsMatch = true;
break;
}
else
{
IsMatch = false;
break;
}
}
else
{
IsMatch = false;
break;
}
}
else
{
IsMatch = false;
break;
}
}
}
//If user's data are not match, then go to JS client code where - If user wants in any case to save data - make it using AJAX request
if (!IsMatch)
{
string clientScript = "AjaxRequestSaveToDB();";
this.Page.ClientScript.RegisterStartupScript(this.GetType(), "MyClientScript", clientScript);
}
}
}
}
And here is Javascript:
function AjaxRequestSaveToDB()
{
var SaveData = confirm('Zip/Postal code doesn’t match region. Are you sure you want to save this data?');
if (SaveData)
{
var UserName = document.getElementById('txtbxName').value;
var UserZipCode = document.getElementById('txtbxZipCode').value;
var UserCountry = document.getElementById('DDLCountry').value;
var USerState = document.getElementById('txtbxState').value;
var UserCity = document.getElementById('txtbxCity').value;
SendDataToServer('AddUser', UserName, UserZipCode, UserCountry, USerState, UserCity);
alert("You data was saved successfully!");
}
else { alert('Not saved');
}
}
}
function SendDataToServer(RequestType, Name, ZipCode, Country, State, City)
{
var xmlHttp = getXmlHttp();
var Url = "Default.aspx?Action=" + escape(RequestType)
+ "&Name=" + escape(Name)
+ "&ZipCode=" + escape(ZipCode)
+ "&Country=" + escape(Country)
+ "&State=" + escape(State)
+ "&City=" + escape(City);
xmlHttp.open("GET", Url, true);
xmlHttp.send();
}
A short book about Client-Server Communications using "Custom" AJAX requests.
In ASP.net programming (almost) every time the client interacts with the server, the client sends all of its information to the server and then throws out its old content and replaces it with the response the client received from the server. So the problem you were running into is that your asp:button on the client machine was sending information to your .aspx page on the server and the server was interpreting the information, realizing something was wrong and telling the client it should ask the user for more information but throw out all the information that had been previously entered.
The best way that I have found to get around this problem is to use what I call "custom AJAX requests." Basically this means that we write a string of XML and send it to an ASP handler page which is set up to accept the XML string and do something with it. In my travels I have slimmed this down to basically 3 parts. The first is the user interface which contains all of the markup and CSS(and validation), the second is the JavaScript file that contains all of the data gathering and the actual AJAX request and lastly there is the ashx file that handles the request from the client.
So to start you will need to set up your user interface. Something along the lines of:
<body>
<form id="frmZipValidation" runat="server">
<div>
<div class="label">Registration Form<div>
<asp:TextBox ID="txtbxName" class="txtbxName" ClientIDMode="Static" runat="server"></asp:TextBox>
<asp:TextBox ID="txtbxZipCode" class="txtbxZipCode" ClientIDMode="Static" runat="server" ></asp:TextBox>
<asp:DropDownList ID="DDLCountry" class="DDLCountry" ClientIDMode="Static" runat="server" >
<asp:ListItem Text="Select country" Value="Select" Selected="True"></asp:ListItem>
<asp:ListItem Text="USA" Value="USA"></asp:ListItem>
<asp:ListItem Text="Canada" Value="Canada"></asp:ListItem>
</asp:DropDownList>
<asp:TextBox ID="txtbxState" class="txtbxState" ClientIDMode="Static" runat="server" ></asp:TextBox>
<asp:TextBox ID="txtbxCity" class="txtbxCity" ClientIDMode="Static" runat="server" ></asp:TextBox>
<input id="btnSubmit" class="btnSubmit" type="button" value="Save" onclick="SubmitForm()" />
</div>
</form>
</body>
Couple things to note with this:
The button to submit the form is NOT an ASP button but a HTML button.
All of the input controls are ASP controls but they have the ClientIDMode set to Static, this will only work in .NET 4.0 or higher.
We set the class to the same thing as the ID in case we aren't using .NET 4.0 or higher. Any CSS classes that you want to also add to the control can be added after the dummy ID class.(for my examples I'm assuming you are in .NET 4.0 but I can easily switch them to work without the ClientIDMode attribute if you need)
The second piece to the puzzle is the JavaScript. There are a couple ways that we can accomplish what we need. The first is by using vanilla JS without the help of any plugins or external libraries. This saves a very small amount of processing time, a marginal amount of loading time and can accomplish everything we ask of it. But, if we include an external library, JQuery, and plugin, JQuery Validation, then we can make our lives a whole heck of a lot easier during the programming phase by reducing the amount of code we have to write by a factor of about 10. And if we are really concerned about the load times then we can use the client cache to store the external libraries so that they only have to download them once. So whether or not you decide to use any external JavaScript libraries is up to what your project needs but since you are only concerned with validating that the zip code is not empty I will not use any JQuery but I just thought it would be worth mentioning because of how streamlined it makes the process.
Once you are ready to submit your form your first step will be to validate that the zipcode is valid. You can do this a couple ways depending on how in depth you want to get. The quickest check would just be to verify that the zip code text box is not empty when the button is clicked. So to do that we would just need to do:
function SubmitForm() { //This will be assigned as the click handler on your button in your HTML
if (document.getElementById('txtbxZipCode').value != null && document.getElementById('txtbxZipCode').value != '') {
Save('YourHandler', GetQueryString, GetXmlString, SuccessHandler, FailureHandler);
} else {
//Your user needs to know what went wrong...
}
}
So, down to the meat and potatoes of this whole situation. The AJAX request. I've come up with a reusable function that handles the entire AJAX request that looks like:
function Save(handlerName, GetQueryString, GetXmlString, SuccessHandler, FailureHandler) {
// Date.GetTime gets the number of milliseconds since 1 January 1970, so we divide by 1000 to get the seconds.
end = (new Date().getTime() / 1000) + 30;
//This variable is the actual AJAX request. This object works for IE8+ but if you want backwards compatability for earlier versions you will need a different object which I can dig up for you if you need.
var xmlhttp = new XMLHttpRequest();
//This is the function that fires everytime the status of the request changes.
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
//Get all the headers to determine whether or not the request was successful. This is a header you will need to add to the response manually.
var xx = xmlhttp.getResponseHeader("Success");
//the object xx will be a string that you designate. I chose to use True as the indicator that it was successful because it was intuitive.
var x1 = xx.trim();
if (x1 != undefined && x1 == 'True' && (new Date().getTime() / 1000) < end) {
//If the response was successful and the timeout hasn't elapsed then we get the XML from the response and call the success handler
var xmlResponse = xmlhttp.responseXML;
SuccessHandler(sender, xmlResponse);
} else if ((new Date().getTime() / 1000) < end) {
//If the response was not successful and the timeout hasn't elapsed then we get the XML from the response and call the failure handler
var xmlResponse = xmlhttp.responseXML;
FailureHandler(sender, xmlResponse);
} //If the request was successful
} //If the readystate is 4 and the status is 200
} //OnReadyStateChanged function
//This gets the query string to be added to the url
var varString = GetQueryString();
//Build XML string to send to the server
var xmlString = GetXmlString();
//Open the request using the handler name passed in and the querystring we got from the function passed in
xmlhttp.open("POST", "../RequestHandlers/" + handlerName + ".ashx" + varString, true);
//This tells the handler that the content of the request is XML
xmlhttp.setRequestHeader("Content-Type", "text/xml");
//Send the request using the XML we got from the other function passed in.
xmlhttp.send(xmlString);
}
This function has a built in timeout which makes it so that if the server takes more than 30 seconds to respond to a request then any response that the client receives is ignored. For my implementations this is combined with another function that displays something to the user to tell them that the website is working on their request and if the time out elapses it tells them that a time out occurred.
The second thing this function does is it assumes that all handlers will be in a folder next to the root of your website named RequestHandlers. I use this set up just to consolidate all of my handler files but you can really change where it is looking to wherever you want.
The function itself takes in a string and four function pointers. The string represents the name of the handler that will be waiting to interpret the request, the four function pointers all have very specific jobs.
The first function pointer is GetQueryString this represents a function you will have to write that will append any variables that you deem necessary to the end of the URL being posted back to. This site gives a pretty accurate explanation of what the query string should be used for. For me a common GetQueryString function looks something like:
function GetPaymentQueryString() {
var varString = '';
varString = "?CCPayment=True";
return varString;
}
The second function pointer, GetXMLString, is used to create the XML string(go figure...) that will be sent to the handler page that we are posting back to. This string will represent the bulk of the request. Everything that should not be shown to anyone snooping your requests should be sent as an XML string, if you are really paranoid you can send it as an encrypted XML string but that's not, strictly speaking, necessary. It all depends on what you are sending, if its complete credit card information then, yeah, maybe you would want to consider it, but if its first and last names then encrypting it would be overkill.
A common GetXMLString function might look like:
function GetPaymentXmlString() {
var xmlString = '';
xmlString = '<?xml version="1.0" encoding="UTF-8"?><Address><ZipCode>' + document.getElementById('txtbxZipCode').value + '</ZipCode></Address>';
return xmlString;
}
The important part of that function is to get your XML right. The first tag is pretty universal and should be fine to use in most situations and then after that its all just matching the tags up. I left out a lot of your fields to save space.
The last two function pointers are what you will want to call if everything goes as planned and if something fails respectively. The way that I normally handle successful requests is to hide the inputs as a whole(usually by putting them inside of their own div section) and displaying a confirmation message of some sort. Failed requests can be a bit trickier because you have to tell the user why they failed. The way that I do that is by having a dummy div section above everything else on the page with some sort of special CSS attached to it that makes the div stand out in some way and if the request fails then I send a string of text from the server with my best guess of why it failed and assign it to the be displayed in the div section. How you decide to display the results to the user is obviously all dictated by the project itself. Since what you do when it succeeds or fails is basically on a project by project basis I can't really give a good generic example of what you should do so for this part you are on your own.
Now that we have those pieces in place, the last piece to make is the handler.
Basically for all intents and purposes a handler is basically an ASPX webpage with nothing on it. So the HTML that makes up your handler pages, which have the extension .ashx, will look like:
<%# WebHandler Language="VB" CodeBehind="YourHandler.ashx.cs" Class="YourHandler" %>
And that's it. There should be no other markup in your actual .ashx file. Obviously the name of the handler will change depending on what you are doing.
The code behind when creating an ashx file by default will be a class that contains a single function named ProcessRequest. Basically you can treat this function as a sort of "request received" event. So in your case you would move the content of your btnSubmit_Click function to the ProcessRequest function in the ashx file. You can add any properties or other functions that you want but the ProcessRequest function must be present for the handler to work as far as I know.
One extra step that you will need to do is to get the information from the XML that was sent to your handler and also tell the response that you will be sending XML back to the client.
So to get the XML from the request you will need to do:
IO.StreamReader textReader = New IO.StreamReader(context.Request.InputStream);
context.Request.InputStream.Seek(0, IO.SeekOrigin.Begin);
textReader.DiscardBufferedData();
XDocument xml = XDocument.Load(textReader);
String zip = xml.Elements("Address").Elements("ZipCode").FirstOrDefault().Value;
In order to send XML back to the client you will need to add a couple headers to the response and you accomplish that by adding(I think this is the correct way to implement an interface in C# not positive on this point though):
class YourHandler : System.Web.IHttpHandler, System.Web.SessionState.IReadOnlySessionState
under your class definition and:
context.Response.ContentType = "text/xml";
context.Response.ContentEncoding = System.Text.Encoding.UTF8;
context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
context.Response.Cache.SetAllowResponseInBrowserHistory(True);
to the beginning of your ProcessRequest function. Those six lines tell the client it will be receiving XML and not to cache any of the response which will ensure that your clients always see the most up-to-date content.
So. There it is. You should now have the framework to validate user input, create an AJAX request, send the request to a custom handler, accept XML from the client, write XML to the client and display the res-...I knew I forgot something...
What is the client supposed to do with the XML it gets from the server? throw it at the wall and see what sticks? No that won't work. You'll need a way to interpret the XML on the client side. Luckily the XMLHttpRequest object has been written to make this task a lot easier than it sounds.
You may have noticed that I set up my success and failure handlers to take a sender object and an XML object. The sender is really overkill and can be ignored(or removed) for this example to work fine. The XML object is what we are concerned with for now. Before we even get into the client side I must mention that you will have to go through the same process on the server side as you did on the client side and manually write your XML string including all the values you want the client to know about. For this example I'm going to assume you want to display a FriendlyMessage to the user. To write the response to the client you will do something like:
using (System.Xml.XmlTextWriter writer = new System.Xml.XmlTextWriter(context.Response.Output)) {
context.Response.AddHeader("Success", true);
System.Xml.XmlDocument doc = new System.Xml.XmlDocument();
doc.LoadXml("<?xml version='1.0' encoding='UTF-8'?><Response><FriendlyMessage>" + Message + "</FriendlyMessage></Response>");
doc.WriteTo(writer);
writer.Flush();
writer.Close();
}
On the client side to get the FriendlyMessage from the XML you will need to do:
xml.getElementsByTagName("FriendlyMessage")[0].childNodes[0].nodeValue
Now this line makes a few assumptions. Like, you may want to add some checks in to make sure xml.getElementsByTagName("FriendlyMessage") actually has children before trying to evaluate them. Those sorts of checks are up to your discretion.
This time I think I've actually covered all the steps. I hope my "little" guide helps you and I didn't bore you too much. I apologize for the length but its sort of a process so getting it right takes a few steps. Once you get the base line in place and working it really lends itself to any situation. This layout also makes your user experience much better than having them wait for full trips to the server each time.
I sincerely hope this helps you get your project done and that I haven't skipped a step or something equally as embarrassing...
I have a password and confirm password field and I dont want the user to simply copy from the first field and paste in the later field.What should I do for this??
Copy functionality is usually disabled for password-type fields, so you don't need to do anything. There is nothing to stop a user pasting the same text into both fields from elsewhere, however, and there isn't a lot you can do about it. Trying to prevent this would stop some users who want to be sure they have their password right from pasting it in, as well as users that use password generators.
Here is a way...
<asp:TextBox ID="txtEMailVerifyJoin" runat="server" ClientIDMode="Static"
autocomplete="off"
onpaste="pasteEvent('reg_conf_email');return false;"
onkeydown="disablePaste('pasteEvent()','reg_conf_email');"
onkeyup="disablePaste('pasteEvent()','reg_conf_email');"
oninput="disablePaste('pasteEvent()','reg_conf_email');"
></asp:TextBox>
And for javascript
<script>
var charCount = document.getElementById("txtEMailVerifyJoin").value.length;
var oldVal = eval(document.getElementById("txtEMailVerifyJoin")).value;
function disablePaste(methodToCall)
{
newCharCount = document.getElementById("txtEMailVerifyJoin").value.length;
oldCharCount = charCount;
charCount = newCharCount;
if(newCharCount - oldCharCount > 1)
{
eval(methodToCall);
charCount = oldVal.length;
}
else
{
oldVal = eval(document.getElementById("txtEMailVerifyJoin")).value;
}
}
function pasteEvent()
{
document.getElementById("txtEMailVerifyJoin").value=oldVal;
return false;
}
function initDisablePaste()
{
charCount = document.getElementById("txtEMailVerifyJoin").value.length;
oldVal = eval(document.getElementById("txtEMailVerifyJoin")).value;
}
initDisablePaste();
</script>
Its not mine idea, if I find where I see it I will post it here.
See it live here: Join Athineon remove it.
this command works (for this page) on the Confirm email address ! (not for the password)
About the user interface and if this is a good idea, I make a question here: https://ux.stackexchange.com/questions/1488/wondering-if-i-must-let-a-user-copy-paste-the-double-asking-confirm-e-mail-on-the
simple in the password mode user cannot copy the text and cannot paste it in other text box.
so your problem get solved .give the both the textBox in password mode
There is no effective way to stop this that works on all browsers. Even if such a solution existed, a user could just disable JavaScript and just copy and paste if desired. Most users won't copy and paste though, as it's for their own benefit and is to prevent mistakes.
...If there is no way , use this COMPLEX but 100% SECURE classic method:
Declare a variable and on each keypress store the last letter of the textbox in the variable.Then replace textbox's last symbol with <*> symbol.
But then you must write another parts of code for BackSpace and Delete keys to remove letters...
Simple Method Its really working <asp:CompareValidator runat="server" ID="Comp1" ControlToValidate="id" ControlToCompare="ID2" Text="Password mismatch" Font-Size="11px" ForeColor="Red" />
id1 for add your password text box ID
id2 for add your confirm password text box ID
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I'm looking for a decent paging control in ASP.NET, much like the Stackoverflow pager. Can anyone recommend one?
I'd prefer one that didn't use Postback either, just a customisable querystring.
It's quite easy to roll your own. I created a simple user control based on the stack overflow pager with two properties...
Total number of pages available according to the underlying data
Number of links to show
The selected page is determined by reading the query string. The biggest challenge was altering the URL with the new page number. This method uses a query string parameter 'p' to specify which page to display...
string getLink(int toPage)
{
NameValueCollection query = HttpUtility.ParseQueryString(Request.Url.Query);
query["p"] = toPage.ToString();
string url = Request.Path;
for(int i = 0; i < query.Count; i++)
{
url += string.Format("{0}{1}={2}",
i == 0 ? "?" : "&",
query.Keys[i],
string.Join(",", query.GetValues(i)));
}
return url;
}
A simple formula to determine the range of page numbers to show...
int min = Math.Min(Math.Max(0, Selected - (PageLinksToShow / 2)), Math.Max(0, PageCount - PageLinksToShow + 1));
int max = Math.Min(PageCount, min + PageLinksToShow);
Each link then gets generated using something like (where min and max specify the range of page links to create)...
for (int i = min; i <= max; i++)
{
HyperLink btn = new HyperLink();
btn.Text = (i + 1).ToString();
btn.NavigateUrl = getLink(i);
btn.CssClass = "pageNumbers" + (Selected == i ? " current" : string.Empty);
this.Controls.Add(btn);
}
One can also create 'Previous' (and 'Next') buttons...
HyperLink previous = new HyperLink();
previous.Text = "Previous";
previous.NavigateUrl = getLink(Selected - 1);
The first and last buttons are straight forward...
HyperLink previous = new HyperLink();
previous.Text = "1";
first.NavigateUrl = getLink(0);
In determining when to show the "...", show a literal control when the link range is not next to the first or last pages...
if (min > 0)
{
Literal spacer = new Literal();
spacer.Text = "…";
this.Controls.Add(spacer);
}
Do the same for above for "max < PageCount".
All of this code is put in an override method of CreateChildControls.
I was expecting more answers but it looks like a lot of people just make their own. I've found a decent one that is maintained quite often on codeproject.com
It's not quite the same as the stackoverflow.com one. It'd be nice if there was a decent open source control that had a variety of different output options.
I've worked with the DevExpress and Telerik page controls and prefer the DevExpress pager. I'm not sure if the DevExpress pager can work directly with a querystring but I would be surprised if it didn't as it is very flexible. As far as paging between existing pages after download, everything can reside on the client or, if a trip to the server is necessary, the control is fully AJAX equipped. I suggest you start your search at www.devexpress.com and then check out www.Telerik.com as well (which is also AJAX equipped).
Not a control, but this is the way to implement paging at the DB level: SQL Server 2005 Paging
I have written a pager control named: Flexy Pager
Read more: http://www.codeproject.com/Articles/748270/Flexy-Pager-for-ASP-NET-WebForm-MVC
You can try NPager. Uses query string for page indexes, no postbacks. Needs Bootstrap for styling, however you can have your own custom css classes for the control using 'pagination' CSS class.Here is a working DEMO