I am currently trying to figure out how to best go about implementing an administration side for my application.
I have a user site, where users can log in, customize their profile, submit information etc.
I would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.
Website Start Page > RogerRabbit > Submit Information
Website Start Page > BillyBob > Customize Profile
So my question is:
How should my pages be laid out?
How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)
Would this method have to use session variables?
Any suggestions, or tips would be great.
I can't answer your sitemap question but I have implemented a solution like this on one of our systems where I can see exactly what the end user is seeing by impersonating them. I did this mainly for troubleshooting purposes so that when they report a problem to me (such as something missing from their view), I can go in as them and see exactly what they are talking about.
The way I did this, which is admittedly a little crude, was to have an impersonation table in my database which contains the logon name of the user who is doing the impersonating and the logon of the user they wish to impersonate.
I added some override code so that when the user first goes to the page (it uses Windows authentication), it will check to see if that user has an impersonation set in the table and then place this user id in an object in the session state. If there was no impersonation, it would place the actual user id in this same object.
To prevent me from doing things to the user's data as them, there are two properties in this object, one for logon_name, which is what is used by the system for content-customization, and another called NameForLog, which is used when logging any actions. All actions I make will be logged as me.
All areas on the site that display user-customized content look at this session object, so they will always use the impersonated ID and therefore always show me what the user is seeing. Beyond the first page and the logging code, it doesn't even know that it is me it is dealing with.
It isn't the cleanest solution, but it has worked well for me.
I dunno mike... that's a broad set of questions there. Kinda like asking "how to I build a web site in asp.net".
It sounds very much like you need to invest in an introductory "how-to asp.net book" that covers these topic areas. The good news is that just about every beginner to intermediate asp.net book ever written probably hits most of these topic areas.
would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.
This is a kind of impersonation... and is a lot harder than it sounds. But how you do this depends on how your application authenticates users, authorizes users, and manages roles... which is a whole sub-specialty within asp.net (with it's own dedicated books actually).
1) How should my pages be laid out?
Carefully?
2) How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)
This is covered on MSDN quite thouroughly. Yes, you can create your sitemaps in memory. I've created sitemaps from data stored in a SQL DB a few times in the past, but I'd have no idea where to even start to explain it. You have to understand the base classes and interfaces used by sitemaps and then make a custom sitemap provider adapted to working with your data and rules for the site's structure.
3) Would this method have to use session variables?
Probably. Most sites with an awareness of "logged in user" need sessions. Not universally true, but nearly so.
Related
I have been tasked with making my company's Web App available offline. Before I move to the actual development phase, I want to be sure that my current strategy will not turn out to be a bust.
I first thought about using html5 app cache but after doing some tests I found that it seems to not cache the server side operations but the actual html that is rendered (Please correct me if I'm wrong). This will not work because the rendered html depends upon who is currently logged in. From my tests, it always rendered the html as if the last person that logged in (online) is logging in.
My current strategy is this:
I cache only the login page and an offline (.html) page to correspond to each aspx page that will need to be available offline. Every successful login (online) results in creating or updating Web SQL Database or IndexDB (depending on browser) with all data needed for that person to operate offline including a table that will be used for login credentials. In this way the only requirement for logging in offline is logging in with your login credentials at least one time.
My concern is that I am overcomplicating it. In order to make this work, I will need to create an html page for each current page (a lot of pages) and I will have to rewrite everything that is currently being done on the server in JavaScript including validation, database calls, populating controls such as dropdown lists and data grids, etc. Also everything that I change in the future will require a subsequent offline change.
Is there an established best practice for what I am trying to do that I am overlooking or am I venturing into new ground?
Please refer to these links, which gives you some insight on what is to be achieved. I'm not sure these are best practices, but these will be good starting point.
http://www.c-sharpcorner.com/UploadFile/aravindbenator/offline-mvc3-application/
http://www.developerfusion.com/article/84438/isolated-storage/
I need to build a system around a concept as follows:
Users have their objects, which are created by managers and by users themselves. Their objects are visible only to themselves. How to do it in broad way? What logic and mechanism I should choose?
I know this question is perhaps too broad but I am quite novice to development.
Your requirements can be easily solved by using the built-in user-folders of Plone.
You need to enable them in the security-part of the controlpanel via yourhost:8080/sitename/##security-controlpanel
(Note: If you are logged in and trying to see the change of the config afterwards, looking for your own urserfolder, you need to logout and login again, because the foldercreation-trigger is the 'first' login).
Every user gets its own folder then, where other users but Managers don't have have access to and additionally have access themselves to items Managers created in their folder, because the ownership of the user-folder belongs to the user.
Preferably set this configuration in your own product (plone-add-on/plugin), to make it reproducable programatically.
I need to develop a web based product. Features of this will be available to users based on subscription categories like Basic Version /Premium Version / Enterprise Version. I would like to maintain single source for these subscription categories.
Here my question is,
How to design web application, which has features enabled based on configuration / subscription categories?
Thanks in Advance
This is very general question, and I will answer generally.
You can assign Roles to your registered users, and then you check using the IsUserInRole to
see what you going to show and what not.
To gain speed you can assign the permission to the user session and not always call the IsUserInRole
You can open and close some part of your page using the Panel and the Visible of it. Also close the Viewstate of the Panels that are hidden.
Alternative you can use UserControls that inside of them you check if the user have permission to see it or not, and you hide it OnInit, and also disable the ViewState of it.
And of course if a full page is not permitted you can always make a full redirect.
So a full page can have Panels, and UserControls, and the views of it depend from the user level.
You will not be able to get this readymade , you have to design the application based on the technology you are using.
I had similar kind of project going on in which we store the list of feature in database and when the page initializes loads the feature list in session.
On various pages we are showing/hiding controls based on the feature availability.
Offcourse Single feature can also have category based on the User Roles that we can check using FormAuthentication methods and change the page server side accordingly.
Let me know if you have any specific approach in mind and have question related with it.
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction.
Here is my problem:
I have a public website (i.e. on the internet) that will allow any user to sign up to. The website will be developed using ASP.net webforms. These users may create other users and assign these users different roles.
Different roles have different restrictions and the menu is displayed appropriately. For example, a user acting as an administrator can see all menu options. Whereas a limited user will only see some of these menu items.
There needs to be the ability for users on our end to modify what pages certain roles can access. For example, if Role1 can do task X, we would like to be able at some point modify Role1 to no longer do task X. This would be done using an application built in-house.
User types (roles) are to be saved in the database. User permissions (what pages each type can have access to) are also to be saved saved in the database.
Here is something I am thinking of doing:
Implement the authorization and authentication set up built in to ASP.net using the web.config file
Use Sitemaps to dynamically create menus/breadcrumbs from the database
I believe it is possible to do the second one using custom providers (please correct me if I'm wrong). But I am not entirely sure if it's possible to configure the web.config file dynamically.
I suppose this is really more of a yes/no answer but I would just like to make sure I'm not going in the wrong direction. I will be using VS2008 and .net 3.5 framework.
Many thanks.
Yes, it's possible to do what you're saying. You can dynamically create the sitemaps using a custom SiteMapProvider, see this articlet http://www.codeproject.com/KB/aspnet/dynamicsitemap.aspx.
You can also modify the web.config at runtime using an XmlReader or if you prefer, just reading it into a string and parsing out the authorization element. I'd put it in a separate file, though, using configSource:
<authorization configSource="auth.config" />
Then you only need to modify that file and not worry about messing up the web.config
I'm designing an ASP.NET application that must support 'SubSites'.
The idea is to have a super admin manage all users, global application settings and SubSites. Each Subsite has a few of its own settings (such as a local admin, logo and welcome message) and each SubSite has its own list of registered users.
This is very similar with what you get using a CMS such as Joomla, SharePoint or DotNetNuke. In fact, I'm tempted to use such a platform, but other project requirements prevent me from doing that.
My questions are very general at this point:
Using ASP.NET 2.0 Membership, how would I designate a super admin and classify users based on the SubSite in which they have registered?
How would I implement SubSites (what patterns should be used, etc)? I'm especially interested in articles that explain how others have done this. I would like to learn the best practices that others have acquired, without spending days digging into the source code of a large open source project like DotNetNuke.
I'm implementing this in ASP.NET MVC 1.0, so similar examples will be most helpful.
UPDATE:
I like how Mike Hadlow implemented multi-tenancy and I've decided to use his work as a starting point. See this post for info on how I'm using SqlMembershipProvider with each tenant having their own isolated database. That solves my membership "based on subsite" problem.
What you're attempting is more commonly referred to as "multitenancy", not "subsites"
There was a similar question to this, and the accepted answer sounds plausible.
Forgive me if I do not understand what "subsite" means, are you using that term to refer to the idea of creating mini-sites within a grand master site? If so, I think I understand what you want to do but I'd have to say that the Membership system in asp.net 2.0 is very much a framework which you would need to operate within to create what you want.
Anyway, how I would do it (and this is based on .net Membership being used out-of-the-box):
ASP.NET allows you attach 'roles' to users and 'profile' attributes to those users too. Profiles are used to attach things such as "Telephone Number" and other meta-data to users but you could just as well use it to attach their home 'subsite' to them as well.
I would create a role called 'globaladmin', create yourself as a user and then assign you (and only you) to that role. I would then create a 'siteadmin' role and assign each subsite's admin user to that role but being very careful to assign them a 'site' profile entry which has the value that corresponds to the site they are admin for.
For example, 'user123' would be assigned to the 'siteadmin' role and their 'site' profile attribute could be 'subsitexyz'. They would then be identified as the administrator for that site.
The above is workable but if you really want to make this as slick as possible, create your own MembershipProvider (SubsiteMembershipProvider) and create a new SubsiteMembershipUser class that inherits from MembershipUser that your new provider returns. You could then add your own properties to SubsiteMembershipUser that your app can query to find out which site the user belongs to:
//get current logged on user - cast it to our custom membership user object
SubsiteMembershipUser thisUser = (SubsiteMembershipUser)GetUser();
if(thisUser.SubsiteName == SiteUserIsBrowsingString
&& Roles.IsUserInRole(thisUser.UserName, "siteadmin"))
//user is admin for this site so do something