Looking for guidance on how to achieve something in ASP.NET Web Form - the behaviour is a bit like that seen in ASP.NET AutocompleteExtender, but I can't find anything that gives the flexibility I need. Here is what I am trying to do:
2 TextBox fields on the form,
CompanyName and CompanyRef
(CompanyRef an abbreviated unique
Company identifier)
User types in the CompanyName
As soon as there are 3 characters in the
CompanyName an internal webservice is
called (AJAX?)
Webservice checks what has been entered so far and
evaluates a 3 character representation of it - for instance
"Stack" would be returned as STA0001.
If there is already an STA0001 in the db it would return STA0002 and so on
The value returned would be targetted at the
CompanyRef TextBox
User needs to be able to edit the CompanyRef if they so wish
I'm not looking for code per se, more high level guidance on how this can be done, or if there are any components available that I am missing that you may be able to point me in the direction of. Googling and searching on SO has returned nothing - not sure if I'm looking for the right thing though.
Generating the CompanyRef is easy enough. There are lots of articles etc which cover combining say an autonumber or counter with a string. The difficulty I have with your approach is that you intend to let users fiddle with the ref, and make their own up. What for?
[EDIT - Follow up to comment]
The comment box didn't allow for enough characters to answer your comment fully (and I'm still getting used to the conventions in place here....)
You could use AJAX to call the web service and return currently available values, and then use javascript to update the field. The problem with this is that once a user has decided he or she likes one, it may no longer be available when it is passed back to the database. That means you will have to do one final check, which may result in a message to the user that they can't now have the value they were told was available when they started the process. Only you know the likelihood of this happening. It will depend on the number of concurrent users you have.
I've done an article on calling web services etc using jQuery which should give you a starting point for the AJAX part: http://www.mikesdotnetting.com/Article/104/Many-ways-to-communicate-with-your-database-using-jQuery-AJAX-and-ASP.NET
Related
I'm currently working through my A Level computer science controlled assessment, and am making an application designed to help Scout Leaders manage their group. This is my first time working in Java, SQLite, Android Studio and XML so I've run into a few problems along the way. At this point in time, I'm in the process of creating a login system, part of which involves editing login details. I was wondering if there's a way of loading multiple values from one record into different EditTexts at once, so the user only needs to edit the already-existing username and password, rather than type it in again with a slight edit? Thanks in advance. I didn't think it necessary to include any code in this question, as I'm only looking for an example, however if it would help please don't hesitate to ask - I just couldn't find a guide on this anywhere else.
You retrieve the data into a Cursor via a query that selects the required columns.
You then move to the appropriate row (record) in the Cursor (probably the first and only row).
For each EditText you set the text, using the setText method with the data from the respective column using an appropriate get???? method passing the column offset to the method (e.g. your_cursor.getString(<the_column_offset>)).
Rather than calculating and hard coding an offset, it is more reliable and flexible to use the getColumnIndex(<the_column_name_as_string>) method.
After all have been set you then close the Cursor
Note and would be replaced with respective values specific to the App.
Aria payments system method for create account is create_acct_complete, which must return some data with payment_proc_id field - the processor payment id, but I can`t get it - this field is always empty!
Who knows how I can get this proc_payment_id?
Does anybody work with ariasystems at all?
http://developer.ariasystems.net/apidocs/web/app.php/view/?id=83
I was told by Aria that their online documentation is not up to date.
The best resource that I've gotten from them is a bunch of PDF's spanning all versions of their API 6.1-6.4, which do not allow republishing without their written consent.
In any case, based on my understanding this proc_payment_id value should be returned when you are invoicing in unison with the create_acct_complete call. That is provide supplemental plans or a master plan that has a cost associated with the create_acct_complete call.
This likely also depends on your payment processor you have.
If you're only setting the customer account up without any invoicing items it will always be return null.
Their documentation lists that the proc_payment_id value is a 1000 character string that is nullable.
I'm thinking of a architectural way of displaying messages in our application (Flex-Asp.NET-SqlServer), mostly messages that announce for instance a downtime.
Currently I was thinking of creating a table FlexMessage that holds the name of a message (based on that name I now where to put in Flex) and the value (the message itself). As a result however, someone will have to create these messages and also delete them when they are no longer valid. So, thinking further, I thought of creating messages having a startdate and enddate, so an interval in which they need to be displayed. Like this, someone could login to the management part and create a message that needs to be displayed from a certain date until a certain date.
I could also hardcode it in the Flex Application, but that would mean putting a new build online (of the swf) each time something changes with a certain message. No good idea I guess.
Is there a better way for this that I haven't thought about?
One way to do this is to place your messages in an RSS feed, then read that feed from the Flex application.
There is an example of how to do this here: http://www.artima.com/weblogs/viewpost.jsp?thread=23819
I've been quite impressed with dynamic data and how easy and quick it is to get a simple site up and running. I'm planning on using it for a simple internal HR admin site for registering people's skills/degrees/etc.
I've been watching the intro videos at www.asp.net/dynamicdata and one thing they never mention is how to handle concurrency control.
It seems that DD does not handle it right out of the box (unless there is some setting I haven't seen) as I manually generated a change conflict exception and the app failed without any user friendly message.
Anybody know if DD handles it out of the box? Or do you have to somehow build it into the site?
Concurrency is not handled out the of the box by DD.
One approach would be to implement this on the database side, by adding a "last updated" timestamp column (or other unique stamp, such as a GUID) to each table.
You then create an update trigger for each table. For each row being updated, is the "last updated" stamp passed in the same as the one on the row in the database?
If so, update the row, but give it a new "last updated" stamp.
If not, raise a specific "Data is out of date" exception.
On the client side, for each row you update, you'd need to refresh the "last updated" stamp.
In the client code you watch for the "Data is out of date" exception and display a helpful message to the user, asking them to refresh the data and re-submit their change.
Hope this helps.
All depends on the definition, what do you mean under "out of the box". Of cause you have to create a lot of code to handle concurrency, but some features help us to implement it.
My favorite model is "optimistic concurrency" based on rowversion datatype of SQL Server. It is like "last updated" timestamp, but you need not use any update trigger for each table. All updates of the corresponding "timestamp" column in your tables will be made automatically by SQL server at every update of data in the table row. I describes it in my old answer Concurrency handling of Sql transactrion. I hope it will be helpful for you.
I was of the impression the Dynamic data does the update on the underlying data source. Maybe you can specify the concurrency model (pessimistic/optimistic) on the data meta model that gets registered on the App_Init section. But you would probably get unable to save changes error, so by default would be pessimistic, last in loses....
Sorry to replay late. Yes DD is too strong when it come to fast development of project. Not only that it is base for .Net 4.0. DD is more enhance and have been included in .Net 4.0.
DD mostly work on Linq to sql. I will suggest you to have a look on that part.
In linq to SQl when you go to property of table you will find a property there which specify wheater to check the old value before updating new value. If you set that true I think your proble will get handle.
wish you best luck.
Let's learn from each other.
The solution given by Binary Worrier works and it's widely used on platforms providing a GUI to merge the changes (e.g. source control programs, wiki engines, etc). That way none of the users lose their changes. In the other hand, it requires much code or using external components or DLLs.
If you are not happy with that, another approach is just to lock the record that is being edited. Nobody else will be able to edit that record until the user commit the changes or his session expires. It has pros and cons but requires little code compared with the first option.
I'm writing an Asp.Net WebForms app where I am calling an edit page an passing in the data about the record to be edited using query string parameters in the URL.
Like:
http://myapp.path/QuoteItemEdit.aspx?PK=1234&DeviceType=12&Mode=Edit
On a previous page in the app, I have presented the user with a GridView of screened items he can edit based on his account privileges, and I call the edit page with these above parameter list, and the page know what to do. I do NOT do any additional checking on the target page to validate whether the user has access to the passed in PK record value as I planned to rely on the previous page to filter the list down and I would be fine.
However, it is clear the user can now type in a URL to a different PK and get access to edit that record. (Or, he may have access to Mode=View, but not Mode=Edit or Mode=Delete. Basically, I was hoping to avoid validating the record and access rights on the target page.
I have also tested the same workflow using Session variables to store PK, DeviceType, and Mode before calling the target page, and then reading them from Session in the target page. So there are no query string paramaters involved. This would take control away from the user.
So, I'm looking for feedback on these two approaches so that I choose an accepted/standard way of dealing with this, as it seems like a very common app design pattern for CRUD apps.
Agreed, you'll want to validate permissions on the target page, it's the only way to be absolutely sure. When it comes to security, redundancy isn't a bad thing. Secure your database as if you don't trust the business layer, secure your business layer as if you don't trust the UI, and secure the UI as well.
You should always validate before the real execution of the action, especially if passing the parameters by query string. For the second page that does the execution you might not need as much feedback for the user since you do not have to be nice to the user if he tries to cirumvent your security, so error handling should be a lot easier.
Passing the variables per session is acceptable but imho you should still validate the values.
We always use querystrings so records can be bookmarked easily, however always validate in both places, if you write you access control code nicely it should just be a case of re-using the existing code...
I believe the common practice is to do what you're avoiding: On the original page, you need to check to see what the user should have capabilities to do, and display their options appropriately. Then on the actual work page, you need to check the user again to verify they are allowed to be there, with access to that specific task.
From a usability standpoint, this is what the user would want (keeps it simple, allows them to bookmark certain pages, etc), and security on both pages is the only way to do this.
If you really don't want to check access rights on the target page:
You could hash the PK with the UserID and then add the hash value to the query string.
string hash = hashFunction(PK.toString() + UserID.toString());
Then you have to make sure the hash in the queryString equals the hash value calculated before loading the page.
Assuming this is an internal organization Web application.
Session variables can be manipulated as well, although not as easily. Whatever authentication you're using throughout your site, you should definitely use on your target page as well. Otherwise, you'll be open to exposing data you may not want as you have found out.
You could do the following to make your URLs a bit more secure:
-Use Guids for Primary Keys so users cant guess other record ID's
-The Mode couls be implicit: Guid = Edit, no Guid = New
and..
-Server-side validation is the only way to go.