ASP.NET private member field loses value on postback - asp.net

Consider the following code:
public partial class TeacherControlPanel : System.Web.UI.Page
{
protected string username = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
username = (string)Request.QueryString["username"];
Ice_Web_Portal.BO.Teacher teacher = Ice_Web_Portal.BO.Teacher.GetTeacherByUsername(username);
if (teacher != null)
{
labUsername.Text = username;
labName.Text = teacher.TeacherName;
labTeacherCode.Text = teacher.TeacherCode;
Dept dept = teacher.Department;
if (dept != null)
{
labDepartment.Text = dept.DeptName;
}
}
else
{
//labErrorMessage.Text = "No teacher found";
}
}
protected void btnSendMail_Click(object sender, EventArgs e)
{
Response.Redirect(#"~/Teacher/TeacherComposeMail.aspx?username=mahabub" + username);
}
}
In this code, when I am declaring 'username' as private, it is initialized to null after subsequent post backs.
Why?
What is the secret?

Because ASP.NET is stateless meaning it does not keep it state from post back to postback. Save the user to the viewstate, session, or application to see it on postback to postback.
#region UserName
public string UserName
{
get
{
if (this.ViewState["UserName"] == null)
return string.Empty;
return (string)this.ViewState["UserName"];
}
set { this.ViewState["UserName"] = value; }
}
#endregion

Every time you do any postback, even for "simple" things like button click events, you're working with a new instance of the page class. That's ASP.Net 101.

Declaring the username field as private or protected has no bearing on this situation. The only bearing protected/private would have is the accessibility of the variable outside the class or in inherited members.
I believe this is likely a lifecycle problem.
When you navigate to this page for the first time, user name will only have a value if the query string was set for the request. So, "/TeacherControlPanel.aspx" will have a user name with no value, but "/TeacherControlPanel.aspx?username=SomeUserName". In these cases, the field username is only going to have a value if one is set. And if no querystring is set, then when the page processes the button click event, the load will fire, no query string set means that username will be null, which means that the click event will have nothing to append to the redirect string.
So the question is, in your application, what navigation path are you using to get to TeacherControlPanel.aspx?

Related

How to Authorize user in controller action using list of user from database in ASP.NET MVC 4?

i am doing this in order to authorize user.
[Authorize(Users = #"user1, user2, user3")]
public class MyController : Controller
{
// my stuff
}
i want to do authorization from the list of user which are in database table..
This is how I got it done:
Create a new class (which inherits from AuthorizeAttribute class).
public class CustomAuthorizeAttribute : AuthorizeAttribute
Override the AuthorizeCore method (in CustomAuthorizeAttribute class) and include your custom logic in it.
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isUserAuthorized = false;
// custom logic goes here
// You can get the details of the user making the call using httpContext
// (httpContext.User.Identity.Name)
// Then get the information you have stored on your db, and compare it
// with these details.
// Set isUserAuthorized to true if the values match
return isUserAuthorized;
}
Decorate your controller action method with the attribute that you just created.
[CustomAuthorize]
public ActionResult DoSomething(string something, string someOtherThing)
This link form Gotalove is helpful.
try the following:
"using the link shared by #VikasRana http://www.codeproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF
I got rid of my enum Role and my method
public CustomAuthorizeAttribute(params object[] roles)
{ ...}
I then changed Role in my model to be a string e.g. User.Role="Admin" instead of int. In my onAuthorization method I changed it to:
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Controller.TempData["ErrorDetails"] = "You must be logged in to access this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Controller.TempData["ErrorDetails"] = "You don't have access rights to this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
}
and in my global.asax added this.
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (FormsAuthentication.CookiesSupported == true && Request.IsAuthenticated== true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//let us take out the username now
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
using (GManagerDBEntities db = new GManagerDBEntities())
{
User user = db.Users.SingleOrDefault(u => u.Username == username);
roles = user.Role;
}
//let us extract the roles from our own custom cookie
//Let us set the Pricipal with our user specific details
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception)
{
//something went wrong
}
}
}
}
"
Source: Custom user authorization based with roles in asp.net mvc
PS.: In this link, in the same post, there is a second way to fix your problem.
In the bottom of the post.
If this can't to help you, you should try it to.

Reuse postback data in HttpModule

I have a custom HttpModule, which handles if a user need to pay a invoice. If the user has made a postback, but is "caught" in the invoice section of my HttpModule, I would like to repost the original postback, that the user made, after the invoice has been paid, so the user does not have to start over.
Example:
The user fill out a form and submit it to the server
The HttpModule identifies that the user has an unpaid invoice, and redirects the user to the payment page
The user pays the bill
The original post from point 1 is reposted and the user can continue
I've tried saving the HttpContext (from HttpContext.Current) in the session state and setting HttpContext.Current to the value in the session, when the bill has been paid, but it does not work.
Is it possible to reuse a postback after the HttpModule has interrupted the normal flow?
My HttpModule looks like this:
class UnpaidInvoiceHttpModule : IHttpModule
{
private HttpApplication cHttpApp;
public void Dispose(){}
public void Init(HttpApplication context)
{
cHttpApp = context;
context.PreRequestHandlerExecute += new EventHandler(CheckForUnpaidInvoices);
}
private void CheckForUnpaidInvoices(Object s, EventArgs e)
{
if (HttpContext.Current.Request.Path.EndsWith(".aspx") || HttpContext.Current.Request.Path.EndsWith(".asp") || HttpContext.Current.Request.Path == "/")
{
if (HttpContext.Current.Request.Path != "/login.aspx"
&& HttpContext.Current.Request.Path != "/Payment/Default.aspx"
&& HttpContext.Current.Request.Path != "/Payment/Default_notice.aspx"
&& HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
CustomUser mUser = ManagerSecurity.SecurityAPI.GetUser();
if (mUser.HasUnpaidInvoices)
{
HttpContext.Current.Session["prepaymentHttpContext"] = HttpContext.Current;
HttpContext.Current.Response.Redirect("/Payment/Default.aspx");
}
else
{
if (HttpContext.Current.Session["prepaymentHttpContext"] != null)
{
HttpContext.Current = (HttpContext)HttpContext.Current.Session["prepaymentHttpContext"];
}
}
}
}
}
}
}
This link should provide you with everything you need to do what you describe. Note that this solution doesn't delay the post. It immediately reposts the data to a different page. You will have to modify it to store the name/value collection somewhere (perhaps in ViewState on the invoice page, or in a database) so it can be pulled up again after the invoice is paid. When the invoice is paid, you can pull up the name-value collection and pass it to the "redirect and post" method to put the user back on track to their original destination.

ASP.NET NullReferenceException

I am trying to write the user login details to the Database.
When I click the submit button Im getting a NullReferenceException.
There are 4 TextBoxes
Username, Email, Password and ConfirmPassword.
protected void Button1_Click(object sender, EventArgs e)
{
if ((RegisterUserWizardStep.FindControl("Password") as TextBox).Text == (RegisterUserWizardStep.FindControl("ConfirmPassword") as TextBox).Text)
{
//call the method to execute insert to the database
ExecuteInsert((RegisterUserWizardStep.FindControl("UserName") as TextBox).Text,
(RegisterUserWizardStep.FindControl("Email") as TextBox).Text,
(RegisterUserWizardStep.FindControl("Password") as TextBox).Text);
Response.Write("Record was successfully added!");
ClearControls(Page);
}
else
{
Response.Write("Password did not match");
(RegisterUserWizardStep.FindControl("Password") as TextBox).Focus();
}
}
Thank you.
You mention there are four controls - Username, Email, Password and ConfirmPassword
The null exception you are seeing is almost certainly because FindControl(X) is returning null
A better way of checking is to do something like:
TextBox myTextBox = RegisterUserWizardStep.FindControl(X) as TextBox;
if(myTextBox != null){
//Continue
}
else{
//Write out some error information - now you know what the problem is.
}
Further, and this isn't related to your immediate error, but then you feed the contents of each of the text boxes directly into your ExecuteInsert method - you'd be better off doing some validation, too, just to check you have expected values.
Its likely that FindControl didn't find the control you are after, possibly because the TextBoxes are nested under another child control like a panel etc.
Instead of
if ((RegisterUserWizardStep.FindControl("Password") as TextBox).Text
try
TextBox passwordTextBox = RegisterUserWizardStep.FindControl("Password") as TextBox;
// .. same for username and email
if ((passwordTextBox != null) && (usernameTextBox != null) ... )
{
// Do something with the textboxes
}
// else you have a bug
This will also prevent you repeating the FindControl code on the same control (DRY principle)
In your description you've said that you have a Username TextBox.
The code is looking for RegisterUserWizardStep.FindControl("UserName").
Is this a typo in the question? otherwise it could be the cause of the exception.
Code like RegisterUserWizardStep.FindControl("UserName") as TextBox will return null either if there is no control named UserName or if the control named UserName can't be cast to a TextBox. This is most likely the source of your exception because you attempt to get the property Text of a reference that might be null.
To better understand where the problem is you can define an extension function:
static class ControlExtensions {
public T Find(this Control parent, String name) where T : Control {
var control = parent.FindControl(name);
if (control == null)
throw new ArgumentException(String.Format("Cannot find control named '{0}'.", name);
var t = control as T;
if (t == null)
throw new ArgumentException(String.Format("Control named '{0}' does not have type '{1}.", name, typeof(T).Name);
return t;
}
}
You can then get the Text property of the UserName control:
RegisterUserWizardStep.Find<TextBox>("UserName").Text
This call will throw a more descriptive exception if the control isn't found.

Problem with Session unpack

I have some problems with this code:
private void BoxVisibility(bool email, bool link, Control linkButton)
{
mainEmail.Visible = email;
foreach (Control c in PlaceHolder1.Controls)
{
c.Visible = false;
}
if (linkButton != null)
{
PlaceHolder1.Visible = true;
linkButton.Visible = link;
}
}
when I send to method Control all is ok, but when at first I put Control in Session['temp'] = Control, and then invoke the method like BoxVisibility(false, true, (Control) this.Session['temp']) in this case Control linkButton.Visible = link; doesn't take true, He's still remain false.
The "control" is a reference to a particular instance for this particular page.
The Page is recreated on every request, so a reference to an old instance of your control is no longer valid. So don't store controls in anything (Session, ViewState, static fields) that lives longer than the single request. Local (instance) fields of your page are safe.

how to prevent the user repeat-login

In my application,I do not want two user login with the same login name.
For example, user1 login with name "test1",then user2 try to login with "test1" too,but at this moment the user1's formauthentication does not expire,so the login of user2 should be denied.
I created a cache class to record all the active session:
public class SessionDb {
private static Dictionary<string, HttpSessionState> sessionDB=new Dictionary<string, HttpSessionState>();
public SessionDb() {
}
public static void addUserAndSession(string name, HttpSessionState session) {
sessionDB.Add(name, session);
}
public static bool containUser(string name) {
//in fact,here I also want to check if this session is active or not ,but I do not find the method like session.isActive() or session.HasExpire() or something else.
return sessionDB.ContainsKey(name);
}
public static void removeUser(string name) {
if(sessionDB.ContainsKey(name)) {
sessionDB.Remove(name);
}
}
}
In the login.aspx.cs:
//check the name and password
if(checkNameAndPass(sUserName, sUserPwd)) {
if(!SessionDb.containUser(sUserName)) {
//let the user login
Session["current_user_name"] = sUserName;
SessionDb.addUserAndSession(sUserName, Session);
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
}
else {
//
this.error.Text=string.Format("user {0} have logined!", sUserName);
}
}
Global.asax:
void Session_End(object sender, EventArgs e)
{
SessionDb.removeUser(Session["current_user_name"].ToString());
}
But it seems that it the Session_End() method is called at some time according the timeout setting in the sessionState.
Obviously I need the the SessionDb remove the related session when the authentication timeout.
Any idea to improve my code? or any other idea to implement my requirement?
I just do not want the user repeat-login(with the same name).
UPDATE:
BTW,I think my code also have some problems: I store the log in token using the Session,but how about if the formauthentication have timeout but the session does not?
If you are using a Membership provider:
A user is considered online if the current date and time minus the UserIsOnlineTimeWindow property value is earlier than the LastActivityDate for the user.
from MSDN Article
so you can simple use the check
Membership.IsOnline();
before you login the user.
In asp.net site how to prevent multiple logins of same user id?
Another approach (Disclaimer: I have not tested this.):
In the web.config add userIsOnlineTimeWindow to 1 and in the loggingIn event handler:
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
MembershipUser u = Membership.GetUser(Login1.UserName);
Response.Write(u.IsOnline);
if (u.IsOnline)
{
Login1.FailureText = "A user with this username is already logged in.";
e.Cancel = true;
}

Resources