I am not sure how to phrase a good question, so I will just say what I am after!
I have to retool a web application for our vendors and part of that requires restricting content on a vendor by vendor basis. Looking at ASP.NET (MVC) this seems easy enough using the built in Authorization Filters and the IPrincipal and IIdentity interfaces (I haven't used them yet, just reading, so I may be using these terms incorrectly!).
What I'm not interested in doing is writing all the code for managing users and roles. I would love to be able to assume all of this is done for me by a third party application, and my code simply specifies roles required.
Now, I'm not exactly sure the product I am after, or if it even exists. Is this a CMS? Right now our vendor site uses a very old version of DNN. Some of our existing custom code is written as a module within DNN. I am not interesting in this type of solution at all. I want to be able to build a standard ASP.NET webapp and not be tied to a certain vendor 'module' definition. It seems like this should be possible if the CMS / Portal implement custom providers behind the ASP.NET provided API's, yah?
The primary (only) customer here is developers, if that makes sense.
Notes:
I really don't need a full blown CMS, which is why I'm confused on what type of product to search for. Some CMS functionality might be nice, but the site is only for very specific vendor interaction that is going to be 95% custom.
I see that ASP.NET provies a website administration tool, and that is cool, but doesn't solve the public facing aspects of user interaction.
ASP.NET provides extensive membership and role management APIs that are pretty easy to work with since version 2.0. They are available in ASP.NET MVC. Probably they do not require much more work than you would do anyway for styling or other stuff. But since you don't want to do it anyway, you can use a simple Web form with a Login control in your MVC app and make routing ignore that path with:
routes.IgnoreRoute("SignIn.aspx");
Just drag a login control to SignIn.aspx as you would in any Web form app.
Related
I am a little confused as to how the identity framework works. For example in VS 2013 we can create an MVC application that the authentication is individual user accounts. Once we create it we can register with a username and password. But what if we wanted to have also a DOB in the registration or some other fields such as email or phone etc? Can we do this with the identity framework? What about the way the data base is structured, can we have a custom structure? Or if I want this should I be using forms authentication? Also what is the difference between the Identity framework and Forms authentication in terms of authentication?
Although your post has already been marked as answered, I’d like to add a little more info for future readers.
The first thing we need to understand with VS and Microsoft is that they’ve always tried to provide us with Templates to help us get started. There are many Pros and Cons to using Templates but the idea is that it gets you started quickly without having to manually include stuff yourself.
The idea of Templates is great but to the untrained eye, it provides Microsoft an opportunity to include stuff that THEY think you’ll need or better yet, what your application will need.
This opportunity includes promoting products such as Identity, Knockout.js etc...
In short, Microsoft is not wrong in doing that since the majority of the people do not second guess what is included in their project and because they…well…trust Microsoft.
A great analogy is when you purchase a new computer from a major retailer. When you arrive home and start your computer, you quickly notice that you have a bunch of pre-installed software running in the background (that you never asked for).
To the untrained eye, they will never realize that these are running in the background and their computer will work regardless. But for someone that is aware, he will most likely uninstall all of them and have a cleaner plate.
So Templates are similar to this...
As for the rest of your questioning, I’m sure by now you’ve found the answers.
Even though Microsoft sells ASP Identity as a single solution, Forms Authentication and Identity (Membership) are two distinct frameworks that work together, but serve different purposes:
Forms Authentication manages authentication session/cookies.
Membership/Identity is the store for user information (credentials, user demographics, etc.)
Look here for some additional information and links.
I am trying to integrate a CMS into an existing ASP.NET Web site built with .aspx files and .aspx.cs code behind files (not compiled).
My research indicated that my best candidate is N2 CMS.
My ideal approach is to configure the editor with various editable content types and have my existing pages and user controls use the API to retrieve the content and place it pro grammatically into containers.
I couldn't find how this can be done, anyone have any idea how and if can this be done ?
Is there any other CMS that is better suited for the task?
We have had this exact setup existing web applications (WebForms + MVC) integrated with N2 in the same manner as you have described in previous projects and it was fairly simple to implement, but by now we have switched to using umbraco for the same purpose for the following reason:
better support (larger community)
better backend editors
more ready avilable modules (even commercial supported ones)
richer backend ( proper multi language support)
configurable rather than code oriented (this is a pro/con depending what you need)
One important note:
Don't waste time host the CMS + the actual application in the within the same ASP.NET application. We have all of the installations separate and we would have not done it differently looking back, especially when you have existing web applications with routing etc. in place already. The CMS is just going to mess this up at some point. Also this is not CMS specific.
Traditional CMS are pretty intrusive, they dictate you the way you must build your system. And if you already have a web site, and just want to add some Content Management functionality into it you are out of luck - all traditional CMS want you to demolish your old web site and rebuild everything from scratch.
It's actually a good idea to keep CMS and web application separate. In that case all you need is some kind of markers on your web pages telling the CMS what should be manageable. "Software plus Service" solution. This is what ElasticWCM (http://www.elasticWCM.com) is trying to do.
For a web site developer ElasticWCM is just a set of ASP.NET controls you can wrap around your Html to make the content manageable. When you click on the "Edit Page" button on the PageToolbar control you get redirected to the rich page editor where you can manage all your content fields. Nothing to install, just reference the controls' DLL.
You can't get less intrusive than that. As a bonus you receive all bells and whistles of a full-scale multilingual CMS and a bunch of unique features.
We have had a fair amount of luck with Sitefinity from Telerik. It's .net based, easy to extend, and has a good collection of plugins. On the downside it is pricey.
I'm looking for best practices and good ideas rather than a proper solution.
scenario: I work in a web agency and thus we are plenty of websites from several customers. They're built upon a cms we made, so websites are quite identical for the 90% of code. However, remaining 10% struggles me and my team as it involves not only the presentation layer but behavioral logics too (ex: a website1 requires simply user/pass registration while website2 needs more data, facebook connector, etc. But this is a very easy example).
Making ad hoc development for our customers is becoming painful as keep each version aligned is getting really hard for us
What I really dream to have is an extendible website that works by itself, but in which I can override a part. This behavior should sound like "look for the specific part, if it doesn't exists get the base one". The parts could be a method, a class, a page, a control, a static file.
example:
Suppose I want website2 to have an own login component, let's so imagine that we have a situation like:
/website_base
|_ login.aspx
/website1
/website2
|_ login.aspx
So, if I ask for www.website1.com I'll get /website_base/login.aspx, but if I ask for www.website2.com I'll get /website2/login.aspx
Any idea?
Thanks
PS: we work with asp.net 3.5 framework.
There are couple of ways to achieve this.
Approach 1:
1. Split the common functionality in modules and create a pluggable structure. (like DotNetNuke) Obviously this will be more time consuming initially but over the period of time it can make itself like a product.
Approach 2:
Firstly - I would create separate solution for each client for better maintainability. This will save me a lot of hassle while maintaining the source control and when one client comes back with issues and we have multiple releases for a single client.
Secondly - From my core solution, I will identify most commonly used artifacts for each layers and move them to a core assembly.
a. For example – In UI you can use themes to give different looks for each client. Have a default master page which comes with the core site structure. All client specific details like Logo, name, contact details etc… can be configured using some DB fields.
b. In Business Layer and Data Access Layer – core functionalities like Membership, Logging, CMS related Entities etc I would have as a dll
i. I will derive my client specific logic from these core classes.
Last but not the least – how you deploy your code and how your IIS VD structure looks like… I believe it will be totally dependent on how the solution is packaged.. I would create a deployment package for each client which will give them the ability to deploy it to any server wherever they want until you have specific issues about proprietary software hosting.
Look into ASP.NET MVC. It is much more extensible than Web Forms, can be integrated into your existing Web Forms application, and it is very easy to build reusable custom components like what you are describing.
Otherwise, I would suggest looking into WebParts and developing reusable custom server controls for the components that you need. This way you can encapsulate the complex functionality within a single UI control without having to write repetitive code. WebParts are also compatible with Personalization, which you can leverage to manage the variance between which sites use which controls.
I definitely recommend MVC as the way to go for building extensible .NET web applications, but learning a new technology always incurs a cost in the time it takes to understand the new paradigm. I hope this helps you.
I found a smart solution here: http://www.codeproject.com/KB/aspnet/ASP2UserControlLibrary.aspx
Check it out
Hai,
i am trying to store the user permissions for my web site.But I am little bit confused with xml and Database. For each user in site have different permissions. Have u ever faced this issue? for Example , if my site is a shopping site , for a local user , the report menu need not to display. A sales man need not to display the purchase page. and so on ..
I think you understood my problem .I have done this user management using a xml file . For each user a new node will create according to the menu and keep in the xml file . Next time the user login ,checks the permissions and and show only the allowed menus.
My boss tell me to do the same thing using the Database. by using XmlDataSource it is quite simple to bind data to the treeview (for setting permission) and binding to the menustrip also.
He is pointing the security problem . i don't think like so.
Which is better ? DB or XML
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
My advice would be to use asp.net membership and roles (written by Microsoft). It is a very good security solution - login security, roles (permissions) and is stored in a SQLServer database (not sure if it can be stored elsewhere).
I use it on my site and you can use membership controls straight out of the box (login forms, change password, etc.) or you can roll your own.
The only tricky bit I found was setting up the membership tables, views and stored procs in my dB (you download a dB script), but really it was fairly straightforward to implement.
Here's a link to asp.net membership and roles
ASP .NET Membership and Roles (part of the Provider Model introduced on ASP .NET 2) is (IMHO) nice only when you need some basic stuff. The issue is that you need to use the whole system using SQL Server, but if you are planning to move to a different DB provider (MySQL, SQLite, etc..) then you'd have to implement your own provider (which is at best painful), and learn how the whole pieces fit each other. Granted, finding a custom implementation it's quite easy, but is not a copy & paste thing.
Another bad thing of the default provider model is that you will get a ton of SQL stored procedures, also called maintainance nightmares. The issue is that if your site scales, then these SP's will make your life a living hell (been there) and if you even dare to change hostings then you're in for a treat, so my advice would be make your own permissions hierarchy and use it the way you wish. Also, look for advices and some pre-existing solutions to the permissions problem which is quite common.
Website security can be split up into to distinct parts.
Authentication: Logging in
Authroization: Roles/Permissions.
The ASP.NET Forms Authentication Provider is a great way to implement authentication. I recently created a custom provider that communicates with our companies X500 directory (LDAP). It was very straight forward.
For Authorization, we implemented the entlib security application block. It allows you to keep Roles/Permissions in a separate location that can be accessed by your UI as well as your service layers (assuming your developing a scale-able solution). You may also want to look at the Windows Itentity Foundation which is slated to supersede entlib security application block, however it is only available for .NET 4.0.
I am using asp.net 2.0. I have been using asp.net membership provider for user management. But I think this would be more efficient if I could do this without using role and membership provider provided in asp.net. In fact I see bulky markups generated when I add login control,
createuser control etc. in an asp.net web page.
By saying user management, I am referring to the overall login, user activity tracking, password reset/retrieval, role management in an asp.net web application. And I want to implement efficient way to accomplish this.
Any suggestion would be appreciated.
What exactly bothers you? Server-side code, or the HTML which gets served to the client?
If former, then you can implement your own providers or just reinvent the whole system from scratch (which I do not recommend, but it might be worth it in some scenarios).
If latter, just write your own set of controls that use Membership API.
As far as "efficiency" is concerned, you're not clear in what "efficient" means to you.
Most (all?) of the membership controls support templates, which means you can customize the markup they generate to the client.
See this tutorial to get you started: A Crash Course on ASP.NET Control Development: Template Properties
As for the database hits, I don't think it's a huge problem, but if you're concerned I'd suggest load testing it to make sure. Also, if you set CacheRolesInCookie to true, you can eliminate some of those database calls.