Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0
This is the forum to discuss the Wrox book ASP.NET 2.0 Website Programming: Problem - Design - Solution by Marco Bellinaso; ISBN: 9780764584640
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old October 28th, 2007, 06:06 PM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default different user to view different content

I am using this book to learn ASP.net. I need to some help for letting the three different roles of users to view different the content of the Articles.

I understand that I can put "allow and deny" on pages/folders in web.config to allow/deny the users' access. However, I am talking about the dynamic content of Articles. That is impossible to set the different pages for the different user...

Please help and give me some advice where I should start to make it happen.

jophie
__________________
jophie
  #2 (permalink)  
Old October 29th, 2007, 03:37 AM
Authorized User
 
Join Date: Jan 2007
Location: , , .
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Jophie.

This should not be too difficult to implement. You would need to add an additional field to your article table to store the role(s) that you wish to view / edit the article. You will then need to update your existing stored procedures and classes to include this additional field.
You would then restrict access to the articles in a similar way to how non-authenticated users cannot view Articles that have the "Members Only" field set to True.

Instead of using Page.User.Identity.IsAuthenticated you could use the Me.Page.User.IsInRole method in a similar way to how the articles listing checks whether the current user can edit the article:
            Me.UserCanEdit = (Me.Page.User.Identity.IsAuthenticated.ToString AndAlso _
                (Me.Page.User.IsInRole("Administrators") Or _
                Me.Page.User.IsInRole("Editors")))

Hope this helps.

(by the way the code above is vb.net but should not differ too much to the c# in the book)
  #3 (permalink)  
Old October 29th, 2007, 02:33 PM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Retroviz,

Thank you for your tips.

I need more help tho. For example, the manager -- administrators should read all the articles, but the supervisor -- editors may read 3/4 of total articles and then the employee -- viewers only can read 1/2 of total articles. Then how can I assign one particlar article to let manager view but not editor and viewer???

jophie
  #4 (permalink)  
Old October 29th, 2007, 06:24 PM
Authorized User
 
Join Date: Jan 2007
Location: , , .
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Jophie,

You may need to clarify - I am presuming when you say "viewers only can read 1/2 of total articles" you do not actually mean a they always view 50% of articles present?

If you mean what I think you mean - you wish to be able to restrict access to certain articles based on the users role (user, editor, admin etc.)

If you have the book then it does contain all of the logic required to implement such a security model.

Note this is just one way of doing it:

Look at your current articles table. You have a field named OnlyForMembers. This allows you to restrict access to an article to only logged in (registered users).

If you look at the Page_Load event of ShowArticle.aspx (note mine is in vb.net):


Code:
                ' if the article has the OnlyForMemebers = true, and the current user
                ' is anonymous, redirect to the login page
                If article.OnlyForMembers AndAlso Not Me.User.Identity.IsAuthenticated Then
                    Me.RequestLogin()
                End If




you can see that if the OnlyForMembers value is checked and if the user is not authenticated, they are redirected to the log in page.

You could extend this further by adding additional fields to your articles table for each role (only really a good idea if you know that you will have a fixed number of roles (i.e. user, editor, admin etc.). Of course this does that you are denormalising your table to some extent but if using the same boolean (checkbox) datatype for these fields, the implications should not be so serious.

So lets imagine you have created an article that can be viewed by Admin (ShowAdmin=True), Editors (ShowEditor=True) but not by normal users (ShowUser=False).

As long as you make the necessary changes to the methods and properties of the articles classes you could do a similar check to the article above although this time instead of checking if a user is logged in, you check if they are logged in and their role. So if Joe Bloggs logs in and he is a member of the users group, your logic will see that ShowAdmin = True (is user a member of the Admin role - NO), ShowEditor = True (is user in the Editor role - NO), ShowUser = False (is user in the Users role - YES)

So essentially if you do not get a match (like in this case): Me.RequestLogin()

I hope that gives you enough information. One of the best things about the book is to learn how to develop a fully featured application properly. If something similar already exists in the application you should be able to copy/adapt accordingly.

  #5 (permalink)  
Old November 2nd, 2007, 11:20 AM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi All,

I added two more fields in the tbh_Article and made some changes in the store procedure for the (showAdmin) and (showEditor). Basically, I added these two fields information at anywhere (OnlyForMembers) existed.

After I added and changed, then ran. There were an error pop out. Error: Exception Details: system.InvalidCastException: specified cast is not valid.

Source Error:
Line 106: protected virtual ArticleDetails GetArticleFormReader (IDataReader reader, bool readBody)
ArticleDetails article = new ArticleDetails (
(int)reader["ArticleID"}
(DateTime)reader {"AddedDate"],
-----
HOWEVER, I added (bool)reader["OnlyForMembers"],
            (bool)reader["ShowEditor"],
            (bool)reader["ShowAdmin"],

-----
There was also an error about gvwArticle.Databind();

Do you or anyone have an idea what is wrong? Did anyone add a field? Please keep me some tips to look for?

J

jophie
  #6 (permalink)  
Old November 2nd, 2007, 11:37 AM
Authorized User
 
Join Date: Jan 2007
Location: , , .
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Suggest you check your New() constructors for your articles class and make sure you have added the additional fields or that you are not missing them from any of your methods such as the one being used with gvwArticles. Best thing is to step through your code to ensure you have all the bases covered.


  #7 (permalink)  
Old November 2nd, 2007, 12:29 PM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I triple checked already. I didn't miss.

HELP!!! Anyone added one more field to the site ?!?!

jophie
  #8 (permalink)  
Old November 2nd, 2007, 02:02 PM
Friend of Wrox
 
Join Date: Mar 2007
Location: Creetown, UK
Posts: 488
Thanks: 2
Thanked 11 Times in 10 Posts
Default

Quote:
quote:Originally posted by Jophie
 I triple checked already. I didn't miss.

HELP!!! Anyone added one more field to the site ?!?!

jophie
jophie,

i'm coming in late on this one but here's aquick checklist of the places where any new 'properties' should be added (using tbh_articles as an example):

1. DAL\ArticleDetails.cs
2. DAL\SQLClient\SQLArticlesProvider.cs
3. BLL\Articles\Article.cs

obviously, any code behind should refer to the new properties as well. hopefully, this should at least bring up a checklist for you to follow thro'

jimi

http://www.originaltalent.com
  #9 (permalink)  
Old November 2nd, 2007, 02:10 PM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Never mind. The code is fine. The problem was in the DB. I changed something but I forgot it could make the errors.

Thanks.

jophie
  #10 (permalink)  
Old November 2nd, 2007, 02:17 PM
Authorized User
 
Join Date: Oct 2007
Location: Arlington, VA, USA.
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Jimi,
I didn't see your post before I posted my last message. I checked all my modified code (code-behind) three or four times. BUT the error kept showing up. Then I attached the another DB and it works fine now.

May still have some question for ShowAdmin and ShowEditor logic! Please help and thank you in advance.

j

jophie
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Content Page for a Tree View and scrollable Textbo dotnetDeveloper ASP.NET 2.0 Basics 0 November 24th, 2008 02:34 PM
Go for View or User Defined function vinod_yadav1919 SQL Server 2000 1 December 12th, 2007 05:18 AM
Login View and Failed User Name timeware ASP.NET 2.0 Professional 7 June 22nd, 2007 09:19 AM
Form View in User Control shoakat ASP.NET 2.0 Professional 0 June 20th, 2007 07:29 AM
View dynamic content with MS Index Server? shogunmike Classic ASP Basics 0 June 26th, 2003 12:39 PM



All times are GMT -4. The time now is 05:40 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.