Guidancemon how to extend book examples

DatabaseGoddess · August 12th, 2014, 01:12 PM

Hello,

I've read almost to the end of this outstanding book. Please see my review at Amazon.com (DatabaseGoddess). I'm not sure if it's appropriate to ask how to go beyond the examples in the book but I'm stumped so here goes:

I cannot figure out how to create almost two thousand named directories (I obviously need to automate this somehow) in my .NET website so that each person will be only able to see his/her own files. These are internet named user but won't be windows users.

I could set up the 1000s of folders by hand but there has to be a better way. I'm using .NET forms-based security.

The most ideal would to be able to automatically create the user-named directory (folder) when I create their ID using the CreateNewUser control and then after I assign them to a role I could prevent them from seeing various folders but how would I automate letting them see their own folder only? Please let me know if I'm not being clear but essentially I want to automate:

1) creating the 2000 user-named folders

2) assign security so that each user can see his own folder but not the other users' folders

Thanks for reading and replying if you can help!

Imar · August 12th, 2014, 03:28 PM

Hi there,

Thanks for your review!!

It all depends on what content you need to store in those folders. For example, if it's database content you could create a single file to serve all users and then use ASP.NET routing which gives the appearance of a true folder, but internally converts the folder to an ID. E.g. something like this:

www.example.com/Imar

could be processed by something like:

www.example.com/UserContent.aspx?Id=1234
or
www.example.com/UserContent.aspx?UserName=Imar

For more information about routing: http://msdn.microsoft.com/en-us/libr...vs.100%29.aspx

Alternatively, you could create the folder automatically when the user signs up for a acccount, or by looping over your existing users in the database. You could then write some centralized security code to check the folders users are accessing.

There are other options as well, so understanding your use cases is critical in providing the appropriate suggestions.

Cheers,

Imar

DatabaseGoddess · August 12th, 2014, 07:54 PM

Thanks very much for replying! My use case is this:
1) Administrators for the site will want to upload hundreds of reports (if not thousands) and have them automatically parsed into each user's folder with the condition that some reports that are "public" should go to one folder that all can access and others are private to each user. So each user will have an individual PDF that contains their own information. The PDFs are prepared external to the website.
2) If an administrator (of the spite) creates a new user, the folder for that user should be created automatically. To start we'll have about 1800 users but there will be some added and deleted over time. A user in this context is someone who will log in and view PDFs and update their own demographic information.
3) I would prefer to use web form authentication and the WSAT as I had some experience with it years ago and I can understand it more or less.
4) To add the c.1800 existing users I would like to loop over the database entries (I would use dynamic SQL to generate a column with the path to their folder if you think that's a viable solution) but I'm not sure how to do it in .NET
5) I will read about routing Thanks for the links!). Based on what I've said, do you think that's what I should use?

Thanks again for your very detailed and incredibly fast reply. I'm a database administrator by experience/training but I am under an extremely tight deadline for a boss who thinks I should be an expert at .NET development as the boss is not technical at all. I'm so grateful I found your book but because of the tight timeframe I'm trying to do things that are above my abilities at this time....

DatabaseGoddess · August 12th, 2014, 08:01 PM

Hello again. Just another quick note: When I try to get the code for the example on the Microsoft site I get the message that the archive has been retired. I tried googling to see if I could find it elsewhere but I didn't have any luck so far: http://msdn.microsoft.com/en-us/libr...vs.100%29.aspx

I'll keep trying and post again if I find anything.

DatabaseGoddess · August 13th, 2014, 01:20 PM

I see that ASP routing isn't the answer for my case because I have real files in real folders that I want each user to access. The only chapters I didn't read in your book are 17 (personalization) through the end; I ran out of time to read this weekend and I have to do it on my own time because nontechnical management thinks reading = not working. I will read chapter 17 carefully today to see if it helps me get an idea for what I've described that I'm trying to do above.

If you have the time I sure would appreciate some more help with this unless you think I should be able to figure this out myself (I must say I'm better at DBA work than programming though...)

Imar · August 15th, 2014, 10:23 AM

You could still use routing, like this:

1. Store the files outside of the web root so they can't be downloaded directly.

2. Set up routing to creating virtual folders for each use.

3. Have a single page like ShowFile.aspx that, based on the incoming route data retrieves the file names from the user's folder and present them as a list of links.

4. Create a Download.aspx file that streams the requested file to the browser, after you've sure the user is allowed to access that file.

Hope this helps,

Imar

DatabaseGoddess · August 15th, 2014, 10:44 AM

Thanks Imar. I will give this a go. I appreciate the help!