Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 3.5 > Visual Web Developer 2008
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
Visual Web Developer 2008 Discuss creating ASP.NET 3.5 sites with Microsoft's Visual Web Developer 2008. If your question is more specific to a piece of code than the Visual tool, see the ASP.NET 3.5 forums instead. If your question is specific to the "Express Edition" be sure to state that in your post.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Visual Web Developer 2008 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old January 27th, 2009, 03:31 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi there,

As I hinted in my previous message, when using the SqlDataSource control you need to handle the Selecting event (that fires before the control goes out to the database to get the data) and pass the current user's name to the correct parameter.

To make this work, first change your SelectParameter. The user name is not stored directly in a cookie (it's encrypted) so you need to use a generic Parameter instead:
Code:
<asp:SqlDataSource ... Other settings here
    SelectCommand="SELECT Whatever FROM [SomeTable] WHERE ([UserName] LIKE '%' + @UserName + '%')">
  <SelectParameters>
    <asp:Parameter DefaultValue="" Name="UserName" Type="String" />
  </SelectParameters>
</asp:SqlDataSource>
This sets up a Parameter but doesn't tell it where to get its data from. This should instead be done in Code Behind:

Code:
 
Protected Sub SqlDataSource1_Selecting(ByVal sender As Object, _
           ByVal e As System.Web.UI.WebControls.SqlDataSourceSelectingEventArgs) _
           Handles SqlDataSource1.Selecting
  Dim userName As String = Context.User.Identity.Name
  e.Command.Parameters("@UserName").Value = userName
End Sub
When this code is triggered by the SqlDataSource, the user name is retrieved from the Identity and assigned to the UserName parameter. This value is then forwarded to the database where it's used to select only those records that belong to the current user.

BTW: in your SQL statement you're using LIKE which is a bit dangerous. It does wild card searching, so for example, for a user called Imar it will also return records that belong to users called Primary, Imario and so on....

If you want to do yourself a favor, consider getting a copy of my book Beginning ASP.NET 3.5 in C# and VB.NET. The book talks about stuff like this and a lot more....
http://www.wrox.com/WileyCDA/WroxTit...47018759X.html

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!

Last edited by Imar; January 27th, 2009 at 03:36 AM..
  #12 (permalink)  
Old January 27th, 2009, 11:42 AM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Yes, Imar's solution is what you want. You have to set the parameter in code, because you can only define the parameter's DefaultValue as a literal value.

Also, as suggested, do NOT use LIKE. Use an equals sign instead:

Code:
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ProdConnectionString %>"
   SelectCommand="SELECT [UserID], [UserName], [LastName] FROM [TblUsers] WHERE ([UserName] = @UserName)"
   OnSelecting="SqlDataSource1_Selecting">
   <SelectParameters>
      <asp:Parameter Name="UserName" Type="String" />
   </SelectParameters>
</asp:SqlDataSource>
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
  #13 (permalink)  
Old January 27th, 2009, 01:12 PM
Authorized User
 
Join Date: Jan 2009
Posts: 23
Thanks: 10
Thanked 0 Times in 0 Posts
Default

Here is the code I am using:

Code:
<asp:LoginNameID="LoginName1"runat="server"/>
<br/>
<asp:GridViewID="GridView1"runat="server"AutoGenerateColumns="False"DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundFieldDataField="UserId"HeaderText="UserId"SortExpression="UserId"/>
<asp:BoundFieldDataField="UserName"HeaderText="UserName"SortExpression="UserName"/>
</Columns>
</asp:GridView>
<asp:SqlDataSourceID="SqlDataSource1"runat="server"ConnectionString="<%$ ConnectionStrings:ASPNETDBConnectionString %>"SelectCommand="SELECT [UserId], [UserName] FROM [vw_aspnet_Users] WHERE ([UserName] = @UserName)">
<SelectParameters>
<asp:ParameterDefaultValue=""Name="UserName"Type="String"/>
</SelectParameters>
</asp:SqlDataSource>


and this is the code behind:
Code:
PartialPublicClass _Default
Inherits System.Web.UI.Page
ProtectedSub SqlDataSource1_Selecting(ByVal sender AsObject, _
ByVal e As System.Web.UI.WebControls.SqlDataSourceSelectingEventArgs) _
Handles SqlDataSource1.Selecting
Dim userName AsString = Context.User.Identity.Name
e.Command.Parameters("@UserName").Value = userName
EndSub
EndClass


Thanks for taking the time to look at this
  #14 (permalink)  
Old January 27th, 2009, 01:37 PM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Spider,

What's wrong with this? It looks good to me. What trouble are you having with it?

My only suggestion, right off the top of my head, is that I probably wouldn't use a GridView for a query that only returns a single record. Better to use a DetailsView or FormView for that.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
The Following User Says Thank You to Lee Dumond For This Useful Post:
Spider (January 27th, 2009)
  #15 (permalink)  
Old January 27th, 2009, 03:25 PM
Authorized User
 
Join Date: Jan 2009
Posts: 23
Thanks: 10
Thanked 0 Times in 0 Posts
Default

Lee,
I changed it to a form view, and for whatever reason - it just worked!

Thanks to both you and Imar for your time over the last couple of days. I am sure I might need to pick your brains again in the near future!
  #16 (permalink)  
Old January 27th, 2009, 11:39 PM
Authorized User
 
Join Date: Jan 2009
Posts: 25
Thanks: 3
Thanked 1 Time in 1 Post
Default C#?

Are the code examples provided in VB or in C#?
  #17 (permalink)  
Old January 28th, 2009, 04:56 PM
Authorized User
 
Join Date: Jan 2009
Posts: 25
Thanks: 3
Thanked 1 Time in 1 Post
Default

I have tried Spiders code and still doesn't seem to work. I assume the code behind is going on the same page that the form view is going on? Also, could someone help me get this converted to C# language so I can see if I can mirror this?
  #18 (permalink)  
Old January 28th, 2009, 05:15 PM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

This is getting somewhat confusing, as there are two different users asking stuff in this same thread.

Okay, this is for Mashype. Based on the code example you did posted yesterday. I am using a DetailsView here. Here is the entire code sample.

Page:

Code:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
   <title></title>
</head>
<body>
   <form id="form1" runat="server">
      <div>
         <asp:DetailsView ID="DetailsView1" runat="server" AutoGenerateRows="False" DataKeyNames="UserID"
            DataSourceID="SqlDataSource1" Height="50px" Width="125px">
            <Fields>
               <asp:BoundField DataField="UserID" HeaderText="UserID" InsertVisible="False" ReadOnly="True"
                  SortExpression="UserID" />
               <asp:BoundField DataField="UserName" HeaderText="UserName" SortExpression="UserName" />
               <asp:BoundField DataField="LastName" HeaderText="LastName" SortExpression="LastName" />
            </Fields>
         </asp:DetailsView>
         <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ProdConnectionString %>"
            SelectCommand="SELECT [UserID], [UserName], [LastName] FROM [TblUsers] WHERE ([UserName] = @UserName)"
            OnSelecting="SqlDataSource1_Selecting">
            <SelectParameters>
               <asp:Parameter Name="UserName" Type="String" />
            </SelectParameters>
         </asp:SqlDataSource>
      </div>
   </form>
</body>
</html>
Code-behind:

Code:
using System.Web.UI.WebControls;

public partial class _Default : System.Web.UI.Page
{
   protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
   {
      e.Command.Parameters["@UserName"].Value = Context.User.Identity.Name;
   }
}
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
The Following User Says Thank You to Lee Dumond For This Useful Post:
mashype (February 1st, 2009)
  #19 (permalink)  
Old January 31st, 2009, 12:27 PM
Authorized User
 
Join Date: Jan 2009
Posts: 25
Thanks: 3
Thanked 1 Time in 1 Post
Default Still issues

Hi guys,

I was able to get the code Lee posted to work without problem, but it is still not displaying my user. Is there a function that will display the variable string I creade in the code behind file on the aspx page just to confirm what I am querying against?
  #20 (permalink)  
Old January 31st, 2009, 01:27 PM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Quote:
Originally Posted by mashype View Post
Hi guys,

I was able to get the code Lee posted to work without problem, but it is still not displaying my user.
The only conditions I can think of that would not create a record to display is if one of the following were true:
  1. You are not logged in, making Context.User.Identity.Name an empty string
  2. You are logged in, but the user name you are logged in under does not exist in TblUsers.
You should check both of these conditions first.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
displaying data that is related to the login user saif44 ASP.NET 2.0 Basics 0 March 9th, 2006 12:21 PM
Displaying SQLServer data to user sss22 ASP.NET 1.0 and 1.1 Basics 1 October 28th, 2005 01:05 PM
Displaying sessions logged into Win2K Server sachin1979 BOOK: Beginning ASP 3.0 0 September 5th, 2004 08:04 PM
Filter Based Upon Logged In User LandOfToz BOOK: Professional SQL Server Reporting Services ISBN: 0-7645-6878-7 0 August 31st, 2004 12:24 PM
Getting the name of the logged on user Grahame2003 C# 2 March 4th, 2004 04:48 AM



All times are GMT -4. The time now is 03:51 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.