Listing 16-35: Checking for a specific user in a particular roleVB Protected Sub Button1_ClickByVal sender As Object, ByVal e As System.EventArgs GridView1.DataSource = _ Roles.FindUse
Trang 1Listing 16-35: Checking for a specific user in a particular role
VB
<%@ Page Language="VB" %>
<script runat="server">
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
GridView1.DataSource = _
Roles.FindUsersInRole("AdminPageRights", TextBox1.Text) GridView1.DataBind()
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Role Manager</title>
</head>
<body>
<form id="form1" runat="server">
<asp:TextBox ID="TextBox1" Runat="server"></asp:TextBox>
<asp:Button ID="Button1" Runat="server" Text="Button"
OnClick="Button1_Click" />
<p><asp:GridView ID="GridView1" Runat="server">
</asp:GridView></p>
</form>
</body>
</html>
C#
<%@ Page Language="C#" %>
<script runat="server">
protected void Button1_Click(object sender, EventArgs e)
{
GridView1.DataSource = Roles.FindUsersInRole("AdminPageRights", TextBox1.Text.ToString());
GridView1.DataBind();
}
</script>
Understanding How Roles Are Cached
By default, after you retrieve a user’s roles from the data store underlying the role management service, you can store these roles as a cookie on the client machine This is done so you do not have to access
the data store each and every time the application needs a user’s role status There is always a bit of
risk in working with cookies because the end user can manipulate the cookie and thereby gain access to information or parts of an application that normally would be forbidden to that particular user
807
Trang 2Chapter 16: Membership and Role Management
Although roles are cached in a cookie, the default is that they are cached for only 30 minutes at a time
You can deal with this role cookie in several ways — some of which might help to protect your
applica-tion better
One protection for your application is to delete this role cookie, using theDeleteCookie()method of the
Roles API, when the end user logs on to the site This is illustrated in Listing 16-36
Listing 16-36: Deleting the end user’s role cookie upon authentication
VB
If Membership.ValidateUser(TextBox1.Text, TextBox2.Text) Then
Roles.DeleteCookie()
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, False)
Else
Label1.Text = "You are not registered with the site."
End If
C#
if (Membership.ValidateUser(TextBox1.Text.ToString(), TextBox2.Text.ToString()) {
Roles.DeleteCookie();
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text.ToString(), false);
}
else {
Label1.Text = "You are not registered with the site.";
}
Figure 16-25
808
Trang 3UsingRoles.DeleteCookie()does exactly what you would think — it deletes from the client machine any cookie that is used to define the user’s roles If the end user is re-logging into the site, no problem
should arise with re-authenticating his exact roles within the application There is no need to rely on the contents of the cookie This step provides a little more protection for your site
Using the Web Site Administration Tool
Many of the actions shown in this chapter can also be performed through the Web Site Administration
Tool shown in Figure 16-25 You can get at the ASP.NET Web Site Administration Tool by selecting
Website ➪ ASP.NET Configuration from the Visual Studio 2008 menu
Although you can easily use this tool to perform all the actions for you, often you perform these actions through your own applications as well It is important to know all the possibilities when programming
an ASP.NET application
The Web Site Administration Tool is detailed in Chapter 34
Public Methods of the Membership API
The public methods of the Membership API are detailed in the following table You would use this API when working with the authentication process of your application
Membership
Methods Description
CreateUser Adds a new user to the appointed data store
DeleteUser Deletes a specified user from the data store
FindUsers-ByEmail
Returns a collection of users who have an e-mail address to match the one provided
FindUsersByName Returns a collection of users who have a username to match the one provided
Generate-Password
Generates a random password of a length that you specify
GetAllUsers Returns a collection of all the users contained in the data store
GetNumberOf-UsersOnline
Returns an Integer that specifies the number of users who have logged in to the application The time window during which users are counted is specified in themachine.configor theweb.configfiles
GetUser Returns information about a particular user from the data store
GetUserName-ByEmail
Retrieves a username of a specific record from the data store based on an e-mail address search
UpdateUser Updates a particular user’s information in the data store
ValidateUser Returns a Boolean value indicating whether a specified set of credentials is valid
809
Trang 4Chapter 16: Membership and Role Management
Public Methods of the Roles API
The public methods of the Roles API are detailed in the following table You would use this API when
working with the authorization process of your application
Roles Methods Description
AddUsersToRole Adds a collection of users to a specific role
AddUsersToRoles Adds a collection of users to a collection of roles
AddUserToRole Adds a specific user to a specific role
AddUserToRoles Adds a specific user to a collection of roles
CreateRole Adds a new role to the appointed data store
DeleteCookie Deletes the cookie on the client used to store the roles to which the user
belongs
DeleteRole Deletes a specific role in the data store Using the proper parameters for
this method, you can also control if roles are deleted or kept intact whether
or not that particular role contains users
FindUsersInRole Returns a collection of users who have a username to match the one
provided
GetAllRoles Returns a collection of all the roles stored in the data store
GetRolesForUser Returns a collection of roles for a specific user
IsUserInRole Returns a Boolean value that specifies whether a user is contained in a
particular role
RemoveUserFromRole Removes a specific user from a specific role
RemoveUserFromRoles Removes a specific user from a collection of roles
RemoveUsersFromRole Removes a collection of users from a specific role
RemoveUsersFromRoles Removes a collection of users from a collection of roles
RoleExists Returns a Boolean value indicating whether a role exists in the data store
Summar y
This chapter covered two outstanding features available to ASP.NET 3.5 The membership and role
management services that are now a part of ASP.NET make managing users and their roles almost
trivial
This chapter reviewed both the Membership and Roles APIs and the controls that also utilize these APIs
These controls and APIs follow the same data provider models as the rest of ASP.NET The examples
were presented using Microsoft SQL Server Express Edition for the back-end storage, but you can easily
configure these systems to work with another type of data store
810
Trang 5Por tal Framewor ks
and Web Par ts
Internet and intranet applications have changed considerably since their introduction in the 1990s
Today’s applications do not simply display the same canned information to every viewer; they do
much more Because of the wealth of information being exposed to end users, Internet and intranet
applications must integrate large amounts of customization and personalization into their offerings
Web sites that provide a plethora of offerings give end users the option to choose which parts of
the site they want to view and which parts they want to hide Ideally, end users can personalize the
pages, deciding for themselves the order in which the content appears on the page They should be
able to move items around on the page as if it were a design surface
In this situation, after pages are customized and established, end users need the capability to export
their final page settings for storage You certainly would not want an end user who has highly
customized a page or a series of pages in your portal to be forced to reapply the settings each time
he visits the site Instead, you want to retain these setting points by moving them to a data store for
later exposure
Adding this kind of functionality is expensive — expensive in the sense that it can take a considerable
amount of work on the part of the developer Until ASP.NET 2.0, the developer had to build a
personalization framework to be used by each page requiring the functionality This type of work
is error prone and difficult to achieve, which is why in most cases it was not done
But wait .
Introducing Web Par ts
To make it easier to retain the page customization settings that your end users apply to your page,
Microsoft includes Web Parts as part of ASP.NET Web Parts, part of the larger Portal Framework,
provide an outstanding way to build a modular Web site that can be customized with dynamically
Trang 6Chapter 17: Portal Frameworks and Web Parts
reapplied settings on a per-user basis Web Parts are objects in the Portal Framework which the end
user can open, close, minimize, maximize, or move from one part of the page to another
The Portal Framework enables you to build pages that contain multiple Web Parts — which are part of
the ASP.NET server control framework and are used like any other ASP.NET server controls This means
that you can also extend Web Parts if necessary
The components of the Portal Framework provide the means to build a truly dynamic Web site, whether
that site is a traditional Internet site, an intranet site, a browser-based application, or any other typical
portal
When you first look at Web Parts in ASP.NET 3.5, it may remind you of Microsoft’s SharePoint offering
Be forewarned, however, that these two technologies are not the same Web Parts and the resulting Portal
Framework, besides being offered in ASP.NET, are also used by the Windows SharePoint Services (WSS)
Microsoft, as it often does, is simply creating singular technologies that can be used by other Microsoft
offerings In this process, Microsoft is trying to reach the Holy Grail of computing — code reuse!
The modular and customizable sites that you can build with the Portal Framework enable you to place
the Web page in view into several possible modes for the end user The following list describes each of
these available modes and what each means to the end user viewing the page:
❑ Normal Mode:Puts the page in a normal state, which means that the end user cannot edit or
move sections of the page This is the mode used for standard page viewing
❑ Edit Mode:Enables end users to select particular sections on the page for editing The selected
section allows all types of editing capabilities from changing the part’s title, the part’s color, or
even setting custom properties — such as allowing the end user to specify his zip code to pull up
a customized weather report
❑ Design Mode:Enables end users to rearrange the order of the page’s modular components The
end user can bring items higher or lower within a zone, delete items from a zone, or move items
from one page zone to another
❑ Catalog Mode:Displays a list of available sections (Web Parts) that can be placed in the page
Catalog mode also allows the end user to select in which zone on the page the items should
appear
Figure 17-1 shows a screenshot of a sample portal utilizing the Portal Framework with the Edit mode
enabled
The Portal Framework is a comprehensive and well-thought-out framework that enables you to
incor-porate everything you would normally include in your ASP.NET applications You can apply security
using either Windows Authentication or Forms Authentication just as you can with a standard ASP.NET
page This framework also enables you to leverage the other aspects of ASP.NET 3.5, such as applying
role management, personalization, and membership features to any portal that you build
To help you understand how to build your own application on top of the Portal Framework, this chapter
begins with the creation of a simple page that makes use of this new framework’s utilities
812
Trang 7Figure 17-1
Building Dynamic and Modular Web Sites
As you begin using the Portal Framework to build Web sites, note that the framework defines
every-thing in zones There are zones for laying out as well as for editing content The zones that a page might
incorporate are managed by a Portal Framework manager The Portal framework manager performs the management on your behalf, meaning that you do not have to manage them yourself in any fashion This makes working with the Portal Framework a breeze
This framework contains a lot of moving parts and these multiple pieces that are heavily dependent
upon each other For this reason, this section starts at the beginning by examining the Portal Framework manager control: WebPartManager
Introducing the WebPartManager Control
The WebPartManager control is an ASP.NET server control that completely manages the state of the
zones and the content placed in these zones on a per-user basis This control, which has no visual aspect,
813
Trang 8Chapter 17: Portal Frameworks and Web Parts
can add and delete items contained within each zone of the page The WebPartManager control can also
manage the communications sometimes required between different elements contained in the zones
For example, you can pass a specific name/value pair from one item to another item within the same
zone, or between items contained in entirely separate zones The WebPartManager control provides the
capabilities to make this communication happen
The WebPartManager control must be in place on every page in your application that works with the
Portal Framework A single WebPartManager control does not manage an entire application; instead, it
manages on a per-page basis
You can also place a WebPartManager server control on the master page (if you are using one) to avoid
having to place one on each and every content page.
Listing 17-1 shows a WebPartManager control added to an ASP.NET page
Listing 17-1: Adding a WebPartManager control to an ASP.NET page
<%@ Page Language="VB" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Web Parts Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:WebPartManager ID="Webpartmanager1" runat="server">
</asp:WebPartManager>
</form>
</body>
</html>
If you want to work from the design surface of Visual Studio 2008, you can drag and drop the
WebPart-Manager control from the Toolbox to the design surface — but remember, it does not have a visual aspect
and appears only as a gray box You can find the WebPartManager control (and the other server controls
that are part of the Portal Framework) in the WebParts section of the Toolbox, as shown in Figure 17-2
Working with Zone Layouts
After you place the WebPartManager control on the page, the next step is to create zones from which you
can utilize the Portal Framework You should give this step some thought because it contributes directly
to the usability of the page you are creating Web pages are constructed in a linear fashion — either
horizontally or vertically Web pages are managed in square boxes — usually using tables that organize
the columns and rows in which items appear on the page
Web zones define specific rows or columns as individual content areas managed by the WebPartManager
For an example of a Web page that uses these zones, create a table similar to the one shown in Figure 17-3
The black sections in Figure 17-3 will represent Web zones The code used to produce the table with some
basic controls in each of the zones is shown in Listing 17-2
814
Trang 9Figure 17-2
Listing 17-2: Creating multiple Web zones
<%@ Page Language="VB"%>
<%@ Register Src="DailyLinks.ascx" TagName="DailyLinks" TagPrefix="uc1" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Web Parts Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:WebPartManager ID="Webpartmanager1" runat="server">
Continued
815
Trang 10Chapter 17: Portal Frameworks and Web Parts
</asp:WebPartManager>
<table cellpadding="5" border="1">
<tr>
<td colspan="3">
<h1>Bill Evjen’s Web Page</h1>
<asp:WebPartZone ID="WebPartZone1" runat="server"
LayoutOrientation="Horizontal">
<ZoneTemplate>
<asp:Label ID="Label1" runat="server" Text="Label"
Title="Welcome to my web page!">
Welcome to the page!
</asp:Label>
</ZoneTemplate>
</asp:WebPartZone>
</td>
</tr>
<tr valign="top">
<td>
<asp:WebPartZone ID="WebPartZone2" runat="server">
<ZoneTemplate>
<asp:Image ID="Image1" runat="server"
ImageUrl="~/Images/Tuija.jpg" Width="150px"
Title="Tuija at the Museum">
</asp:Image>
<uc1:DailyLinks ID="DailyLinks1" runat="server"
Title="Daily Links">
</uc1:DailyLinks>
</ZoneTemplate>
</asp:WebPartZone>
</td>
<td>
<asp:WebPartZone ID="WebPartZone3" runat="server">
<ZoneTemplate>
<asp:Calendar ID="Calendar1" runat="server"
Title="Calendar">
</asp:Calendar>
</ZoneTemplate>
</asp:WebPartZone>
</td>
<td><! Blank for now >
</td>
</tr>
</table>
</form>
</body>
</html>
This page now has sections like the ones shown in Figure 17-3: a header section that runs horizontally and
three vertical sections underneath the header Running this page provides the result shown in Figure 17-4
First, this page includes the<asp:WebPartManager>control that manages the items contained in the
three zones on this page Within the table, the<asp:WebPartZone>server control specifies three Web
zones You can declare each Web zone in one of two ways You can use the<asp:WebPartZone>element
816