|
|
writerus drivelus
-
A while ago I talked about navigation and security trimming in ASP.NET 2.0, and someone asked about this on as ASPAdvice list. Luckily a couple of the team members (thanks Ting-Hao and Stefan) stepped in to correct a few misconceptions. The <authorization> section of web.config controls who has access to the page, and this is the case whether or not security trimming and site maps are being used; it protects against direct url access and controls user and role based access. When using the site maps and a navigation control, then the menus are built using this information too - so if a user isn't authorized for a page then the node isn't displayed (in fact it's not even returned from the provider to the UI).
The use of the roles attribute on the siteMapNode elements doesn't affect the authorization, it simply affects whether the item is shown on the menu. The reason for having control here is that it allows menu items to show even if the current user doesn't have access to that page. They can select the menu item, but if not authorized then they'll be redirected to the login page. This is useful for people who wear multiple hats, and have multiple logins; the UI can be the same while they are logged into a low privilege account, and trying to access a priviliged page will prompt them to log in. So unless you need this feature, the only thing you need to do to set the visibility of menu items is to restrict their access via the <authorization> section.
[Listening to: You Cut Her Hair - Tom McRae - Tom McRae]
|
-
From the IEBlog, this is worth mentioning. It will certainly make my job much easier, especially with the CSS selectors and XMLHttpRequest features, which makes writing cross-browser scripting easier.
|
-
When building web sites in ASP.NET 2.0 that use the membership features you're inevitably going to use the Profile to store some custom properties (you know the stuff; Address, email, Theme, etc). You're probably also going to have an 'update your settings' type page to allow users to edit their profile properties, so you code a page with a bunch of TextBox controls, setting their values from the Profile, then a button to update the profile from the entered data. It's just a bit tedious, especially if these controls are within a template, where you end up doing a ton of FindControl. Ugh. So in an attempt to make the code easier I've created a ProfileDataSource control, which simply iterates through the custom Profile properties and exposes them as a data source. This allows you to use a DetailsView (or FormView) to provide the display/edit features. The data source is pretty simple, and hasn't had much in the way of testing, but works fine. If you intend to use it I suggest a thorough test. There are things it does and doesn't do. It does take into account read only properties, so won't update those. It doesn't however, take into account the different between anonymous/authenticated properties. For example, you can bind to all properties and update them while an anonyous user even if those properties are not marked as allowAnonymous. The framework stops the property being updated, but the datasource doesn't. I decided not to impose that as a restriction. You can get the code from here. There's a test page, along with a couple of ProfileDataSource controls. One is application specific and has the profile properties explicity defined, while the other is generic. I've included both just to show you how it can be done. Just place the .vb files in the Code directory, and register the namespace/tagprefix on the page, and use it like any other data source control.
|
-
Since I posteded a reference to a forum post I've done more investigating, and feel this is worth mentioning. The ASP.NET 2.0 site map framework uses, by default, and XML file to define the menu structure, as a set of XML nodes. Each of these can have a 'roles' attribute, allowing a command delimited list of roles, to which that menu item applies; that is, the menu item shouldn't be shown to people not in any of the roles. I myself fell into the trap of thinking this doesn't work, and confusion comes from two areas. First you have to explicitly enable the provider to allow this to work, by setting the securityTrimmingEnabled attribute to true (this means either modifying machine.config, or adding a new provider to web.config; you can simply copy the provider from machine.config and rename it, adding the new attribute in the process). Secondly you need to understand that what defines whether the node is shown is a combination of the roles that the user is in and the authorization as configured in web.config. Actually there's a third part, which is file permissions, but for most people that's not relevant. The default site map provider examines the users' role, checks the <authorization> section of the configuration and checks the file permissions before deciding if the menu item should be shown. So, enabling security trimming and settings the roles in the site map nodes isn't all you have to do. By default the authorization is allow all (allow users="*"), so irrespective of your role you'll see menu items. This means you need to explicitly deny access to resources, and then allow them per role. For example, consider a fairly standard situation, where files at the top level are allowed for all users, but files under the admin directory are not (an in fact are restricted by the role). You want a single menu, so items for administration should only be shown to authorised users. The site map file could be: <siteMap>
<siteMapNode title="Home" url="Default.aspx">
<siteMapNode title="Some Page" url="SomePage.aspx" />
<siteMapNode title="Admin" url="Admin/Admin.aspx"
roles="Administrator,PowerUser">
<siteMapNode title="Site Admin" url="Admin/SiteAdmin.aspx"
roles="Administrator" />
<siteMapNode title="UserAdmin" url="Admin/UserAdmin.aspx"
roles="PowerUser" />
</siteMapNode>
</siteMapNode>
</siteMap> Here the Admin menu only appears for users in the Administrator or PowerUser roles, and menu items are further restricted. Apart from setting the authentication mode and adding the securityTrimmingEnabled attribute to the provider, nothing needs adding to the root web.config. You do however, need a web.config in the Admin directory, which would contain: <configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
<location path="SiteAdmin.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
</authorization>
</system.web>
</location>
<location path="UserAdmin.aspx">
<system.web>
<authorization>
<allow roles="PowerUser" />
</authorization>
</system.web>
</location>
</configuration> Here all users are denied access to all files, but then individual files lift the restriction based upon the role. People in the Administrator role will only see the SiteAdmin item, while Power Users will only see UserAdmin. It's the combination of this config file and the site map nodes that ensure that the menu item gets shown; a combination which is extremely powerful and provides a simple way to restrict file and menu access.
|
-
The SiteMap architecture of ASP.NET 2.0 allows roles to be defined for each menu item, thus restricting their view to only users who are in that role. This requires the securityTrimming attribute to be added to the siteMapProvider, but I'd never been able to get this to work, and assumed it was a just a simple bug in the beta. I now learn that it's not a bug, and the solution is pretty simple. Danny Chen explains it in this forum post. Simple really.
|
-
Jeff, I feel your pain, although I've not had a question list quite lke that one. You're right though, you do feel guilty when the recommended solution is "buy my book". If the solution is too complex to get over in a simple email I tend to try and give some pointers, list a few sites wth help and solutions and recommend the book. Dumping a complete solution on someone may well be what they want, but it isn't often what they need and they don't learn as much. It's a tough call though.
|
-
I've been digging into CSS menus for a while, and when I received the first previews of ASP.NET 2.0 I wrote a really simple CSS menu. Since I'm doing a talk at ASP Connections on Navigation in ASP.NET 2.0. I'm building a Database SiteMap Provider and a new Menu control that's lightweight - small to render and no viewstate. I decided to modify my menu control to sit properly on top of the site map architecture; it's take a few days to get my head around what I really need to do. It's now working and in trying to pretty it up I came across this article about CSS Menus. A really sweet solution for CSS based hierrachical menus.
|
-
Spooky. Bob is talking about UDTs in SQL Server Management Console (SSMS - I've hijacked his acronym). I've had the very same problem, and couldn't work out why the SSMS couldn't see the UDT, but that using ToString() explicitly worked. I had to mail the PM for UDTs to get it answered. It hit me doubly as I also have a User Defined Aggregate for explicit aggregation of the UDT, and that didn't work in SSMS either. Same problem. During this early testing phase when we're doing lots of build/deploy/test (call it iterative development, it sounds better) this is a royal pain. If you want to keep deploying to SQL Server you probably don't want the assembly in the gac. I suppose the answer is to spend more time up front designing and getting your code right, but that's not always the best way to learn. Well, not for me anyway.
|
-
I'm gradually getting used to the new help system, still have my preferences which aren't catered for, but I'll get over them. But one thing I simply cannot get over is again with the search. You enter a search and watch the results display. You click on a returned result and view the document. Meanwhile the search continues in the background - a nice feature, keeping the UI responsive. Except when the search finishes and the search page aggressively takes focus. It's driving me crazy. You're quite happily reading a document and suddenly it automatically switches to another window. How in heavens name is that helpful?
|
-
Two books worth mentioning. A First Look at SQL Server 2005 for Developers is damn fine. A ton of excellent material on the new version of SQL Server (codename "Yukon"). I saw this in early draft and found it invaluable for some of the stuff I'm doing. ASP.NET v. 2.0 - The Beta Version is an update to the First Look book, for beta 1 of ASP.NET 2.0. If you're thinking about getting into .NET 2.0, do not buy the old version as that was for the technical preview and there have been many changes. The new version has more material and a new set of samples: dowloadable or runnable online. I'm now going to get back to work, after a week of doing bugger all. Still, I had a good excuse.
|
-
So, working with Yukon at the moment and wasn't having a very good week. Finally got some code working , but some of my conversions weren't giving the right values. This is GIS stuff, so I'm dealing with Latitude & Longitude, converting to decimal values, calculating distances etc. I couldn't work out why things weren't right, and spent hours debugging. Finally, with Alex's help, we realised I was using the wrong type - I should have been using decimal to preserve accuracy in calculations. Now I understand rounding and the instrinsic problems of storing floating point numbers, but it's just so painful having to do lots of type conversions/casting just so you can get accurate numbers. I mean I'm only dealing with a few decimal places so you'd kinda expect things to be accurate, but oh no. As a good example, start a project in VS. Doesn't matter what type, but break into the debugger. View the immediate window and type 9.2-9 - what do you expect? By and large I'm a fairly optimistic guy, and although my maths skills are pretty poor, even I knew it should be 0.2. But I was wrong. Now call me a pedant. Call me stupid. Call me naive, but don't call me wrong for wanting to believe that such a simple calculation should give an incorrect answer. At what level should we expect rounding errors to occur? On a side note (and perhaps not seriously, but then again perhaps I am serious), why is it that we have rounding errors at all? Why is there any need to store floating point numbers as actual floating point numbers? After all, they could be stored as integers, all calculations could be done on intergers and accuracy would be preserved. The decimal point is really only needed for display purposes. Of course, it would mean radical changes to every computing platform, but heck, there's no gain without large restructing of the world as we know it.
|
-
I've been holding off on getting a new laptop, but finally went for it - a Dell Inspiron 510m, excellent screen, big disk and lots of memory. And very nice it is to. Since the disk is big I'm going for 3 boot partitions: a stable one running .net 1.1, a .net 2.0 beta 1 partition, and a general test partition (for any other beta stuff that comes along), plus a large partition for data. I've isntalled the stable one and decided to clone it for the others to save some time. I've not used cloning software before, but decided to try Acronis TrueImage; it has a nice Copy Disc option. So it whirs away, I boot into the new partition, generate a new sid and everything looks fine.
However, I go to install VS.NET 2.0 and the default install directory is C:, which is my stable partition. I look at the environment variables and some of them point to C: still, as does almost everything with a full path that's stored in the registry. Hmm, not exactly what I had planned. This disc cloning is great if you don't want the new parition to have a different drive letter. So my options are:
- Rename the drives, so that the partition booted into is always C. It's not the way my old laptop was and might confuse me (which isn't that hard to be honest).
- Scratch the newly cloned paritions and just repave them as normal.
- Edit every path in the registry, which seems pretty desperate since there's no search and replace (for probably sensible reasons).
Views people? What have others done?
[update] Of course, option 1 isn't available as it's the system partition, and thus can't be renamed. Sigh.
|
-
My friend Lou has finally joined the throngs of self-employed with her new graphic design service Frog Box. She designed my web site plus business cards, and has come up with some cool stuff for a new Al and Dave design, which we might eventually get time to implement. She's very talented and did get accepted as a storyboard designer for a new film, but turned it down because when you're starting out you can't afford to work for nothing (related news: their previous film, Dan had a hand in). It's funny but when you look at talented designers you realise how much nicer they can make sites look than most of us programmers.
|
-
I spent 3 days last week on a course at DevTrain, the company I'm going to start doing training for. This was the Web Apps with C# course, aimed at beginners. Now I'm not a beginner but I am going to train this course, so I sat in to see how the current trainer (and author of the course - they are all custom written) did it. It was an interesting time, as I was worried I might be bored. After all the material isn't new to me, and I used to be a trainer years ago - an MCT training VB, SQL, Exchange, NT, etc. It's always interesting to see other presenters. I see plenty at conferences but very few on courses. Actually none on courses, since I don't go on courses. But, you learn things about presenting just from watching others. I wasn't the least bit bored. Now Steve didn't have an outlandish style, just fairly normal presenting with enough anecdotes to keep us entertained. Careful explanation plus real world examples. I found myself concentrating quite hard and enjoying it much more than I thought I would. I learned two things. - The first was something that VS.NET could do which I didn't know about; automatically inserting a connection strings (from a SqlConnector) into the appSettings in config.
- There's always something in the framework you don't know. A simple example was the ListBox where we were selecting an item in one listbox and clicking a button to move the item to another listbox. The first thing was to check the selected index. The next part of the example was to convert the first listbox into multi select and have the button move all selected items. I naturally dove in with a loop, but you can't change a collection while enumerating over it. Hmm, more thought required. The simple solution is just to change the if statement to a while. So from:
if (lb.SelectedIndex >= 0)
to while (lb.SelectedIndex >= 0)
The point was to illustrate how you need to know the BCL. I had to admit to the students that I hadn't spotted that trick.
|
-
Is it just me or does anyone else not like the new search features in the help system in Visual Studio 2005 and SQL Server 2005? What don't I like: - Paging. Breaking down the search results into pages means I can't scan the entire resultset. Yes you can change the number of records per page, but that means I have to set it artifically high to automatically include all results.
- There are no paging controls at the bottom of the search pane. What if the controls at the top are off the screen?
- Sorting. There are no headings, so I can't sort the results how I want. What if I want to sort on the topic heading? Or language? And I do frequently, because the "best match" type of search often doesn't order items in the most intuitive way.
- Almost every result has the filtering bit at the top of the page expanded and shown in the result. Not only is this a waste of space, but also makes it harder to read.
- Multiple lines rather than a grid style. This is probably one of those personal preference things, but when results span more than one line it's hard to glance down through the results looking for details. With a grid you can quickly scan the topic headings because they all appear directly underneath each other.
- The filtering options take up valuable space on the screen. There are three combo boxes for filtering on langauge, technology and topic type, all a couple of inches wide, yet they are underneath each other. The area to the right is blank - wasted space, unless of course you select filters in which case they appear on the right. Sure I've got a big screen, but I'd rather have another result visible.
- The results show some images relating to languages. What do these mean? That there are samples on those language. This ignores the fact that I have my langauge filter set to only one language. I never use C++ or J# (they aren't even installed), so why do these show up? I don't care about them.
OK, rant over. Carry on.
|
|
|
|