July 2010 - Posts

Role based authorization using LoginView control

This article disusses LoginView control, which is part of System.Web.UI.WebControls namespce , can be found with in Visual studio under ASP.NET Login tab.

LoginView control allows to display different content based on user's authentication status and role. This control contains three templates which can be used based on application requirement as outlined below.

AnonymousTemplate:- Specifies the template to display to users who are not logged into the web site. In other words unauthenticated users. Authenticated users or logged in Users will never see this template.

LoggedInTemplate:- Displays the template for authenticated users or loggedIn users.

RoleGroups:- Specifies the template to display to logged in users who are members of roles with defined role-group templates as shown below. Here content templates are bind to particular roles or role.

   1: <asp:LoginView ID="MasterLoginView" runat="server">
   2:                 <AnonymousTemplate>
   3:                     Welcome: Guest
   4:                 </AnonymousTemplate>
   5:                 <LoggedInTemplate>
   6:                     Welcome:
   7:                     <asp:LoginName ID="MasterLoginName" runat="server" />
   8:                 </LoggedInTemplate>
   9:             </asp:LoginView>

AnnonymousTemplate

In the  above LoginView control content with in AnonymousTemplate is shown to unauthenticated users with a message Welcome:Guest as specified with in template. The above snippet usually used on Master pages in combination of Login.aspx

LoggedInTemplate

Contents or controls with in LoggedIn Template are shown to all users who are logged into website. In other words ‘to all authenticated users’.

In the above example LoginName control is used, so the message Welcome :<LoginName> is shown to logged users.

RoleGroups

   1: <asp:LoginView ID="lvUserRecord" runat="server">
   2:             <RoleGroups>
   3:                 <asp:RoleGroup Roles="Admin">
   4:                     <ContentTemplate>
   5:                         <asp:Button ID="btnEditUser" runat="server" Text="Edit" OnClick="btnEditUser_Click" />
   6:                         <asp:Button ID="btnUpdate" runat="server" Text="Update" OnClick="btnUpdate_Click"
   7:                             OnClientClick="return confirm('Are you sure you want to update this record?');" />
   8:                         <asp:Button ID="btnCancel" runat="server" Text="Cancel" OnClick="btnCancel_Click" />
   9:                     </ContentTemplate>
  10:                 </asp:RoleGroup>
  11:             </RoleGroups>
  12:         </asp:LoginView>
  13:         <asp:Button ID="btnPrint" runat="server" Text="Print" OnClick="btnPrint_Click" />
  14:         <asp:Button ID="btnDownLoad" runat="server" Text="DownLoad" OnClick="btnDownLoad_Click" />

Example:- It is required to display a button or set of buttons to authorized users only.

Solution:- Can be called as control based authorization, where authorized users with a role can view the button controls that are specified with in RoleGroup contentTemplate.

How it works?
When the above LoginView is used on a page, button controls (Edit, Update and Cancel) are shown to only users who are with in Admin role. When the other users get to the page these button controls are hidden consequently the functionality is limited/authorized to users in Admin role only.

LoginView control provides granular level of authorization with minimum effort from developer. It is quite feasible to implement content and control level authorization in web application.

Resources

Posted Wednesday, July 28, 2010 4:16 PM by sukumarraju | 1 comment(s)
Filed under:

Custom data method - GridView Sorting and Paging

One of the common task when you use custom data methods is sorting and paging. There is an article here on sorting and paging using custom data. Based on the feed back received from developers to elaborate the source code and better explain this article is written.

Note that custom method expected to return a data table object in this approach. In this article Search() is custom method that returns a DataTable object.

   1: #region GridView Page Index Changing
   2:  
   3:   /// <summary>
   4:   /// Handle Gridview paging event
   5:   /// and bind Search results data to GridView
   6:   /// </summary>
   7:   /// <param name="sender"></param>
   8:   /// <param name="e"></param>
   9:   protected void GridView1_PageIndexChanging(object sender, GridViewPageEventArgs e)
  10:   {
  11:        GridView1.PageIndex = e.NewPageIndex;
  12:       //Bind search reuslts
  13:       GridView1.DataSource = SortDataTable(Search() as DataTable, true);
  14:       GridView1.DataBind();
  15:  
  16:   }
  17:  
  18:   #endregion
  19:  
  20:   #region Properties SortDirection and SortExpresssion
  21:  
  22:   /// <summary>
  23:   /// property GridView Sort Direction
  24:   /// </summary>
  25:   private string GridViewSortDirection
  26:   {
  27:       get { return ViewState["SortDirection"] as string ?? "ASC"; }
  28:       set { ViewState["SortDirection"] = value; }
  29:  
  30:   }
  31:   /// <summary>
  32:   /// GridView sort expression property
  33:   /// </summary>
  34:   private string GridViewSortExpression
  35:   {
  36:       get { return ViewState["SortExpression"] as string ?? string.Empty; }
  37:       set { ViewState["SortExpression"] = value; }
  38:   }
  39:   #endregion
  40:  
  41:   #region SortDirection method
  42:   /// <summary>
  43:   /// Get current sortDirection and switch between 
  44:   /// ascending and decending order
  45:   /// </summary>
  46:   /// <returns></returns>
  47:   private string GetSortDirection()
  48:   {
  49:       switch (GridViewSortDirection)
  50:       {
  51:           case "ASC":
  52:               GridViewSortDirection = "DESC";
  53:               break;
  54:           case "DESC":
  55:               GridViewSortDirection = "ASC";
  56:               break;
  57:       }
  58:  
  59:       return GridViewSortDirection;
  60:   }
  61:  
  62:   #endregion
  63:  
  64:   #region SortDataTable
  65:  
  66:   /// <summary>
  67:   /// Sort Data Table when Page Index changing
  68:   /// </summary>
  69:   /// <param name="dataTable"></param>
  70:   /// <param name="isPageIndexChanging"></param>
  71:   /// <returns></returns>
  72:   protected DataView SortDataTable(DataTable dataTable, 
        bool isPageIndexChanging)
  73:   {
  74:       if (dataTable != null)
  75:       {
  76:  
  77:           DataView dataView = new DataView(dataTable);
  78:           if (GridViewSortExpression != string.Empty)
  79:           {
  80:               if (isPageIndexChanging)
  81:               {
  82:                   dataView.Sort = string.Format("{0} {1}", 
                        GridViewSortExpression, GridViewSortDirection);
  83:  
  84:               }
  85:               else
  86:               {
  87:                   dataView.Sort = string.Format("{0} {1}", 
                        GridViewSortExpression, GetSortDirection());
  88:  
  89:               }
  90:  
  91:           }
  92:           return dataView;
  93:       }
  94:       else
  95:       {
  96:           return new DataView();
  97:       }
  98:  
  99:  
 100:   }
 101:   #endregion
 102:  
 103:  
 104:   #region GridView columns sorting
 105:  
 106:  
 107:   /// <summary>
 108:   /// Handle page sorting
 109:   /// </summary>
 110:   /// <param name="sender"></param>
 111:   /// <param name="e"></param>
 112:   protected void GridView1_Sorting(object sender, GridViewSortEventArgs e)
 113:   {
 114:  
 115:       //Get sortExpression
 116:       GridViewSortExpression = e.SortExpression;
 117:       int pageIndex = GridView1.PageIndex;
 118:       //Bind GridView with search results
 119:       GridView1.DataSource = SortDataTable(Search() as DataTable, false);
 120:       GridView1.DataBind();
 121:       //Set the page Index
 122:       pageIndex = GridView1.PageIndex;
 123:  
 124:  
 125:   }
 126:  
 127:   #endregion

Let me know any comments. I make sure to better explain or resolve any bugs related to this article.

Posted Wednesday, July 21, 2010 7:05 PM by sukumarraju | with no comments
Filed under:
More Posts