Architecture :: Allowing Access To Multiple Customers For One User With Url Rewriting
Jan 27, 2010
I am currently developing a solution in which the user logs in once and can work on multiple customers at the same time on my site.I've looked at all possible solutions involving sessionid having stored the customerid, to launching a new browser session so i could have multiple sessions for one users etc. I also looked at using cookieless sessions.But the all fail because it's not a simple solution and in my opinion a simple solution is most of the time a good and predictable solution.
Therefore i came up with the idea to use url rewriting(i've seen this used in other applications). When the user opens a customer, i would like to start his url as follows "~/Customers/xxxxxxx/*.aspx" where xxxxxx represents the customerid. and *.aspx represents a complete subset of pages of my site. This would allow me to use a simple technique to use multiple user sessions within a single asp.net session.
Now coming to my problem, I have never done some url rewriting, therefore my questions:
- Is this possible.
- Can i protect all the pages that need a customerid as input(come to think of it, if no customerid in the querystring, redirect to a selection screen would be sufficient).
- How do i adopt all urls used in a sitemap etc in a structured way.
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization> <allow roles = "Role1 AND Role2"/> <deny users="*"/> </authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
The project, once done, will provide a "portal" into a limited portion of the client's database. All clients are using a SQL database, but various server software products are involved (MSSQL, MySQL, and others).
My question, however, has more to do with the "look and feel" of the finished product. We want to be able to integrate our 'portal' easily into the client's websites and have it look as seamless as possible. Obviously, placements of logos, etc. -- but also colors, fonts, etc.
Client sites tend to be simplistic in design. We envision the customer placing a link to our site from theirs, and our site will be running on IIS on their server. At least that's the plan.
The goal right now would be to make as much of this "parameter driven" as possible, so that a lot of the install can be accomplished through some simple settings, isolated in one or two files such that at installation time we can tweak those settings and be up-and-running in a short period of time with a site that integrates reasonably well with the customer's.
But I'm uncertain as to whether there is a better approach. Obviously, we could try to redesign our site with each install with the basic design of the customer's, but this would be cost-prohibitive in some situations. So, I'm thinking about a "second best" alternative that may be adequate in most circumstances.
I want to read some information from an xml file and store it ready in memory so that it can go out with every page response without being reloaded from the xml on every request.
What is the best way of doing this?
It looks to me like there are 2 options. Either create a class with static fields that the information is stored in. Or create a class with public fields that the info is stored in and create an instance of that class at application level.
Is that correct, are both of those options viable? or will I not be able to access the fields in the second method without creating an instance of the class in the code that responds to the page request(basically if you create an instance of a class at application level can you use that instance from within code anywhere in your website as long as it is public)?
the form has 15 items to choose with radio buttons, any number can be selected. I would like to process them as a 'group' so I can do something like loop thru them, checking if each one has been selected to build a list and also be saving them to a table row, etc but it seems all the designations as a list or group make it mutually exclusive. just looking for better coding than checking them with an if statement or similar so the question is if there is some way to designate the radio buttons as a group but no force the group to be mutually exclusive
I am building a web-application that uses xml files to send them to Web-Services , and the application will be used by alot of users i have the files in my directory , and before continueing development I was thinking about when several users will use the same xml file at the same time knowing that , the users will have to ( read , write ) on these files , so if one user is writing on the file and another one will read from it we will have a bit confilict here .
I thought of copying the whole xml file TEXT and placing it as a string in the application but if i have to use like 10 xml files this will be a big performance issue i guess.
Im using intelligencia urlrewriter as my url rewrite module. I have one very strange problem which only occurs when an url is rewritten but to make it more fun, not on all rewritten pages. Edit: Forgot to tell you what's the problem boing boing. the problem is that my Page_Load event gets fired 2 times.his is how my form rewrite adapter looks like:using System;
using System.Web.UI; using System.Web; using System.Web.UI.WebControls;
Something is wrong with my registration page. After I register a user, it goes to the complete section of the page, but anytime I return to the register page, it only displays the complete section instead of allowing me to register another user. I tried logging out, but that doesn't change it. What have I done wrong?
My WebApp is part CMS, and when I serve up an HTML page to the user it typically contains relative paths in a.href and img.src attributes. I currently have them accessed by urls like: ~/get-data.aspx/instance/user/page.html -- where instance indicates the particular instance for the report and "user/page.html" is a path created by an external application that generates the content. This works pretty reliably with code in the application's BeginRequest method that translates the text after ".aspx" into a query string, then uses Context.RewritePath(). So far so good, but I've just tripped over something that took me by surprise: it appears that if any of the query string ("instance/user/page.html") happens to contain a plus sign ("+") the BeginRequest method is never called, and a 404 is immediately returned to the user.
So my question is two-fold:
Am I correct in my belief that a "+" would cause the 404, and if so are there other things that could cause similar problems? Is there a way around that problem (perhaps a different method than BeginRequest)? Is there a better way to preserve relative URL paths for generated content than what I'm using? I'd rather not require site admins to install a 3rd party rewrite tool if I can help it.
I have developed an application in ASP.NET 3.5 which utilizes the Membership and Roles Providers and Forms Authentication to manage user access and profiles.
There are various area's of this application that are only to be used by an admin users whom login using their email and password and the rest of the users log in using their telephone number and password via their iPhone.
For simplicities sake, I would like to have two different login pages, one that is formatted for the iPhone and performs the correct validation for users adding a telephone number and the other for the application administrators.
I want to redirect the user to their respective login page based on which folder they are attempting to access. For example say I have an application structure like this
I have a CMS page that allows the user to paste in or type HTML code into a TextBox in a FormView, then do an INSERT or UPDATE operation to an nvarchar(MAX) column in an SQL table. This is using an ObjectDataSource that refers to an insert or update method in a TableAdapter in my dataset.
When testing, the server initially warned me when I tried to input or update text containing HTML code; so I set the validateRequest="false" in my page header.
I gather this can be a serious security risk. What's the proper way to "validate" the string being input? Am I opening the database to SQL injection?
Only the site administrator has access to the CMS, but malicious could theoretically bust their way in...
I'm working on an application (ASP.NET, Webforms) that generates a list of outputs based on a user input. I want to allow the user to save the contents of said list as text file, or possibly as other filetypes such as .csv. What is the best way to approach this? Can it be done client-side with Javascript?
I am starting a new project in ASP.NET (With silverlight) - I would like to get expert opinion about how to design the data access.I can use DataAccess Layer with SQL helper, but the challenge is every new field that I add needs to be added in the sql helper.I am trying to see if there is a way to design the system, so that it appears in the front end when a new field is added. I don't want to have in the ASPX files (binding in controls) I want to have ability to change items in code. Essentially I am trying to see the best option to have a database application.
the account we use to copy/publish websites to our web server is not allowing us access to push websites. I've added this account to the permissions in the links listed in the below link, but i don't have success when trying to push remotely. When the account is in the local admins account, everything works flawlessly, but we are not allowed to have it in there. http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/31be047e-4716-4974-b8a1-be0111b50199 I've googled and searched a lot for this particular error, but am not finding an answer that helps. We get this error, 'Unable to create the Web 'http://edea01/test/planning'. You are not authorized to perform the current operation', and the above link is the scenario that matches mine the most. I don't do develompment work, but am asked to figure out this connection problem.
I am trying to secure very mixed content that is located in an ASP.NET directory. For purposes of this question, it can be ~/MyApp/.
I want all of the content in the directory and its subdirectories restricted to authenticated users. The default.aspx page, though, should be accessible to everyone. This is the web.config in that directory:
[Code]....
Now if you are an unauthenticated user, everything works fine if you request [code]....
The problem occurs in that visitors do not always request "Default.aspx". We have a default document configured so that they get Default.aspx even if they just request "/MyApp". An authenticated user works fine, but an unauthenticated user is directed to the login page.
Now I know that essentially this happens because even though the request for "/MyApp/" will actually end up serving up "/MyApp/Default.aspx", the security system is only checking for "/MyApp/" since that is what I requested. That is then getting the default security for the directory.
How can you configure an exception to allow access when no particular file is requested in the directory??
Is there some dependency between DefaultDocumentModule and UrlAuthorizationModule? In this environment, the UrlAuthorizationModule has been removed and re-added in order to make sure it fires for non-managed requests. I would not expect that to change the order of execution, though, since UrlAuthorizationModule usually goes after DefaultDocument.
A workaround could be to set up the opposite security with the directory being open, and then trying to secure individual files. Because of the (changing) number of files, and extensions, etc, and the fact that you cannot use wildcards in a <location>, this is not really a workable solution for me.
I'm trying to make my masterpage work with my content page, allowing the content page to access the master page controls. I get the error:
Parser Error Message: The 'mastertype' directive must have exactly one attribute: TypeName or VirtualPath
This is on the lines:<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="viewProduct.aspx.cs" Inherits="AlphaPackSite.viewProduct" MasterPageFile="MasterPages/Main.master" title="Hi there!" [code]...
I'm a bit confused with namespaces and such so may have got them wrong, but all pages are in the same namespace now I beleive.
I keep getting the error: Compiler Error Message: CS0030: Cannot convert type 'AlphaPackSite.Main' to 'ASP.masterpages_main_master'
Source Error:
Line 147: public new ASP.masterpages_main_master Master { Line 148: get { Line 149: return ((ASP.masterpages_main_master)(base.Master)); Line 150: } Line 151: }
I am trying to implement URL rewriting technique in my Web application.I have found some articles on net 2 rewrite URL. But i m not able to understand. tell me any API or DLL which will take care of all url rewriting techniques in my Web applications.
I have heard something abt UrlRewriter.ddl . But i have not used it yet. provide me the easiest way to do that. If any sample application is there then it will be better ti understand
I have been creating my BLL and DAL with in the same project as my UI. These have been logical tiers in their own folder with in the same project, that's with in the same solution. I want to try to create a solution that is more like a truly multi tiered app.
I've heard people talk about using a separate projects for their DAL and BLL. My understanding is that these would be separate dlls that would contain the appropriate code for each of the these tiers. I have a few questions regarding this.
Is this a good way to do this? It seems like a logical approach. It also seems like the next step in me moving towards an architecture that's truly tiered. Should I do this differently?
Should the projects for the BLL and the DAL use the same namespace? I think I read that some people use a namespace for each of these that indicates what they are, such as BLL and DAL.
I have a situation where I am accessing a database multiple times and I'm wondering if it is necessary.
I have a GridView with a template column with a hyperlink to "Get Results" and on the RowDataBound event I have it check the batch number against the database and see if results exist and then if they don't, hide the link.
So when viewing the page if there is 20 rows in the gridview it is effectively doing 20 queries.
I was wondering if it is a better idea to query the database once with all "batches" and load it into a datatable, then on the RowDataBound event query the datatable. The only issue I see with this is there is currently 40,000 batches and grows daily.
