Security :: What The Best Practice For Next Scenario
Apr 27, 2010
1) All users can browse open web site content.
2) To access memebrs area users must login.
3) Users can create , edit/update, delete there profile/information only.
4) Users can see / view other users profiles.
5) Admin can browse, create, edit/update, delete an any profiles.
I found many different ways to implement it, but what the best practice. May be you can point me in right direction.
Application Web based, MsSQL 2005, .NET 3.5, Server 2003.
View 1 Replies
Similar Messages:
Oct 26, 2010
I want to track equipment between three types of allocations. A piece of equipment can be allocated to an employee, to a customer facility or to a warehouse.
I have an equipment table, employee table, a customer table and warehouse table. Warehouse is where equipment is temporarily held and shared between multiple employees, it is a holding area.
Obviously each equipment item can only be allocated to one employee, customer or warehouse.
My original thinking was to make a table for EquipmentAllocations where it linked the EquipmentID and the id of the employee, customer or warehouse (all guids).
Eventually I will need to query the equipment to see where it is located/allocated. I will also need to query the employees to check what equipment is allocated to them.
I am trying to figure out the best way to handle this and I am looking for some guidance. I am sure many of you have had situations similar to this that you could draw upon to offer up some advice.
View 8 Replies
Mar 6, 2011
I have seen a particular pattern a few times over the last few years. In the UI, each new record (e.g., new customers details) is stored on the form without saving to database. This clearly has been done so not clutter the database or cause unnecessary database hits.
While in the UI state, these objects are identified using a Guid. When these are a saved to the database, their associated Guids are not stored. Instead, they are assigned a database Int as their primary key.
The form can cope with a mixure of retrieved items from the database (using Int) as well as those that have not yet been committed (using Guid).
When inspecting the form (using Firebug) to see which key was used, we found a two part delimited combined key had been used. The first part is a guid (an empty guid if drawn from the database) and the second part is the integer (zero is stored if it is not drawn from the database). As one part of the combined key will always uniquely identify a record, it works rather well.
View 3 Replies
Nov 17, 2010
My system is an asp.net website which uses sql server 2008 (mostly stored procedures, but for asychnronous calls I directly insert the sql commands). I have a web service which polls multiple databases, I use external libraries(Including office interop), and allow for uploading and downloading files - without restriction.
My asp pages use javascript and jquery for most of their functionality.
View 1 Replies
Apr 14, 2010
I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.
View 5 Replies
Jan 14, 2010
I have been investigating the best way that I can secure my MVC application and restrict specific functionality from users. My first approach was using role management. I thought of expanding the membership database by writing an interface that would allow me to create groups of functionality i.e. 'manage customer' and then another table would hold 'activity' information for that group i.e. 'create', 'edit', 'transfer', etc. I would then create another table to link groups of functionality to specific roles and then assign my users to the roles. At first this seemed ok but I soon realised that I was a level of granularity missing. Not every user who is assigned to a specific role should have access to all of the functionality for a given group attached to a role, damn! I then thought that I could create another linking table that would hold 'access exceptions' i.e. this table would contain entries of a userid and activity id that a specific user was excluded from.
Does this approach make any sense? Is the creation of databases tables and an interface the best approach to this?
View 1 Replies
May 21, 2010
Just wanted to know what is the best pratice for storing new fields data when an user sign up ?
Also...
1- Is there a way to make the login controls use the same database than my website database?
2- It is okay to use the Membership and Role API to manager users from an user interface (without the ASP.NET Web configuration tool) ?
View 9 Replies
Apr 14, 2010
If I am going to use the asp.net membership and roles, the asp.net database includes an aspnet_Users table that has the userid and email address. If I have custom fields is it best practice to maintain a separate usert table and link on user id or to add fields to the aspnet_Users table?
View 1 Replies
Dec 6, 2010
I have this SQL Select statement to select the basket id where the user id equals a specific ID.I want to store the result of the query in a variable, so I thought I could have done:
BasketPage.SelectCommand="SELECT BasketID FROM tblBasket WHERE (UserID = '9f96bd94-91b9-4328-8214-4eac179c3a26')"
var BasketID = BasketPage.ExecuteScalar().ToString();
But apparently I need to create a new instance of an SQL Command for it to work, how can I do this for the BasketPage Select Command?
View 2 Replies
May 17, 2010
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies
Mar 2, 2010
I was looking to build an application with the scenario:
1. The application is a Shared PowerPoint Presentation
2. There would be 2 users for the application, Admin and Client
3. Admin can upload presentations
4. Only Admin can control the flow of presentation and cLient can just see the changes
5. As-In Admin can select next slide or previous slide and correspondingly Client configuration changes
I was thinking of updating current values in Database and using AJAX for updates on Client end. But I want a notification kinda thing that would notify the Client as soon as the Admin changes slides.
View 1 Replies
Mar 9, 2011
My scenario is this:
I have asp.net page which having the drop down control with Product list. in database my Product Table has fields as ProductId, Product Name and Price. where as I have filled this drop down control by this method:
private void FillProducts()
{
List<Product> productList = objProductManager.GetProducts();
if (productList.Count > 0)
{
drpProducts.DataSource = productList;
drpProducts.DataTextField = "ProductName";
drpProducts.DataValueField = "ProductId";
drpProducts.DataBind();
}
}
Which is working perfect. But i want to get selected product Price value on client side. for that I don't want round trip at server to get that. is any property of dropdown control other than DataTextFeild Or DataValueField to hold the Price Field of product ? so that i would avoid to go back at server. Or suggest any remedy for the same.
View 4 Replies
Feb 1, 2011
string filePath = ExportAndSaveInvoiceAsHtml(invoiceId);
Response.AddHeader("Content-Disposition", "attachment;filename=" + Path.GetFileName(filePath));
Response.WriteFile(filePath);
[code]...
View 2 Replies
Jul 16, 2010
I am using ajax.beginform. i am inserting and updating records using ajax and showing the inserted or updated value in the div above the div containing form. I need to apply validtion on these values.what is the recomended validation framework for this scenario. i have problems pushing validation messages to the form as i can only update one div that is indicated in updatetargetid parameter of ajax.beginform and this value in my case is set to div displaying the updated/inserted data
View 7 Replies
May 26, 2010
i'm new with design patterns and i'm not sure if in this situation i can use a composite pattern.
The scenario is a web application for an address book : the address book cointains AddressBoookItem, generalization for Contact and ContactGroup. The last one is the composite object containing a collection of AddressBoookItem.
With these scenario i'm sure that this is a composite pattern, but what is confusing me is that a contact may belong to many contactgroup. Does this request change the situation? Till now i thought that between the Leaf object and the Composite (in the composite pattern) there was a 1-to-m relationship (a composite may contains many leaf but a leaf is contained in only one composite object). Can i still use the composite pattern ? And, the last question,
How could i represent my scenario in a relational database? One table for the entire hierarchy or two table (Contact and ContactGroup) with a m:n relationship between them ?
View 3 Replies
Apr 24, 2010
I want the select statement for the above scenario.
View 2 Replies
Mar 14, 2011
[Code]....
How can I maintain using data annotation attributes for validations in mvc3 different requirement for edit and create in an elegant manner. I have an different edit and create requirement.
View 2 Replies
Jan 27, 2011
SaveChanges can generate an UpdateException when an object added to the ObjectContext cannot be successfully created in the data source. This can happen if a row with the foreign key specified by the relationship already exists. When this occurs, you cannot use Refresh to update the added object in the object context. Instead, reload the object with a value of OverwriteChanges for MergeOption.
In a table, a foreign key column can have a single value multiple times. e.g. DepartmentID foreign key in Users Table: More than one User can have same DepartmentID foreign key.
So how can this cause an UpdateException ?
View 1 Replies
Jul 10, 2010
I have two List's that contain a object of Tag like List<Tag> i need to find excluded and included to do an update operation how do find the difference in them both since they contain a Tag object. Can you use Contains function with a Tag object inside the list.
[Code]....
View 3 Replies
Jun 16, 2010
When i POST the page using the following code, the Response.write("Hey") doesn't write the content ("Hey") to the parent page
<form method="post" name="upload" enctype="multipart/form-data"
action="http://localhost:2518/Web/CrossPage.aspx" >
<input type="file" name="filename" />
<input type="submit" value="Upload Data File" name="cmdSubmit" />
</form>
But When i use following code , and POST the data, the Response.write("Hey") can be obtained in the parent page
[code]...
View 4 Replies
Mar 18, 2010
I have created a great stand-alone web form in asp.net utilizing many jQuery features and CSS. It works fine. When I re-create it as a web content form as part of a MasterPage, my jQuery and javascript is completely ignored.
I am referencing the pertinent jQuery and CSS in my of the MasterPage. I have a content placeholder at the bottom of the masterpage called "ScriptContent". In my content page, this is where I plug in the various jQuery methods and javascript.
When I view the page source everything is there. However, it's all being ignored so to speak. What am I doing wrong?
View 2 Replies
May 14, 2010
I am using ASP.NET MVC with jquery. I have the following MVC Action that returns a partial page on Success. On Application Error, I am not sure what to send it for correctly handling it at the client side.
public ActionResult LoadFilterSet(int filterSetId)
{
try
{
BreadCrumbManager bcManager = this.ResetBreadCrumbManager(this.BreadCrumbManagerID);
GeneralHelper.LoadBreadCrumbManager(bcManager, filterSetId);
ViewData["BreadCrumbManager"] = bcManager;
return View("LoadFilterSet");
}
catch (Exception ex)
{
return Content("");
}
}
Following is my jquery ajax call. Notice that I am checking for the data length to make sure there are no errors. Please suggest me a better way of doing this.
$.ajax({
type: "GET",
dataType: "html",
async: true,
data: ({ filterSetId: selectedId }),
url: link,
contentType: "text/html; charset=utf-8",
success: function(data, textStatus) {
if (data.length > 0) {
// Clear the local filters first.
clearLocalFilters();
$('td.selected-filters table.filters-display').append(data);
}
}
});
View 2 Replies
May 18, 2010
I have a question about model binding. Imagine you have an existing database entity displayed in a form and you'd like to edit some details, some properties eg createddate etc are not bound to the form, during model binding, these properties are not assigned to the model as they are not on the http post data or querystrong etc, hence their properties are null. In my controller method for update , Id just like to do
public ActionResult Update( Entity ent)
{
//Save changes to db
}
but as some properties are null in ent, they override the existing database fields which are not part of the form post data, What is the correct way to handle this? Ive tried hidden fields to hold the data, but model binding does not seem to assign hidden fields to the model.
View 1 Replies
Dec 12, 2010
almost typical master-detail scenario except the 'detail' data I want to display below the gridview will be coming from both the table that is bound to the gridview (master) and a related table.
simplified example: tableMain with field1, field2, field3 bound to master gridview. I need to select a row from the master gridview and have a form display below with field4 and field5 from tableMain, as well as all fields of tableDetail where field1 of tableMain equals field1 of tableDetail.
Is this what a 'formview' control is for? or do I just arrange my own controls to accommodate the data? Would a formview work considering my source will be partially from both the main table and the detail table? This is one of the scenarios were I know I could come up with something using none of the databound controls (except the master gridview), but I want to use the controls provided when it makes sense to do so, and utilize their benefits etc...
View 6 Replies
Mar 24, 2010
I've created details masters before but can't remember what links the two together. When an item is selected with a master, such as a gridview, what is used to tell the details view which record to display? Is it the DataKeyNames property?
View 4 Replies
