I'm curious about the extent to which I should go to enforce business rules. I have validators on my pages and business rules in the middle tier. Should I also enforce business rules on the back end
View 5 RepliesI am building a web application that has multiple alternative paths to most of the use cases. These paths I perceive as business rules. I would like to code my application first for main scenarios and then apply alternative scenarios as business rules (rules can be added and removed even when application is in production).I think my application deserves a rule engine. I haven't used any in the past. So I have few queries, but before that here is the profile of my application:
Web based application (data intensive)Somewhat critical (related to health care) - dynamism needs to be accounted for Microsoft .Net platform (ASP.Net, MS SQL Server, WCF)Here are some queries:
How best to externalize rules?
Is it possible to apply rules immediately or batch-wise is the only possibility?
How can Business User be in control of rules?
What best (suitable) rule engine is there? (I prefer to accommodate an open source product)
What exactly is the e.Row.DataItem return.. MSDN says.. returns An Object that represents the underlying data object to which the GridViewRow object is bound.
Here is my DataGrid...
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataSourceID="ObjectDataSource1" OnRowDataBound="GridView1_RowDataBound">
<Columns>
<asp:BoundField DataField="PracticeCode" HeaderText="PracticeCode"
[Code]....
Note : There could be other ways to accomplish this, but I'm looking especially why my p1 is null... and is there any way to get the Patient Object back from GridView after binding.
I have the following site structure:
- Site
- Administration
- Resources
- Home.aspx
Basically no unauthorized users should be able to use the system, so they get properly redirected to Home.aspx which has the login controls.
The Administration folder contains a page that should be only accessible to authorized users, but also only to users that belong to specific roles. So I have a web.config inside the Administration folder as this:
[Code]....
At first sight I'd say that this configuration would check that only SystemAdministrators and AccountManagers can access the SecuredPage.aspx. But it doesn't. If I log into the system as a regular user (not part of the roles) and then go to http://mysite/Administration/SecuredPage.aspx, it allows me in, instead of showing a "your not authorized" message.
I've also tried with location=Administration so to secure the entire folder, but same results.
UrlRewriter rules?[URL]I need a rule for a user how is visiting my web like this URL
]ProductName=[ProductName]
I'm using UrlRewriter.net, mentioned on ScottGu's Blog. I've built a site around this and now I'm having problems with subdirectories. The problem is, I want to exclude a directory and all subdirectories/files within it from rewriting. The rules I have are:
<rewrite url="~/(.*)/Uploads/Images/(.+)?" to="~/Uploads/Images/$2" processing="stop" />
<rewrite url="~/(.*)/Uploads/(.+)/(.+)?" to="~/Uploads/$2/$3" processing="stop" />
<rewrite url="~/(.*)/Uploads/(.+)?" to="~/Uploads/$2" />
The problem is, although I can access files in the uploads directory (/Uploads/myfile.ext) and see the directory lists for direct subdirectories (/Uploads/mySubdirectory/), anything in /Uploads/mySubdirectory/, eg: /Uploads/mySubdirectory/myfile.ext returns a 404, because the UrlRewriter is messing with the Urls. I've tried these rules in different orders to no avail.Has anyone used this before? There must be a way to get it to work.
I have the following authorization rules in my web.config:
[code]....
Except for the path attribute these two rules are the same. Is there a way to combine these two rules into one like path = Register.aspx, ForgotCredentials.aspx.
I read on a post that you can use ASP.Net authorization in the web config to control access to a WCF web service to replace the following attribute:
[PrincipalPermission(SecurityAction.Demand, Role="Administrators")]
To test I have been using "Administrators" which is a valid role so should allow me access and "TEST" which isnt. This works fine when using the above attribute however when I comment that out and use this in my Web.Config file:
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny roles="*"/>
</authorization>
It still allows me access.
So I was wondering if I have just got something wrong in the web.config or whether what I read was wrong saying to use that.
Just for reference this is the post I looked at:
Using Windows Role authentication in the App.config with WCF
and the following is my web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny users="*"/>
</authorization>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService1.ServiceBehaviour1" name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WcfService1.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.ServiceBehaviour1">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I'm creating an ASP.NET control that outputs <object> and <embed> tags. I want the control to have "Height" and "Width" properties, since both of those tags require them. I was also thinking of validating the height and width at runtime. I'm wondering exactly what the valid ranges are so I can be sure I have valid sizes.
These are the types of height and width settings I've seen before. Are these all valid? Where could I find all the accepted formats? Are there any values that are considered invalid, but are used as tricks for cross-browser compatibility?
1px
10%
99.99%
100
I may just go the route of letting the user input whatever they want in these fields, but now I'm curious.
Experimenting with URL rewrites using this module, however I'm getting the following error when attempting to hit the URL. Looked online for answers, but not sure what the best way to get around this is...
HTTP Error 500.52 - URL Rewrite Module Error. Outbound rewrite rules cannot be applied when the content of
the HTTP response is encoded ("gzip"). IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred. IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly. IIS was not able to process configuration for the Web site or application. The authenticated user does not have permission to use this DLL. The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
I have a .net 4.0 web application hosted on IIS7 server.
After reading this: [URL] about serving static content from another server, so that cookies aren't sent with every request for a static file, i tried it out but without much success.
This is the part written in the web.config file:
<system.webServer>
<rewrite>
<rules>
<rule name="images" stopProcessing="true">
<match url="^images/(.*)$" />
<action type="Rewrite" url="http://static-server.com/images/{R:1}" appendQueryString="true" logRewrittenUrl="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
With this rule defined, every link to a file in the images folder should be rewriten into the static-server URL. But this doesn't work at all, now every image that is in the images folder returns a 404 not found. what could be causing this behavior or a different solution on how to serve files from a specific folder from a different server without having to go trough tons of code and change all the links to link to the static server?
I did also try using the Redirect action type instead of the Rewrite action, which actually worked, but it defies the reason why i'm trying to serve the files on a different server (this way the request is sent to my dynamic content server with all the required cookies and is redirected to the static-server which is actually worse than serving the images from the dynamic content server).
I can't for the life in me work out how to get the outbound rules to work. All my inbound are spot on (not included). I have dynamic and statis compression disabled, I moved the module up in the modules list just incase.The server is Windows 2008 R2 x64 if that makes a difference. Also not that the 'Content' pages get rewritten perfectly. I don't get it.
You can view the live site here: http://www.ink4u.co.uk
[Code]....
I have a column that i am wondering if there are some special rules enforced onit.. as soon as i send in a variable as an answer for the parameter in a stored procedure then my stored proc starts to filter an extra field....how can this be happening if the only difference is that i am passing in a parameter...(I am not even using this parameter!).
View 9 RepliesI am making a form that reads/writes to a table called Contract. Contract has a field called BuyerID, which is used to store the PK of a record in the Organization table, OrganizationID. When I first tried saving my form, I got the following exception:
The record can't be added or changed. Referential integrity rules require a related record in table 'Organization'. The transaction ended in the trigger. The batch has been aborted.
When I choose a value for the field that gets assigned to BuyerID, I don't get an exception. I don't want this field to be required, so I need to remove the referential integrity rule. I thought there must be a foreign key constraint specifying that BuyerID points to Organization.OrganizationID. However, running
[Code]....
shows that the only constraint for BuyerID is a default value of 0. how to remove the referential integrity rule?
modifying the code to redirect to https only if the page url has signup4 and paymentinfo in it. using below code i can redirect all pages to https....
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
<add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Defined RegisterModel class - with some validation rules for creating new users, and this works fine.
Then I get this class, strip few properties and wanted to reuse it as UserInfo_Form_Model, for editing user properites.
No changes, just deleted few items, renamed and reused in strongly typed View for editing.
And result of validation is: -
[DisplayName("Name")] works fine, showing correct
[StringLength(20, ErrorMessage = "xxxx...")] - not working, no message showed when suppose to be one
[Required(ErrorMessage = "xxxx.")] - not working, not showing messages when delete required values?
but (ModelState.IsValid) is false when I checked it in controller (it had to be because required value is missing)?
Is it this only partially correct and how this can be?
Well this is a bit frustrating because it cant be simpler than this and I cant make this simple code reuse.
See below code "ViewEntry.aspx" in web config file i am using to display post of my blog in the same way i want to use one more page to display categories of my blog.
How to use multiple url in web config file inside the rewriter tag?
<section name="rewriter" requirePermission="false" type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler, Intelligencia.UrlRewriter"/>
<add name="UrlRewriter" type="Intelligencia.UrlRewriter.RewriterHttpModule, Intelligencia.UrlRewriter"/>
<rewriter>
<rewrite url="(.+)-(.+).aspx" to="~/ViewEntry.aspx?id=$2"/>
[Code] ....
I am trying to secure an application in IIS7 using .NET Authorization Rules.
By default, the web server allows all users access (which is inherited).
I have added, just for this one application directory, a deny all users command, as well as an allow command for specific users.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="myusername" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
I have Windows Authentication enabled, and I can verify that without the line that my REMOTE_USER is MYDOMAINmyusername.
However, when I try to deny all users, I am prompted with the typical Windows domain username/password box. If I enter the username password, the prompt comes back up again 3 times until finally presenting me with a failure message. (I have also tried to no avail)
Looking in the event viewer, it appears as if my login using the username and pw is successful in the audit ... and to further that point, my account is not being locked out (which it would if I were failing to login over and over). So it's as if I am logging in, but the configuration is not seeing what I entered as matching my login.
Below is the message I see (even when connecting from the server using localhost):
**Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.**
I have a large table of text inputs for which a set of custom attributes are being created on the server side. These attributes included "min" and "max" which were used with the jQuery Validate plugin. Due to a change in the requirements (of course), we now have to update the attributes to a range type, however the Validate plugin isn't interpreting the formatting of the range rule correctly (or perhaps it's more accurate to say I'm not formatting the rule correctly) and now I have problems. The generated output for the input boxes looks like this:
<input type="text" producttype="CCC" code="ESTFEE" range="460, 500" class="currency required" id="txtEstFeeCCC" value="460.00" name="txtEstFeeCCC">
I've also tried the following:
<input type="text" producttype="CCC" code="ESTFEE" range="[460, 500]" class="currency required" id="txtEstFeeCCC" value="460.00" name="txtEstFeeCCC">
In either case, the message returned is either: enter a value between 4 and 6. or enter a value between NaN and 4 respectively. Neither of which has anything to do with the 460 - 500 range in question. The jQuery code calling the validate function is just the vanilla call:
$("#btnSave").click(function() {
validator.form();
...
});
How should an input attribute for jQuery Validate range be formatted so that the correct number range limit is displayed?
How can I assign classes to the online/ASP.NET (not a desktop app) version of ReportViewer? I'm also intersted in using web specific formatting, e.g. ems versus ReportViewer desktop defaults such as points and inches.
View 2 RepliesI have been assigned the task to create a rules engine with another programmer for a company. They want it totally dynamic (parameterized sql type dynamic, no inline or any wishy washy coding practices). So I have ended up with no idea what to really aim at since this is the first time for this type of project. I am hoping someone has some ideas if they have experience this before. I am thinking of going in this direction.
http://weblogs.asp.net/scottgu/archive/2007/08/16/linq-to-sql-part-6-retrieving-data-using-stored-procedures.aspx
or this
http://www.richard-banks.org/2007/08/how-to-use-windows-workflow-rules.html
I have set up url rewriting in my web.config with regex rules and it works correct for all html files.
Problem:
[code]...
I have 1 textbox tb1 with 2 radiobuttons rb1,rb2
If rb1 checked tb1 accept only numeric with special characetes.
If I enter alphabets how to show error msg.
If rb2 checked it accepts any input data.
How to write code for above requirements..
asp.net 2.0 MSVS2005 vb.net
I do this..I pull up a SQL multi view SELECT query (thats a stored proc with 3 SELECT statements in it).
[Code]....
I then run thru dr and dr.nextresult and populate controls with it.
The above is fast.
QUESTION : Can I cache at the SQLcommand level in the above code ?
NOTE: I can NOT use SQL dependency as my query doesnt fit the rules
i have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.