I Create my won Authorize Attribute. Thats work great in the controller. How can I use it in the view.
Example : I have a manage user link, If you haven't access to this page, I don't want to show the link.
Here is my Authorize Attribute.
public class UserAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Session["UserID"] == null)
[Code]....
I have a database where i want to log my user into and for this issue i want to customize the AuthorizeAttribute i am wrong ?? have some easier way to do it ??
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
// the "new" must be used here because we are overriding
// the Roles property on the underlying class
public new Authorization.SiteRoles Roles;
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
string[] users = Users.Split(',');
if (!httpContext.User.Identity.IsAuthenticated)
return false;
int found = Convert.ToInt32(httpContext.Session["role"]);
return Authorization.CheckRolesCompliance(Roles);
}
}
ERROR: 'CustomAuthorizeAttribute.AuthorizeCore(System.Web.HttpContextBase)': no suitable method found to override
I thought about creating a custom AuthorizeAttribute that will prevent logged in users calling a action ( [UnAuthorized] so to speak)
Tried creating a custom AuthorizeAttribute and override the AuthorizeCore method, but not sure this is the right approach.
(does not work anyhow...get an error telling me "no suitable method found to override")
[Code]....
I have created a custom control from scratch and it works fine as in you can build the project that uses it and it works fine at runtime. Problem is when you go to design view the control shows an error in the place of where the control should be rendered.
Error: '<SomeValue>' Could not be set to '<SomeProperty>'
This shows up on all my custom set properties. These properties are created as basic as possible. I can give the properties values in Source view and run the app just fine. I can even add a Onclick event. If I don't set any custom properties the control will render fine in Design view. It's only when I set a value to a custom property.
Property Code Example:
[Code]....
I've even removed the Category and Description tags with no difference.
I don't know if what I said makes sens, but I hope it does.
What is the most straight forward way to use AuthorizeAttribute and JsonResult together so that when the user is not authorized the application returns a Json error rather than a log in page?The two things I am currently considering are extending AuthorizeAttribute or just making a new attribute that implements IAuthorizationFilter.
View 1 RepliesI'm writing an MVC app that is a front-end for an existing system with it's own authentication process. I want to mimic the behavior of forms authentication with the [Authorize] attribute redirecting to a log-on page, but the logged in status is handled completely by API calls to the backend system. What do I need to do for ASP.NET MVC to recognize a user as "authenticated" if I'm not using the Forms authentication system?
View 3 RepliesI'm only a newcomer to ASP.NET MVC and am not sure how to achieve a certain task the "right way".
Essentially, I store the logged in userId in HttpContext.User.Identity and have written an EnhancedAuthorizeAttribute to perform some custom authorization.
In the overriden OnAuthorization method, my domain model hits the database to ensure the current user id can access the passed in routeValue "BatchCode". The prototype is:
ReviewGroup GetReviewGroupFromBatchCode(string batchCode);
It will return null if the user can't access the ReviewGroup and the OnAuthorization then denies access.
Now, I know the decorated action method will only get executed if OnAuthorization passes, but I don't want to hit the database a second time to get the ReviewGroup again.
I am thinking of storing the ReviewGroup in HttpContext.Items["reviewGroup"] and accessing this from the controller at the moment.
I'm securing an ASP.NET MVC 2 application, and I have a user who is in the role "Foo".
This is true:
User.IsInRole("Foo")
But yet, when I attempt to lock down a controller action like the following, the user is denied:
[Authorize(Roles = "Foo")]
public ActionResult PrivatePage()
{
return View();
}
If IsInRole reports true, why would the Authorize attribute not allow the user in?
I'm using MVC 2 with futures, and I'm trying to hide/show content based on role. Is there a way with ActionFilterAttribute or AuthorizeAttribute if the authentication fails to not show a partial view on a controller all through attributes? Or is all I can
do with those attributes is redirect or throw up an error message? I just need the child action to return nothing basically if it fails the authentication.
I found a way using ActionFilterAttribute, but it's kind of a hack because it still calls the ChildAction on the controller and then I'm setting the result to empty afterwards. I'm looking for it not to call the Action/ChildAction at all if the authentication fails. Is there a way to restrict that call?
public
override
void OnActionExecuted(ActionExecutedContext [code].....
I am busy writing my own custom attribute for my action method called MyAuthorizeAttribute, I am still busy writing the code, here is my partial code:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
public new Role Roles;
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (Roles != 0) // Did it this way to see what the value of Roles was
return;
// Here I am going to get a list of user roles
// I'm doing my own database calls
filterContext.Result = new HttpUnauthorizedResult();
}
}
Here is my Role enum:
public enum Role
{
Administrator = 1,
SuperAdministrator = 2
}
My action method:
[MyAuthorize(Roles = Role.Administrator|Role.SuperAdministrator)]
public ActionResult Create()
{
return View();
}
The reason why I did not use Roles = "Administrator,SuperAdministrator" was because the roles are hard-coded. I don't want to have a 100 places to change if the role name changes.
Given my method, when it gets to if (Roles != 0) then Roles total value is 3, how would I check to see if these 2 roles is in the list of user roles for a specific user?
Am I doing it correct here? If not how would I otherwise implement this? It doesn't have to be the way that I did it in.
It happened to add an extra Gridveiw Header in row_databound event , It did worked fine on !Postback but disappered on Page.Postback . Quick google search guided me to move the event to Row_Created event and every thing is okay .
Can any expert post some pointers , differnces between grid row_created vs row_databount with some sample table data created dynamically behaviour of both the events in !Postback and page.Postback .
I have a site using eight (so far) custom web user controls and two of them have started misbehaving in design view. When designing the control itself some (in one control) or all (in the other) regular controls (labels, text boxes, etc.) disappear from the design view surface. They can still be seen in the source view and if the control is hosted on a regular .aspx page the control displays properly. The code window recognizes all controls in the objects dropdown list and I can write appropriate code. The controls run properly on their hosted pages.
If I switch to Split view and select controls in the source view panel a very small area od the design surface becomes selected (like one pixel for any of us who remember programming old DOS applications with 80-column screens) but no controls can be seen.
In short, the controls work in every respect except that I cannot see all or part of the design surface in Design view when editing the controls directly.
I've double-tripple checked the source code for anything that may be causing this and just don't see anything. (The controls aren't that complicated.)
I am integrating asp.net mvc with an existing asp.net web form application. All works well until I try and inherit my view from custom type.
[Code]....
Reference has been added to the assembly containing the above namespace to the web form project. I had manually create an aspx page since the mvc view templates are not available in web forms project. I guess the way view gets bound to the object by telling it where to inherit from or does asp.net mvc performs some hidden plumbing. There weird part was that I could not even bind it to IList<string>.
I've created a class which extends System.Web.Mvc.ViewPage which I want to be the default class each view inherits from. This is controlled by the "pageBaseType" attribute in the "pages" element in the web.config file in each Views folder. If I add a Views folder in Visual Studio, it creates the web.config.
I would like to change the template it uses to do this to use a different value for pagBaseType. I assume there is a template somewhere I could modify, but I don't know where it is.
i created a view using html.editorformodel() and created a buddy class for validation. the buddy class is as below;
[Code]....
Now , i know that the view recognized the buddy class because the display name above showed in the create form.
The problem now is that when i click on the submit button, i dont get that error messsage, saying that LineManagerEmail is required.
It simply goes to the httppost create action (which has no logic in it for now and simply redirects to the index action.
My view is as below.
[Code]....
I've created a basic table in SQL,
ID, Foldername, ParentID, parentLevel
1, Domestic, 0,0
2, commercial, 0,0
3, Product, 1,1
4, product, 1,1
5, Item, 3,2
6, product, 2,1
7, item, 6,2
I've created a basic web page to that drills down level by level. that all works fine.
I want to manage this table now in an admin page, and was looking for some kind of tree view type code that will allow a user to expand a level and drill down to sub levels.
Code:
Private Sub LoadList()
Litlist.Text = ""
Litlist.Text += "<tr style='background:#808080; color:white; text-align:center'>"
Litlist.Text += "<td>ID</td>"
Litlist.Text += "<td>Name</td>"
[Code] ....
This kinda works but doesn't allow me to expand to create have a collapsible tree view or show/hide TR's. How to do this using a simple table like I have for multiple levels.
I'm working on an ASP.NET MVC 2 project with some business entities that have metadata dataannotations attributes applied to them (Validation attributes, Display attributes, etc.).
Something like:
[Code]....
Using the metadata from different views is no problem, as long as I am using my business entities as viewmodels or as part of a viewmodel like this:
[Code]....
However, sometimes I need to code a view for editing some, but not all fields of an entity. For those fields I want to reuse the metadata already specified in my user entity. The other fields should be ignored. I'm talking about custom view models like this:
[Code]....
That's where I am running into problems. The custom view model above leads to an exception when the view is generated, because it has no password property.
The associated metadata type for type 'Zeiterfassung.Models.ViewModels.Users.UserNameViewModel+UserModel' contains the following unknown properties or fields: Password. make sure that the names of these members match the names of the properties on the main type.
Also, even if this exception did not occur, I expect to get into even more trouble with model validation on form submit because Password is marked as required in my business entity.
I can think of several workarounds, but none seem really ideal. In any case I can't change the database layout so that the password field would be in a separate entity in my example above.
How would you handle this scenario?
I would like to set the one template for edit/insert and view in my custom FormView control . But i got these odd exception Unable to cast object of type 'System.Web.UI.LiteralControl' to type 'System.Web.UI.WebControls.Table'.
public class CustomFormView : FormView
{
[PersistenceMode(PersistenceMode.InnerProperty), TemplateContainer(typeof(FormView), BindingDirection.TwoWay)]
public IBindableTemplate FormTemplate { get; set; }
protected override void OnInit(EventArgs e)
{
ChangeMode(FormViewMode.Edit);
if (FormTemplate != null)
{
if (CurrentMode == FormViewMode.Edit)
{
FormTemplate.InstantiateIn(this);
}
}
base.OnInit(e);
}
}
edited :
in the first step , I created the new user control and added a formview ("FV")
public partial class Form : UserControl
{
private IBindableTemplate _template = null;
[PersistenceMode(PersistenceMode.InnerProperty),
TemplateContainer(typeof(FormView), System.ComponentModel.BindingDirection.TwoWay)]
public IBindableTemplate FormTemplate { set;get }
protected void Page_Init()
{
if (FormTemplate != null)
{
FV.InsertItemTemplate = FV.EditItemTemplate = FormTemplate;
if (!IsPostBack) FormTemplate.InstantiateIn(FV);
}
}
}
Now , I want to convert this user control to web control.
I have created an advanced label control using web user control to cater some advanced options needed for my application. The control is working fine but there is one hitch bothering me. In normal label control when we change text or color, we can see effects during design time also but this is not functional with web user control. I mean when i change TEXT property of my label inside user control, the effect is visible on runtime not design time.
Is there any way to see effect of property changes during design time??
I want to customize my grid view paging to look like
|<< < 6,7,8,9,10.....98,99 > >>|
When I send a strongly typed ViewModel containing other ViewModels nested inside (basically spanning 3 tables into one object) all the data is correctly presented when debugging. However it complains at rendering time with an exception "Compiler Error Message: CS1061: 'object' does not contain a definition for 'Name' and no extension method 'Name' accepting a first argument of type 'object' could be found (are you missing a using directive or an assembly reference?)"
and the error is thrown from mvc2-rtm-sourcessrcSystemWebMvcMvcViewPageControlBuilder.cs method:
ProcessGeneratedCode line 19
PageBaseType is null all the time
[Code]....
ViewModels
[Code]....
Database
3 tables make up for the ProjectModelView object
users
projects
project_bids
I need to do a custom update for a form view (I think/know), as some of the parameters that are required for updating values should not be updated by the users, such as userid of the person performing the action which is passed back to the database for auditing purposes.
Additionally, there are some fields, such as LastUpdatedBy, LastUpdatedDate that need to be seen, but not edited. The stored procedure on the backend takes care of this, and these are not parameters for the Update method. The FormView by default is trying to pass all these values back to the database.
Lasty, the select query of the object datasource is a stored procedure that performs several joins based on PF/FK relationships to bring back more meaningful information than just a FK, so some columns are just the joined value, and can not be updated directly. Again, formview is trying to pass these parameters
So given that, I have defined the following even handler for a simple form view:
(not sure if this is the way to proceed given the above, but...)
protected void FormView1_ItemUpdating(object sender, FormViewUpdateEventArgs e)
{
ProjectDetailsDataSource.UpdateParameters.Clear();
ProjectDetailsDataSource.UpdateParameters.Add("projectID", ((Guid)e.Keys["ProjectID"]).ToString());
ProjectDetailsDataSource.UpdateParameters.Add("projectName", (string)e.NewValues["ProjectName"]);
ProjectDetailsDataSource.UpdateParameters.Add("description", (string)e.NewValues["Description"]);
ProjectDetailsDataSource.UpdateParameters.Add("projectTypeID", "1");
ProjectDetailsDataSource.UpdateParameters.Add("statusID", "1");
ProjectDetailsDataSource.UpdateParameters.Add("productID", null);
ProjectDetailsDataSource.UpdateParameters.Add("isComplete", ((bool)e.NewValues["IsComplete"]).ToString());
ProjectDetailsDataSource.UpdateParameters.Add("isActive", ((bool)e.NewValues["IsActive"]).ToString());
ProjectDetailsDataSource.UpdateParameters.Add("userid", Membership.GetUser().ProviderUserKey.ToString());
ProjectDetailsDataSource.Update();
FormView1.ChangeMode(FormViewMode.ReadOnly);
e.Cancel = true;
}
My questions are as follows:
1) Is this the right approach?
2) Is so, when I cancel the edit (because I did the update myself), and change mode, the FormView returns to read only mode as inteneded (good so far). However, when I hit F5 (refresh), the ItemUpdating method is called again, and updates the database.
I am working on a custom menu control, partially as a learning exercise, and I am having trouble with Visual Studio's IntelliSense support for it in markup view.The conventional ASP.NET menu allows you to place an arbitrary depth of <asp:MenuItem/> elements under the <Items>...</Items> element. I'm after the same behaviour for my menu.Mine unfortunately does not. VS insists on an empty tag:
<hn:AwesomeMenu runat="server" ID="menu">
<Items />
</hn:AwesomeMenu>
[code]...
Trying to add some custom code behind the cancel button built into a details view. How would I go about doing this?This is what i have currently. But, when clicked, the cancel button does not pick this up.
[Code]....
I have a parent control that has an instance of a HiddenField child control. I am using CreateChildControls() to add it. Everything works client side including the values being added to the field. However, on postback, the reference to the field is null
here is the code
[code]....
I have tried simply relying on the ViewState ... then also attempted using FindControl(). Neither works, it comes up as a null reference ... any input on what is going here?