Rolebase page access and rulebase operation access

Hi Again,

This is typical scenario where programmer done want to allow specific user to visit specific page due to functionality which needs to be secure based on user types. The task like managing users should not accessed by a normal user. So we need security based on user types, more precisely we need Authorization. Once user passed thru authentication it is not Authorization who decide the access of current logged user to perform some task.

Before introductions of ASP.NET Rolebase providers, people used to check on each page for the role, and if it does not have that role then redirection process, here all data related to user role kept in session.

This functionality is much more simpler after introduction of Rolebase provider, we just need to define roles and access to that roles. We can restrict users based on either role or userid itself, its depend how the application needs the functionality. This is for particular page, now what if I need to restrict user at operation level? Mean I don't allow Account user to manage users personal details, he just need to play with user's account, he does not need to update personal details of user. Here we can use Rolebase provider to check whether logged in user have rights to perform that operation or not.

Rolebase page Access: After setting roles and mapping, you just need to add few settings into configuration file which rolebase provider will use to perform authorization. Typical example of such web.config is as following.

Lets understand the setting.

• location tag in which you have to specify path of resource. If path is directory then the authorization will consider on all the pages inside that directory.
• authorization tag will contains the allow or deny user/roles listing.
• allow tag contains the roles attribute, in which you have to put role name. So you are allowing user having SiteAdmin to access ManageUser page. In the same way if you write deny roles then it will deny that particular role to access ManageUser page.
• deny tag contains roles or user. In typical setting we are putting selected roles/users in allow list and for rest we kept as deny, so in deny you may always find * which means all user or all roles.

Typically we have more then one configuration files kept in different-different directories to manage folder separately.

Now let's see how we can implement operation level security using Rulebase provider. Microsoft Enterprise Library Security Application Block helps developers implement common authorization-related functionality in their applications. We just need to set some configuration setting using which you can identify the operation level access. Following is the typical configuration to implement rulebase provider.

You can see the how rule has been added here along with expression. You can add new rule by adding name and expression, expression is simple string which contains set of Role name and expression. There are list of more expression you can find bellow. First lets try to understand EditPersonalInfo rule, it has two role SiteAdmin or Superuser or User, so all user having these roles can perform EditPersionInfo operation.

Rule Expression can contains I, R, AND, OR, NOT, (, ), ?, *.

• I: It will authorize to identity which is supplied with I
  • expresson="I:Imran" will allow a user with identity Imran
• R: It will authorize to role which is supplied with R
• Rest will be operator you can use at any time
  • expression="((R:Superuser OR R:AccountAdmin) AND (NOT R:SiteAdmin))"

Now this is all about configuring rules. Will see how to apply these rules in our coding.

Just two lines of code to know weather user is authorize to do that action or not.

SQL Challenge - Find second highest salary by department

Hello All,

I am starting this new thread called SQL Challenges, which will have SQL Challenge for beginners. I hope your all like that and participate also.

Jacob Sebastian, had already started posting challenges, I would like you to participate into challenge, may be you can get gift or rewards.

There are some rules and regulation which you have to read before posting any reply, it's very simple not a big deal. So first challenge is out there, to finding out second highest salary by department, please visit this link for more details. You can find scripts to generate data too.

Hope you will have great time to solving and most important thing is learning; you will learn lot not only from question also from the best answer posted for particular challenge.

Core Service - Extensible Output Caching

Output caching is one of the major factor to load your page more faster. up to now ASP.NET allow developer to store generated output of page, control and HTTP request into memory to used further request.

ASP.NET 4.0 provides the mechanism to let developer handle output cache by creating your own custom output-cache provider and manage the persistency of HTML content. For doing this you just need to create class which derives from System.Web.Caching.OutputCacheProvider type and add it to your caching section of web.config. The default provider is AspNetInternalProvider.

 

In addition, you can choose different provider for different pages! There are two way to do this.

First you need to override one new method in Global.asax called GetOutputCacheProviderName which helps you to select output cache provider.

Adding code at request level is like adding more work to do, the easiest way is to select output-cache provider is to set value of attribute providerName which is part of OutputCache page or control directive.

Topic: ASP.NET 4.0 and Visual Studio 2010 Web Development Beta 2 Overview

Core Service – Web.Config file Minification

The configuration file is very important for each web application, each web application will have one master web.config file which contains all the setting that a simple web application needs, on top of it we have machine.config, there always be single machine.config file.

Now typical web.conifg will have lots of section and sub-section which are common for all the application, like AJAX related stuff, IIS integration and many more, what 4.0 does is it moved common setting from web.config to machine.confg, this means now your web.config file in ASP.NET 4.0 either empty or contains following lines.

Topic: ASP.NET 4.0 and Visual Studio 2010 Web Development Beta 2 Overview

Overview of new features in windows 7 - MTD Session

Hello All,

This is my first post on Windows 7, I have attended the event Microsoft Community TechDays on 3rd October 2009 in Ahmedabad having one of the session on cool features of Windows 7, that had been presented by Vinod Kumar Microsoft Evangelist, who is known for his famous SQL site http://extremeexperts.com/. Who basically expert in SQL Server but did wonderful presentation with only one slide and tones of tips and tricks by Demo, I enjoyed the session lots.

I am listing some cool features which I like the most in windows 7 here, this does not mean that features rest feature I don't like but may be I need to explore windows 7 more and more as there are lots of features that been added to windows 7.




[Jacob Sebastian, Imran Bhadelia, Vinod Kumar]

• Jump List
  
  The Jump List feature is designed to provide you with quick access to the documents and tasks associated with your applications. You can think of Jump Lists like little application-specific Start menus. Jump Lists can be found on the application icons that appear on the Taskbar when an application is running or on the Start menu in the recently opened programs section. Jump Lists can also be found on the icons of applications that have been specifically pinned to the Taskbar or the Start menu.
  
  For developer the JumpListManager class provides an abstraction of the application jump list, including facilities to manipulate custom destinations, user tasks, recent/frequent lists and items removed by the user.
  
  
  


• VHD [Virtual Hard Disk]
  
  I like this feature the most, VHDs are widely used as storehouses for hard disk images you intend to deploy out to clients. For example, you can keep different images, for different types of users, in the form of separate VHDs and then just deploy the ones you need to whomever they need to go to. Although VHD is closely intertwined with virtualization, it's also being widely used as a stand-alone tool because Windows 7 adds support for Native VHD, which means you can use it without virtualization in place.
  


• Global Keyboard shortcuts
  
  I love to use keyboard as much as I can, windows 7 have added lots of shortcuts to it, I am listing few here.
  
  Win+Space operates as a keyboard shortcut for Aero Peek.
  Win+Up and Win+Down are new shortcuts for Maximize and Restore/Minimize.
  Win+Shift+Up vertically maximizes the current window
  Win+Left and Win+Right snap the current window to the left or right half of the current display; successive keypresses will move the window to other monitors in a multi-monitor configuration.
  Win+Shift+Left and Win+Shift+Right move the current window to the left or right display.
  Win+ + and Win+ − (minus sign) zoom the desktop in and out.
  Win+Home operates as a keyboard shortcut for Aero Shake.
  Win+P shows an "external display options" selector that gives the user the choice of showing the desktop on only the computer's screen, only the external display, on both at the same time (mirroring), or on both displays with independent desktops (extending).
  


• Direct Access
  
  Traditionally, remote users connect to internal network resources with a Virtual Private Network (VPN). However, using a VPN can be cumbersome for users because it requires several steps, and several seconds (or even minutes), for authentication to occur. Windows 7, together with Windows Server 2008 R2, introduces DirectAccess, a new solution that enables users to have the same experience working remotely as they would working in the office. Taking advantage of technologies such as IPv6 and IPSec, DirectAccess provides remote computers with automatic, seamless access to the internal network across the Internet without connecting to a Virtual Private Network (VPN), while providing secure and flexible network infrastructure for enterprises.
  
  
  


• Taskbar APIs for developer
  
  
  
  The IMClient sample demonstrates how taskbar overlay icons and taskbar progress bars can light up an application’s taskbar button instead of relying on an additional dialog or on an icon in the system notification area (tray).
  


• Aero Shake
  
  Aero Shake allows users to clear up any clutter on their screen by shaking (dragging back and forth) a window of their choice with the mouse. All other windows will minimize, while the window the user shook stays active on the screen. When the window is shaken again, they are all restored, similar to desktop preview.
  


• Problem Steps Recorder
  
  A very handy tool to record steps which produce the problem, this is very useful if you belong to Quality Assurance. It gives you details of every operation that you had done along with image and description, and again it requires very less space as its highly compact. The Problem Steps Recorder creates a .MHT file (a type of HTML document that includes images in a single file) compressed in a zip archive. The IT professional can open the .MHT file, view screenshots and get an exact description of the user’s actions. It helps overcome language barriers, allowing IT professionals to diagnose problems regardless of language differences
  
  
  


• Resource Monitor
  
  Before I was using process monitor, windows 7 have introduced resource monitor, which is way ahead from process monitor, it gives you all the information regarding CPU, Memory, Disk and Network.
  
  
  


• More Advance Calculator
  
  New functionality allows the user to not only calculate in the Standard and Scientific modes, but also in Programmer and Statistics modes. And that’s not all! Ever need conversion formulas for temperature, weight, area, or time? Finding the unit conversion option makes it a snap and takes all the work out of the user’s hands.There are even templates for gas mileage, lease estimations, and mortgage estimations.
  
  
  


• Aero Peek Your Desktop
  
  A lesser-known versatile tool introduced with Windows 7 is the Aero Peek. Just click the rectangle in the lower right hand corner of the task bar for quick access to your desktop. The keyboard shortcut Window Key + Space performs the same function.
  
  
  

Repeater with Paging and Sorting Features

Hi all,

We all know our pages need to be created dynamic, .NET provides some good inbuilt controls which does same thing specifically framework 2.0 included lots of handy controls to build you page quickly

I usually pick the Repeater control, to render simple or complex table, why because its very simple and main reason is its faster and light weighted. There are limitation of Repeater, like it does not have inbuilt functionality for Paging and Sorting.

We can add the functionality of Paging and Sorting by our own, I wrote an article on Extended Repeater, having Sorting and Paging support with very less effort. It uses PagedDataSource I am sure its very new to you! But it’s now new it was there as in framework 1.1!

You can find the article here, I have explained all important code logic and also you can download the sample code there.

Create your own shortcut in SQL Management Studio 2008

Hi All,

Shortcut is good way to increase the speed of development and work. SQL Server Management Studio 2008 have numerous shortcuts.

We are writing various SQL statement, few statements are common like, SELECT * FROM [TABLE_NAME] which we are using very frequent. its always tedious job to write SELECT * FROM statement, can’t we create shortcut for that? Yes we can. Here is the steps to create your own shortcut with screenshot may be it helps you to increase productivity.

Step 1: Find the Keyboard setting [Tools – Options – Keyboard]

Step 2: Pick the available Shortcut [Query Shortcuts]

Here you can see the default query shortcuts. Find the available and create your own.

Lets create one shortcut for SELECT Statement

 

Press OK, you are done with your first shortcut. Before we use the shortcut and it get applies we need to restart IDE so our shortcut will get effected.

After restarting IDE, in Query write the table name, select it and apply your shortcut [Ctrl+f1].

You can see it works like SELECT * FROM EmpMaster. Now let’s apply WHERE clause and see if its works or not?

It’s working perfectly. Use shortcuts be more productive.

Get query string value using JavaScript

Here is the JavaScript function getQuerystring which finds the key form query string and returns the value.

/*
* <summary>
* Get the querystring value
* </summary>
* <param name="key">A string contains the querystring key</param>
* <param name="defaultVal">Object which get returns when there is not key</param>
**/
function getQuerystring(key, defaultVal) {
    if (defaultVal == null) {
        defaultVal = "";
    }
    key = key.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");
    var regex = new RegExp("[\\?&]" + key + "=([^&#]*)");
    var qs = regex.exec(window.location.href);
    if (qs == null) {
        return defaultVal;
    }
    else {
        return qs[1];
    } 
}

Register for PHP Developers Day

Microsoft invites you to this exclusive session on Microsoft InterOp initiatives tailored for open source developers to create cutting-edge business applications.   Title Level Speaker Details 1. Build Mission Critical Applications on the Microsoft Platform using Eclipse 300 Nahas Mohammed, Technology Advisor, Microsoft Microsoft has delivered multiple technologies that focus on interoperability with non-Microsoft and Open Source technologies. Learn how to use Eclipse tools today to build Silverlight applications that run on PCs and Macs, how to work in a cross-platform environment and yet integrate your solution with your designer team. Also get to know about Microsoft's commitment to openness with the Azure Services Platform. 2. jQuery - the write less do more javascript library 300 Deepak Gulati, Lead Architect, Cricinfo.com jQuery has gained tremendous popularity in little over two years. It aims to allow web developers to write clear, concise code that cleanly separates the behavior of a page from its design without having them fret over details of cross-browser Javascript development. With its formal inclusion into Microsoft's Ajax stack, it is bound to become an important tool in an ASP.NET Web Developer's toolbox. We'll begin with a whirlwind tour of some advanced features of Javascript and then move on to using jQuery for: - Efficient DOM traversal and manipulation - Using a unified event handling mechanism across browsers - Increasing visual and functional appeal of your web-pages with special effects and plugins 3. MS SQL Business Intelligence with mySQL 300 Praveen Srivatsa, Director, Asthrasoft Have your data residing on mySQL but want to leverage MS SQL server capabilities to build Business Intelligence solutions? Then this is the right session for you. This session looks at leveraging your existing investments in mySQL and leveraging the Reporting and Analysis Services from MS SQL server to extract data out from your mySQL data store to build meaningful dashboards. It looks at how we can integrate SQL Reporting Services and use SSIS to harvest the data from mySQL. It also looks at how we can replicate or sync data between MS SQL Server and mySQL to be able to share the relevant data across these databases. 4. Trouble Ahead? Know Your Project Warning Signs! How Successful Leaders Recognize and Deal with Project Warning Signs   Sanjay Dugar, instructor, ESI International This session is run by ESI and provides detailed guidance on conducting project health checks, what warning signs to look for, how to find them and finally, when to pull the plug on a project. For more than 25 years, ESI International has helped many of the world's most successful organizations-including Fortune 1000 companies and nearly every major agency of the United States federal government-align strategies, build talent and achieve organizational goals. To date, ESI has helped more than 850,000 technical and specialized professionals around the world improve the way they manage their projects, contracts, requirements and vendor relationships.

Long word breaks the UI

Hi All,

Working with long word into Web application some times break the UI. There always be a question for How to break long words?? As a long word without space kills your user interface.

I found the reason, in general when you system is tested by QA first thing he is going to break if you don’t limit the size and then it try to break UI with adding a loooooong space less word :)

There can be lots of other solutions, like create function which finds the long word and break it out. But I like is Regx, yes the regular expression is very optimum, but you have to learn them which is not like eating piece of cake :)

Following is the Regx which validate the text box and allow user to add 35 character long word although it seems to be not possible :)

<asp:RegularExpressionValidator ID="regNoLongWords" runat="server" ControlToValidate="txtText"
    ErrorMessage="Word is too long" Display="None" 
    ValidationExpression="(?!.*?\S{36,}).*"></asp:RegularExpressionValidator>

Have fun with Regx !!!