writerus drivelus - October 2004 Entries

Posts: 295
Comments: 27
Trackbacks: 206

October 2004 Entries

ASP.NET 2.0 Profile Data Source Control

When building web sites in ASP.NET 2.0 that use the membership features you're inevitably going to use the Profile to store some custom properties (you know the stuff; Address, email, Theme, etc). You're probably also going to have an 'update your settings' type page to allow users to edit their profile properties, so you code a page with a bunch of TextBox controls, setting their values from the Profile, then a button to update the profile from the entered data. It's just a bit tedious, especially if these controls are within a template, where you end up doing a ton of FindControl. Ugh.

So in an attempt to make the code easier I've created a ProfileDataSource control, which simply iterates through the custom Profile properties and exposes them as a data source. This allows you to use a DetailsView (or FormView) to provide the display/edit features.

The data source is pretty simple, and hasn't had much in the way of testing, but works fine. If you intend to use it I suggest a thorough test. There are things it does and doesn't do. It does take into account read only properties, so won't update those. It doesn't however, take into account the different between anonymous/authenticated properties. For example, you can bind to all properties and update them while an anonyous user even if those properties are not marked as allowAnonymous. The framework stops the property being updated, but the datasource doesn't. I decided not to impose that as a restriction.

You can get the code from here. There's a test page, along with a couple of ProfileDataSource controls. One is application specific and has the profile properties explicity defined, while the other is generic. I've included both just to show you how it can be done. Just place the .vb files in the Code directory, and register the namespace/tagprefix on the page, and use it like any other data source control.

posted @ Friday, October 29, 2004 4:34 PM | Feedback (4)

Po'Girl: Saw Po' Girl again the other day. Wonderful, truly wonderful. Well worth it if you get a chance.; posted @ Friday, October 29, 2004 11:13 AM | Feedback (0)

John Peel Dies: A sad day indeed. For those across the pond John Peel was a bastion of British radio. One of the few people who didn't toe the playlist line, and championed unknown acts and world music. The world is a sadder place without him.; posted @ Tuesday, October 26, 2004 3:15 PM | Feedback (1)

ASP.NET 2.0 Navigation and Security Trimming

Since I posteded a reference to a forum post I've done more investigating, and feel this is worth mentioning. The ASP.NET 2.0 site map framework uses, by default, and XML file to define the menu structure, as a set of XML nodes. Each of these can have a 'roles' attribute, allowing a command delimited list of roles, to which that menu item applies; that is, the menu item shouldn't be shown to people not in any of the roles.

I myself fell into the trap of thinking this doesn't work, and confusion comes from two areas. First you have to explicitly enable the provider to allow this to work, by setting the securityTrimmingEnabled attribute to true (this means either modifying machine.config, or adding a new provider to web.config; you can simply copy the provider from machine.config and rename it, adding the new attribute in the process). Secondly you need to understand that what defines whether the node is shown is a combination of the roles that the user is in and the authorization as configured in web.config. Actually there's a third part, which is file permissions, but for most people that's not relevant. The default site map provider examines the users' role, checks the <authorization> section of the configuration and checks the file permissions before deciding if the menu item should be shown.

So, enabling security trimming and settings the roles in the site map nodes isn't all you have to do. By default the authorization is allow all (allow users="*"), so irrespective of your role you'll see menu items. This means you need to explicitly deny access to resources, and then allow them per role. For example, consider a fairly standard situation, where files at the top level are allowed for all users, but files under the admin directory are not (an in fact are restricted by the role). You want a single menu, so items for administration should only be shown to authorised users. The site map file could be:

<siteMap>
  <siteMapNode title="Home" url="Default.aspx">
    <siteMapNode title="Some Page" url="SomePage.aspx" />
    <siteMapNode title="Admin" url="Admin/Admin.aspx" 
          roles="Administrator,PowerUser">
      <siteMapNode title="Site Admin" url="SiteAdmin.aspx"
            roles="Administrator" />
      <siteMapNode title="User Admin" url="Admin/UserAdmin.aspx" 
            roles="PowerUser" />
    </siteMapNode>
  </siteMapNode>
</siteMap>

Here the Admin menu only appears for users in the Administrator or PowerUser roles, and menu items are further restricted. Apart from setting the authentication mode and adding the securityTrimmingEnabled attribute to the provider, nothing needs adding to the root web.config. You do however, need a web.config in the Admin directory, which would contain:

<configuration>
  <system.web>
    <authorization>
      <deny users="*" />
    </authorization>
  </system.web>
  <location path="SiteAdmin.aspx">
    <system.web>
      <authorization>
       <allow roles="Administrator" />
    </authorization
    </system.web>
  </location>
  <location path="UserAdmin.aspx" >
    <system.web>
      <authorization>
        <allow roles="PowerUser" />
      </authorization>
    </system.web>
  </location>
<configuration>

Here all users are denied access to all files, but then individual files lift the restriction based upon the role. People in the Administrator role will only see the SiteAdmin item, while Power Users will only see UserAdmin. It's the combination of this config file and the site map nodes that ensure that the menu item gets shown; a combination which is extremely powerful and provides a simple way to restrict file and menu access.

posted @ Saturday, October 16, 2004 11:29 AM | Feedback (-116)

ASP.NET 2.0 Menus, Roles and SecurityTrimming

The SiteMap architecture of ASP.NET 2.0 allows roles to be defined for each menu item, thus restricting their view to only users who are in that role. This requires the securityTrimming attribute to be added to the siteMapProvider, but I'd never been able to get this to work, and assumed it was a just a simple bug in the beta.

I now learn that it's not a bug, and the solution is pretty simple. Danny Chen explains it in this forum post. Simple really.

posted @ Friday, October 15, 2004 9:36 AM | Feedback (0)

Finally, someone gets a clue

I listen to music all of the time, especially on planes and trains. I few years ago I bought into the minidisc market, knowing full well I'd eventally move to some form of MP3 player - at the time the memory/microdrives were just too expensive.

My current player is a Frontier Labs NexII, which I bought for two reasons. First it uses Compact Flash cards (or microdrives), so is easily upgradeable; I stick to CF cards as they are pretty cheap and don't suck the battery like a, err, big sucky thing from planet suck. Secondly it uses 2 AA batteries, which give a good 15 hours and mean I can easily replace them if they do die in transit.

One day I'll buy a hard disc based player. There's a big battle among these regarding battery life, but none of the manufacturers have realised battery life isn't the real killer people say it is. The real issue is non-removable batteries. I don't care if a battery lasts 15 hours; if it dies while I'm half way across the atlantic I'm stuffed. Finally Creative have realised this is an issue and their new player has a removable battery. I can now get a player and two batteries, giving me peace of mind. In fact their opening offer gives a spare battery. All I have to do now is persuade myself I can afford it (which actually I can't).

posted @ Wednesday, October 13, 2004 1:06 PM | Feedback (-167)

Road Trip: This is pretty cool.; posted @ Monday, October 11, 2004 5:03 PM | Feedback (0)

The darling of british folk

It's not hard to understand why Kate Rusby is described as the darling of British folk music. She is simply wonderful. I may be slightly biased as, in my eyes, she can do no wrong, but that doesn't mean she's not fantastic. Last night it Birmingham she dazzled my socks off. From the opening "ello" in her broad Barnsley accent to the closing number was simply glorious.

What I wasn't expecting were the funny stories explaining the songs, where she tends to go off on a tangent digging herself into a hole of obscure people and situations. The 7 year fish, with too many fins and stuff. Bizarre. Having just read the Neil Gaiman Sandman series she sometimes reminded me of Delerium. And then while retuning her guitar and the band start - one from John McCusker:

A man walks into a doctors. "Doctor I think I'm a moth". "Ah", says the doctor, "you want the psychiatric office down the hall". "Yes I know", says the man, "but I was walking past and your light was on".

And then it get's stranger, with the accordian player telling us recipes. A nice variant on Potatoe Daupinois, which I must try.

But, despite the fun and strangeness, was that voice. It sends shivers down my spine, it really does. My entertainment tonight is to watch the DVD of her Leeds concert, and I'm listening to her CDs at the moment. I do this after gigs; go through their entire catalogue again.

posted @ Saturday, October 09, 2004 11:57 AM | Feedback (4)

Article Categories

.net

Archives

Post Categories

Image Galleries

blogroll