We want this field here and this field there.
Cos Callis: Custom User Objects in ASP.NET A lot of developers create their own object and store it in Session. Such as Email address, etc. Since this is typically tied to the CurrentUser, you might as well have the additional properties you need there.
Page.User is based off IPrinicipal and all you need to do to add to it is create you own class that implements the IPrinicipal interface. IPrincipal is the important part. Attaching it to the LoggedOnUser make it so that only the current user can see their data. This data is stored in HttpContext instead of Session, making it even more secure.
(* Note: the following is Pseudo Code:)
Turn on forms authentication in web.config
You build your User Object inside Global.asax
sub Application_AuthenticationRequest
try
if not request.cookies(Formsauthenticaion.FormCookieName) is nothing then
context.user = new ccuser()
else
context.user = new ccanonymoususer
end if
catch ex as exception
context.user = new ccanonymouser
end try
end sub
Login btn click .
httpcontext.current.user = new ccuser(textbox1.text, textbox2.text)
formsauthention.redirectfromloginpage(textbox1.text, true)
end sub
public class CCUser
inherits System.Data.DatasSet
implements System.Security.Prinicipal.IIdentity, System.Security.Prinicipal.IPrincipal
public readonly property identity() as identity implements..
get
return me
end get
end property
_email
_firstname
_lastname
_roles
_menuOptions
_CSS
_webparts datatable
(data repeater to display the webparts)
Page.CSS = User.CSS
Me.StyleSheetTheme = User.CSS
3 constructors
blank new ()
public sub new(byval email as string, byval password as string)
validateuser(email, password)
loadcooke(email, password)
end sub
public sub new(byval Cookie as HttpCookie)
dim exttickit formsauthen.decrypt(tkt)
validateuser(ctkt.Name, ctkt.UserData)
HttpContect.Current.User = new System.Security.Principal.GenericPrincipal(id, MyRoles)
end sub
pub sub validateduser(byval email as string, password as string)
'It doesn't matter type of authentication type you use,
'you can use mixed, try ActiveDirectory first, and if it fails,
'then do your custom db user login.
'IsInternal T/F whether they're in AD.
end sub
public sub LoadCookie(email as string, pwd as string
Dim tkt as New FormsAuthenticationTicket(1, "CodeCampUser", Now, Now.AddHours(1)), True, "Hello Wichita",
dim exttickit formsauthen.encrypt(tkt)
httpcontext.current.response.appendcooke(n httpcookie(forma.formcookiename, ... )
end sub
then login sql stored proc:
select * from menus where userid=##
select * from users where userid=##
public Class InvalidLogonException
inherits System.Exception
end class
public Class CCAnonymousUser
inherits CCUser
public overrides ReadOnly Property IsAuthenticated() As Boolean
get
return false
end get
end property
public overrides readonyl property name() as string
get
return ""
end get
end property
function isinrole
end class
public overrides reado
end sub
class ccbasepage
inherits System.Web.UI.Page
public shadows Property User as CCUser
Get
return directcast(mybase.user, ccuser)
'ctype tries to valid first
'what is full explanation why directcast is better
End Get
end property
Great Job! On why it's needed, how useful it is, and why it's best to inherit and implement from the Current.User 'only argument people have voiced: it creates too much bloat, but you're going to do it somewhere (session, application, etc) - why not here - the most logical choice.
Raymond Lewallen - Continuous Integration
www.codebetter.com/blogs/raymond.lewallen/downloads/ci.zip
Continuous information - if you only talked to your customer once a month your project would be in trouble. So why do you wait until deployment to really audit your code?
FxCop - All methods should be Pascal case. )
Only thing that doesn't work with 2.0 is nCover report - it runs but produces empty xml report.
Yours Truly - Introduction to Programming Windows Communication Foundation (WCF)
The presentation went well, it was obvious that everyone understood how easy it is to create services, as well as, how much easier WCF makes it.
I had one question by the most inquisitive of the group:
Can Services or Clients be used to attach as an "EventHandler" to a Service?
After much thought, I realized, the solution to the architecture that he is really looking for would involve a multiple service situation. Trying to use a Client as an EventHandler would logically be the opposite message communication that is typical from Client to Service, so in my opinion, the real solution to what he was asking, would be for the Client to have a Service of it's own (and/or the "EventHandler" Service would be running somewhere), and the Service that is needing to communicate the event would then send it to this Service for any additional handling.
I had one comment afterwards in summation was: "it's hard to get excited about WCF, because Services have been around for several years, and it's so easy to create a service, but I've never done it and I don't see the need in my environment".
After spending a little bit of time thinking about it, the first thing that comes to mind is how developers are always more confused by the things that are simple. As developers, we are so inbreed to think everything is complex. So, when we encounter something that is simple, it really baffles us and we keep thinking there must be something more that I'm missing.
Well, as services go, it is really simple. WCF only makes it even more simplified, which is good. As far as not needing services in any environment, I can see that thinking today, but really the ability to make your business functionality and processes available easily to multiple applications in-house and to your external clients and business partners, it's only a matter of time. Why not be prepared, since it is so easy?
Web Application Security
This was a introductory presentation on all the various aspects security.
All various methods in IIS that are security related: SSL, etc.
Self Certificate Generator w/IIS 6 Resource Kit
SQL 2005 - Native Encryption - 127bits
US.gov & credit card industries, etc. must be encrypted at least 128 bits.
iis vs dba's vs developers (security needs to be implemented by all) sql injection attacks
sql server security versus windows authentication versus local db security.
aspnet_regsql to install ASP.NET 2.0 user management
'' or '=' and '' or '=' in password
select * from login where user='' or '=' and password='' or '='
select * from login where user='' or 1=1 and password='' or 1=1
select * from login where user='' or delete * from % and password='' or = '='
select * from login where user='' or delete * from % and password='' or = 1=1
use stored procs.
**Summary**
The thing that stood out the most is that even though a lot of the topics were things we already new, we all still walked away surprisingly learning more than we had ever expected.
Great Job WichitaDevelopers.NET
.NETGeneralPersonalMy first real presentation: Intro. to Programming Windows Communication Foundation (WCF) ... and challenges!http://aspadvice.com/blogs/davidwalker/archive/2006/06/01/18285.aspxFri, 02 Jun 2006 03:40:00 GMTe709ad4c-0c15-48eb-915e-c462c6e85445:18285dwalker2http://aspadvice.com/blogs/davidwalker/comments/18285.aspxhttp://aspadvice.com/blogs/davidwalker/commentrss.aspx?PostID=18285Just a few more days until my June 3rd presentation Introduction to Programming Windows Communication Foundation (WCF) at the WichitaDevelopers.NET Code Camp!
I am ready to go, except WCF is being a pain in the butt trying to get a few things to work for my code demo pieces right now. So I am in the middle of rebuilding my Virtual PC from scratch again, hoping installing the components in the exact recommended order will help. If not, I'll be trying an older CTP release of the tools.
Thanks to Ami Vora for her presentations and hard work on the WindowsCommunication.net site and the slides!
As well as Paul Fallon for the excellent advise on what to focus on when presenting WCF and all the other great advise and tips!
Finally, Code-Magazine.com for publishing Juval Lowy's article "WCF Essentials - A Developer's Primer". I had been trying to decide for quite some time what I wanted to be able to present on and this article brought WCF back to my attention and a light bulb went off that I have yet to see or hear of any one giving a presentation on WCF in my neck of the woods.
I've seen presentations on the other components of WinFX. Paul Ballard gave a great presention on Windows Workflow Foundation back in Oct 2005 for the Tulsa .NET Users Group and Markus Egger gave an excellent presentation on Windows Presentation Foundation in Feb 2006 at the Little Rock Tech Expo.
Since it's something I have some familiarity with, having had past web services and windows services with remoting projects, I realized this would be the most logical topic! I could help spread the word and hopefully share my excitement for this awesome new Framework Feature. I'll post more specifics about WCF and my presentation later.
