Evjen c16.tex V2 - 01/28/2008 2:51pm Page 807 Chapter 16: Membership and Role Management Listing 16-35: Checking for a specific user in a particular role VB < %@ Page Language="VB" % > < script runat="server" > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) GridView1.DataSource = _ Roles.FindUsersInRole("AdminPageRights", TextBox1.Text) GridView1.DataBind() End Sub < /script > < html xmlns="http://www.w3.org/1999/xhtml" > < head runat="server" > < title > Role Manager < /title > < /head > < body > < form id="form1" runat="server" > < asp:TextBox ID="TextBox1" Runat="server" >< /asp:TextBox > < asp:Button ID="Button1" Runat="server" Text="Button" OnClick="Button1_Click" / > < p >< asp:GridView ID="GridView1" Runat="server" > < /asp:GridView >< /p > < /form > < /body > < /html > C# < %@ Page Language="C#" % > < script runat="server" > protected void Button1_Click(object sender, EventArgs e) { GridView1.DataSource = Roles.FindUsersInRole("AdminPageRights", TextBox1.Text.ToString()); GridView1.DataBind(); } < /script > Understanding How Roles Are Cached By default, after you retrieve a user’s roles from the data store underlying the role management service, you can store these roles as a cookie on the client machine. This is done so you do not have to access the data store each and every time the application needs a user’s role status. There is always a bit of risk in working with cookies because the end user can manipulate the cookie and thereby gain access to information or parts of an application that normally would be forbidden to that particular user. 807 Evjen c16.tex V2 - 01/28/2008 2:51pm Page 808 Chapter 16: Membership and Role Management Although roles are cached in a cookie, the default is that they are cached for only 30 minutes at a time. You can deal with this role cookie in several ways — some of which might help to protect your applica- tion better. One protection for your application is to delete this role cookie, using the DeleteCookie() method of the Roles API, when the end user logs on to the site. This is illustrated in Listing 16-36. Listing 16-36: Deleting the end user’s role cookie upon authentication VB If Membership.ValidateUser(TextBox1.Text, TextBox2.Text) Then Roles.DeleteCookie() FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, False) Else Label1.Text = "You are not registered with the site." End If C# if (Membership.ValidateUser(TextBox1.Text.ToString(), TextBox2.Text.ToString()) { Roles.DeleteCookie(); FormsAuthentication.RedirectFromLoginPage(TextBox1.Text.ToString(), false); } else { Label1.Text = "You are not registered with the site."; } Figure 16-25 808 Evjen c16.tex V2 - 01/28/2008 2:51pm Page 809 Chapter 16: Membership and Role Management Using Roles.DeleteCookie() does exactly what you would think — it deletes from the client machine any cookie that is used to define the user’s roles. If the end user is re-logging into the site, no problem should arise with re-authenticating his exact roles within the application. There is no need to rely on the contents of the cookie. This step provides a little more protection for your site. Using the Web Site Administration Tool Many of the actions shown in this chapter can also be performed through the Web Site Administration Tool shown in Figure 16-25. You can get at the ASP.NET Web Site Administration Tool by selecting Website ➪ ASP.NET Configuration from the Visual Studio 2008 menu. Although you can easily use this tool to perform all the actions for you, often you perform these actions through your own applications as well. It is important to know all the possibilities when programming an ASP.NET application. The Web Site Administration Tool is detailed in Chapter 34. Public Methods of the Membership API The public methods of the Membership API are detailed in the following table. You would use this API when working with the authentication process of your application. Membership Methods Description CreateUser Adds a new user to the appointed data store. DeleteUser Deletes a specified user from the data store. FindUsers- ByEmail Returns a collection of users who have an e-mail address to match the one provided. FindUsersByName Returns a collection of users who have a username to match the one provided. Generate- Password Generates a random password of a length that you specify. GetAllUsers Returns a collection of all the users contained in the data store. GetNumberOf- UsersOnline Returns an Integer that specifies the number of users who have logged in to the application. The time window during which users are counted is specified in the machine.config or the web.config files. GetUser Returns information about a particular user from the data store. GetUserName- ByEmail Retrieves a username of a specific record from the data store based on an e-mail address search. UpdateUser Updates a particular user’s information in the data store. ValidateUser Returns a Boolean value indicating whether a specified set of credentials is valid. 809 Evjen c16.tex V2 - 01/28/2008 2:51pm Page 810 Chapter 16: Membership and Role Management Public Methods of the Roles API The public methods of the Roles API are detailed in the following table. You would use this API when working with the authorization process of your application. Roles Methods Description AddUsersToRole Adds a collection of users to a specific role. AddUsersToRoles Adds a collection of users to a collection of roles. AddUserToRole Addsaspecificusertoaspecificrole. AddUserToRoles Adds a specific user to a collection of roles. CreateRole Adds a new role to the appointed data store. DeleteCookie Deletes the cookie on the client used to store the roles to which the user belongs. DeleteRole Deletes a specific role in the data store. Using the proper parameters for this method, you can also control if roles are deleted or kept intact whether or not that particular role contains users. FindUsersInRole Returns a collection of users who have a username to match the one provided. GetAllRoles Returns a collection of all the roles stored in the data store. GetRolesForUser Returns a collection of roles for a specific user. IsUserInRole Returns a Boolean value that specifies whether a user is contained in a particular role. RemoveUserFromRole Removes a specific user from a specific role. RemoveUserFromRoles Removes a specific user from a collection of roles. RemoveUsersFromRole Removes a collection of users from a specific role. RemoveUsersFromRoles Removes a collection of users from a collection of roles. RoleExists Returns a Boolean value indicating whether a role exists in the data store. Summary This chapter covered two outstanding features available to ASP.NET 3.5. The membership and role management services that are now a part of ASP.NET make managing users and their roles almost trivial. This chapter reviewed both the Membership and Roles APIs and the controls that also utilize these APIs. These controls and APIs follow the same data provider models as the rest of ASP.NET. The examples were presented using Microsoft SQL Server Express Edition for the back-end storage, but you can easily configure these systems to work with another type of data store. 810 Evjen c17.tex V2 - 01/28/2008 2:58pm Page 811 Portal Frameworks and Web Parts Internet and intranet applications have changed considerably since their introduction in the 1990s. Today’s applications do not simply display the same canned information to every viewer; they do much more. Because of the wealth of information being exposed to end users, Internet and intranet applications must integrate large amounts of customization and personalization into their offerings. Web sites that provide a plethora of offerings give end users the option to choose which parts of the site they want to view and which parts they want to hide. Ideally, end users can personalize the pages, deciding for themselves the order in which the content appears on the page. They should be able to move items around on the page as if it were a design surface. In this situation, after pages are customized and established, end users need the capability to export their final page settings for storage. You certainly would not want an end user who has highly customized a page or a series of pages in your portal to be forced to reapply the settings each time he visits the site. Instead, you want to retain these setting points by moving them to a data store for later exposure. Adding this kind of functionality is expensive — expensive in the sense that it can take a considerable amount of work on the part of the developer. Until ASP.NET 2.0, the developer had to build a personalization framework to be used by each page requiring the functionality. This type of work is error prone and difficult to achieve, which is why in most cases it was not done. But wait Introducing Web Parts To make it easier to retain the page customization settings that your end users apply to your page, Microsoft includes Web Parts as part of ASP.NET. Web Parts, part of the larger Portal Framework, provide an outstanding way to build a modular Web site that can be customized with dynamically Evjen c17.tex V2 - 01/28/2008 2:58pm Page 812 Chapter 17: Portal Frameworks and Web Parts reapplied settings on a per-user basis. Web Parts are objects in the Portal Framework which the end user can open, close, minimize, maximize, or move from one part of the page to another. The Portal Framework enables you to build pages that contain multiple Web Parts — which are part of the ASP.NET server control framework and are used like any other ASP.NET server controls. This means that you can also extend Web Parts if necessary. The components of the Portal Framework provide the means to build a truly dynamic Web site, whether that site is a traditional Internet site, an intranet site, a browser-based application, or any other typical portal. When you first look at Web Parts in ASP.NET 3.5, it may remind you of Microsoft’s SharePoint offering. Be forewarned, however, that these two technologies are not the same. Web Parts and the resulting Portal Framework, besides being offered in ASP.NET, are also used by the Windows SharePoint Services (WSS). Microsoft, as it often does, is simply creating singular technologies that can be used by other Microsoft offerings. In this process, Microsoft is trying to reach the Holy Grail of computing — code reuse! The modular and customizable sites that you can build with the Portal Framework enable you to place the Web page in view into several possible modes for the end user. The following list describes each of these available modes and what each means to the end user viewing the page: ❑ Normal Mode: Puts the page in a normal state, which means that the end user cannot edit or move sections of the page. This is the mode used for standard page viewing. ❑ Edit Mode: Enables end users to select particular sections on the page for editing. The selected section allows all types of editing capabilities from changing the part’s title, the part’s color, or even setting custom properties — such as allowing the end user to specify his zip code to pull up a customized weather report. ❑ Design Mode: Enables end users to rearrange the order of the page’s modular components. The end user can bring items higher or lower within a zone, delete items from a zone, or move items from one page zone to another. ❑ Catalog Mode: Displays a list of available sections (Web Parts) that can be placed in the page. Catalog mode also allows the end user to select in which zone on the page the items should appear. Figure 17-1 shows a screenshot of a sample portal utilizing the Portal Framework with the Edit mode enabled. The Portal Framework is a comprehensive and well-thought-out framework that enables you to incor- porate everything you would normally include in your ASP.NET applications. You can apply security using either Windows Authentication or Forms Authentication just as you can with a standard ASP.NET page. This framework also enables you to leverage the other aspects of ASP.NET 3.5, such as applying role management, personalization, and membership features to any portal that you build. To help you understand how to build your own application on top of the Portal Framework, this chapter begins with the creation of a simple page that makes use of this new framework’s utilities. 812 Evjen c17.tex V2 - 01/28/2008 2:58pm Page 813 Chapter 17: Portal Frameworks and Web Parts Figure 17-1 Building Dynamic and Modular Web Sites As you begin using the Portal Framework to build Web sites, note that the framework defines every- thing in zones. There are zones for laying out as well as for editing content. The zones that a page might incorporate are managed by a Portal Framework manager. The Portal framework manager performs the management on your behalf, meaning that you do not have to manage them yourself in any fashion. This makes working with the Portal Framework a breeze. This framework contains a lot of moving parts and these multiple pieces that are heavily dependent upon each other. For this reason, this section starts at the beginning by examining the Portal Framework manager control: WebPartManager. Introducing the WebPartManager Control The WebPartManager control is an ASP.NET server control that completely manages the state of the zones and the content placed in these zones on a per-user basis. This control, which has no visual aspect, 813 Evjen c17.tex V2 - 01/28/2008 2:58pm Page 814 Chapter 17: Portal Frameworks and Web Parts can add and delete items contained within each zone of the page. The WebPartManager control can also manage the communications sometimes required between different elements contained in the zones. For example, you can pass a specific name/value pair from one item to another item within the same zone, or between items contained in entirely separate zones. The WebPartManager control provides the capabilities to make this communication happen. The WebPartManager control must be in place on every page in your application that works with the Portal Framework. A single WebPartManager control does not manage an entire application; instead, it manages on a per-page basis. You can also place a WebPartManager server control on the master page (if you are using one) to avoid having to place one on each and every content page. Listing 17-1 shows a WebPartManager control added to an ASP.NET page. Listing 17-1: Adding a WebPartManager control to an ASP.NET page < %@ Page Language="VB" % > < html xmlns="http://www.w3.org/1999/xhtml" > < head runat="server" > < title > Web Parts Example < /title > < /head > < body > < form id="form1" runat="server" > < asp:WebPartManager ID="Webpartmanager1" runat="server" > < /asp:WebPartManager > < /form > < /body > < /html > If you want to work from the design surface of Visual Studio 2008, you can drag and drop the WebPart- Manager control from the Toolbox to the design surface — but remember, it does not have a visual aspect and appears only as a gray box. You can find the WebPartManager control (and the other server controls that are part of the Portal Framework) in the WebParts section of the Toolbox, as shown in Figure 17-2. Working with Zone Layouts After you place the WebPartManager control on the page, the next step is to create zones from which you can utilize the Portal Framework. You should give this step some thought because it contributes directly to the usability of the page you are creating. Web pages are constructed in a linear fashion — either horizontally or vertically. Web pages are managed in square boxes — usually using tables that organize the columns and rows in which items appear on the page. Web zones define specific rows or columns as individual content areas managed by the WebPartManager. For an example of a Web page that uses these zones, create a table similar to the one shown in Figure 17-3. The black sections in Figure 17-3 will represent Web zones. The code used to produce the table with some basic controls in each of the zones is shown in Listing 17-2. 814 Evjen c17.tex V2 - 01/28/2008 2:58pm Page 815 Chapter 17: Portal Frameworks and Web Parts Figure 17-2 Listing 17-2: Creating multiple Web zones < %@ Page Language="VB"% > < %@ Register Src="DailyLinks.ascx" TagName="DailyLinks" TagPrefix="uc1" % > < html xmlns="http://www.w3.org/1999/xhtml" > < head runat="server" > < title > Web Parts Example < /title > < /head > < body > < form id="form1" runat="server" > < asp:WebPartManager ID="Webpartmanager1" runat="server" > Continued 815 Evjen c17.tex V2 - 01/28/2008 2:58pm Page 816 Chapter 17: Portal Frameworks and Web Parts < /asp:WebPartManager > < table cellpadding="5" border="1" > < tr > < td colspan="3" > < h1 > Bill Evjen’s Web Page < /h1 > < asp:WebPartZone ID="WebPartZone1" runat="server" LayoutOrientation="Horizontal" > < ZoneTemplate > < asp:Label ID="Label1" runat="server" Text="Label" Title="Welcome to my web page!" > Welcome to the page! < /asp:Label > < /ZoneTemplate > < /asp:WebPartZone > < /td > < /tr > < tr valign="top" > < td > < asp:WebPartZone ID="WebPartZone2" runat="server" > < ZoneTemplate > < asp:Image ID="Image1" runat="server" ImageUrl="~/Images/Tuija.jpg" Width="150px" Title="Tuija at the Museum" > < /asp:Image > < uc1:DailyLinks ID="DailyLinks1" runat="server" Title="Daily Links" > < /uc1:DailyLinks > < /ZoneTemplate > < /asp:WebPartZone > < /td > < td > < asp:WebPartZone ID="WebPartZone3" runat="server" > < ZoneTemplate > < asp:Calendar ID="Calendar1" runat="server" Title="Calendar" > < /asp:Calendar > < /ZoneTemplate > < /asp:WebPartZone > < /td > < td >< ! Blank for now > < /td > < /tr > < /table > < /form > < /body > < /html > This page now has sections like the ones shown in Figure 17-3: a header section that runs horizontally and three vertical sections underneath the header. Running this page provides the result shown in Figure 17-4. First, this page includes the < asp:WebPartManager > control that manages the items contained in the three zones on this page. Within the table, the < asp:WebPartZone > server control specifies three Web zones. You can declare each Web zone in one of two ways. You can use the < asp:WebPartZone > element 816 . traditional Internet site, an intranet site, a browser-based application, or any other typical portal. When you first look at Web Parts in ASP. NET 3. 5, it may remind you of Microsoft’s SharePoint offering. Be. store. 810 Evjen c17.tex V2 - 01/28/2008 2 :58 pm Page 811 Portal Frameworks and Web Parts Internet and intranet applications have changed considerably since their introduction in the 1990s. Today’s applications. same. Web Parts and the resulting Portal Framework, besides being offered in ASP. NET, are also used by the Windows SharePoint Services (WSS). Microsoft, as it often does, is simply creating singular