Developing a complete application with ASP.NET 2.0 - Part 3
This article examines:
This article uses the following technologies:
· ASP.NET 2.0 novelties;
· Online budget request.
.NET Framework 2.0, ASP.NET 2.0, Visual Studio .NET 2005, Visual Web Developer.
Continuing the ASP.NET mini-course, we will present the security and budget request section. It is important to be alert to the process, step by step, so that you may execute the Mini-course and make the most out of that which will be presented.
Through the ASP.NET Configuration Site, we may manipulate all the security of the application. Open the ASP.NET Configuration Site through the Solution Explorer clicking over the icon according to Figure 1.
Figure 1. ASP.NET Configuration Site
Click on the Security tab, where the first necessary configuration is the authentication, which we may manipulate in one of two ways:
· Internet (Forms): the authentication is based in a login form and the authentication is “hand made” by the developer;
· Intranet (Windows): the authentication is based in the net login, that is, it does not require any authentication work. It is mostly used in corporative applications.
It is worth remembering that many security configurations will use a special DB, automatically created by the ASP.NET, the aspnetdb.
Click in Select Authentication Type located in Users. Modify the configuration to From the Internet, because we will work with the Forms type, and click Done. With this, we already have all the authentication part ready, exactly: ready!
Return to the Visual Studio (without closing the configuration site) and enter in the Master Page. Below the SiteMap, add a LoginView, located in the Login category of the ToolBox. This control has as its objective to create Multiviews in accordance with the status of the user (Logged or Anonymous).
The default visualization is the anonymous one, so drag a Login control over the LoginView; format as you like and modify the Orientation property to Horizontal. Select the SmartTag of the LoginView and modify the view to LoggedInTemplate. Type a text, for example: “Hello” and drag beside, the LoginName control. Just below, add the text: “Click here to exit” and drag beside the LoginStatus control. There, we have the login and user reception screen.
Add to the project a new page called “NewUser.aspx”. In the Content of the page, drag the CreateUserWizard control, still in the Login category of the ToolBox. The only property that we are going to change is ContinueDestinationPageUrl into “~/MenuMain.aspx”; since, with this, once finished registering, the user is redirected to the main page. Again, in the Master Page, add in the LoginView of anonymous visualization (modify the control view to AnonymousTemplate) a Hyperlink located in the Standard category of the ToolBox and modify the Text property to “New User” and NavigateURL to “~/NewUser.aspx”.
Finally, we can simulate something. In the Solution Explorer, right click over MenuMain.aspx and View in Browser. Perform the registering procedure by clicking over the New User link (Figure 2).
Figure 2. User record
Click over Create User, then the record is finished. Click over Continue, with this the redirecting to the main menu is done and we have the result according to Figure 3.
Observation: By default, the ASP.NET uses a security policy for the passwords, which must be larger than seven digits and require a special character (*, &, % etc.).
Figure 3. Logged user
Also perform tests through the site login. There are other prompt templates which we may us, such as:
· PasswordRecovery: to remember the user’s password through e-mail forwarding;
· ChangePassword: to modify the user’s password.
Working with groups of users
We can also work with groups of users, facilitating the management of authorizations in the site. Return to the configuration site and click over Enable roles. With this we can create groups clicking over Create or Manage roles.
Create a group called “Admin” (type the name and click over Add Role) and click over Back. The objective is to create a rule where only users of this group may register categories and products.
Again, in the configuration site, click over Create access rules. Select the Manage directory; in Role, check the Admin option and, in Permission, check Allow (Figure 4).
Figure 4. Configuring the accesses
Thus, we are giving access right to the Admin group members. Finish by clicking over OK. Now, click over Manage Access Rules, being displayed the current configuration. We are allowing all users besides the Admin group users. Click over Add new access rules, select All Users and Deny and click over OK (acknowledge that the selected directory is Manage). Now, yes, the records folder is secure. Select the Budget directory, click over Add new access rules, check the Anonymous users option, Deny and click over OK. With this, only logged users access this folder.
To add a user to a group, in the main screen of Security in the configuration site, access the Manage Users. In the listing of users, click over Edit Roles and select the desired group from each user. When we enter in a menu without authorization, it is redirected to a login.aspx page, this is the default configuration. To modify, open the web.config file and modify the tag <authentication mode="Forms"/> according to the following code:
Finally, we have our site’s security complete, a lot easier than before the ASP.NET 2.0.
As we have mentioned in the previous parts, the system user may generate budgets of the products he provides to the customer. In order to do so, he will select the data of the budget and the items which were requested by the customer.
Right click over the Budget folder, select the Add New Item option and choose the Web Form template. Inform “Budget.aspx” in the Name field, select the Select master page option and click over Add. In the following screen, the system will require the Master Page for the page; select the Master.master file and confirm with OK.
After the selection of the Master Page, the page is opened to initiate the construction of the Budget. This screen will have a set of controls (which will inform the data of the Budget) and a GridView containing the products available for sale, allowing the selection of the items in a CheckBox.
Then select, in the ToolBox, three TextBox, three Labels, one button and format as shows Figure 5.
Figure 5. Including the fields for the record of the Budget
Besides the already added controls, it will still be necessary to select the products which will be part of the budget. In order to do this, the user will make the selection from a GridView, using a CheckBox present in one of the columns.
Then, drag the GridView; create a connection with the database, similar to that which we have already done in the other examples, but choose the Specify a custom SQL statement or stored procedure option (Figure 6).
Figure 6. Selecting a personalized SQL statement or Stored Procedure
In this screen, you will be able to inform a personalized SQL statement or even inform an existing Stored Procedure. In this example, we will use the code in Listing 1 (in the Select tab).
Listing 1. Code to return the product, value and its description
Category.Description AS Category,
Product.Description AS Description,
INNER JOIN Category ON
Product.CategoryID = Category.CategoryID.
With this, we will have the listing of the products displaying the description of the category of each product. The other guides could be used for each operation of your data source, placing in each Guide (Select, Insert, Update and Delete) the corresponding SQL.
Apart from the columns which will be created automatically by the control, we will need to include the CheckBox column for selection of the products with the purpose of finish the budget. In order to do this, we need to include a column of the TemplateField type. Click over the Smart Tag of the GridView and choose the Add New Column option.
Select TemplateField in Choose a field type; inform “Selected” in Header Text and click OK. Now, that the column is already created, it is necessary to add the CheckBox. To do this, click again on the Smart Tag and select the Edit Template option.
This functionality demonstrates the several sections of a TemplateField column. Drag a CheckBox into this section (ItemTemplate), configure the ID property as “chkSelected” so that, later, we may recover the selected values. See in Figure 7, what the Template must be. After this step, right click in the section and choose the End Template Editing option.
Figure 7. Configuring the CheckBox for the selection of the products
We already have almost everything prepared, all that is still missing is of codify so that the selected CheckBox's are recovered. We will do this in the Click event of the Add Budget button, which will also send an e-mail to the system administrator in order to evaluate the budget and return to the customer.
The class that sends e-mails in the .NET Framework 2.0 is the System.Net.Mail and we will work with that same one to send e-mail, through the application. To do this, double-click the Add Budget button and codify as shows Listing 2.
Listing 2. Checking the selected products and sending e-mail
//importar o namespace
body = "Selected Products: \n";
foreach (GridViewRow item in GridView1.Rows)
chk = (CheckBox)item.Cells.FindControl(
idProduto = Convert.ToInt32(item.Cells.Text);
body += "Code: " + idProduto.ToString() + "\n";
body += "Description: " +
item.Cells.Text + "\n";
body += "Price: R$ " + Convert.ToDouble(
item.Cells.Text) + "\n\n\n";
MailAddress mailFrom = new MailAddress(
"email@example.com", "ASP.NET 2.0 Web Site");
MailAddress mailTo = new MailAddress(
MailMessage email = new MailMessage(mailFrom, mailTo);
email.Subject = "Budget OnLine";
email.Body = body;
SmtpClient smtp = new SmtpClient();
smtp.Host = "mail.seu_host_de_email.com.br";
smtp.Port = 25;
After having codified, run the application and see the result (Figure 8).
Figure 8. Application running, selecting the products in the GridView
As you it could notice, the development with ASP.NET 2.0 in the Visual Studio 2005 or Visual Web Developer Express Edition is very simple and simplified. Understand the concepts, apply the techniques correctly and you will have an efficient application of simple maintenance.
Do not forget to study all the other features of the ASP.NET which are presented in the official site in asp.net. We hope that you have benefited the most out of all the content presented in these three editions, completing with this, the ASP.NET 2.0 Mini-Course. From now on, it is all up to you!!!!
Alexandre Tarifa (firstname.lastname@example.org) – is an ITGROUP consultant (www.itgroup.com.br), MVP (Most Valuable Professional), MCAD (Microsoft Certified Application Developer) and MCT (Microsoft Certified Trainer).