|
Hi,
i have an asp.net application which has pages in different folders like
supervisors, managers etc.
and each folder has n number of pages(aspx). it is finding difficulty for me to check the user rights for each page. so is it possible to restrict the user if he does not have the manager rights to all the pages in the manager folder?
Please help.
Biju S
|
|
|
|
|
You must have a list of users, roles and UserRoles. You will have to use windows security to load the roles for the current user. Then ;
protected void Page_Load(object sender, EventArgs e)
CheckRole()
{
if(!IsPostBack)
{
//Do Something
}
public void CheckRole()
{
if (!Context.User.IsInRole("Manager"))
{
thow new Exception("Access Denied");
}
}
}
You can usethe windows security using the following:
using System.Security.Principal;
and then
IIdentity identity;
String[] roles = {"manager","employee"};
GenericPrincipal g = new GenericPrincipal(identity, roles);
You will have to fix the IIdentity part above.
|
|
|
|
|
only two letters away from being an asset
|
|
|
|
|
Use the web.config file to set security for the folders, similar to below
<configuration>
<location path="Folder1">
<system.web>
<authorization>
<deny roles="group"/>
<allow roles="admin"/>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
only two letters away from being an asset
|
|
|
|
|
I create a datable in the event of button1
how can I use it in the event of button2? please help me
I do this :
in button1
Session["temptable"]=dt;
in button2
dt=(DataTable)Session["temptable"];
when I debug it
messege show it is not exit dt in event of button2
|
|
|
|
|
Your question makes no sense. Are you sure the table does not exist ? dt is null, or you get a message that the variable does not exist ? If the latter, then you're in release mode.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
Put the datatable in the session again and then use it in the cleck event of the second button.
Apurva Kaushal
|
|
|
|
|
good day everyone..
again i need your help... on how to include my separate report made from crystal report 9 to asp.net 2003?
pls send me link on where i could use as a refenrence.... thank you...
start a new beginning in every ending; thats what life for......
|
|
|
|
|
|
Hi all,
I'm a programmer in Web developer with ASP.NET 2.0, C# basic. I have this issue and it cost me lots of time on investigating the solution. Let me explain the scenario in the easiest way to understand. Let say i have site A and site B, both of them have Response.Cache.SetCacheability(NoCache), reason of disable caching is prevent user from hitting back button to go back to their previous viewed pages after they signed out. And i succeed in this prevention. But i've got the issue of Page has expired. When i deal with surfing like go to Page A, then B, then hit back button to Page A, then back button to B again and again, there's nothing happen because they are 2 different pages. but when i work on Page A only, let say i have a multiview menu in Page A, then i switch from tab X to tab Y, then hit back button, that throw Page has expired. Im so sick with this. As far as i know that because the post back url point to the same page, and this is just a warning from IE from duplicating request to one page, but this is disturbing end user a lot. Is there any work around this?
Please assist me on this, any of your solutions are appreciated.
Thank you very much.
-- modified at 19:58 Thursday 14th June, 2007
I moved this to the ASP.NET forum, please in future respect the notice that says 'do not post programming questions in the lounge'.
There is no END ROAD in the world, the end of this road is the beginning of another road...
|
|
|
|
|
Hi, I have made changes to my code according to the responses I was getting the last time I post a question about the exception " Object reference not set to an instance of an object". I still get the same exception after the changes. It's saying that the line
strGoodPassword = CType(myCommand.ExecuteScalar, String)
is the cause of the problem. I don't know what else to to, please take a look at my code below. Thank you in advance for your help.
Private Sub lblRegister_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lblRegister.Click
Dim bResult As Boolean = False
Dim myConnection As OdbcConnection
Dim myCommand As OdbcCommand
Dim strInsert As String
Dim strGoodPassword As String
Dim strSQL As String
strSQL = String.Empty
myConnection = New OdbcConnection("Driver={MySQL ODBC 3.51 Driver};Server=localhost;Database=myDb;User=myUSERassword=myPW;Option=3;")
strSQL = String.Format("SELECT myUserName FROM myTable WHERE (email='{0}');", txtUserName.text)
myConnection.Open()
strGoodPassword = CType(myCommand.ExecuteScalar, String)
If Not strGoodPassword Is Nothing Then
If strGoodPassword = txtUserName.Text Then
bResult = True
Else
lblMessage.Text = "That user name is already taken!"
lblMessage.Text &= " Please choose another user name."
End If
Else
lblMessage.Text = "That user name is already taken!"
lblMessage.Text &= " Please choose another user name."
End If
strInsert = "INSERT into membersinfotbl (FirstName,LastName,Password,Phone,Email,Profession,StrAddress,City,State,ZipCode)value (?,?,?,?,?,?,?,?,?,?)"
myCommand As New OdbcCommand(strInsert,myConnection)
myCommand.Parameters.Add("@FirstName", txtFirst.Text)
myCommand.Parameters.Add("@LastName", txtLast.Text)
myCommand.Parameters.Add("@Password", txtPassword.Text)
myCommand.Parameters.Add("@Phone", txtPhone.Text)
myCommand.Parameters.Add("@Email", txtEmail.Text)
myCommand.Parameters.Add("@Profession", txtProfession.Text)
myCommand.Parameters.Add("@StrAddress", txtAddress.Text)
myCommand.Parameters.Add("@City", txtCity.Text)
myCommand.Parameters.Add("@State", txtState.Text)
myCommand.Parameters.Add("@ZipCode", txtZipCode.Text)
myCommand.ExecuteNonQuery()
myConnection.Close()
End Sub
-- modified at 20:03 Thursday 14th June, 2007
|
|
|
|
|
If you post 20 lines of code, tell us which one has the error
ASPnoob wrote: strSQL = String.Format("SELECT myUserName FROM myTable WHERE (email='{0}');", txtUserName.text)
You need to read up on SQL injection attacks. Odds are good that if you give me the URL of this site, I can delete your entire database.
I can't see which line could fail, let us know where to look.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
It's saying that the following line is the cause of the problem.
strGoodPassword = CType(myCommand.ExecuteScalar, String)
Thanks for helping.
|
|
|
|
|
Where do you intialize myCommand? Of course it will give a null reference exception if you haven't done so before attempting to use it.
only two letters away from being an asset
|
|
|
|
|
I have initialized myCommand but now I'm having other error messages. Would you please look at the code to see if the logic is it self the problem. Basically what I'm trying to do is validate the username before sending it to the database for storage. The code checks to see whether the username is already in existence or not. If it is then an error message is given, if not the username is sent to the database. Would you please look at the code to see if it even make logical sense. The code may not reflect what I want. Thanks for your help.
-- modified at 1:06 Friday 15th June, 2007
|
|
|
|
|
What are that other error messages and at which line?
Thanks and Regards,
Chetan Ranpariya
|
|
|
|
|
You are not initilizing the object of OdbcCommand class,
Before calling ExecuteScalar function ,right this statement,
myCommand=new OdbcCommand(strsql,myConnection)
Always remember,object reference not set to instance of object is exception throws whenever u r trying to use an object which is not initialized.
Send me reply if ut problem gets solved.
GIRISH
|
|
|
|
|
I think there is error in ur insert query,
it is Insert into table_name(columns) <b>values</b>
u have written value,this might be the proble.
If that doesnt wotks try the code given below,
Still if it is not working send me reply.
Private Sub lblRegister_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lblRegister.Click
Dim bResult As Boolean = False
Dim myConnection As OdbcConnection
Dim myCommand As OdbcCommand
Dim strInsert As String
Dim strGoodPassword As String
Dim strSQL As String
strSQL = String.Empty
myConnection = New OdbcConnection("Driver={MySQL ODBC 3.51 Driver};Server=localhost;Database=myDb;User=myUSERassword=myPW;Option=3;")
strSQL = String.Format("SELECT myUserName FROM myTable WHERE (email='{0}');", txtUserName.text)
myCommand =new OdbcCommand("SELECT myUserName FROM myTable WHERE email='" & txtUserName.text &"'")
myConnection.Open()
strGoodPassword = CType(myCommand.ExecuteScalar, String)
If Not strGoodPassword Is Nothing Then
If strGoodPassword = txtUserName.Text Then
bResult = True
Else
lblMessage.Text = "That user name is already taken!"
lblMessage.Text &= " Please choose another user name."
End If
Else
lblMessage.Text = "That user name is already taken!"
lblMessage.Text &= " Please choose another user name."
End If
strInsert = "INSERT into membersinfotbl (FirstName,LastName,Password,Phone,Email,Profession,StrAddress,City,State,ZipCode)value (?,?,?,?,?,?,?,?,?,?)"
myCommand As New OdbcCommand("INSERT into membersinfotbl (FirstName,LastName,Password,Phone,Email,Profession,StrAddress,City,State,ZipCode) values ('" & txtFirst.Text & "','" & txtLast.Text & "','" & txtPassword.Text & "','" & txtPhone.Text & "','" & txtEmail.Text & "','" & txtProfession.Text & "','" & txtAddress.Text & "','" & txtCity.Text & "','" & txtState.Text & "','" & txtZipCode.Text & "')",myConnection)
myConnection.Close()
End Sub
GIRISH
|
|
|
|
|
Thanks for responding to my post, however, your code has a few problems in it. VS2003 gave four error messages on the the following line.
myCommand As New OdbcCommand("INSERT into membersinfotbl (FirstName,LastName,Password,Phone,Email,Profession,StrAddress,City,State,ZipCode) values ('" & txtFirst.Text & "','" & txtLast.Text & "','" & txtPassword.Text & "','" & txtPhone.Text & "','" & txtEmail.Text & "','" & txtProfession.Text & "','" & txtAddress.Text & "','" & txtCity.Text & "','" & txtState.Text & "','" & txtZipCode.Text & "')",myConnection)
The messages are "Expression is not a method"
"Expression expected"
"Method arguments must be enclosed in parentheses"
"End of statement expected"
|
|
|
|
|
|
Don't use "Urgent Help Needed" in the subject. It is poor etiquette here and your question will be ignored by those who can help the most
only two letters away from being an asset
|
|
|
|
|
ASP is different to ASP.NET, you need to say ASP.NET.
If you get the data from Access, it should come back in a DataSet or Data Table. Just make that the data source of a grid, call it's DataBind method, and you're done. You can format it, and change how it looks, but that's all there is to displaying it.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
I recommend you take some time off this project to work through a book on ADO.NET, and possible a book on your chosen language.
A dataset is returned from Access. By definition, it is an object within the language, there is no extension or folder, nothing is stored in the project directory.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
Could you please send me code how to send an email in ASP.Net 2.0
seema
|
|
|
|
|
Type "send mail asp.net" in to the search box above and click Go!
only two letters away from being an asset
|
|
|
|
|