AJAX

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
AJAX
Wednesday, August 6, 2008PrintSubscribe
Using "roles" and "writeRoles" Attributes with Fields and Actions

Data Aquarium Framework allows controlling user access to the fields and actions defined by data controller based on user roles. The standard ASP.NET security infrastructure is being utilized to determine the role of the current user. You must enable any form of authentication supported by ASP.NET to be able to use this features.

Element “field” in the “/dataController/fields” section has attributes “roles” and “writeRoles”. The first attribute specifies a space- or comma-separated list of roles allowed to read the field. If “roles” element is not present or defined as a blank string then any user is allowed to see the field presented in the views. If “roles” attribute is not blank then a call 

HttpContext.Current.User.IsInRole(role)

is executed by the framework to see if the field should be visible in the presentation views defined in the data controller XML file.

Attribute “writeRoles” specifies the roles that user must have in order to be able to change the field content.

Element “action” of any “/dataController/actions/actionGroup” section allows specifying user roles that are allowed to execute that action. If the attribute is not present or blank then the action is available to everyone. If a space- or comma-separated list is present then the framework will ask ASP.NET to see if the user does have one of this roles before this action is allowed to be displayed and executed in the views defined in the data controller file.

Notice that the same action may be defined in multiple actions group. For example, the standard generated definition of the data controller will have “Delete” action defined twice in the action group with scope “Grid” and twice in the action group with scope “Form”. You have to make sure that the same list of roles allowed to execute the “Delete” action is duplicated in all four instances.

Let’s try the real example. This example assumes that you do have SQL Server 2005 Express Edition installed on your development machine.

Generate a Data Aquarium project for the Northwind database. Open the web site with Visual Studio 2008 or Visual Web Developer Express 2008 and add a form named Login.aspx to the root of the new web site. Switch this form to design mode and drop Login control on the form. Save the form. Here is the snippet of your from text with the Login control in it.

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:Login ID=Login1 runat=server></asp:Login>
    </div>
    </form>
</body>
</html>

Select “Website ASP.NET Configuration” menu option in Visual Studio and enable security for our sample application. Indicate that your users are visiting your site from Internet. Specify that you want to enable roles. Create two roles named Admin and User. Create two user accounts, one for each role, and make sure to memorize their user names and password. Create an access rule that denies anonymous user access to the root of your web site. The configuration tool will automatically insert the needed settings in to the web.config file of the sample application will create App_Data project folder with ASP.NET Membership database in it.

Start default.aspx page. You will be asked to sign in. Make sure that you can sign in with one of the user accounts that you have created. When sign in successfully the default page will display the views defined in the ~/Controllers/Employees.xml data controller configuration file. Close the browser and open that data controller file in Visual Studio.

Make the following changed in the definition of LastName, FirstName, and Title fields.

    <field name="LastName" type="String" allowNulls="false" label="Last Name"  writeRoles="Admin"/>
    <field name="FirstName" type="String" allowNulls="false" label="First Name" writeRoles="Admin"/>
    <field name="Title" type="String" label="Title"  roles="Admin"/>

Run the application a few times while singing in with different user accounts that you have created. Notice that when you sign with account that has User role then Title field is not visible in any of the presentation views. User with Admin can see the Title field at all times.

Fields LastName and FirstName are accessible to the user with role User but this field is always read-only whenever you switch to any of the edit or insert views.

Now change the action groups to have roles attribute for command Select, Edit, and Delete as shown below.

    <actionGroup scope="Grid">
      <action commandName="Select" commandArgument="editForm1" roles="Admin,User" />
      <action commandName="Edit"  roles="Admin"/>
      <action commandName="Delete" confirmation="Delete?" roles="Admin"/>
      <action whenLastCommandName="Edit" commandName="Update" headerText="Save" />
      <action whenLastCommandName="Edit" commandName="Cancel" />
    </actionGroup>
    <actionGroup scope="Form">
      <action commandName="Edit" />
      <action commandName="Delete" confirmation="Delete?"  roles="Admin"/>
      <action commandName="Cancel" headerText="Close" />
      <action whenLastCommandName="Edit" commandName="Update" headerText="OK" />
      <action whenLastCommandName="Edit" commandName="Delete" confirmation="Delete?" roles="Admin"/>
      <action whenLastCommandName="Edit" commandName="Cancel" />
      <action whenLastCommandName="New" commandName="Insert" headerText="OK" />
      <action whenLastCommandName="New" commandName="Cancel" />
    </actionGroup>

User with administrative accounts will see no difference in the presentation views. User with role User will only Select option in the context menu of the data row in the grid view of employees. Delete action will not be allowed to that user in the form views as well.

As you can see there are plenty of declarative options to control security in the AJAX-enabled user interface without actually writing a single line of code. Any web form that is using your data controller will automatically inherit all security settings, which makes application maintenance a snap.

Labels: AJAX, ASP.NET 3.5, Data Aquarium Framework, Security, User Interface
Sunday, August 3, 2008PrintSubscribe
Database Lookups and Data Aquarium Framework Updates

The latest updates of code generator projects include standard project Database Lookups for ASP.NET and AJAX 3.5 and premium project Data Aquarium Framework.

Database Lookups project has been changed to make SelectedValue property a default property of the control. Java script components were updated to eliminate the problem with the loss of focus in a web form when a data lookup window has been closed. DataViewLookup control will now work without script errors when included in the content template of UpdatePanel control.

Data Aquarium Framework has been updated to include the same fixes described above. Addition components are now generated to make integration of the framework with existing ASP.NET applications a snap. Component ControllerDataSource has been introduced to tap into the power of Data Aquarium Framework to generate dynamic SQL statements on the fly. Now you can connect your existing data views, including GridView, DetailView, and FormView, to this data source control and gain instant ability to page and sort through thousands of records, and provide sophisticated filtering capabilities to end users. Use any commercial web control library that supports standard data binding with Data Aquarium Framework. New control DataViewTextBox is based on the standard TextBox and provides no-code database auto complete for your web forms.

See a demo application that showcases the latest features at http://dev.codeontime.com/demo/integration.

Download the source code of the sample page here.

Labels: AJAX, ASP.NET 3.5, ASP.NET Code Generator, Data Aquarium Framework, Release Notes
Saturday, July 12, 2008PrintSubscribe
Creating Custom Action Handlers in Data Aquarium Framework Applications

Custom actions provide the easy way of implementing server code that is being invoked by dynamic AJAX user interface of Data Aquarium Framework applications. No AJAX or ASP.NET programming experience is required.

Suppose you have generated ASP.NET application based on Data Aquarium Framework with Code OnTime Generator for the Northwind database. If you run this web application and select Products in the drop down at the top of the page, and click on Actions menu option then a view similar to the one displayed in the picture will be displayed.

image

Let's write some custom server code, which will execute when the My Command action selected. We will learn how to implement custom server code that will validate the entered data just before it is submitted to the database. We will also write server code to invoke the client-side script to interact with the AJAX views.

Specifying Custom Actions

Open your project in Visual Studio 2008 or Visual Web Developer Express 2008, expand Controllers folder, and open Products.xml data controller descriptor. Scroll to the bottom of the file and find custom command with MyCommand argument.

image

This is the only entry, which is needed to have your custom command displayed on the action bar of the views managed by the Products data controller. Set up your own custom header text and description to reflect the purpose of the action.

You can create additional action groups with the scope of ActionBar, Form, and Grid. The ActionBar action are displayed as menu option in the action bar. The Form action is displayed as a button in the data entry form. The Grid action will be displayed as an option in the grid view row context menu, which pops up when you click on the drop down arrow next to the value in the first column of the row.

You can additional supply the context of previously executed command via whenLastCommandName attribute. For example, you might want certain actions to be available only when user has started editing the record, or when a new record is being created.

You can also specify user roles to automatically show/hide actions based on users security credentials. This feature is integrated with ASP.NET security infrastructure and required no coding at all.

Create Server Code to Handle Custom Actions

Add a class to the App_Code folder of your application. Specify that you are using Northwind.Data namespace if you have entered Northwind as a default namespace when you have generated the code with Code OnTime Generator. Also specify that the class will inherit it's functionality from the ActionHandlerBase class that is a part of Data Aquarium Framework.

image

Now we need to hook the custom action handler Class1 into the Data Aquarium Framework. Scroll to the top of the Products data controller file and enter the class name as a value of the actionHandlerType attribute as show in the picture.

image

Override the ExecuteAction method in Class1: 

protected override void ExecuteAction(ActionArgs args, ActionResult result)
{
    if (args.CommandName == "Custom" && args.CommandArgument == "MyCommand")
        result.NavigateUrl = "http://www.microsoft.com";
}

If the action is selected in the form view then the current record information is provided in the action argument values. If your action has been specified in the scope of the grid then the current row field values are passed alone to your code.

image

Use command name and argument to process multiple actions within the same action handler. Last command name can also be of use if you need to further alter the action behavior.

Create Server Code to Handle Data Manipulation Actions

Let's add some data validation code to prevent users from making changes to some sensitive information that we care about. For example, we will raise an exception if a user is trying to change the Chai product.

Override the BeforeSqlAction method in the Class1. Notice that we are using Linq to query the values of the action arguments. 

protected override void BeforeSqlAction(ActionArgs args, ActionResult result)
{
    if (args.CommandName == "Update")
    {
        string s = (string)(
            from c in args.Values
            where c.Name == "ProductName"
            select c.OldValue).First();
        if (s == "Chai")
            throw new Exception("Can't edit Chai");
    }
}

Locate the Chai record in the Products screen, change any field of the record, and select Save in the action bar, in the grid context menu, or in the form edit view. The following error message is displayed at the top of the screen to the end user.

image

If an exception is raised before the execution of the SQL command then the SQL command is canceled. You can also cancel command by invoking the Cancel method of result parameter. This may be useful if you would like to execute your own data update instead of relying on the automatic dynamic SQL generation feature of Data Aquarium Framework. You can use Values property of the action argument and inspect individual fields via their Name, Value, NewValue, and OldValue properties.

Create Server Code to Invoke Client Java Script

You can supply a custom client-side Java Script expression, which will be evaluated upon the completion of execution of your server code. This works for both custom and data manipulation actions.

Suppose you want to allow uses to enter multiple products with the minimum number of clicks. When user selects the New action from the action bar and enters the first product you want the data view to stay in the New Products form until the uses decides to cancel.

Enter the following method in the Class1. 

protected override void AfterSqlAction(ActionArgs args, ActionResult result)
{
    if (args.CommandName == "Insert")
    {
        result.ClientScript = String.Format(@"
            alert('Product {0} has been created.');
            $find('{1}').executeCommand(
                {{commandName:'New',commandArgument: 'createForm1'}});",
            (from c in args.Values
             where c.Name == "ProductName"
             select c.NewValue).First(),
            args.ContextKey);
    }
}

Our custom code will kick in whenever the Insert command is executed and will assign a Java Script expression to be evaluated when the result is returned to the client-side data view. The alert method call will display a confirmation telling the user that the record has been created indeed. The $find method call will find the client side Ajax component identified by ContextKey passed in the action arguments. Method executeCommand belongs to the DataView JavaScript class and will execute the client side command New, which will result in the createForm1 view to be displayed again. From the user perspective the New Products form simply remains in place when the record creation confirmation is dismissed.

image

Conclusion

Exceptionally flexible server-side programming support in applications based on Data Aquarium Framework provides great number of customization options to programmers with any degree of experience with ASP.NET and AJAX.

It allows real separation of the business logic from the presentation.

Your web application sends asynchronous JSON requests to the stateless server application that are being processed with all the power of the Microsoft.NET framework without any need to know ASP.NET or AJAX programming techniques. Start being productive now.

Labels: AJAX, ASP.NET 3.5, Data Aquarium Framework
Continue to Data Aquarium Framework
© 2024 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support