Language preference:

Phase 2: Source code files

Only the changed user interface files are shown here. Most of the changes are in the Master page, which has added radiobuttons and associated code to login using Forms Authentication.

The CustomPages_Phase2_WithSecurityRestrictions folder contains Page Templates that override the originals. Look in the comment headers for details about how they differ from the original.

BLD Templates
CustomPages_Phase2_WithSecurityRestrictions
Customers
Order_Details
Orders
<%Master Language="C#"  %>
<%Import Namespace="System.Web.Security" %>
<script runat="server">
protected void Page_Init(object pSender, EventArgs pArgs) { // Identifies the phase to others, such as PhaseBLDRoute objects. HttpContext.Current.Items["Phase"] = "phase2"; } protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { string[] vRoles = Roles.GetRolesForUser(); if (vRoles.Length == 0) { FormsAuthentication.SignOut(); LoginAsAdministrator(); LoginAsCustomerRB.Checked = false; LoginAsAdminRB.Checked = true; } else if (vRoles[0] == "Customer") { LoginAsCustomerRB.Checked = true; LoginAsAdminRB.Checked = false; } else { LoginAsCustomerRB.Checked = false; LoginAsAdminRB.Checked = true; } MyAccount.Visible = LoginAsCustomerRB.Checked; } } protected void LoginAsAdministrator() { FormsAuthenticationTicket vTicket; string vCookieText; HttpCookie vCookie; vTicket = new FormsAuthenticationTicket(1, "Admin", DateTime.Now, DateTime.Now.AddMinutes(60), false, ""); vCookieText = FormsAuthentication.Encrypt(vTicket); vCookie = new HttpCookie(FormsAuthentication.FormsCookieName, vCookieText); vCookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(vCookie); } protected void LoginAsCustomer() { FormsAuthenticationTicket vTicket; string vCookieText; HttpCookie vCookie; vTicket = new FormsAuthenticationTicket(1, "Customer", DateTime.Now, DateTime.Now.AddMinutes(60), false, "BLAUS"); // assume the customer is associated with the Customer table and record CustomerID="BLAUS" vCookieText = FormsAuthentication.Encrypt(vTicket); vCookie = new HttpCookie(FormsAuthentication.FormsCookieName, vCookieText); vCookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(vCookie); } protected void LoginAsAdmin_CheckedChanged(object sender, EventArgs e) { FormsAuthentication.SignOut(); if (LoginAsAdminRB.Checked) LoginAsAdministrator(); else LoginAsCustomer(); MyAccount.Visible = LoginAsCustomerRB.Checked; Response.Redirect(this.Page.Request.RawUrl, true); // force the login cookie change to be read in and get applied } protected void MyAccount_Click(object sender, EventArgs e) { PeterBlum.DES.BLD.BLDMetaModel vMetaModel = MetaModel.GetModel(typeof(PeterBlum.Phase2_WithSecurityRestrictions.NorthWindDataContext)) as PeterBlum.DES.BLD.BLDMetaModel; PeterBlum.Phase2_WithSecurityRestrictions.Customer vCustomer = new PeterBlum.Phase2_WithSecurityRestrictions.Customer(); FormsIdentity vIdentity = Page.User.Identity as FormsIdentity; FormsAuthenticationTicket vTicket = vIdentity.Ticket; vCustomer.CustomerID = vTicket.UserData; // this is the customer whose record will appear string vUrl = vMetaModel.GetActionPath("Customers", "Edit", vCustomer); Response.Redirect(vUrl); }
</script> <html xmlns="http://www.w3.org/1999/xhtml"> <head id="Head1" runat="server"> <title>BLD Database Explorer: With Security Restrictions for Customers</title> <link href="PageTemplates.css" rel="stylesheet" type="text/css" /> <asp:ContentPlaceHolder id="head" runat="server" /> </head> <body class="BLDPT_Body"> <h1 class="BLDPT_AppTitle">BLD Database Explorer: With Security Restrictions for Customers</h1> <form id="form1" runat="server" > <div class="BLDPT_HomePage"> <a id="A1" runat="server" href="~/BLD Templates/PageTemplates_Phase2_WithSecurityRestrictions/BLD Database Explorer.aspx"> <img id="Img1" alt="Back to home page" runat="server" src="Images/back.gif" />Back to home page</a> <asp:RadioButton id="LoginAsAdminRB" runat=server GroupName="Login" Text="Logged in as the Administrator" AutoPostBack="True" oncheckedchanged="LoginAsAdmin_CheckedChanged" BackColor="White" /> <asp:RadioButton id="LoginAsCustomerRB" runat=server GroupName="Login" Text="Logged in as a customer" AutoPostBack="True" oncheckedchanged="LoginAsAdmin_CheckedChanged" BackColor="White"/>   <asp:LinkButton id="MyAccount" runat=server Text="Edit My Account" CommandName="MyAccount" onclick="MyAccount_Click" /> </div> <fieldset> <legend>Using the login feature</legend> <p>Use the radio buttons above to select your user role. These use FormsAuthentication to login. When logged in as a Customer, you are assumed to be "BLAUS", a customer in the NorthWind database.</p> <p>Two User roles have been defined: Admin and Customer. Admin provides complete access to everything. Customer does not.</p> <p>Customer cannot see many tables and they cannot edit most of those they can access. The only record they can edit is their own, available through the Edit My Account button (above when logged in as the Customer.) When they attempt to access a URL that is off limits, they will get a 404 Page error.</p> <p>Use the <a href="../../Phase2/Sources_WithSecurityRestrictions.aspx" target="_blank">Source Code Explorer</a> to see how Forms Authentication and the web forms have been customized. You will find that the DataAnnotations are identical between the two Phase 2 applications. Only the files in the BLD Templates folder have changed.</p> </fieldset> <div> <des:PageManager id="PageManager1" runat="server" AJAXFramework="MicrosoftAJAX" /> <des:BLDCustomizer ID="Customizer1" runat="server" > <FieldTemplateBehaviors> <des:DependencyFieldTemplateBehavior DependencyUI="ReadOnlyOrDisable" /> </FieldTemplateBehaviors> </des:BLDCustomizer> <asp:ScriptManager ID="ScriptManager1" runat="server" EnablePartialRendering="true" /> <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server" /> </div> </form> </body> </html>