<%@ Master Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<script runat="server">
protected void Page_Init(object pSender, EventArgs pArgs)
{
HttpContext.Current.Items["Phase"] = "phase2";
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
string[] vRoles = Roles.GetRolesForUser();
if (vRoles.Length == 0)
{
FormsAuthentication.SignOut();
LoginAsAdministrator();
LoginAsCustomerRB.Checked = false;
LoginAsAdminRB.Checked = true;
}
else if (vRoles[0] == "Customer")
{
LoginAsCustomerRB.Checked = true;
LoginAsAdminRB.Checked = false;
}
else
{
LoginAsCustomerRB.Checked = false;
LoginAsAdminRB.Checked = true;
}
MyAccount.Visible = LoginAsCustomerRB.Checked;
}
}
protected void LoginAsAdministrator()
{
FormsAuthenticationTicket vTicket;
string vCookieText;
HttpCookie vCookie;
vTicket = new FormsAuthenticationTicket(1, "Admin", DateTime.Now,
DateTime.Now.AddMinutes(60), false, "");
vCookieText = FormsAuthentication.Encrypt(vTicket);
vCookie = new HttpCookie(FormsAuthentication.FormsCookieName, vCookieText);
vCookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(vCookie);
}
protected void LoginAsCustomer()
{
FormsAuthenticationTicket vTicket;
string vCookieText;
HttpCookie vCookie;
vTicket = new FormsAuthenticationTicket(1, "Customer", DateTime.Now,
DateTime.Now.AddMinutes(60), false, "BLAUS");
vCookieText = FormsAuthentication.Encrypt(vTicket);
vCookie = new HttpCookie(FormsAuthentication.FormsCookieName, vCookieText);
vCookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(vCookie);
}
protected void LoginAsAdmin_CheckedChanged(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
if (LoginAsAdminRB.Checked)
LoginAsAdministrator();
else
LoginAsCustomer();
MyAccount.Visible = LoginAsCustomerRB.Checked;
Response.Redirect(this.Page.Request.RawUrl, true);
}
protected void MyAccount_Click(object sender, EventArgs e)
{
PeterBlum.DES.BLD.BLDMetaModel vMetaModel = MetaModel.GetModel(typeof(PeterBlum.Phase2_WithSecurityRestrictions.NorthWindDataContext)) as PeterBlum.DES.BLD.BLDMetaModel;
PeterBlum.Phase2_WithSecurityRestrictions.Customer vCustomer = new PeterBlum.Phase2_WithSecurityRestrictions.Customer();
FormsIdentity vIdentity = Page.User.Identity as FormsIdentity;
FormsAuthenticationTicket vTicket = vIdentity.Ticket;
vCustomer.CustomerID = vTicket.UserData;
string vUrl = vMetaModel.GetActionPath("Customers", "Edit", vCustomer);
Response.Redirect(vUrl);
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>BLD Database Explorer: With Security Restrictions for Customers</title>
<link href="PageTemplates.css" rel="stylesheet" type="text/css" />
<asp:ContentPlaceHolder id="head" runat="server" />
</head>
<body class="BLDPT_Body">
<h1 class="BLDPT_AppTitle">BLD Database Explorer: With Security Restrictions for Customers</h1>
<form id="form1" runat="server" >
<div class="BLDPT_HomePage">
<a id="A1" runat="server" href="~/BLD Templates/PageTemplates_Phase2_WithSecurityRestrictions/BLD Database Explorer.aspx">
<img id="Img1" alt="Back to home page" runat="server" src="Images/back.gif" />Back to home page</a>
<asp:RadioButton id="LoginAsAdminRB" runat=server GroupName="Login"
Text="Logged in as the Administrator" AutoPostBack="True"
oncheckedchanged="LoginAsAdmin_CheckedChanged" BackColor="White" />
<asp:RadioButton id="LoginAsCustomerRB" runat=server GroupName="Login"
Text="Logged in as a customer" AutoPostBack="True"
oncheckedchanged="LoginAsAdmin_CheckedChanged" BackColor="White"/>
<asp:LinkButton id="MyAccount" runat=server Text="Edit My Account"
CommandName="MyAccount" onclick="MyAccount_Click" />
</div>
<fieldset>
<legend>Using the login feature</legend>
<p>Use the radio buttons above to select your user role. These use FormsAuthentication to login.
When logged in as a Customer, you are assumed to be "BLAUS", a customer in the NorthWind database.</p>
<p>Two User roles have been defined: Admin and Customer. Admin provides complete access to everything. Customer does not.</p>
<p>Customer cannot see many tables and they cannot edit most of those they can access.
The only record they can edit is their own, available through the Edit My Account button (above
when logged in as the Customer.) When they attempt to access a URL that is off limits,
they will get a 404 Page error.</p>
<p>Use the <a href="../../Phase2/Sources_WithSecurityRestrictions.aspx" target="_blank">Source Code Explorer</a> to see how Forms Authentication and the web forms
have been customized. You will find that the DataAnnotations are identical between
the two Phase 2 applications. Only the files in the BLD Templates folder have changed.</p>
</fieldset>
<div>
<des:PageManager id="PageManager1" runat="server" AJAXFramework="MicrosoftAJAX" />
<des:BLDCustomizer ID="Customizer1" runat="server" >
<FieldTemplateBehaviors>
<des:DependencyFieldTemplateBehavior DependencyUI="ReadOnlyOrDisable" />
</FieldTemplateBehaviors>
</des:BLDCustomizer>
<asp:ScriptManager ID="ScriptManager1" runat="server" EnablePartialRendering="true" />
<asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server" />
</div>
</form>
</body>
</html>