ASP.NET

2011-06-06T23:44:00.000-07:00

Security in ASP.NET

2008-12-16T02:48:00.000-08:00

In every web based application, the main concern that should be taken care from the very beginning is security. Although we have https which is secure but all before that there is a need to have security checks at the time when user submits the information.
Here I will not talk about the Forms Authentication as I consider the reader to be aware about it but its better to study it before going any further. You can learn about Forms Authentication in www.4guysfromrolla.com/webtech/110701-1.shtml.
Let start with Membership & Role Manager. Basically it has two classes ie Membership & MembershipUser. Some common tasks performed by Membership class are as follows:-

Creating a new MembershipUser
Validating a username-password combination when a user attempts to log in
Retrieving MembershipUser instance
Updating MembershipUser instance
Searching for users
Getting the count of authenticated users that are currently online
Deleting users from the system when they are no longer needed

Now lets see what is Role Manager. The Roles provides methods for creating roles and assigning users to roles. Some common tasks performed by roles are:-

Creating a new role
Deleting an existing role
Assigning users to roles
Removing users from roles
Determining if a user is authorized to a specific role
Searching for users in a specific role, as well as retrieving all users in a role
Getting the role information for a specific user

Following is a step by step code snippet in implementing membership & assigning Roles:-

Create User: On button click write this code

    string userName = txtUserId.Text;


string password = txtPassword.Text;

string email = txtEmail.Text;
string passwordQuestion = ddlPasswordQuestion.SelectedValue;


string passwordAnswer = txtPasswordAnswer.Text;

MembershipCreateStatus result;
Membership.CreateUser(userName, password, email, passwordQuestion, passwordAnswer, true,out result);

User Login: 
On page Load write this code 
 private MembershipUser memUser;
 memUser = Membership.GetUser();

On Logout button write this code:
FormsAuthentication.SignOut();
Roles.DeleteCookie();

Manage Roles: On button click of create role write this,
        string roleName = txtCreateRole.Text;

   Roles.CreateRole(roleName);

Manage User and Roles: Write this code on button click

Roles.AddUserToRole(User.Identity.Name, selectedRole);

Check Authorization: Write this code on page load
if(User.IsInRole("Administrator")
{
}
else
{
Response.Write("Invalid User");
}

This is just an overview how Membership and Roles can be managed for security in ASP.NET
For complete code with working example, you can contact me at sameersayani@gmail.com

Quick Help ASP.NET: Generating Random nos. without any Duplication

2007-10-30T06:40:00.000-07:00

Quick Help ASP.NET: Generating Random nos. without any Duplication

Generating Random nos. without any Duplication

2007-10-24T07:01:00.000-07:00

We often came across situations like generating Random nos. during coding.Suppose if any user gets regitered to our site, we may provide him System generated password or we assign him with a unique key for identification.This can be done in many nos of ways in ASP.NET. we can use GUID() in ASP.NET.GUID Return a Globally Unique Identifier (GUID).But after a certain limit, it will start generating duplicate combination of nos.
The other way round is to make our own unique key ie like generating a key with acombination of user email ID.But what if the special character ike @ is not allowed?
In the following program, i am generating my own unique Alpha numeric key which is always unique.Here's the code:-

using System.Security.Cryptography;

public static void main()
{
string str= GetUniqueKey();
Console.Write(str);
}

private string GetUniqueKey()
{
int maxSize = 8;
int minSize = 5;
char[] chars = new char[62];
string a;
string main = "";
a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
chars = a.ToCharArray();
int size = maxSize;
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
size = maxSize;
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(size);
foreach (byte b in data)
{
result.Append(chars[b % (chars.Length - 1)]);
}
return result.ToString();
}

You can modify it to produce only numeric nos.It can be modified in any ways.But for this we have to import cryptography class for that.Cryptography provides different methods for Encryption,Decryption.

Use it & give me your feed back.

PostBack in ASP.NET

2007-10-17T05:00:00.000-07:00

Lets consider a .aspx page in ASP.NET which consists of a some fields having a Submit button at its end.When we click on submit button,the page is submitted back to server for processing along with data on page.Finally our data gets saved in the database.This is due to the PostBack property.This property runs our code on server side to fulfill the task.Similarly suppose if we have dropdownlist which are bound to database can be viewed on Page Load.But there is no need to fill the dropdown once it is filled.For that ASP.NET provides us a functionality to check whether the Page.IsPostBack property is true or false.It is true for the first time page on load but in all other operations on the same page it is false.So it will not fill th dropdown again & again and save our time as it will not connect to the database again.
This property was not present in Classic ASP.Hence the code was executed line by line from top to bottom.To avoid this we use iframes in that which was more tedious job.
This is what Postback in ASP.NET means