I was just going through the "AccountController.cs" code (the default one which appears when you create a new ASP.NET MVC project). When I tried to compare it to the one that is proposed in my book, I noticed that the two controllers share the same concepts and implements the same methods (LogOn, LogOff, CreateUser, DeleteUser, ChangePassword, etc.).
Now, I'm wondering why someone would want to create an AccountController of his own to replace the default one.
Almost, all the books (even professional ones) do not suggest we should create an AccountController. But, one of them (The Beer House) spend a whole chapter on how to implements just that. I really liked it as was able to see a real professional project's code. But, if it's a stuff for very big big website, I might be better off spending my learning time in other subjects.
My question is this one: For a professional website (not very big big), is it safe to use the default AccountController? Or I need absolutely to create a new one. And (most importantly) why? What are the limitations of the default controller??? Can I provide some enhancement to the default one in case it's just a matter of making it specific to address a need?
Thank you
Usually you will need to rewrite or at least make many changes in the default AccountController. For example:
Default AccountController allows anybody to register (create new account) without any email confirmation or even CAPTCHA.
Default registration needs only login, email and password. Usually you would like to adjust user profile data to specific application.
There is no "forgot my password" option
There is no "Edit profile" option.
I don't know if it is a good idea to integrate your database schema with autogenerated tables (aspnet_XXX). If you have your own "Users" table in your database schema maybe it is better to write your own MembershipProvider using your own "Users" table.
Default profile provider stores profile data in not intuitive way (there is no table with one column per profile field).
That's a tough question to answer. You need to enumerate any specific needs, requirements, or general funkiness and compare them to what you already have completed for you. If you wire up the existing and it suits you just fine, there's probably no reason to write something new.
Related
I am hoping to create some secure areas of my MVC application, I understand how users can register, login etc with the out of the box views controllers etc.
One thing that seems to be lost on me is a way to manage these users after they register. Some things I would like to be able to do:
Assign roles to users
C-R-U-D users
C-R-U-D roles
Is this all functionality I have to build myself or am I just missing something here? Everything I have found lends itself to writing code to do all these things, but it seems as though these are standard enough that they should exist.
it's very simple. if you take a look at your auto-generated DB for users, you will see that it already contains tables for roles etc. so everything was already prepared for generic use, you just need to define the basics and use it.
You can first try to play with it a bit by adding values manually to the DB tables, just to get the feel of how it works.
define a role
assign users with that role
now depending on your use, whether you'd like to allow\block access to action or entire controllers just set this for example above a action or class [Authorize(Roles = "Admin")].
in addition to (3) you can also make decisions in the server side (C# and cshtml) according to the user roles, by using:
var userManager = new UserManager(userStore);
if(userManager.IsInRole(user.Id, "Admin")){...}
read more in this link, it goes over the CRUD actions - define and use.
So I am new to programming and working in C# and learning MVC. I have finally undertaken my first personal project to put to practice what I have been learning from the books/tutorials I have been following. My project is your typical store that list products, has a shopping cart, user account, admin site...etc.
I have managed to wire up NHibernate to my MySQL DB, and posting records to a view.
My question is "where should I start?". It seems I could go a lot of different directions, Admin site to manage the site and products, getting the products showing on the site as I would like, User accounts. What is some advice of how I "should" tackle each component?
I leaning towards the admin site since logically putting products in the store comes before showing the products on your store.
Any advice is greatly appreciated.
I concur with #Tod
Pick a portion of the website that is needed and build it. Build up your model (include a viewmodel), then your controller, and finally your view.
In my case, I chose to start with Users.
I created my Database and Users Table (no I didn't use code first or EF)
Then I created the LINQ DBML file
Then I created as super simple repository that talks to the LINQ classes
Next I created a service layer that does a little more heavy lifting before communicating with the repository layer
Following that, I build a ViewModel that would "transform" data that was to be used in the view. This also included building some HtmlHelpers and Extension Methods.
Now to my controller. I build new ViewModel object, pass an object to the ViewModel, and then return the viewmodel to the view.
Lastly I implemented the View, did my CSS and Markup.
So when I visit the site, I don't see a whole lot except for a nice finished Users section. This also includes a sign-up area, login area, etc.
Now that the Users section is finished, my next big section is "Events" whereby I will start the process all over again.
Start with what you can use first. If you can't put products in the system, what good is "getting the products showing on the site as I would like". On the other hand, having a site where you can enter products may be (somewhat) useful on it's own.
Even though you are the client, ask yourself: what is the smallest piece of functionality you could build that would be useful for your client? Build that first!
Good luck! Enjoy programming!
I guess its a bit of a personal preference. For me, I'd rather work on the front end customer facing stuff first, ie: rending products, shopping cart, purchasing and checkout.
The admin side of things doesn't really add value to the product from a customer perspective. In a less than ideal situation you could release your store without an admin interface, and manage products directly in the database (not ideal), but you could still release it and sell products to the public.
The admin side doesn't add that kind of value, and even if you can add and remove products from the system, you still can't release the product as customers can't see or buy them.
I like to focus on what adds the most value first and build from there - in practice however this isn't always possible.
Either way though, I think taking it from which ever direction you're more comfortable with is the best approach. If logically you find it easier to conceptualize the process of ordering products when they've already been added to the system from an Admin panel, start at the admin panel.
If you find it easier to build an edit product page based on what you've determined you need to render on the public facing page, then start with product listing and build management around it.
The user account stuff is used throughout your site so you should create that first. The shopping cart is going to be associated with the user account.
Ok going by your question, in my opinion, you might want to find yourself a specific goal, like doing a website for someone that owns a business that you know (this is what I've done, and so have a couple friends of mine).
I've found that the more specific the aim, the better the coding experience. So if you're motivated to a particular project then you'll know what's necessary to do. Give yourself a project to do like a music library utility for example, and see where it takes you. :)
For my ASP.NET MVC app, I just find dealing with unique-identifiers harder, so I have added my own field to ASPNET_USERS table - UserIdInt (which is actually a bigint!) So most of user operations use userIdInt as reference.
Anyway, I am debating between two approaches:
1)When a user logs in, look up from the database and store the userIdInt in a session variable and any-time session variable slips away, re-look it up and put it back in session variable. (It's okay to use sessions in MVC app, right?)
2)Any time an operation needs to be performed, simply pass userName to database and take care of UserIdInt at database side by doing joins and such on ASPNET_Users table any time an operation from user needs to be performed.
I am heavily leaning towards 1)... but I want to make sure I am on right track.
I asked this question on Serverfault first, but I was told to ask this question here.
progtick,
you may be far better looking into the use of custom profile providers as this would allow you to leave the aspnet_* tables as is (which is a good idea in case a later version of sqlserver changes how they operate) plus offer the additional bebnefit of having a multitude of additonal profile related properties availabale to your application. i can't overstate enough the benefits in going down this track as i've found it very useful to have such an approach in both my standard asp.net apps as well as my mvc ones.
you can get a feel for what's involved in this by looking thro a couple of these links:
here's one on SO for starters:
Implementing Profile Provider in ASP.NET MVC
and one from my old mate, lee dumond:
http://leedumond.com/blog/asp-net-profiles-in-web-application-projects/
hope this helps
An alternative approach is to alter the forms authentication ticket to add your unique id to the data stored in the cookie. Then, by implementing a custom IPrincipal you can have your unique id available anywhere that the User object is available.
Problem: Our web console shows a list of all computers on which our application is installed. Each machine has some identification information that can be associated with it. Simple strings like department name, team name etc. We need to make it such that the user can change the name of these identification fields and add/remove as many as he wants. How can we best implement this?
Initially i thought that i could implement this as a singleton. In the application start, i could read the last set identity field names from the db and create a singleton instance of a list of strings. This could be passed around to all functions that need to display or access the identity information. The appeal in this option is that if the user changes the identity fields name from the ui or adds or removes the fields, i can simple modify the singleton object and the change will be reflected.
However i feel there must be a better way to achieve what i want. Because there a lot of such information that the user can modify at will and we need to track them.
Any suggestions?
Just use the objects from your ORM to maintain and use this information in the application. Many ORMs have the ability to cache this sort of thing, so it's not like you will lose any speed over it.
I'm not a big fan of using a Singleton to do this. It's hard to unit test, and you'll still have to persist it to the database eventually.
I'm creating a new ASP.NET MVC application. So far I've used the Account controller for actions related to a user's account -- Login/Logout, Activation (like Register, but I use Register for other actions in the site so I've renamed it), Add/Update Contact information. Up to now, though, I've been concentrating on the administrative user views.
I'm at the point where I'm going to start creating the various views that non-administrative users will see. These are rather limited compared to the administrative interface. My inclination is to create a new set of views and associated controller in the User "family" instead of using the Account views/controller. Is this a good idea or should I stick with the Account controller? My feeling is that since this is for ordinary users it should be a separate controller since Account would apply to both ordinary and administrative users.
EDIT: After reading the first couple of responses, my refactored question is:
Do you consider the Account controller to be for administrative actions related to the user's account or for all actions on the user's account? Would you distinguish between membership/role related views/data and application related views/data to the extent of creating a new controller.
Related, but doesn't directly answer my question: ASP.NET MVC Account Controller usage guidelines?
I don't think there's a right or wrong answer here, so I'll give you my opinion.
Technically, either solution (extending the Account controller or creating a new controller) will work just fine.
So I think this is more a question of how the users perceive the functionality. I think it's a good idea to follow the convention that the URI dictates the controller (or vice versa, if you prefer).
If, for example, you'd like to have the "administrative" actions on a separate path, then that should be a separate controller. You might want to do this, for example, if you use an IIS module for authentication or if it makes your log analysis easier.
On the other hand, it might be the case that the users perceive account functions and administrative functions as part of the same family of actions, except that some users have additional features. If so, then that suggests that should be on the same path in the URI and, hence, part of the same controller.
Summing up, I think this is a question you should ask your user representative instead of folks on this site. :)
Update: Regarding your updated question, I would say that it is fairly natural to put an action for changing a user's password on the Account controller, and that action could be invoked by the user herself, not just an administrator. So I wouldn't presume that the Account controller is strictly for administrative tasks. On the other hand, your example of the fund-raising performance is well outside of the scope of membership-related things, so it is not clear that it belongs on Account, either. I'm still leaning towards, "ask your user representative."
In ASP.NET MVC you will usually create controls based on data types rather than access types. For example:
Instead of 2 /Controllers/UsersControl.cs and /Controllers/Admin/UsersControls.cs it is easier to use one common controller for both admins and regular users - /Controllers/UsersController.cs (by setting different [Authorize] attributes and views).
I would keep existing AccountController.cs for encapsulating account related functionality. And just add new UsersController.cs for the rest Users related functionality (which could have methods like OnlineUsers etc.)