I have an MVC application that among other things contains a small Silverlight menu that is displayed as part of the .Master page used in most pages.
I have also written a MembershipProvider (and a role provider) that uses my app's database for authenticating and authorizing users. Works fine.
However, I want the Silverlight menu to contain some extra items if the user is in the admin role. Of course one possibility is to make two Silverlight menu applications and choose which one to display based on the user in the master page. But this has a ring of ugly to me.
The better option would be if the Silverlight app could figure out the identity of the logged in user is and use it to configure itself to show the admin options.
Is there a simple way to do something like this? The MVC application and the Silverlight app(s) are deployed on the same IIS7 server and part of the same solution.
The solutions I have found on the web so far either prompt the user for a separate login inside the Silverlight application, or do a lot of work with WCF services. If I have to, I'll go that route, but I am stuck with a feeling that there should be an elegant, easy way to do this.
I believe firmly in the KISS principle so simplicity is highly appreciated!
Thanks!
I'm pretty much convinced that your Silverlight menu shouldn't have to be aware of whether the user is an admin or not.
If you have a "generic style" menu control that can display any number of items, then I think those items should be communicated. The master view should then decide the items to show. Better yet, a controller should return the items to show based on the user's status and the master view should just render them.
If you have a menu control designed specifically to fit in your web app that isn't really made to show any number of items, then the master view should just set a property or something to communicate this fact.
The rest of your question confused me a bit, but I'm convinced that your silverlight component is not a complete "app" in its own right, just a piece of the presentation.
Related
we're stuck. We're puzzling about how to best handle this problem. What would be 'best practice'?
What we need is a push in the right direction. What we want/need is to have different user logins for different MVC areas. And it should (preferably) be possible to be logged in with different users to different areas at the same time. One area is the back office / CMS area, only accessible by admin's, editors, developers, etc. has it's own user database. The other area is a 'website' that is running on it, using an anonymous user (or the currently logged in content editor user) to fetch content from the back office area's REST webservices. This area also has it's own database of users, different roles, that database could be on the other side of the world (figuratively speaking). The [Authorize] attribute will not help much I guess. Or well, we're thinking of creating a special Authorize attribute for the content editor area. In our search for a solution or products solving a similar problem we found that Umbraco is using an UmbracoAuthorizeAttribute to do this.
But this would not solve the problem of supporting 2 login pages and being redirected to area's login page when someone is not logged in to that area. Or how should we handle that?
Is there anyone that could give us a push into the right direction and also tell us what we should think about/be careful with when implementing it? We don't 'need' a complete solution.
[Edit]
Could using Claims be a solution to our predicament? Would that be the right thing to do?
[Edit2]
Also the website area and content editor area should act as two different websites as much as possible. The content editor is allowed having to jump through loops, duck and dive. The website should be able to use whatever authorization mechanizm that is available.
Thank you
The [Authorize] attribute will work for you just fine. However, you will need to assign roles to your users and then apply the [Authorize(Roles="Rolename")] attribute to the controllers for those areas.
For instance, you may have an Admin area, and in Admin you have a UsersController that is used to manage users. You would apply [Authorize(Roles="Admin")] to your UsersController class (and any other controllers in the Admin area).
Next, you neeed to assign roles to users, so that users with those roles can access those areas. How you do that, depends on what kind of authentication you're using. If you're using Windows Authentication, then you need to give them a security group by that name. If you're using Identity or Membership, then you need to enable the proper role management functionality and add the user to the role using the appropriate api when you register the user (and add management functionality to the admin tools).
In this way, a user can be assigned multiple roles, and they can be given access to whatever areas based on the role(s) you give them.
As for why you think it won't work for your other situation, i'm unsure. It sounds like you have two different authentication mechanisms, which is fine as long as they both create standard GenericPrincipals and Identities.
In my opinion, people are way too quick to jump to the "Custom Authorization Attribute" approach, when it's really the wrong thing to do. The standard Authorization Attribute is very flexible because it works with the generic IPrincipal/IIdentity and any authentication that can create those objects will work with it, without changing the attribute.
I'm working on application with some sort of CMS features. I need some pages to be editable. For instance:
you can edit a text block right in your browser
you can add and remove different modules to your page
For instance, if I have a main page I may want to edit welcome text.
If I have a sidebar I may want to add/remove new modules to the sidebar such as:
email subscription module
social network (facebook, twitter, etc) links block
text block
My application may have several pages, not only one.
I want to keep it simple and I'm looking for the right approach/examples/existing tools.
What's the best pattern / third-party solution for ASP .NET in order to implement this and keep it simple?
If you want to use ASP.NET MVC I think the best solution is to look into Orchard. It's really easy to get up and running, has a rich set of existing modules and building a module from scratch is really easy. This was actually started by a couple of Microsoft guys and then spun out into it's own open source project. http://www.orchardproject.net/
I'm building a large hierarchical web application and I need some help deciding on some best practices with leveraging MVC.
The application will have tabs at the top which control a sub page, and a query pane (off to the side).
There will be two templates for query panes, each used by different sub-pages. The sub-pages will be based on the selected tab with settings derived from the query panes.
Clicking on tabs or updating the query pane will update the sub-page section without refreshing the page.
I'm a bit new to MVC and what I don't quite understand is how I can leverage MVC methodologies to help me manage the web application's state (which consists of the selected tab, query options, and other page-specific options).
Currently I'm planning on initially setting up a model which stores the client state parameters (default values, or values obtained from a DB), and using it to load the page, consisting of several partial views. When anything is changed (tab/query/etc), the view will call a corresponding controller, passing back model parameters via post (I'm assuming there's no way to store session-specific client state models on the server-side?).
My question is:
Am I doing it right?
If not, what am I missing; and specifically, is there a way to store these session-specific state models server side so they don't have to be passed back to the server during every single page transaction?
If I understood everything you need Its a SPA (Single Page Application). This will provide a magic user experience, without full page reload, and low data traffic. But, requireds some MVVM framework (AngularJS, KnockoutJs, etc) and a lot of JavaScript coding. But the result is amazing. The guy behind this in MVC is John Papa, take a look in everything on his blog and you will win.
John Papa Blog
Hopes Its Help you
I would like some opinions on the following approach to architecting a web application.
A user will navigate to a login page. After logging in, the user will be sent to what I will call a primary page. The idea is to have the primary page contain some common material at the top of the page along with a menu. Below the menu taking up the majority of the page is an IFrame. Each of the menu items, when selected, would load the appropriate page into the IFrame. Here is the main point. The user can navigate through the application using the various menu selections and carry out whatever those selections allow while the primary page remains loaded during the entire session, that is, until the user logs out or closes the browser. This approach does not follow what appears to be the more common paradigm where the browser completely replaces web pages with other web pages as the user navigates through the site. No page stays loaded during the entire session. Is leaving the primary page loaded during the entire session a good idea?
If not, what are the main concerns? Also, can you site any references to a different approach to accomplish the same application-like behavior?
If okay, is there any advantage to using MCV over Web Forms to obtain this behavior?
majority of the page is an IFrame
Iframes are bad. They always have been bad, they always will be. There a dirty hack.
Don't use iframes.
SPA
If you have a good reason not to use actual pages and redirects you can try one of those single page applications that seem to be popular.
I will however remind you that if you rely javascript you basically can't do SEO.
Progressive enhancement
As an aside read up on Progressive Enhancement. You should be doing that.
Partial views
If you like having a large portion of your website static then you can always load partial views over ajax and render them on the client.
Of course because your doing progressive enhancement your doing full page redirects and loads aswell. The partial view rendering on the client is just bells and whistles.
.NET
As for using C# frameworks I would personally recommend Nancy.
If you want to use ASP (god knows why) I guess you can use ASP.NET MVC, sure it's far from optimum but at least it's not ASP.NET webforms
I don't think it's the absolute evil, but your solution does not actually follow the "normal" behaviour of an HTML site, and browsing may be less intuitive.
Users will have problems for bookmarks or using back button, for example.
You will not be able to adapt the menu accoring to the current displayed content (or will have a hell of synchro problems!), for example showing wich section you are in.
The common solution for web is to use a layout, or two-step view pattern (see http://framework.zend.com/manual/en/zend.layout.introduction.html)
I don't know well webforms, but MVC is known as the standard de facto for most web applications and frameworks. It's nice because of the splitting of the roles and the organization it enforces.
I am going to create new Financial web application using Asp.net MVC fully ajax, hosted on customer intranet.
i have Company setup screen,
Company Model is shown Below.
Company {Main Company info, Bank info}
.|_Regions - each :{Region info, Contacts}
...|_Districts - each : {district info,Contacts}
.....|_Branches - each : {branch info, contacts}
I thought to make it master/detail , master/detail, master/detail in one page, another idea to make master/detail for company then tabs for region,district and branch and make each tab dependent on previous one. i don't like both ideas, it is very difficult for user to understand the page layout, in addition it is very old style.
the problem is all application pages follow this pattern.
I need smart idea for page layout fit with nested model like this example , i prefer if it is inspired by IPad or mobile apps designs.
thanks