Database Search Solution
(New Version) Search Control
Free ASP.NET Controls
ASP.NET Media Player Control
Flash Video Player Control
ASP.NET Telecommute Jobs
Free IP Location Lookup
Test .Net Regular Expressions
CSS/Table/DIV Page Layouts
Article Sites Master List
.NET Windows Forms
General .NET Framework
Accepting Credit Cards
Create Your Own Web Site Administration Tool in ASP.NET
The objective of this tutorial is to show the steps you have to follow to create your own WAT (Web site Administration tool) in ASP.NET.
In order to follow this tutorial, you have to meet the below conditions:
- IIS 5.0/6.0 web server installed on your PC;
- .NET 2.0 framework or above installed on your PC;
- An ASP.NET site (authentication is done via forms);
- A SQL server database (aspnetdb.mdf in our case) in the App_data folder of the application; This db must have the sql schema for membership, profiles and roles.
Introduction to WAT (Web site administration tool)
ASP.NET 2.0 already includes a WAT that is available from the Visual Studio 2005 Website menu via the ASP.NET Configuration menu option. This WAT allows only local websites to be administered. So, restrictions appear when you have your web site remotely hosting with a web hosting company.
The solution is to create your own WAT tool from the beginning as part of your web site. So, with this tool you can administrate the users and the roles in a web site.
Note, if you don't like to build this application from the beginning, you can download Web Site Administration Visual Studio Project, used in this tutorial
The principal class of the ASP.NET 2.0 is System.Web.Security.Membership, which exposes a number of static methods to administrate the users from a web site. In order to have a complete description of these methods please consult the MSDN's documentation related to this issue.
The provider for the Membership system is configured in the web.config. Most of the default settings are hard-coded in the ASP.NET runtime due to improve performance. So, by configuring the provider in the web.config file, you override the defult setting with your own.
Please add the code below to your web.config file:
First of all, I configured in the <connectionStrings> section the connection string the application will use to connect to the db. In our case the name of the db is aspnetdb.mdf and is placed in the App_Code folder. As you can see here you can configure how many password attempts there will be, the password's length and other settings important for the Membership system.
Roles in ASP.NET
A system that supports authentication/authorization will have a support for roles too. The purpose of roles is to group users together for assigning a set of permissions, or authorizations. In this way the administrator's task is much easier.
Like in the Membership system, ASP.NET 2.0 has built-in support for roles, with regard to performance, security, and flexibility. There is a default provider for SQL Server, but if you want to customize it you can write your own provider.
The role management is disabled by default to improve performance for sites that don't need roles. In order to enable it, please enter the code below in the web.config file.
With this code you enabled the roles management system and configured your own provider.
System.Web.Security.Roles is the class that allows you to access and manage role information programmatically. In order to have a complete description of these methods please consult the MSDN's documentation related to this issue.
ASP.NET 2.0 comes with a built-in mechanism to manage user profiles, in an easy, yet very complete and flexible, way. The Profile module is easy to be implemented - for this you need to configure what the profile will contain. For every property, you have to define the property name and its type. So, if we want to add a BirthDate profile property, we must add the <add name="BirthDate" type="DateTime"/> code.
Please add the below code you your web.config file.
SQL Server data store
All data about users, their profiles and roles are stored in SQL Server data store.
As I already specified, there is a pre-build data store structure. So, you don't have to lose precious time creating tables, relations between tables and stored procedures. The membership system uses the next tables: aspnet_Applications, aspnet_Users and aspnet_Membership. For role management we have two more tables: aspnet_Roles and aspnet_UsersInRoles. For the profile system, tables are created after you specify the profile properties in the web.config file.
Create your own Website Administration Tool: The ManageUsers Administrative Page
Let's name this page ManageUsers.aspx. The user interface for this page can be divided into three parts:
The first part shows the number of registered users. It also shows how many of them are currently online.
The second part provides features for searching and listing the users. There is an "alphabet bar" with all the letters of the alphabet; when one is clicked, a grid is filled with all the users having names starting with that letter. There is also a facility to search for the users by providing a partial username or e-mail address.
In he third part with the help of a grid you can lists users and some of their profile properties.
The code below shows how you can implement the first two parts:
For the alphabet bar I used a Repeater control, instead of a fixed list of links. To this Repeater control I bounded an array of characters that will finally be displayed as links. So, if later you want to remove certain characters from your alphabet bar, you will only have to remove those letters from that array.
The third part of the page contains a Gridview that will lists users and some of their properties. All we need is to specify the number and the type of columns for this grid. Below you will find the description for each column:
For the username, the creation date and last access date we will use BoundField columns. These values for these data will be displayed as strings.
For IsApproved property (read-only) use a CheckBoxField column.
For user's e-mail use a HyperLinkField to show the as an active link that uses the mailto: protocol.
To redirect the administrator to a page called EditUsers.aspx use another HyperLinkField column to show an edit image. This link will have the username as a querystring value and will allow the administrator to edit a user's profile.
To delete a user use a ButtonField column to create a graphical Delete button. To do this set the column's ButtonType property to "Image"
The code below shows how you should define this grid:
If no users were found, you can customize your result with the <EmptyDataTemplate> section. This new feature was introduces only for ASP.NET 2.0.
In the page's code-behind file there is MemershipUserCollection object. This object is initialized with all the user information returned by Membership.GetAllUsers static method. In the Load event of this page we will use the Count property of this collection to display the total number of registered users and also the number of online users. I also created an array that contains letters that will be bound to the Repeater control in order to create the alphabet.
When the administrator will click a letter link, the ItemCommand event of the Repeater control will raise. Here we will retrieve that letter and search for all users with the name that starts with that letter. When you click the All link, the gridview will show all the users. There are two search modes: SearchByEmail and SearchByText. Because in this case we will use a "SerachByText" search mode, the "SearchByEmail" mode is put to false. This search mode is stored in the Attributes collection of the gridview so that it is persisted in the view state, and doesn't get lost during a postback. Here's the code:
source, RepeaterCommandEventArgs e)
In this event the BindAllUsers method is called. The Boolean value that is passed as an input parameter indicates if the allRegisteredUsers collection must be repopulated (especially when a user is deleted). The text to search for and the search mode are retrieved from the grid's Attributes collection. Below is the code:
This BindAllUsers method is also called when the Search button is clicked. In this case, the search mode will be set according to the value selected in the ddlUserSearchTypes dropdown list control. If you choose the "SearchText" search mode, to the entered search string will be added at the beginning and at the end the "%" character, so LIKE query will be performed:
sender, EventArgs e)
If you want to delete a user you have to click the trashcan icon. For this the GridView raises the RowDeleting event because the column's CommandName property is set to Delete. Inside this event handler you will use the static methods of the Membership and ProfileManager classes to delete the user account and its accompanying profile. BindAllUser method is called (with true as a parameter), so that the collection of all users is refreshed, and the new information is displayed:
sender, GridViewDeleteEventArgs e)
sender, GridViewRowEventArgs e)
This script is added only for rows of type DataRow. In this way we will avoid to add this script to the header, footer, and pagination bars.
The UserProfile user control
After registering every user has to fill in some forms with his profile. Due to flexibility I grouped all these forms and controls into a user control. In this way I can use the same user control in the administration section to edit the profile for a user.
So, the profile proprieties that we configured in web.config file will receive the values from these forms. Please see below the mark-up code for this user control.
In the user control's load event the first thing we have to do is to retrieve the profile for the user and to update the forms with these details.
sender, EventArgs e)
The most important method is the Save method. It has the purpose to save in the user's profile the values from the forms.
It is important that this user control to benefit of the ViewState facility, but we might have problems if we place this user control in a page that has the ViewState disabled. To resolve this problem we have to use the ControlState facility. It does mainly the same thing like Viewstate, but the difference is that it will be always enabled no matter of the ViewState from the web page. To implement the ControlState facility we have to write the code below:
string _userName =
The EditUsers Administrative Page
You can access the EditUsers.aspx page clicking the edit image for a user in the ManageUsers.aspx grid. The username of that user is passed as a querystring value. This page allows an administrator to see all the membership details about that user and to edit the user's personal profile. The user interface of the page is simple and is divided in three parts:
The first part displays the details from MembershipUser. All controls are read-only, except for those that are bound to the IsApproved and IsLockedOut properties. Through the IsLockedOut property you can unlock a user account.
The second part contains a CheckBoxList that displays all the roles created for this application. Here you can add and remove users to and from roles. There is also a TextBox control and a button to create a new role.
In the third part you can edit a user's profile with the help of the user control we have created.
Below you can find the mark-up code for the EditUsers.aspx web page:
In the Page_Load event handler the username is retrieved from the querystring and a MembershipUser instance is created for that user. Now, all profile proprieties are shown in the first part of the page:
EditUsers : Page
The purpose of the BindRoles method is to fill the CheckBoxList with all the available roles and to check the ones the user belongs to:
When the Update Roles button is pressed, the first thing to do is to remove the user from all his roles and after that to add him to the selected ones. We have to remove the users from all the roles because we will receive an exception if we try to add a user in a role he is already a member of. Please see the below code:
sender, EventArgs e)
As you see, we used Roles.AddUserToRoles method instead of the Roles.AddUserToRole method. For this we created first a list with all the new roles the user will belong.
Below you can find the code for creating a new role. First we check to see if there is a role with the same name. If there isn't, we can create it. The BindRoles method is called to refresh the list of available roles:
sender, EventArgs e)
When the Approved checkbox is clicked, the event handler updates the MembershipUser object's IsApproved property according to the checkbox's value, and then save the change:
sender, EventArgs e)
You can unlock a user in the same way. For this we will use the UnlockUser method of the MembershipUser object. After that, the checkbox is made read-only because you can't lock out a user. Please see the below code:
sender, EventArgs e)
When the profile box's Update button is clicked, a call to the UserProfile's Save method is made and the userâ€™s profile is updated:
sender, EventArgs e)
This tutorial is written by Adrian Tarjoianu.
comments powered by Disqus