Proverb Web Service: Creating the Admin Page - Part 2
Add Comment| Download File | SDK | |
| proverbservice1.zip (15kb) | Beta2 |
Introduction
In continuation from the
last part, in this article I will construct
the Administration Page for our Proverb Web Service. If you remember,
in the last Article we built a Proverb Web Service, which supports 2
methods. One to view a random Proverb and another to add a Proverb for
moderation.
The Administration page we build in this article will help the
administrators of our web service to moderate (Accept / Reject)
the Proverbs added by users to the web service.
Code
1) adminpage.aspx - The Proverb Web Service Administration page. I haven't made a very fancy page, you can add all the frills you want :)
<%@ Page Language="C#" debug="true" %>
<%@ Import namespace="System.Data" %>
<%@ Import namespace="System.Data.OleDb" %>
<html>
<head>
<title>Proverb Web Service: Administration Page</title>
<script runat=server>
public void Page_Load(object sender, EventArgs e)
{
//If Page is loaded for first time call the BuildGrid method
if(!IsPostBack)
BuildGrid();
}
//Method to Databind the Grids
protected void BuildGrid()
{
string conString=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data Source=";
conString+=Server.MapPath(".\\db\\proverb.mdb");
string sqlString ="SELECT * FROM Moderate";
//Create a OleDb DataAdapter
OleDbDataAdapter modAdapter= new OleDbDataAdapter(sqlString,conString);
DataSet modSet = new DataSet();
//Fill the DataSet
modAdapter.Fill(modSet,"Moderate");
//Databind the grid
ModGrid.DataSource = modSet.Tables[0].DefaultView;
ModGrid.DataBind();
sqlString ="SELECT * FROM Proverb";
OleDbDataAdapter proAdapter= new OleDbDataAdapter(sqlString,conString);
DataSet proSet = new DataSet();
//Fill the DataSet
proAdapter.Fill(proSet,"Proverb");
//Databind the grid
ProGrid.DataSource = proSet.Tables[0].DefaultView;
ProGrid.DataBind();
}
//Method called when Add/Remove button is clicked in the DataGrid
void ModGrid_Command(Object sender, DataGridCommandEventArgs e)
{
//Get the Proverb from the 4th cell in the table
//Since array's are zero indexed we get the value at index 3!
TableCell proCell = e.Item.Cells[3];
string proVerb = proCell.Text;
//Get the ID from the 3rd Cell
TableCell itemCell = e.Item.Cells[2];
string item = itemCell.Text;
//Check if Accept Button was pressed
if (((Button)e.CommandSource).CommandName == "Accept")
{
//Insert the proverb into the 'Proverb' table
string conString=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data Source=";
conString+=Server.MapPath(".\\db\\proverb.mdb");
string sqlString ="INSERT INTO proverb (Content) VALUES ('"+proVerb+"')";
OleDbConnection proCon = new OleDbConnection(conString);
OleDbCommand proCommand = new OleDbCommand(sqlString,proCon);
proCon.Open();
proCommand.ExecuteNonQuery();
proCon.Close();
//Delete the proverb from 'Moderate' table
sqlString = "DELETE FROM moderate WHERE ID="+item ;
proCommand.CommandText=sqlString;
proCon.Open();
proCommand.ExecuteNonQuery();
proCon.Close();
//Rebuild the grids
BuildGrid();
}
else if(((Button)e.CommandSource).CommandName == "Reject")
{
//Delete the proverb from the 'Moderate' table
string conString=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data Source=";
conString+=Server.MapPath(".\\db\\proverb.mdb");
string sqlString = "DELETE FROM moderate WHERE ID="+item ;
OleDbConnection proCon = new OleDbConnection(conString);
OleDbCommand proCommand = new OleDbCommand(sqlString,proCon);
proCon.Open();
proCommand.ExecuteNonQuery();
proCon.Close();
//Rebuild the grids
BuildGrid();
}
}
//Method to add a new Proverb
protected void InsertNew(object sender, EventArgs e)
{
//Insert a new proverb into the 'Proverb' table
string conString=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data Source=";
conString+=Server.MapPath(".\\db\\proverb.mdb");
string sqlString ="INSERT INTO proverb (Content) VALUES ('"+proText.Text+"')";
OleDbConnection proCon = new OleDbConnection(conString);
OleDbCommand proCommand = new OleDbCommand(sqlString,proCon);
proCon.Open();
proCommand.ExecuteNonQuery();
proCon.Close();
//Clear the TextBox
proText.Text="";
//Rebuild the grids
BuildGrid();
}
</script>
</head>
<body>
<form runat="Server" >
<div align="Center">
<h2>Proverb Web Service: Administration Page</h2>
Add a Proverb
<table border="1">
<tr><td>Proverb</td><td><asp:TextBox id="proText" runat="Server" />
<asp:RequiredFieldValidator
ControlToValidate="proText" runat="server">*</asp:RequiredFieldValidator></td></tr>
<tr><td colspan=2>
<asp:Button id="AddNew" OnClick="InsertNew" text="Add New" runat="server" /></td></tr>
</table>
<br>
Moderation Table
<asp:DataGrid id="ModGrid" BorderColor="black"
BorderWidth="1"
CellPadding="3"
AutoGenerateColumns="false"
OnItemCommand="ModGrid_Command"
runat="server">
<HeaderStyle BackColor="#00aaaa">
</HeaderStyle>
<Columns>
<asp:ButtonColumn
HeaderText="Accept"
ButtonType="PushButton"
Text="Add"
CommandName="Accept" />
<asp:ButtonColumn
HeaderText="Reject"
ButtonType="PushButton"
Text="Remove"
CommandName="Reject" />
<asp:BoundColumn
HeaderText="Id"
DataField="ID"/>
<asp:BoundColumn
HeaderText="Proverbs"
DataField="Content"/>
<asp:BoundColumn
HeaderText="Date"
DataField="Dt"/>
</Columns>
</asp:DataGrid>
<br>
Active Table
<asp:Datagrid id=ProGrid BorderColor="black"
BorderWidth="1"
CellPadding="3" runat="Server" >
<HeaderStyle BackColor="#00aaaa">
</HeaderStyle>
</asp:Datagrid>
Copyright <a href="http://www.mastercsharp.com">www.MasterCSharp.com</a>
all rights are reserved.
</div>
</form>
</body>
</html> |
Save this file as adminpage.aspx and you have the administration page ready!! Now copy this page into the 'ProverbService' virtual directory you might have created in the last article. If you have hosted the Proverb Web Service in some other Virtual Directory, then copy this file into that directory. But remember, it has to be a Virtual Directory that hosts the Web Application.
Securing the Admin Page
Many of you might have got the hint that the page we have just created
above is publicly accessible and totally beats it purpose. So we have
to take some steps to restrict access to the page. There are many ways
to do that, but for the sake of this example I will choose one of the
easiest and that is Form (Cookie) based authentication provided by
ASP.NET.
Step 1: Login Page - login.aspx
Since we are using Form Based Authentication for our application, we
need to create another page that will redirect all unauthorized to a
page to login.
2) login.aspx - The login page.
<%@ Page language=C# %>
<%@ Import Namespace="System.Web.Security " %>
<html>
<script language="C#" runat=server>
void Login_Click(Object sender, EventArgs E) {
//Check if the Email and Password values correspond.
//I have hard-coded the values... you can implement your own logic
if ((UserEmail.Value == "admin@mastercsharp.com") && (UserPass.Value == "abcd1234"))
{
//If credentials are proper, Authenticate the use and set the cookie
FormsAuthentication.RedirectFromLoginPage(UserEmail.Value, PersistCookie.Checked);
}
else {
Msg.Text = "Invalid Credentials: Please try again";
}
}
</script>
<body>
<form runat=server>
<h3><font face="Verdana">Login Page</font></h3>
<table>
<tr>
<td>Email:</td>
<td><input id="UserEmail" type="text" runat=server/></td>
<td><ASP:RequiredFieldValidator ControlToValidate="UserEmail"
Display="Static" ErrorMessage="*" runat=server/></td>
</tr>
<tr>
<td>Password:</td>
<td><input id="UserPass" type=password runat=server/></td>
<td><ASP:RequiredFieldValidator ControlToValidate="UserPass"
Display="Static" ErrorMessage="*" runat=server/></td>
</tr>
<tr>
<td>Persistent Cookie:</td>
<td><ASP:CheckBox id=PersistCookie runat="server" /></td>
<td></td>
</tr>
</table>
<asp:button text="Login" OnClick="Login_Click" runat=server/>
<br>
<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat=server />
</form>
</body>
</html> |
As you can see above, the login page is very simple. I have hard-coded the values for e-mail and password but for a real world solution you can implement a database checking. Save this page as login.aspx and copy it into the same 'ProverbService' Virtual Directory.
Step 2: Application Configuration - Web.Config
As the final step to secure the admin page, we have to inform the
ASP.NET runtime to secure the AdminPage.aspx file and only allow
authenticated users to view the page. The ASP.NET pick's up these
settings from the Xml formatted Web.Config file. For more information
on the Web.Config file see the ASP.NET Documentation. I would just add
that there can only be one Web.Config per Web Application hosted in a
Virtual Directory. Again, please note that your application has to
reside in a Virtual Directory (not a normal directory) or you will
start getting weird errors!
Explaining the different sections of this file will take up a series
of articles on its own, you can look into the ASP.NET Quick Start for
more information.
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="ProverbService" loginUrl="login.aspx" protection="All" path="/" />
</authentication>
</system.web>
<location path="adminpage.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration> |
Save this file as Web.Config and place it into the 'ProverbService' Virtual Directory. Once that's done, your page is secure!
Calling
the Page
Once you have setup everything, its testing time!! Fire up your
favorite
browser and enter the url to the Admin Page i.e.
http://localhost/provebservice/adminpage.aspx . Your browser
should automatically redirect you to 'login.aspx' page to enter your
credentials. If you enter the proper credentials you will be
re-directed back to this page, automatically!!
Conclusion
In this part of the Proverb Web Service, we learnt how to build the
admin page for our service, as well as we learned how to secure the
page using ASP.NET Form based authentication. With this, we finish the
server deployment of our web service, next article onwards we will see
how to build various Clients for our Web Service.