The site navigation features in ASP.NET 2.0 make it easy to define a site map and implement common navigation UI elements, such as a breadcrumb, treeview, and menu. Due to its use of the provide model, you can dictate how to serialize the site map. ASP.NET 2.0 ships with a default implementation that serializes site map information to an XML-formatted file (Web.sitemap, by default), but as we saw in Part 4 this logic can be customized to garner site map information directly from the file system or through a SQL Server database table. Site navigation can even be configured to use security trimming, which will remove those nodes in the site map for which the currently logged on user does not have authorization to view.

The site map provider model and security trimming features are used to customize the set of site map nodes used by the navigation Web controls, and afford a great deal of customization. However, there are times where we may want to customize the rendered output of the navigation control based on the site map data. For example, maybe in our Menu control we want to display an icon next to each menu item depending on some classification defined for the menu item's corresponding site map node. Alternatively, the markup rendered by ASP.NET's built-in navigation controls may not suit our needs. Rather than displaying a TreeView or Menu, we may want to show the site navigation information in a bulleted list. Such functionality is possible by directly working with the SiteMap class.

In this article we'll look at how to accomplish a hodgepodge of customizations when rendering the navigation UI controls. Read on to learn more!

The goal of ASP.NET's site navigation feature is to allow a developer to specify a site map that describes his website's logical structure. A site map is constructed of an arbitrary number of hierarchically-related site map nodes, which typical contain a name and URL. The site navigation API, which is available in the .NET Framework via the SiteMap class, has properties for accessing the root node in the site map as well as the "current" node (where the "current" node is the node whose URL matches the URL the visitor is currently on). As discussed in Part 2 of this article series, the data from the site map can be accessed programmatically or through the navigation Web controls (the SiteMapPath, TreeView, and Menu controls).

The site navigation features are implemented using the provider model, which provides a standard API (the SiteMap class) but allows developers to plug in their own implementation of the API at runtime. ASP.NET 2.0 ships with a single default implementation, XmlSiteMapProvider, with which the developer can define the site map through an XML file (Web.sitemap); Part 1 of this article series looked at defining this XML file. However, our site's structure might already be specified by existing database data, or perhaps by the folders and files that makeup our website. Rather than having to mirror the database or file system structure in a Web.sitemap file, we can create a custom provider that exposes the database or file system information as a site map.

Thanks to the provider model we can provide a custom implementation of the site navigation subsystem, but one that still is accessible through the SiteMap class. In essence, with a custom provider the SiteMap class and navigation Web controls will work exactly as they did with the XmlSiteMapProvider. The only difference will be that the site map information will be culled from our own custom logic, be it from a database, a Web service, the file system, or from whatever data store our application may require. In this article we'll look at how to create a custom site navigation provider and build a file system-based custom provider from the ground-up. Read on to learn more!
Read More >

In addition to this article series on ASP.NET 2.0's site navigation, I am also currently authoring an article series on ASP.NET 2.0's membership, roles, and profile. The membership system in ASP.NET provides a programmatic API for creating and managing user accounts, whereas the roles piece enables a developer to define a set of roles and to associate users with roles. A website that provides user accounts typically has certain sections of the site that are accessible only to certain users, only to authenticated users, or to users that belong to a particular role.

For example, a website might have a set of pages that allow a trusted user to edit the content of the website, or manage the existing users. Rather than simply trying to hide this page and hope no one accidentally stumbles across it, or hard coding authorization rights to only allow in a single user, a more robust and secure approach is to define an Administrator role that is then assigned to a select handful of trusted users. These administrative web pages can then be configured to allow access only to those users in the Administrator role. Similarly, the website may contain a set of pages that only authenticated users can access.

Since certain sections of the site might only be accessible by certain users this leaves us in a delimma with site navigation. Do we include those pages that only authorized users can access in the website's site map? If we do, then all users will see the restricted pages in the site's Menu or TreeView. Why show the links to these pages for users who can't access them? If we leave out the restricted pages from the site map altogether, then those users that are authorized to view those pages can't easily navigate to them because they're not part of the site map and therefore don't appear in the site's TreeView or Menu!

Thankfully, ASP.NET 2.0's site navigation provides a feature called security trimming. When obtaining site map information with security trimming enabled, only those site map nodes that the currently logged on user has authorization to visit are available. That means the site's TreeView or Menu will contain just those sections accessible by the currently logged in user. Read on to learn how to configure site navigation to support security trimming!
Read More >

Any website that is composed of more than one page needs some sort of navigation user interface, which is created in a two-step process. First, the site's logical structure must be defined; then, user interface elements are added to allow the user to move between sections of the site's sturcture. Prior to ASP.NET 2.0, developers were required to tackle both of these steps on their own. With version 2.0, however, ASP.NET provides a simple way to define a site's structure and includes a handful of Web controls designed specifically to display site navigation user interfaces.

In Part 1 of this multi-part series of ASP.NET 2.0's site navigation features we examined how to create the Web.sitemap XML site map file and how to display site navigation information through the site navigation Web controls, which include:

• SiteMapPath, which displays a breadcrumb (Home > Electronics > XBOX)
• TreeView, which displays a collapsible, vertically displayed tree, showing the entire site map hierarchy
• Menu, which displays either a horizontally- or vertically-aligned menu

Part 1 only provided a cursory introduction to both the site map file and navigation Web controls' functionalities and capabilities. In this second part of the article series we'll turn our attention to programmatically working with the site map information, as well as looking at the SiteMapPath navigation Web controls in detail. Read on to learn more!
Read More >

Any website that is composed of more than one page needs some sort of navigation user interface. A navigation user interface might be as simple as static hyperlinks to the other pages in the site, or might involve the use of menus or trees. But before a navigation user interface can be created for a site, the site's logical structure must first be defined. (This logical structure is often referred to as a site map.) For example, a website like Amazon.com is arranged into various sections by product line, like Books, Electronics, Computers, DVDs, and so on. Each of these sections may have sub-sections. Books is broken down into categories like Accessories, Books on CD, Novels, History, Romance, and so on. Typically, these logical structures form a hierarchy of sorts. The screenshot below shows an abbreviated version of Amazon.com's site map.

Once the site map has been defined, the site's navigation user interface can be created. At Amazon.com, the main page lists links to each of the main sections along the left-hand side of the page. Drilling down into a particular section lists that section's sub-sections on the left. Other navigation user interfaces could be used as well, though: you might have a tree showing the various sections and sub-sections, or a menu that listed as top-level menu items the sections like Books, Electronics, DVDs, and so on, with those menu items' submenus containing the respective section's sub-sections.

Prior to ASP.NET 2.0, developers typically rolled their own site navigation solutions. ASP.NET 2.0, however, makes defining a site's structure and implementing it using common navigation user interface elements a walk in the park. In this article we'll look at ASP.NET 2.0's site navigation features. Read on to learn more!
Read More >

ASP.NET's forms-based authentication system in tandem with the Membership API and Login Web controls make it a cinch to create a user store, create user accounts, and allow visitors to log into the site. What's more, with little effort it's possible to define roles, associate user accounts with roles, and determine what functionality is available based on the currently logged in user's role (see Part 2). Many ASP.NET sites that use Membership have an Admin role, and users in that role are granted certain functionality not available to non-Admin users. Consider an online store - Admin users might be able to manage inventory, whereas the only way normal members could interact with the inventory was by adding items to their shopping cart.

I was recently working with a client who had an interesting request: he needed the ability for Admin users to be able to log into the site as another user, and perform actions as if that other person had logged in herself. Returning to the online store example, imagine that some customers periodically phone in their order, or mail or fax in an order form. An Admin, receiving this order, could then log into the site as that customer and place the order on the customer's behalf.

This article shows how to allow an Admin user to log into a Membership-based website as another user, and includes a complete working demo available for download at the end of the article. Read on to learn more!

Several of the earlier installments in this article series examined how to apply authorization rules in order to prohibit particular users, roles, or classes of users from accessing particular resources. For instance, Part 2 showed how to define URL-based authorization rules in web.config for roles. With just a bit of XML markup, it is possible to block particular users or roles from visiting certain web pages. Just installments also looked at using the LoginView control, which displays different markup based on whether the user is authenticated or not (and can also be used to display different markup based on the currently logged in user's role). There are also programmatic techniques you can use to determine the identity of the currently logged on user and what roles she belongs to.

The URL-based authorization, LoginView control, and programmatic techniques can be used in tandem to ensure that a user does not visit a page or perform some operation if she is not authorized. But what if you forget to implement one of these safeguards? For example, imagine that you have a web page that includes a button that, when clicked, perform some task that is only intended for administrators. You could put this button in a LoginView control or you could use programmatic techniques to ensure that only users in the appropriate role (say, Admin) saw the button. But what if sometime later you, or another developer, removed this check by accident? The net result would be that any user visiting the page could perform the administrator-only operation! Whoops!

To reduce the likelihood of such security mishaps, the .NET Framework includes capabilities for declaratively asserting permissions (via attributes) on methods and classes. In a nutshell, you can add such attributes to ASP.NET pages, their code-behind classes, and your business logic and data access layers. With these attributes in place, your visitors will be barred from performing unauthorized actions, regardless of whether there are any security holes in the user interface. Read on to learn more!

Many websites that support user account allow anyone to create a new account, but require new users to undergo some form of verification before their account is activated. A common approach is to send an email to the newly created user with a link that, when visited, activates their account. This approach ensures that the email address entered by the user is valid (since it is sent to that user's email address). This workflow not only ensures the valid data entry, but also helps deter automated spam bots and abusive users.

In past installments of this article series we've seen how to use the CreateUserWizard control to allow users to create new accounts. By default, the user accounts created by the CreateUserWizard control are activated; new users can login immediately and start interacting with the site. This default behavior can be customized, however, so that new accounts are disabled. A disabled user cannot log into the site; therefore, there needs to be some manner by which a newly created user can have her account enabled.

There are many ways by which an account may be activated. You could have each account manually verified by an administrative user. If your site requires users to pay some sort of monthly fee or annual due, you could have the account approved once the payment was successfully processed. As aforementioned, one very common approach is to require the user to visit a link sent to the email address they entered when logging on. This article explores this latter technique. Read on to learn more!

The Membership system automatically tracks the last date and time each user's account has been accessed. With the SqlMembershipProvider, this information is stored in the aspnet_Users database table in a datetime column named LastActivityDate. This column is automatically updated to the current UTC date and time whenever a user logs into the site, whenever their user account information is updated, and whenever their user account information is retrieved.

In addition to tracking each user's last activity date and time, the Membership system includes a method named GetNumberOfUsersOnline. This method returns the number of users whose last activity date and time is within a specified window; by default, this method returns the number of users whose aspnet_Users.LastActivityDate value falls within the last 15 minutes.

This article, the tenth installment of a multipart article series on ASP.NET's Membership, Roles, and Profile systems, examines the GetNumberOfUsersOnline method and see how to extend the Membership system to include additional user activity information. Specifically, we will add a new table to the database used by the SqlMembershipProvider that associates a description of each user's current action. We will then update our ASP.NET pages to update the records in this table to include a description of the user's current action. For example, when visiting the home page we may use the description, "Viewing the home page." Finally, we will create a web page that displays the list of currently logged on users and their last known action. Read on to learn more!

ASP.NET 2.0's Membership, Roles, and Profile systems were designed using the provider model, which enables these systems to seamlessly use different implementations. ASP.NET ships with a provider for managing members and roles through SQL Server and another for using Active Directory. It is also possible to plug in other implementations that have been built from the ground up or downloaded from other sources. For example, you can download alternative providers from Microsoft that store membership and role information in a Microsoft Access database (see Part 8 of this article series). Most of the articles in this series, however, have focused on using the SQL Server provider (SqlMembershipProvider, SqlRoleProvider, and SqlProfileProvider). The SQL Server providers are typically the provider of choice for Internet-based web applications, whereas the Active Directory providers are more commonly used in intranet scenarios.

The SQL Server providers create a number of tables, views, and stored procedures in the specified SQL Server database. Therefore when using these providers it is possible to add, modify, or delete membership or roles or profile-related data through T-SQL statements. In this article we'll look at a common membership need - deleting users. While users can certainly be deleted through the .NET Membership API, there are scenarios where it may be much easier to use a T-SQL script. However, bypassing the managed APIs and working directly with the database is not without its own host of challenges. By the end of this article we'll have addressed these issues, discussed the pros and cons of using T-SQL in lieu of the managed APIs, and have examined both the managed API methods and T-SQL commands for deleting a single user and deleting all users. Read on to learn more!

One of the main challenges of building a programming framework is balancing the desires to create a standardized, straightforward API for accomplishing common tasks and providing flexibility and customizability so that developers using the framework can mold the framework to fit their applications rather than having to bend their applications to fit the framework. With the .NET Framework 2.0, Microsoft implemented this delicate balance with the provider model. The provider model allows for a standardized API to be defined within the framework, but enables developers to design their own concrete implementation and plug that implementation into their systems at runtime. In Part 7 of this article series we saw how the Membership, Roles, and Provider pieces examined throughout this series all utilize the provider model. Moreover, in Part 7 we created a custom XML provider for the Profile system.

I recently worked on a website that primarily contained static content. The client, however, had a particular page that needed to display data from a simple database with just one table. Additionally, a web page was needed to allow a set of administrators to add, update, and delete data from this table. With ASP.NET 2.0's data source controls and Membership system, this functionality is typically a breeze, but there was a catch - the web hosting company didn't support SQL Server databases, so Microsoft Access databases needed to be used instead. The challenge here is that the .NET Framework BCL only contains a Membership provider for Microsoft SQL Server.

Fortunately, Microsoft provides an Access database template and providers for using Membership, Roles, and Profile with Access. In this article, we'll look at how to get these Access-based providers and how to use the provider in an ASP.NET 2.0 web application. Read on to learn more!

One of the main challenges of building a programming framework is balancing the desires to create a standardized, straightforward API for accomplishing common tasks and providing flexibility and customizability so that developers using the framework can mold the framework to fit their applications rather than having to bend their applications to fit the framework. With the .NET Framework 2.0, Microsoft implemented this delicate balance with the provider model. The provider model allows for a standardized API to be defined within the framework, but enables developers to design their own concrete implementation and plug that implementation into their systems at runtime. (See A Look at ASP.NET 2.0's Provider Model for more details on the provider model, its implementation in ASP.NET 2.0, and the concepts behind it.)

The Membership, Roles, and Provider pieces examined throughout this article series all utilize the provider model. Throughout the past six installments of this article series we've examined some of the providers that ship with the .NET Framework (such as SqlMembershipProvider, SqlRoleProvider, and SqlProfileProvider). In fact, you can download the source code for these built-in providers from Microsoft as well as a Provider Toolkit for creating your own custom providers [link]. And Scott Guthrie lists a number of custom Membership, Roles, and Profile providers in his ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources page.

If the none of the built-in providers meet your needs, you can always create your own custom providers. Custom providers are useful when integrating legacy systems (perhaps you have an old Users database table that differs from the database tables used by SqlMembershipProvider) or when needing to persist membership, role, or provider information in a backing store not natively supported by one of the built-in providers.

In this article, we'll discuss the concepts behind creating and using a custom provider and then implement a simple custom profile provider that serializes profile information to XML files. Read on to learn more!

The Membership API in the .NET Framework provides the concept of a user account and associates with it core properties: username, passsword, email, security question and answer, whether or not the account has been approved, whether or not the user is locked out of the system, and so on. However, depending on the application's needs, chances are your application needs to store additional, user-specific fields. For example, an online messageboard site might want to also allow users to specify a signature, their homepage URL, and their IM address.

There are two ways to associate additional information with user accounts when using the Membership model. The first - which affords the greatest flexibility, but requires the most upfront effort - is to create a custom data store for this information. If you are using the SqlMembershipProvider, this would mean creating an additional database table that had as a primary key the UserId value from the aspnet_Users table and columns for each of the additional user properties. In the online messageboard example, the table might be called forums_UserProfile and have columns like UserId (a primary key and a foreign key back to aspnet_Users.UserId), HomepageUrl, Signature, and IMAddress.

Rather than using custom data stores, the ASP.NET 2.0 Profile system can be used to store user-specific information. The Profile system allows the page developer to define the properties she wants to associate with each user. Once defined, the developer can programmatically read from and assign values to these properties. The Profile system accesses or writes the property values to a backing store as needed. Like Membership and Roles, the Profile system is based on the provider model, and the particular Profile provider is responsible for serializing and deserializing the property values to some data store. The .NET Framework ships with a SqlProfileProvider class by default, which uses a SQL Server database table (aspnet_Profile) as its backing store.

In this article we will examine the Profile system - how to define the user-specific properties and interact with them programmatically from an ASP.NET page - as well as look at using the SqlProfileProvider that ships with .NET 2.0. In a future article we'll look at how to create and use a custom profile provider. Read on to learn more!

ASP.NET 2.0 makes it quite easy to accomplish common tasks. Want to display data from a database, allowing the user to sort, edit, delete, and page through that data? Simply add and configure a SqlDataSource on the page, bind it to a GridView, check a few checkboxes in the GridView's smart tag, and, voila, you have a web-based data entry form that can be created in 15 minutes or so. While the simple case is often a cinch to implement, in the real world rarely is the simple case a practical solution. Often, the simple case needs to be extended and expanded and customized to fit custom rules, logic, formatting, and behavior. Thankfully, ASP.NET 2.0 was designed with extensibility in mind and, thanks to things like the provider model, event handlers, and templates, customizing and extending the simple case is both doable and usually doable without an inordinate amount of effort or "hackery."

As we've seen throughout this article series, ASP.NET 2.0 provides a platform for creating and managing user accounts through its membership, roles, and profile systems. The related Web controls - Login, LoginView, CreateUserWizard, LoginStatus, and so on - can be used to achieve the simple case. Need to provide an interface for logging on a user? Simply drop the Login Web control onto a page. But what if we want to customize the login experience? We may want to reposition the Web controls used by the Login control or add additional content or Web controls to the Login control interface. Or we may want to customize the credentials supplied by the user for authentication purposes. Rather than requiring just their username and password, what if we want to also make them supply their email address on file? Or perhaps we want to include a CAPTCHA (those boxes with text in an image designed to defeat robot programs from successfully submitting a form).

The Login Web control can be customized in a number of ways. First, it has a bevy of properties that can adjust whether or not the "Remember me next time" checkbox is displayed, the text displayed for the "Log In" Button, the colors, fonts, and other style-related settings, and so on. For further control over the layout of the Login control or of the actual controls that makeup the Login control, we can convert the control into a template. And finally, the control's authentication logic can be customized by creating an event handler for the Authenticate event (which can allow us, for example, to use a CAPTCHA as part of the authentication process).

In this article we'll examine how to customize the Login control through its properties, through templates, and by performing custom authentication through an Authentication event handler (including an example with a CAPTCHA). Read on to learn more!

The ASP.NET 2.0 Membership class provides a ValidateUser(userName, password) method that returns a Boolean value indicating whether or not a user's supplied credentials are valid. This method is automatically utilized from the Login Web control and can also be used programmatically, if needed. In the Membership system, there are multiple scenarios by which a user's credentials can be invalid:

• The username supplied might not exist in the membership directory
• The username may exist, but the supplied password might be incorrect
• The username and password may be correct, but:
  • The user may not yet be approved
  • The user may be locked out; this can happen if the user attempts to login with an invalid password for a specified number of tries (five, by default)

Unfortunately, the ValidateUser(userName, password) method just returns False if the credentials are invalid, and does not include information as to why, exactly, the credentials are invalid. For the Login control, when ValidateUser(userName, password) returns False the message, "Your login attempt was not successful. Please try again." is displayed, by default. If a user is locked out or their account not yet approved, such a message - which will be shown even in the face of the correct username and password - can easily lead to a confused and frustrated user.

In this article we'll see how to provide additional feedback during the login process to help alleviate any such confusion. Moreover, we'll see how to audit invalid logins and present the data in a report. Read on to learn more!
Read More >

The membership and roles providers used by ASP.NET by default are the SqlMembershipProvider and SqlRoleProvider, respectively, which serialize membership and roles information to a SQL Server database. Specifically, this information is stored in a variety of pre-defined tables and accessed through a number of pre-defined stored procedures. In order to use membership or roles with your application using the default providers you need to apply this pre-defined schema to your application's database.

If you don't already have a database, ASP.NET will happily create a SQL Server 2005 Express Edition database in your application's App_Data folder that contains the necessary schema. While this is certainly handy, often developers are faced with a situation where they want to add ASP.NET 2.0's membership and roles features to an existing data model. For example, you may have an application that hasn't yet needed membership or roles services, but recent feature requests may require that certain areas of the site are available only to particular users, or certain functionality is limited to those who belong to a specific role. In any case, adding membership and roles support to an existing database can be accomplished through the ASP.NET SQL Server Registration Tool (aspnet_regsql.exe).

In this article we'll examine how to use this tool to apply the membership and roles services for the SqlMembershipProvider and SqlRoleProvider providers. This tool can be used both from the command-line and through the graphical wizard. Furthermore, we'll pay special attention on how to use this tool with an existing SQL Server 2005 Express Edition database in the App_Data folder, which can be a particularly challenging task. Read on to learn more!
Read More >

In Part 1 of this article series we saw how ASP.NET 2.0's membership service provides a framework for managing user accounts. The framework is composed of a Membership class with a bevy of methods that can be used to create, delete, modify, retrieve, and authenticate users. Since every developer's needs are different, a concrete membership framework would be virtually useless except for new, simple projects. Thankfully the Membership class is designed using the provider model, meaning that the membership framework's actual implementation can be customized. ASP.NET ships with two membership providers - SqlMembershipProvider and ActiveDirectoryMembershipProvider - and you can build your own, if needed.

Many websites that provide user accounts need to group users in various roles. The roles a user belongs might specify what web pages they have access to, what information they see on the screen, and whether or not certain regions in a page are editable or view-only. Grouping users into roles and basing functionality and authorization based on a user's role is quite easy in ASP.NET 2.0 thanks to the roles service. Like the membership service, the roles service defines a framework for programmatically creating and deleting roles, assigning and removing roles from users, and determining what users belong to a role, and to what roles a user belongs.

In this article we will examine ASP.NET 2.0's role service. We'll start by seeing how to setup and configure the roles service on a website, along with how to base authorization rules using roles. In addition, we'll look at how to programmatically work with the roles service, and see how to use the LoginView Web control to show information based on the logged in user's role. Read on to learn more!
Read More >

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

Providing user account support for a site involves the same set of steps: creating a database table to store user account information, creating a login page, defining a system by which authenticated users' logged on status is remembered across postbacks, specifying which pages are only available for authenticated users (authorization), creating a page for visitors to create a new user account, creating a page for the site's administrators to manage the user accounts, and so forth. Prior to ASP.NET, developers had to decide how to implement all of these facets on their own. ASP.NET introduced the concept of forms-based authentication, which provided a FormsAuthentication class to ease signing in and out of a site, as well as a protected authentication ticket to remember users' logged on status across page requests. (See Simple Authentication for an article on implementing authentication with classic ASP; refer to Using Forms Authentication in ASP.NET and Dissecting Forms Authentication for more information on ASP.NET's forms-based authentication capabilities.)

Even with forms-based authentication, though, ASP.NET developers are still on the hook for defining and creating the structure for storing user account information, for creating login and logout web pages, for enabling visitors to create new accounts and administrators to manage accounts, and so on. Thankfully ASP.NET version 2.0 has lightened developers' loads by providing the membership system and the security Web controls in ASP.NET 2.0. In a nutshell, membership is an API that provides programmatic access to common user account-related tasks. For example, there are methods to create a new user account, authenticate a user's credentials, delete a user, return all user information in the site, and so on. Furthermore, there are a number of security Web controls built atop this API that make performing common user account tasks as simple as dragging and dropping a control on the page.

In this article series we will be examining the ins and outs of version 2.0's membership, roles, and pofile systems and the various security Web controls. This particular article will examine the basics of membership with a look at configuring and using the built-in SqlMembershipProvider. As we will see, this particular provider stores user account information in a pre-defined database schema. Read on to learn more!
Read More >

I've always wondered how the phrase "A picture is worth a thousand words" came about. I like to think that it was coined by some mid-level manager viewing a sales figures report that consisted of metrics from the past 1,000 days. After scanning this long list of numbers, he found, at the bottom of the page, a line chart that summarized the numbers, and uttered that now well-known adage. Charts and graphs provide a succinct synopsis of large amounts of data. With charts a person can quickly spot trends, compare different resultsets, or recognize patterns.

There are many ways to create charts in an ASP.NET web page. You can use the classes in the System.Drawing namespace to programmatically generate charts; you can use the Microsoft Office Web Components (OWC). There are also open-sourcecharting tools and a plethora of third-party components, as well. Microsoft has even entered the game and introduced Microsoft Chart Controls for the .NET Framework 3.5 SP1.

This article looks at how to use the Google Chart API to create charts. The Google Chart API is a free service from Google that enables web developers to generate chart images on the fly by creating an <img> element with a src attribute that points to a URL that includes the chart data, labels, and other information in the querystring. For instance, the chart on the right is available at the URL http://chart.apis.google.com/chart?cht=p&chs=225x150&chd=t:100,30,70,25&chl=Q1|Q2|Q3|Q4&chtt=2008%20Sales%20By%20Quarter. Read on to learn how to use the Google Chart API in your ASP.NET website!
Read More >

I started my career as a web developer with Microsoft's Active Server Pages (ASP), the predecessor to ASP.NET. ASP was a very simple scripting engine and lacked the tools that ASP.NET developers today take for granted, most notably a debugger. Debugging an ASP script typically involved littering the code with Response.Write statements to output the values of variables at different points in time of the script's life-cycle. Debugging an ASP.NET page is so much easier thanks to the Visual Studio debugger, which allows you to set breakpoints, step through executing code, use Watch windows to keep an eye on variable values as they change, and an Intermediate window to evaluate statements during debug time.

While the Visual Studio debugger has greatly improved the debugging story, there are certain scenarios where a server-side debugger is of little or no help. In certain cases the problem is not in the server-side code but instead in what is being sent from the client to the server (or vice-a-versa). These types of scenarios are quite common when creating AJAX-enabled web applications, as the data exchanged between the client and server during a partial page postback affects the code executed on the server-side and how the page is updated on response. This technique is also quite useful when debugging pages that perform different Response.Redirects based on various parameters, or when trying to ascertain why images, videos, or other external content is not properly loading on a web page.

Unlike debugging server-side code, examining the HTTP traffic sent between the client and the server is typically done on the client - namely, from the browser rather than from within Visual Studio. Fiddler is a free, excellent tool for debugging HTTP traffic. This article provides an overview of Fiddler and shows how to use Fiddler to assist with debugging. Read on to learn more!
Read More >

In my job as an independent software developer I help a lot of small businesses enhance their existing company website or internal web applications to include new features or adopt best practices. Many of these businesses have vital line of business applications that were created many years ago by an employee who was not a professional software developer, but perhaps a member of the IT team or someone who was learning how to program or programmed as a hobby. A common mistake made by people without a solid background in creating data-driven applications is using flat, non-normalized data models.

Consider an application used in a healthcare setting may need to record each doctor's professional and educational degrees. Because there are a fixed number of degrees - PhD, MD, DDS, OB/GYN, RN, etc. - these degrees should be spelled out in a separate database table. And because each doctor can have multiple degrees, there should be a third table that maps what doctors are associated with what degrees. Such a data model would be normalized. A non-normalized data model would instead try to capture each doctor's degrees within the same table that contains the doctor's other information (his name, address, DOB, etc.). This might be implemented as several columns in the table (Degree1, Degree2, Degree3, and so on) or as a single column that contains a comma-delimited list of degrees, like "PhD, MD, OB/GYN".

While there are certain circumstances where non-normalized data is ideal, in the vast majority of situations having the data expressed in a normalized manner is ideal. Normalized data is easier to work with, is easier to report against, is (usually) more efficient in terms of both disk space and time to execute queries, and is less likely to suffer from any data integrity issues, which are all too common in non-normalized data. I recently helped a client who had a many-to-many relationship implemented in a flat, non-normalized manner convert that data into a normalized data model through the use of a T-SQL script. This article discusses why it is worhtwhile to convert flat, non-normalized data into a normalized data model and steps through how this T-SQL script can be used to normalize your data. Read on to learn more!
Read More >

Most web developers have a particular development environment on their computer. They may have the .NET Framework version 3.5 and Visual Studio 2008 installed, along with Microsoft SQL Server 2005, Internet Explorer 7 and Firefox 3. In a perfect world this environment would be static and the developer would not need to install beta or old versions of software that may or may not allow side-by-side installation with the current version. But in the real world, the site needs to be tested against Internet Explorer 5.5, 6, and the beta version of version 8, as well as against Firefox 2. And the developer may want to install the the ASP.NET Futures, which provide an early preview of future functionality for ASP.NET.

Anyone who's worked extensively with beta software - or has needed to maintain old versions of software products for backwards compatibility testing - knows all too well the challenges: beta software might require the beta version of a framework, which will break current development; old versions of the software may not work properly when installed on the same machine with the current version; and so on. The good news is that these hassles can be overcome with virtualization. In a nutshell, with virtualization you can create "virtual machines," which are simulated environments with their own operating system and applications that are managed by your "real" machine.

This article looks at Microsoft's free virtualization software, Virtual PC, and shows how to use it to create guest environments where you can cleanly install alternate development environments to assist with web development. Read on to learn more!
Read More >

ASP.NET's forms-based authentication system in tandem with the Membership API and Login Web controls make it a cinch to create a user store, create user accounts, and allow visitors to log into the site. What's more, with little effort it's possible to define roles, associate user accounts with roles, and determine what functionality is available based on the currently logged in user's role (see Part 2). Many ASP.NET sites that use Membership have an Admin role, and users in that role are granted certain functionality not available to non-Admin users. Consider an online store - Admin users might be able to manage inventory, whereas the only way normal members could interact with the inventory was by adding items to their shopping cart.

I was recently working with a client who had an interesting request: he needed the ability for Admin users to be able to log into the site as another user, and perform actions as if that other person had logged in herself. Returning to the online store example, imagine that some customers periodically phone in their order, or mail or fax in an order form. An Admin, receiving this order, could then log into the site as that customer and place the order on the customer's behalf.

This article shows how to allow an Admin user to log into a Membership-based website as another user, and includes a complete working demo available for download at the end of the article. Read on to learn more!
Read More >

In August 2008 Microsoft released the latest version of the database server software, SQL Server 2008. SQL Server 2008 includes a number of new features not found in SQL Server 2005, including: a terser T-SQL syntax; the new MERGE statement; new data types and functions; enhanced encryption and XML support.

In previous versions, SQL Server had only two date-related data types: datetime and smalldatetime, both of which allow date and time values (the difference being that datetime allows for a larger range of possible dates and affords more precision on the time than smalldatetime, but at the cost of larger storage space). SQL Server 2008 introduces four new date data types: time, date, datetime2, and datetimeoffset.

This article explores the time and date data types and shows how they can be used and formatted from within an ASP.NET page. This article also includes a short discussion on the datetime2 and datetimeoffset and compares and constrasts SQL Server 2008's six different date data types. Read on to learn more!
Read More >

AJAX applications offer a more interactive user experience by replacing traditional full page postbacks with leaner and more efficient partial page postbacks. These partial page postbacks are executed asynchronously using JavaScript code in the browser. When a web surfer clicks on a link or submits a form (via a full page postback) the browser automatically adds the page being left to the browser's history. This allows the web surfer to use his Back and Forward buttons to navigate through this history. However, the partial page postbacks performed by AJAX applications do not cause the browser to register anything in their history. As a consequence, if a user visits an AJAX-enabled web page, performs a number of partial page postbacks, and then clicks the Back button, she is not returned to the state of the page prior to the last partial page postback. Instead, she is taken back to the page she was at before arriving at the AJAX-enabled web page.

The good news is that starting with ASP.NET 3.5 SP 1, the ScriptManager control in the ASP.NET AJAX Framework includes functionality for creating history points in an AJAX-enabled web page. Adding a history point creates an entry in the browser's history for a particular page state. What's more, this page state is encoded in the querystring of the browser, meaning that visitors can bookmark a particular state of an AJAX application.

This article shows how to add history points using the ScriptManager control. In particular, it shows how to record history points whenever the user pages or sorts a GridView. Read on to learn more!
Read More >

Because multiple users can visit the same web page concurrently, it is possible for a user visiting a data modification page to inadvertently overwrite the modifications made by another user. Consider a page with an editable GridView. If two users visit this page simultaneously from different computers and both edit the same row, whomever saves the first will have her changes overwritten by whomever saves the row last. This type of behavior is known as "last write wins" and is the default behavior for web applications.

"Last write wins" is sufficient in applications where it is very rare for two users to be simultaneously working on the same data. If it is commonplace for multiple users to be modifying the same set of data, you should consider implementing some form of concurrency control. There are two flavors of concurrency control: optimistic and pessimistic. Optimistic assumes that concurrency violations are rare and that if such an error occurs that it's adequate to ask one of the conflicting parties to re-enter their information. Pessimistic concurrency, on the other hand, implements policies to ensure that concurrency violations cannot occur. These policies may add friction to the end user's data entry experience.

Microsoft offers a form of optimistic concurrency control from the SqlDataSource control that can be enabled by ticking a checkbox. This article looks at different types of concurrency control and then shows how to implement the built-in optimistic concurrency control offered by the SqlDataSource control. Read on to learn more!