Wednesday, June 07, 2017

Security Framework

I've created a new repository on GitHub.
The project is a security framework for asp.net mvc projects.
You can find it th following address on GitHub:

https://github.com/Searching/securityframework

I'll update this post periodically to make a useful guide to use it in your projects.

Have fun. 

Monday, October 10, 2016

Consuming a WCF with error: "The caller was not authenticated by the service"

Consuming a WCF service when it hosted on a work group server may cause raise some errors such as: "The caller was not authenticated by the service".
I tackled it by adding the following lines to my code:
client.ClientCredentials.Windows.ClientCredential.Domain = "WorkstationName";
client.ClientCredentials.Windows.ClientCredential.UserName = "blabla";
client.ClientCredentials.Windows.ClientCredential.Password = "blabla123";

Wednesday, October 05, 2016

Row level security for a table in SQL Server

This post is a question I asked in SO while ago, but I did not got any answer. So because of deletion warning I posted it here. 
I've implemented a claim base application by MVC, C#, EF6 and SQL Server 2014. Now there is a new requirement to add row level security on it.
The scenario is:
  1. We have a table (Product) with nearly 10000 row.
  2. User table has n..n relation with Product.
  3. All of actions have security attributes to controls users access according to claims.
  4. When a user wants to fetch data from db, I want to filter result based on user access. Every user must view the related data.
There is a solution for this matter in thisthis but my problem is the rows count in the table (Product). If I create a new table (Product_ACL) to persist users permission to Product records per capita, managing the permission is so hard and full potential of mistakes for the end user to managing users permissions.

Update:
The normal way to solve my issue is:
    create table Product(
        Id INT PRIMARY KEY,
        Name nvarchar(100)
        ... 
     )

    create table Product_ACL (
        ProductId INT REFERENCES Product(Id),
        username varchar(100),
        permission varchar(20)
    )
but it is painful for users who want to manage the permissions. Then I'm seeking a better design for it.

Update:
In brief I'd like to add Row Level Security in an application like this tutorial but the difference between this sample and my application is in user access to rows. In my application a record which has security tag can be accessed by more than on user then I want to change the design of my tables to achieve RLS(I have to upgrade to SQL Server 2016)

Update:
To summarize my thoughts, I think I can achieve my desired by making some changes in my entities. I have a User table to store users information. A Product table for storing product information with specifying a product's region, province and city info(geography information). Then with an extra table for storing users permissions. for example: user_1 has access to province_1 then user_1 has access to all products in province_1. If I set city field also then user_1 access only all products in province_1 and city_1.
create table User(
    Id INT PRIMARY KEY,
    Name nvarchar(100)
    ...
 )  

create table Product(
    Id INT PRIMARY KEY,
    Name nvarchar(100)
    RegionId INT REFERENCES Region(Id) NULL,
    ProvinceId INT REFERENCES Province(Id) NULL,
    CityId INT REFERENCES City(Id) NULL
 )

create table User_ACL (
    UserId INT REFERENCES User(Id),
    RegionId INT REFERENCES Region(Id) NULL,
    ProvinceId INT REFERENCES Province(Id) NULL,
    CityId INT REFERENCES City(Id) NULL
)

I think with this model if I add a new table that needs security, I can cover its requirement.

Final Update:
I finally designed a security model to my application.
Is there any suggestion or improvement about my idea?
I deleted Product and other entities from my model.
ERD diagram
This post helped me to find a better solution for RLS, finally.

Saturday, August 04, 2012

Adding a Control into a String Dynamically

You suppose you are wanted to add a string in a page that the string has to have a hyper link in it to link an especial page for any reason. 
So for doing this job you can do it in this way:


private string buildMessage(string message, int reportId) {
        StringBuilder sb = new StringBuilder();
        sb.Append(message);
        sb.Append("<br>");
 
        HyperLink hp = new HyperLink();
        hp.NavigateUrl = "~/index.aspx?reportId=" + reportId;
        hp.ID = "hpl";
        hp.Text = "Link Report";
        hp.Style.Add(HtmlTextWriterStyle.FontWeight, "Bold");
 
        using (StringWriter sw = new StringWriter(sb)) {
            using (HtmlTextWriter tw = new HtmlTextWriter(sw)) {
                hp.RenderControl(tw);
            }
        }
       sb.Append("Some other text");
 return sb.ToString();     }



Now you can you this function in different way. For example you 
can add a Panel Control to your page. Then call this function to 
set the Panel InnerHtml property.

Good Luck.

Wednesday, August 01, 2012

Distinct in a List of Objects

If you have a list of objects and in the list there are repetitive elements, If you want to delete duplicate elements, you may be want to use Linq Distinct() method. But the result may be not your desire because it does not work properly.
For getting the best result in your work, it is better to use the following method for doing distinct in your list:

   1: var listOfObject = items
   2:     .GroupBy(l => l.PropertyToCompare) //Name of you propery
   3: .Select(l => l.First()); 

Thursday, March 03, 2011

ASP.NET Ajax 3.5 error Sys.WebForms.PageRequestManagerParserErrorException

A few days ago, I wanted to add an Export to Excel button in a page in my web application, that I used Ajax on it, But unfortunately it did not work properly and generated an error(the same as my post header). After searching in the net I found out I have to add a line in page. That's it, it Worked excellent :). If you encountered this error, you must add:

EnableEventValidation="false"

and also:

        <Triggers>
            <asp:PostBackTrigger ControlID="ControlName" />
       </Triggers>


Good luck :)

Tuesday, April 20, 2010

Gridview Sorting Problem

When you bind a List to a Gridview, you can not sort it, because your data source is not a Dataset, Dataview or DataTable. So you should convert your data source (List) to a Dataset for example.


You can do it such as following code:


    1 public static DataSet dsSearch()
    2 {
    3 
    4     DataTable dtTelcoCenter = new DataTable();
    5     dtTelcoCenter.Columns.Add("Id", typeof(int));
    6     dtTelcoCenter.Columns.Add("City", typeof(string));
    7     dtTelcoCenter.Columns.Add("Capacity", typeof(int));
    8 
    9     IList<Telco> telcoCenter = Search(centerName, Prefix);// Search method return a list
   10 
   11 
   12     foreach (Telco telco in telcoCenter)
   13     {
   14         DataRow rowTelcoCenter = dtTelcoCenter.NewRow();
   15         rowTelcoCenter["Id"] = telco.Id;
   16         rowTelcoCenter["City"] = telco.City;
   17         rowTelcoCenter["Capacity"] = telco.Capacity;
   18         dtTelcoCenter.Rows.Add(rowTelcoCenter);
   19     }
   20     DataSet dsTelcoCenter = new DataSet();
   21     dsTelcoCenter.Tables.Add(dtTelcoCenter);
   22     return dsTelcoCenter;
   23 }

You can bind this Dataset to your Gridview data source

Rows to single column in Sql

Sample table as Cities in rows is convert to single column

declare @retstr varchar(8000)  
 select Top 5 @retstr =  COALESCE(@retstr + ';','') + City   
from State  
print @retstr