Last post Jul 02, 2012 04:32 PM by MyronCope
Jul 02, 2012 01:40 PM|MyronCope|LINK
using vb.net/asp.net 2008
I am creating an application that is similar to a survey where there are 10 sequential steps.
A user logins into the system to complete the survey and each step has different access levels, meaning a user with access to the system at the very least has read-only access to all 10 steps and might have read-write access to one or more steps.
When the user is done either reading or editing a step (UI page) then they click the Continue button to take them to the next step.
Since there are many similarities to each step I am thinking about creating an abstract class that will take care of the functions that each page must do (example: LoadGrid). I will instantiate an object based on the step so that when the code calls MyObject.LoadGrid
the code will not by the object type which LoadGrid function to call.
However I am really stuck in what I want to do between two different ideas, listed below:
1. I have a Steps.aspx page and use code-access security to load the page and hide/disable controls on the page based on the User Access level. Ex: if the user is read only then call the function DisablePageControls to set each control to readonly and
hide some other controls if needed. When the user is done either editing a page or viewing it then he clicks the Continue button which will just perform a postback on Steps.aspx load the class from the next step into the same page.
2. Create Steps1.aspx and Step2.aspx and so on. Again use code access security to hide/disable controls based on the users access level for that page. And when the user clicks the Continue button on Step1. aspx then redirect the user to Step2.aspx and
Wondering what the efficiency and security advantages/disadvantages of each step are. Approach 1 seems to be a bit leaner but Step 2 seems to be a bit easier with security (example: If userA=ReadWrite then display/enable all controls....) because I can
set the security based on the aspx file.
Just looking for feedback, I guess there is no right answer set in stone but I'm sure some of you have good feedback on this topic.
Jul 02, 2012 03:49 PM|cornball76|LINK
I would have 1 .aspx page that has 1 or more web user controls. The navigation buttons being on the .aspx page.
You can then load each user control dynamically, passing the user credentials to it. And then the control itself is in charge of what shows/hides for that control. If the survey questions are very similar and use the same datagrid format, you can expose
a property on the web control and pass the datasource?? possibly only having 1 web user control....
What I would expect code ultimately look like is something like this....
public void nextButton_Click(object sender, EventArgs e)
//code here to do processing??? call save... store viewstate... sesson
this.Page.Controls.Clear(); //may want to remove any controls you don't want persisted from div or whatever
MyCustomerWebUserControl myWebControl = new MyCustomerWebUserControl();
myWebControl.UserAccess = "your security privs"; //useraccess being a public property off of your custom webcontrol
myWebControl.DataSource = bindableSource; //again an exposed property on your custom web control
this.Page.Controls.Add(myWebControl); //add the control to a div?? or whatever...
Jul 02, 2012 04:32 PM|MyronCope|LINK
thats what I was leaning towards.
lets say I get feedback later, "I want you to add this control and this extra display" then that means that I do it to one page, not 10. One page is a lot leaner