As promised, here's the final installment. You can find the download
links for the final version of the code at the end of this article.
Feel free to use this code and tweak it any way you wish. For demo
purposes, the menu is on all the pages but you can easily factor this
out into its own form. I would normally make this a separate control,
but you will probably be integrating this application into your
existing navigation anyway, so...
The membership system in ASP.NET 2.0 is pretty much plug-and-play
right out of the box. When I worked with it first, I took some time to
read up on the new membership controls before trying them out. For this
particular topic, I cannot recommend the following two books highly
* Murach's ASP.NET 2.0 Upgrader's Guide (Lowe & Murach)
* Pro ASP.NET 2.0 in C# 2005 (MacDonald & Szpuszta)
Just to recap, at this point you should have a working Guest Book
application and database. The only thing left to do is to configure the
membership system and add some administration forms to allow us to
edit, update, delete and publish comments posted by users.
The next item on our list is to use the WSAT tool to add an admin user,
create the admin role and add the new admin user to that role. By using
a role, we can grant extra privileges to admin users in the future if
needed. We can just do it once rather than having to grant them to each
admin user individually. A picture is worth a thousand words, so please
refer to the pics for guidance.
Access the WSAT by clicking on the icon at the top of Solution Explorer
in VS 2008. Note that the administrator role is already set up in the
config file and all you have to do is add the admin user to this role.
I'm including a picture showing how to set up the access rule using the
tool. The main problem people encounter here is the order of the
entries in the authorization section of the config file. The
administrator role is listed before 'users'. See the config file
picture in part II of this series for clarification.
We will add a new form called guestBookAdmin.aspx to the Admin folder
which shows a list of the comments awaiting moderation in a GridView.
Clicking on one of these brings up the commentDetails.aspx form. This
is almost a replica of the addComment.aspx form which is populated with
the data for this comment. The comment ID is passed to this new form
when the 'select' link on the guestBookAdmin form is clicked. This is
then used as a parameter to the stored procedure when fetching the data
for this comment. Note also, that there is now a 'publish' check box.
The administrator uses this to put a comment live after it has been
edited and approved.
Just a few words about the ObjectDataSource
control here. This is an amazingly helpful control which we can use to
create a declarative link between our front-end Web controls and our
data access methods. Note that our data access class must have a
default, parameterless constructor and none of the select or update
methods can be static. This is just another reason why I prefer to
inject a business layer between the front and back-ends. It gives us a
nice comfort zone for future code customizations in the shape of new
business rules and the like. Plus, we get to use a more friendly
syntax. Ideally, each record should be a custom object but that's
another story!! Bring on the new Entity Framework :-)
Be sure to check out the brand new security video tutorials from Scott Mitchell.
GuestBook.zip (99.61 kb)
GuestBook-DB.zip (1.01 kb)