Transcript Applications: Main Form

.NET Web Forms
Applications: Main Form
© 2002 by Jerry Post
1
Student Edit Form
2
Development Options
 Single-row main forms are generally highly customized for a
specific application. So, it is often easiest to build each form from
scratch; following the general principles already discussed.
 However, it is sometimes easier to use a template approach for
data-driven main forms.
 The examples presented here are based on the CareerSystem
database, which uses a slightly different approach to updates. It
creates all of the SQL statements internally, and ignores
concurrency. The main focus is on performance, and it is much
faster, and scalable to not use datasets. If you need a form with
concurrency, simply follow the earlier discussions on using
datasets.
3
Database Component
 Create the data adapters and data sets for the main form and any
drop down lists.
 Define a variable to hold the original select command (The
template requires this, but it is easy to eliminate it.):
Private strSel[Table Name] As String
 In the Sub New(), add a line to save the select command
strSel[Table Name] = Me.adp[Table Name].SelectCommand.CommandText







Add the routine: Set[Table Name]Select
Add the Fill routines for the data adapters.
Add the Update routine for the main data adapter.
Rewrite the ValidateStudent function (or delete it)
Globally replace [Table Name] and [Primary Key]
Paste in the standard generic code routines.
Component template (rtf format)
4
Main Form
 You can copy and edit the template, or drag-and-drop your own
labels and data controls.
 Be sure to include buttons for Add, Save, Delete (and probably
Find), as well as the invisible lblIsNew.
 Add the TMF.vb file to your project if it is not already there.
 Be sure to set the default values for the DDLs
(a) DataBindings, Selected Index, Custom
(b) tmf.SelectDefaultDDL(sender, [DataSet LookUp1],
DataBinder.Eval([DataSet1], "Tables[[Table
Name]].DefaultView.[0].[Foreign Key]"))
(c) [DataSet LookUp1]
DsDegreeList1 --the dataset with the lookup data
[DataSet1]
DsStudent1 --the primary dataset
[Table Name]
Student
--primary dataset table name
[Foreign Key]
DegreeID
--foreign key column in the primary table
5
Main Form Code
(a) Protected tmf As New TMF()
(b) Private aryColumns() As tmf.singleEditItem = { ..... }
Add each col: Name, Edit ID, control type (Text, DDL, Check, Label), primary key
(c) Page_Load
Might need more rewrite, and you might want to put datasets into Session variables.
Check the security conditions.
Replace
[Primary Key]
StudentID
[Primary Key DataType] String
[Table Name]
Student
[DataSet Name1] DsStudent1
[DataSet Name]
DsStudent
[Search Column] LastName primary column to use in Find
(d) Rewrite or Delete CheckAdmin, which is a secondary security test
(e) Rewrite BindFormData, note that the SQL statement assumes the primary key is a string
Make other changes indicated by the [Edit me] flags
6
Main Form Button Code
(f) btnSave_Click:
Decide if you need to encrypt any columns
Decide if you want the additional security test
Decide if you need to generate a new key value for Add
Decide if you want secondary security test on User Level after insert.
Replace [Table Name]
(g) btnNew_Click
No changes needed
(h) btnDelete_Click
Decide if you need additional security test
Choose main sort columns (txtLastName, txtFirstName)
Replace [Table Name] and [Primary Key]
7
Application
 Security
 .NET actually has some strong integrated security, but you never want to
create machine accounts for external users.
 Login
 Usually better to create a username and password and store in a table.
 Then have users login at the start, and store a login ID in a session variable.
 Then each page tests the session variable.
 Multiple use forms
 You can use the login ID to customize the options on forms by making some
controls visible or invisible.
 Navigation
 Across the application: You at least need a main form and a link back the
main form on each page.
 Within a given topic. You could add Next/Previous buttons on a form, but
they would be slow across the Internet. Better to create a list with limited
information and a search routine, and let users click to get to the main
edit form.
8
Security: Login Button Code
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click
Dim cmpMain As New DBMain(), cmpStu As New DBStudent()
Dim strUser As New StringBuilder()
Session.RemoveAll() ' To be safe, clear out any prior session
Session.Clear()
Dim usr As New UserData()
' First see if user is a valid employee
usr = cmpMain.ValidateEmployee(strUser.ToString.Trim, txtPassword.Text.Trim)
' If not, see if user is a valid student
If (usr Is Nothing) Then
usr = cmpStu.ValidateStudent(strUser.ToString.Trim, txtPassword.Text.Trim)
End If
This version uses a class/structure to hold more data about the
user that might be needed in some forms. Often you can get by
with just the name.
9
Security: Login Button Code 2
If (usr Is Nothing) Then ' Not a valid login anywhere
lblUser.Text = "Invalid Username/Password"
Session("IsValidLogin") = False
SetVisibleLogin(True)
Else
lblUser.Text = usr.UserLevel & ": " & usr.FirstName & " " & usr.LastName
Session("IsValidLogin") = True
Session("User") = usr
SetVisibleLogin(False)
End If
End Sub
10
Security Test on Page
Page_Load or Page_Init
If (Not CType(Session("IsValidLogin"), Boolean)) Then
Session("Message") = "Please log in."
Server.Transfer("StartTest.aspx")
End If
CheckAdmin() ' And turn on some edit items only for administrators
11