Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

.NET Do I have to make separate form?, I'm a newbie in ASP.net, need help

views
     
TSTWBrain24
post Oct 17 2018, 12:46 PM, updated 6y ago

New Member
*
Newbie
22 posts

Joined: Oct 2018
Hi

So, I want to make a simple system where user and admin can login. But the tricky part is at the homepage, I want to make only the admin can add and edit the data while the user can only add new data. Do I have to make a separate homepage so the user won't be able to edit or are there any way to hide the edit button for the user? confused.gif

I never learn using asp (only vb.net, html, java n some c++) , and this will be my first time trying to make a webapp using it. So, glad if anybody could help me with it.
Moshpit94
post Oct 17 2018, 04:46 PM

Casual
***
Junior Member
341 posts

Joined: Feb 2011
From: Earth
QUOTE(TWBrain24 @ Oct 17 2018, 12:46 PM)
Hi

So, I want to make a simple system where user and admin can login. But the tricky part is at the homepage, I want to make only the admin can add and edit the data while the user can only add new data. Do I have to make a separate homepage so the user won't be able to edit or are there any way to hide the edit button for the user?  confused.gif

I never learn using asp (only vb.net, html, java n some c++) , and this will be my first time trying to make a webapp using it. So, glad if anybody could help me with it.
*
maybe you could post some of your code snippet at login and home.

However you no need to create separate things. It can be done with Authorization method.
narf03
post Oct 17 2018, 10:48 PM

Look at all my stars!!
*******
Senior Member
4,544 posts

Joined: Dec 2004
From: Metro Prima, Kuala Lumpur, Malaysia, Earth, Sol


once login, keep the info in cookies, since all different pages in asp.net can access the cookies, you can easily make the button to be visible or not.
TSTWBrain24
post Oct 18 2018, 08:58 AM

New Member
*
Newbie
22 posts

Joined: Oct 2018
QUOTE(mistercoder @ Oct 17 2018, 01:02 PM)
You don't need to make any separate stuff. Just need to maintain a table of user/logins with column to indicate access level, for simplicity start with whether they can edit or not, then check on every form for this flag and enable/disable/show/hide edit options appropriately.
*
I'll try to do more research about what you just said. Thanks for answering smile.gif
TSTWBrain24
post Oct 18 2018, 09:02 AM

New Member
*
Newbie
22 posts

Joined: Oct 2018
QUOTE(Moshpit94 @ Oct 17 2018, 04:46 PM)
maybe you could post some of your code snippet at login and home.

However you no need to create separate things. It can be done with Authorization method.
*
I'm still making a draft, so I still don't have the real code yet. sweat.gif Maybe I'll post the code once I understand more and need some help to check for improvements. Anyway thanks for your suggestion. I'll try to learn more about the Authorization method as you said. smile.gif
TSTWBrain24
post Oct 18 2018, 09:05 AM

New Member
*
Newbie
22 posts

Joined: Oct 2018
QUOTE(narf03 @ Oct 17 2018, 10:48 PM)
once login, keep the info in cookies, since all different pages in asp.net can access the cookies, you can easily make the button to be visible or not.
*
I'm gonna need to learn how to do that since I'm still learning using asp.net. Thanks for the reply smile.gif
Moshpit94
post Oct 18 2018, 10:27 AM

Casual
***
Junior Member
341 posts

Joined: Feb 2011
From: Earth
QUOTE(TWBrain24 @ Oct 18 2018, 09:05 AM)
I'm gonna need to learn how to do that since I'm still learning using asp.net. Thanks for the reply smile.gif
*
If your web app doesn't care about security, u can just use session("") like whenever this guy named Ahmad login, you can make if statement ; if session("accesss") = true then button.visible = true else button.visible = false


if you are going a bit advanced with security u may try following this tutorial:

https://www.c-sharpcorner.com/UploadFile/ra...vc-application/



some keyword to help is:
- oAuth2 Authentication
- oWin Authentication


TSTWBrain24
post Oct 18 2018, 10:49 AM

New Member
*
Newbie
22 posts

Joined: Oct 2018
QUOTE(mistercoder @ Oct 18 2018, 09:10 AM)
Do not put access/rights info in cookies, only information for identifying user.

If you put access/rights in cookies, they can be hacked/modified to change access/rights. Store only successfully logged in user with a unique hashed string to id them, for eg  hash(time+date+userid+'special salt key/password of your own')
In your database, maintain a session table with the hash string that maps to your user's ID in the table. The hash string is the one you send as cookies.

For every page that is accessed, they should read the hashed string from the cookies then use that hash string to compare to session table, find out user id, search the user table and get his/her access/privilege then decide whether they can edit or not by greying/disabling your text inputs or anything you want to do.
*
This is quite hard to understand, I barely understand what you said. Sorry I'm still a noob. sweat.gif Maybe when I learn more I will understand what you're telling me. Thanks again though smile.gif
TSTWBrain24
post Oct 18 2018, 10:52 AM

New Member
*
Newbie
22 posts

Joined: Oct 2018
QUOTE(Moshpit94 @ Oct 18 2018, 10:27 AM)
If your web app doesn't care about security, u can just use session("") like whenever this guy named Ahmad login, you can make if statement ; if session("accesss") = true then button.visible = true else button.visible = false
if you are going a bit advanced with security u may try following this tutorial:

https://www.c-sharpcorner.com/UploadFile/ra...vc-application/
some keyword to help is:
- oAuth2 Authentication
- oWin Authentication
*
Oh I might use the access statement, its seems a bit more simple and easier for me. I will try to learn more from the link you give in case I need to use it. Thanks for the help smile.gif
narf03
post Oct 18 2018, 01:33 PM

Look at all my stars!!
*******
Senior Member
4,544 posts

Joined: Dec 2004
From: Metro Prima, Kuala Lumpur, Malaysia, Earth, Sol


QUOTE(TWBrain24 @ Oct 18 2018, 10:49 AM)
This is quite hard to understand, I barely understand what you said. Sorry I'm still a noob. sweat.gif  Maybe when I learn more I will understand what you're telling me. Thanks again though smile.gif
*
hes saying cookies can be modified by user, like if you keep the data of the logged username in cookie to remember who logged in, like name of a normal user, the user can modify that name to an administrator, if you keep the name and password of a user in cookie, other computer user in that pc can know the password of that logged in user.

hes suggesting storing a hash(or unique id, not sequential number, but more like GUID) in the database for each user(diff for each user), and keep that hash or guid in the cookie, each page load, map that hash or guid against your database and know whos that logged in user.

if you are new, start with cookie first and ignore about security if its too much for you, cookie is the correct way to go, improve as you learn more.

 

Change to:
| Lo-Fi Version
0.0121sec    0.45    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 12:09 AM