1. #241
    Sencha Premium Member
    Join Date
    Sep 2008
    Posts
    710
    Vote Rating
    5
    Bucs is on a distinguished road

      0  

    Default


    Thanks Dan for the reply. Without taking up too much of your time, could you explain the organization of your projects, what type of projects they are (Web, MVC, etc), where and how exactly you are capturing the login info, and how are you passing those credentials around the various projects, to ensure all controller actions are not exposed to public use? I undertand the attributes you're using for ensureing authentication prior to use, but more interested how this all works when split out across all the projects that I see people are doing.

    Thanks so much!!!

  2. #242
    Sencha User
    Join Date
    Jun 2010
    Posts
    47
    Vote Rating
    0
    dan_b is on a distinguished road

      0  

    Default


    Hi mate,

    My solution is a typical n-tier business app built on Extjs, Asp.net MVC, NHibernate/RhinoCommons/Castle Windsor stack.

    I've got a Commons project with bits and bobs I use across all my projects, Core with my domain entities and business logic, Data.Nhibernate contains some Repository<T> extensions and things event listeners for Auditing and Soft-Deletes, Unit Tests, then the web bit... I have split my controllers out into a separate class library, so my Web project contains nothing but HTML, CSS, JS and images. I use the WindsorControllerFactory from MVCContrib for this, I really recommend doing it as it can be a pain in the arse scrolling up and down all the time looking for your controllers.

    My Authentication controller looks like this:

    Code:
    /// <summary>
        /// Controller for managing logging on and off
        /// </summary>
        [DirectHandleError]
        public class AuthenticationController : BaseController
        {
            private const int PASSWORD_ATTEMPT_WINDOW = 5;
            private const int PASSWORD_MAX_INVALID_ATTEMPTS = 5; // 5 invalid passwords in 5 mins locks the account
    
            [FormHandler]
            public ActionResult Login(string userName, string password)
            {
                string message = "No user found with that username";
                bool success = false;
                bool mustChangePassword = false;
    
                if (userName.IsNullOrEmpty())
                {
                    message = "No username supplied";
                    return this.Direct(new {success, message, mustChangePassword});
                }
    
                if (password.IsNullOrEmpty())
                {
                    message = "No password supplied.";
                    return this.Direct(new {success, message, mustChangePassword});
                }
    
                User user = NamedRepository<User>.GetByName(userName);
    
                if (user != null)
                {
                    if (user.IsLockedOut)
                        message =
                            "Your account has been locked. Please contact system administrator.";
                    else if (!user.IsEnabled)
                        message = "Your account is disabled. Please contact system administrator.";
                    else
                    {
                        success = user.Login(password, PASSWORD_ATTEMPT_WINDOW, PASSWORD_MAX_INVALID_ATTEMPTS);
                        if (success)
                        {
                            message = "Successfully logged on";
                            /* Store the User by the Primary Key
                             * this enables us to make use of 2nd Level Cache and avoid hitting the DB on each request*/
                            FormsAuthentication.SetAuthCookie(user.Id.ToString(), false);
                            mustChangePassword = user.MustChangePassword;
    
                            //have decided to disable success audit as it fills up the logs
                            //with junk
                            //user.AddAuditEvent(new AuditEvent(user, "Successful login."));
                        }
                        else
                        {
                            message = string.Format("Incorrect password. You have {0} attempts remaining.",
                                                    PASSWORD_MAX_INVALID_ATTEMPTS - user.FailedPwdAttemptCount);
    
                            var ip = HttpContext.Request.UserHostAddress;
    
                            user.AddAuditEvent(user.IsLockedOut
                                                   ? new AuditEvent(user,
                                                                    string.Format(
                                                                        "Failed login from {0} - Account is locked out.", ip))
                                                   : new AuditEvent(user, 
                                                                    string.Format(
                                                                        "Failed login from {0}", ip)));
                        }
                    }
    
                    //Commit changes to the user to the database
                    //eg. last login/failed login etc
                    Repository<User>.Save(user);
                    UnitOfWork.Current.TransactionalFlush();
                }
    
                return this.Direct(new {success, message, mustChangePassword});
            }
    
            public ActionResult LogOut()
            {
                if (CurrentUser != null)
                {
                    CurrentUser.AddAuditEvent(new AuditEvent(CurrentUser, "Logged out."));
                    Repository<User>.Save(CurrentUser);
                    UnitOfWork.Current.TransactionalFlush();
                }
                FormsAuthentication.SignOut();
                var returnObject = new {success = true, message = "Successfully logged out"};
    
                return this.Direct(returnObject);
            }
    
            [Authorize]
            public ActionResult ChangePassword(string newPassword)
            {
                if (CurrentUser != null)
                {
                    CurrentUser.ChangePassword(newPassword);
                    CurrentUser.AddAuditEvent(new AuditEvent(CurrentUser, "Changed Password"));
                    Repository<User>.Save(CurrentUser);
                    UnitOfWork.Current.TransactionalFlush();
    
                    return this.Direct(new {success = true, message = "Changed Password"});
                }
    
                return this.Direct(new {success = false, message = "No currently logged in user"});
            }
        }
    on the client it's simply:

    Code:
    {
                xtype: 'form',
                defaultType: 'textfield',
                labelWidth: 70,
                frame: true,
                api: {
                    submit: Authentication.Login
                },
                labelAlign: 'right',
                defaults: formItemDefaults,
                items: [
                    {
                        fieldLabel: 'User Name',
                        name: 'userName'
                    },
                    {
                        inputType: 'password',
                        fieldLabel: 'Password',
                        name: 'password'
                    }
                ]
            }
    and a form.submit(); does the magic.

    So in my case a User is an Entity defined in the Core/Domain project containing the logic for validating passwords, etc. In your case it could be something retrieved from a 3rd party app across a firewall or whatever. It really is up to you how you want to do it.. in my case i store the users PK as the forms auth identity.
    As you can see there's an [Authorize] on the ChangePassword action, if you tried to hit that without having logged in Asp.net kicks back with a "302 Found" and redirects to the Forms Auth login screen. You could override this to provide a {success = false, message = "You're not allowed to do that!"} JSON object as per links provided in previous post. This is how i handle authenticated but unauthorized requests, I use RhinoSecurity for that.

    It really is that simple, the great thing about mvc is that you're not tied into using things like the crappy Membership Provider API, Login Controls etc etc and you can even do it without a single .aspx page if you wanted to.

    One of the things I like about ext direct is that if it can serialize and deserialize dtos from C# to JS quite happily, I can't remember the last time I had to parse e out of a FormCollection.

    Hope this helps?

    PS: I highly recommend getting you hands on ExtJSInAction, chapters 16 and 17 deal with how to build and organise a "big application" and I found them indispensable.

  3. #243
    Sencha Premium Member
    Join Date
    Sep 2008
    Posts
    710
    Vote Rating
    5
    Bucs is on a distinguished road

      0  

    Default


    Wow Dan, thanks for you time on that...seriously. That all makes perfect sense, although I am not familiar with NHibernate, RhinoSecurity, OR Castle Windsor stack I usually use the "hand roll everything from scratch" approach, but might be time for a change. I think I really need to just get an ASP.NET MVC app with Ext.Direct and authentication up and running first, then decide how to incorporate all these new gadgets.

    Also, are you doing anything with Roles at all? I would like to be able to use roles in the Authorize attribute so wondering where that is best to do. In ASP.Net, I did this in the Application_AuthenticateRequest where I would check if authenticated and if so, then pull out the encrypted roles from the cookie and rehydrate a custom security principle and attach that to user's context. Where/how should this be done in ASP.NET MVC?


    Thanks again for all your time and info!
    Randy

  4. #244
    Sencha User
    Join Date
    Jun 2010
    Posts
    47
    Vote Rating
    0
    dan_b is on a distinguished road

      0  

    Default


    Sending you a PM as this is going out of scope of Ext.Direct discussion.

  5. #245
    Sencha User
    Join Date
    Nov 2010
    Posts
    2
    Vote Rating
    0
    ovidiu is on a distinguished road

      0  

    Default REST like support

    REST like support


    Hi,
    I'm new to Ext.Direct and I'm trying to migrate my views from an MVC project to extjs.
    Question is: why I can't have 2 methods in same controller with different HttpVerb
    For example if I have:
    public virtual ActionResult MyResource()
    {
    var modelVM = ServiceFactory.New<MyModel>();
    /..
    return View(modelVM);
    }

    [HttpPost]
    public virtual ActionResult MyResource(MyModel modelVM)
    {
    /..
    return View(model);
    }
    I get an error:"Method MyResourcehas already been configured for action Home" when requesting: http://localhost:32529/Direct/Api

  6. #246
    Sencha User
    Join Date
    Jan 2008
    Location
    Toronto, Canada
    Posts
    480
    Vote Rating
    4
    elishnevsky is on a distinguished road

      0  

    Default


    Because Ext.Direct.Mvc generates proxy methods in JavaScript for all your controller actions. And if you have multiple methods with the same name, Ext.Direct wouldn't know which one to call. On the client method names must be unique. If you absolutely have to have actions with the same name on the server, then give them different aliases by marking them with ActionName attribute. Ext.Direct.Mvc will use them instead of the actual method names when it generates client-side proxy methods.

  7. #247
    Sencha Premium Member
    Join Date
    Sep 2008
    Posts
    710
    Vote Rating
    5
    Bucs is on a distinguished road

      0  

    Default


    I am playing around with setting up an MVC project with Ext.Direct.Mvc. I have split my projects into Controller, Model, and Web projects. I have added the ext.direct section to the Web.config of the Controller project and added the script tag to the header section of the Default.aspx in the Web project. But where does the call "Ext.Direct.addProvider(Ext.app.REMOTING_API);" supposed to go? I tried to put it in the Application_Start of the Global.asax of the Controller project but there is no addProvider method in the Ext.Direct namespace? What am I doing wrong here, am I using the wrong version of the Ext.Direct.Mvc (downloaded from 1st page "latest") for .Net 4.0?

    Thanks for your help and this MVC direct stack!

    UPDATE: Ooops, ok...in the OnReady of the JS files to access the API...duh.

  8. #248
    Sencha User
    Join Date
    Jan 2008
    Location
    Toronto, Canada
    Posts
    480
    Vote Rating
    4
    elishnevsky is on a distinguished road

      0  

    Default


    Quote Originally Posted by Bucs View Post
    Thanks for your help and this MVC direct stack!

    UPDATE: Ooops, ok...in the OnReady of the JS files to access the API...duh.


    You are welcome.

  9. #249
    Sencha Premium Member
    Join Date
    Sep 2008
    Posts
    710
    Vote Rating
    5
    Bucs is on a distinguished road

      0  

    Default


    Well, I'm trying to work my way through this without bothering you guys by looking at the demo, but still having some issues.

    Not really understanding the "<script type="text/javascript" src="/Direct/Api"></script>" code. I have put that ref in my main aspx file (head section) in my UI Web project, knowing that it is supposed to generate the client side proxy. But do I have to manually create this directory structure in the web project first, so the code can generate and store the proxy there, or is that done on the fly?

    Also, how do I know if there is a problem generating the proxy? Right now I am getting an error on the addProvider method of ext-all.js, leading me to believe that the proxy generation is blowing up or something. Looks like the provider param is null when passes into the addProvider method. Kinda stuck here in trying to figure out what the problem is with generating the proxy.

    Also, is the latest Ext.Direct router compatible with ExtJS ver 3.3? That is what I am using.

    Any help greatly appreciated! Thx....

  10. #250
    Sencha Premium Member
    Join Date
    Sep 2008
    Posts
    710
    Vote Rating
    5
    Bucs is on a distinguished road

      0  

    Default


    Ok, guess the best way to learn is first completely confuse the cr#p out of yourself, then slowly work back towards the light. I was getting so concerned with separation of responsibilities that I had my controllers in one MVC project and the web UI in another ASP.NET project thinking that I need to separate my controllers from the UI. However, this essentially creates two webs which is not smart as this was confusing the script ref to the API as it was trying to ref the API which was essentially being served by a separate web. If you must separate your controllers out, do it the smart way (as suggested by dan_b) which is to make them class libraries.

    I love publishing my idiocracy...but who knows, it might helps others in the same boat

film izle

hd film izle

film sitesi

takipci kazanma sitesi

takipci kazanma sitesi

güzel olan herşey

takipci alma sitesi

komik eğlenceli videolar