locked
User only Edit RRS feed

  • Question

  • User1610544847 posted

    OK This may be very simple and I just can't find it or, it's very difficult! Here goes

     I want a user to have a personal area of my website, like a kind of Profile area, I want only them to be able to edit it but everyone be able to view it.

     I have set up two pages, one Profile_view.aspx and profile_edit.aspx each profile.

     So the questions

    1. How to I link the database entry to a specific user?

    2. How do i show the edit button only if that user is the owner

    3. How do I secure the Profile_edit page so that only the owner can see it.

     Any help or pointers would be much appreciated! :-)

    Wednesday, October 25, 2006 8:53 AM

All replies

  • User300685930 posted

    Not sure which control you are trying to protect, but say it were a gridview and you were trying to let only one user enter edit mode.  My solution would to put something like this in page_load

    protected void Page_Load(object sender, EventArgs e)
        {
            if (Roles.IsUserInRole("admin"))
            {
                GridView1.AutoGenerateEditButton = false;
            }


        }

    Wednesday, October 25, 2006 10:31 AM
  • User1610544847 posted

    I only want the member whoms profile it is to be able to edit the page

    Dave has a profile and he wants to edit it, so when he clicks on Edit profile it takes him to

    website/Profile_edit.aspx?userid=dave

     but if someone types in website/Profile_edit.aspx?userid=dave they can't see the page as they are not Dave.

    Wednesday, October 25, 2006 10:42 AM
  • User300685930 posted

    in the Page_Load event you could put code something like this:

     

    if (QueryString["userid"].equals(Context.Users.Identity.Name)...)

    {

    response.direct("~/BadUser.aspx")
     

    Wednesday, October 25, 2006 10:50 AM
  • User1610544847 posted

    in the Page_Load event you could put code something like this:

     

    if (QueryString["userid"].equals(Context.Users.Identity.Name)...)

    {

    response.direct("~/BadUser.aspx")
     

     

    I  think I understand that!

     Now what about actually linking the tables first?

    Wednesday, October 25, 2006 10:58 AM
  • User300685930 posted
    not exactly sure what you mean by profile area.  Do you have a separate table with a foreign key to Identity.Name?  Are you talking about the Profile feature in asp.net?  I'm a little confused.
    Wednesday, October 25, 2006 11:07 AM
  • User2069888697 posted

    If you are using an sqldatasource you can build the sql statement in the grid view pre-render

     If SelectedUser Is Nothing Then
                SelectedUser = lblUser.Text
            End If
            Dim UserName1SQL As String
            UserName1SQL = "SELECT dbo.aspnet_Users.UserName, dbo.aspnet_Membership.Email, MemberInfo.firstname, MemberInfo.lastname, MemberInfo.phone, MemberInfo.address, dbo.aspnet_Membership.IsApproved, dbo.aspnet_Membership.IsLockedOut, dbo.aspnet_Membership.CreateDate, dbo.aspnet_Membership.LastLoginDate, dbo.aspnet_Membership.Comment FROM dbo.aspnet_Membership INNER JOIN dbo.aspnet_Users ON dbo.aspnet_Membership.UserId = dbo.aspnet_Users.UserId INNER JOIN MemberInfo ON dbo.aspnet_Users.UserId = MemberInfo.memberid WHERE (dbo.aspnet_Users.UserName = '" & SelectedUser & "')"
            SqlDataSource6.SelectCommand = UserName1SQL

    If you look at the default statement below it has Admin 1 as the username, but if a different username is in the lblUser (Label with hyperlink) then it replaces the default select statement with the one in the prerender.

     

     <asp:SqlDataSource ID="SqlDataSource6" runat="server" ConnectionString="<%$ ConnectionStrings:ClubSiteDB %>"
                            SelectCommand="SELECT dbo.aspnet_Users.UserName, dbo.aspnet_Membership.Email, MemberInfo.firstname, MemberInfo.lastname, MemberInfo.phone, MemberInfo.address, dbo.aspnet_Membership.IsApproved, dbo.aspnet_Membership.IsLockedOut, dbo.aspnet_Membership.CreateDate, dbo.aspnet_Membership.LastLoginDate, dbo.aspnet_Membership.Comment FROM dbo.aspnet_Membership INNER JOIN dbo.aspnet_Users ON dbo.aspnet_Membership.UserId = dbo.aspnet_Users.UserId INNER JOIN MemberInfo ON dbo.aspnet_Users.UserId = MemberInfo.memberid WHERE (dbo.aspnet_Users.UserName = 'Admin1')">
                        </asp:SqlDataSource>

     

    Hope this helps 

    Wednesday, October 25, 2006 11:42 AM
  • User1610544847 posted
    A seperate table that holds profile details, in this case it would be for dj's to hold further details about themselves
    Wednesday, October 25, 2006 12:24 PM