A simple template design for web application

• Download demo project - 19 Kb

Introduction

This article gives some very basic approach for designing a scalable, maintainable and extensible web application using ASP.NET and OOP approach.

Defining the Base Classes for the Application

It�s very common to have almost all the web applications to have some valid user authentication while accessing the pages. The authorization and authentication can be set in the web config file for the application. To be more intuitive we can think of having some base Secured Web Page class which can handle the validation and log on with out the developer having to handle the code for the validation on each of the page that is developed. (And also we can have a Non Secured Page Base class from which the non secured pages in the application can be derived from). To implement this approach declare a class file as follows:

"MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify">
public class SecuredWebPage: System.Web.UI.Page

{

"MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify">public SecuredWebPage()
   {}
   public void OnInit( System.Web.UI.Page Page)
   {
      if (Page.Session["CustomSession"] == null)
      {
        Page.Response.Redirect ("LogOn.aspx?CallingPage=" + Request.RawUrl );
      }           
   }
}

public class NonSecuredWebPage: System.Web.UI.Page
{
   public NonSecuredWebPage()
   {}
   public void OnInit(System.Web.UI.Page Page)
   {
      if (Page.Session["GenericSession"] == null)
      {
         GenericSession genericSession = new GenericSession();
         genericSession.User = "Ananymous";
         Page.Session["GenericSession"] = genericSession;
      }
}

The above two classes accepts the Web UI Page as the argument on the Init event and checks for the Valid Session and either redirects or sets the values as needed. Checking this valid Session can completely customized as per the business needs. But to have more robust Session which can be more organized and maintainable we can have a Session class defined and set the appropriate properties of the class and store the class in Session.

For example we can store the User Logon name / Password / Id / Connection Strings etc.

Defining the Session Class:

public class CustomSession
{
   private string mstrUser = "";
   private string mstrPassword = "";
   public CustomSession()
   {}
   public string User
   {
      get{ return mstrUser;}
      set {mstrUser = value;}
   }
   public string Password
   {
      get {return mstrPassword;}
      set {mstrPassword = value;}
   }
}

public class GenericSession
{
  private string mstrUser = "";
  public string User
  {
     get{ return mstrUser;}
     set {mstrUser = value;}
  }
}

In the Session class there are two classes one for all the secured session information and the other one for generic session information if any needed on non secured pages. This Session class can be extended to add the connection string information / the access level information and so forth. All this Session values will be set while the user is logging on to the application.

Now the pages in the application will be inherited either from the Secured Web page or the non secured web page.

The secured web page sample code is given below:

Defining the Web pages in the application:

public class WebForm1 : Ez.SecuredWebpage

{
   private void Page_Load(object sender, System.EventArgs e)
   {
      CustomSession customSession = (CustomSession) Session["CustomSession"];
      Response.Write ("The Page is logged on with User - ");
      Response.Write(customSession.User);
      Response.Write ("<BR>");
      Response.Write ("and the password is ");
      Response.Write (customSession.Password);
   }

   override protected void OnInit(EventArgs e)
   {
       base.OnInit(this);
   }
}

public class WebForm3 : Ez.NonSecuredWebPage 
{   
   private void Page_Load(object sender, System.EventArgs e)   
   {      
      GenericSession genericSession = (GenericSession) Session["GenericSession"];      
      Response.Write ("The Page is  a non secured page logged on with User - ");      
      Response.Write(genericSession.User);   
   }    

   override protected void OnInit(EventArgs e)   
   {      
      base.OnInit(this);   
   }
}

Through this above approach the web pages if derived from any of the two base page classes that are defined will handle the session and the log on. The developers don�t have to have the code for checking the valid credential and redirecting to the log on pages on all the pages in the application. This approach not only handles the navigation of the pages from the application but also will also handle if the user tries to access any page in the application by typing in the url. The log on page used in this example is a aspx page derived from default System.Web.UI.Page. That will handle the validation for the logg on and saving the appropriate session. The code used in this sample just sets the Custom Session properties.

Expanding the design scope across many applications

If the web project is to handle many applications the above approach can be extended to have the applications in separate folder and the base class and session in some common folder. The individual projects can have their own intermediate base class which derives from the Base Class described above. From different applications when the base class is invoked we can set the attributes for the class and depending on the attribute values that�s set the base class can be modified to set the session properties that should be uniquely available for the application accessed. For example from one application if you are moving to a page in another application which requires different access level or different connection to the database that can be handle here. And user can be redirected to the page or log on page as necessary.

And also more the applications and the pages it�s always better to have more modularized approach in the design. For example have all the utility access code like file I/O or registry access defined in the common folder of the project and reference it in the individual applications. That way all the code will be in one place. As far as the data access even if it�s using the straight ADO just encapsulate in a class and access that class from the application. That way we will have the base set for the OOP and we can customize that in class (for example we can implement filling the dataset) and the calling code will have just call that function without having to have all the code for filling the ADO dataset.

The above approach is an effort to define a scalable, maintainable web application development implementing OOP. Depending on the need this approach can be modularized more and developing the complex web applications can be achieved with little less effort.

Conclusion

The above approach is an effort to define a scalable, maintainable web application development implementing OOP. Depending on the need as explained above this approach can be modularized more and developing the complex web applications can be achieved with little less effort. The complete source code used in the sample application is attached in the link.This sample doesn't implement any complicated codes. It provides the approach that can be considered while designing the web application.