|
So I'm working in this MVC project of mine which will be quite large. I went ahead and created a separate DLL for the Data Access Layer instead of including it in the MVC project.
Then I have all these custom programs, so I created another DLL and separated those programs I had in the App_Code folder to the new DLL. I also took all the SQL Linq statements and put them there as well. So all of the Service References, Business Logic is there now.
I have these Models like the example below.
public class AdminLoginModel
{
[Required]
[Display(Name = "Account Name")]
[PlaceHolder("Enter your account name")]
public string AccountName { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "Password")]
[PlaceHolder("Enter your secure password")]
public string Password { get; set; }
public DateTime LoginDate { get; set; }
public string IPAddress { get; set; }
}
I understand that the stuff like Required are System.ComponentModel.DataAnnotations. And I was previously using the model above to send to the SQL Linq request to populate the date for the model.
So my question:
But do I have to? I'm still new to MVC, and I remember thinking oh how cool, I can just send the model and populate it, but now I don't want to do that anymore, and I can't remember how I was doing it in the beginning.
Are the DataAnnotations like a Razor thing? Or Validation Thing?
I'm trying to keep it clean this time, and don't want to dump it all together into one basket.
I want to store all the classes I use to project data in the common DLL, and perhaps storing these models there as well.
I was looking at the Owin or Identity example, and it seems that it stores the models in it's DLL and not in the MVC project, Which seems more straight forward to me.
I just wanted to check before I make more modifications that may not be good practice to do.
|
|
|
|
|
I figured out that I can place all my models in a separate DLL class, that I called Entities, and that I can just reference the namespace of models in the controller or view. And in the Models, I can just reference data annotations, and place interfaces in it like Placeholder and extensions like list helpers to populate dropdownlist.
So I was able to get all of my code out of the App_Data folder. And I guess I need the Razor to access Model collections in the view.
So I created 4 more project for my MVC app. Took awhile to figure it out, lots of experimenting as well. And I dumped the Owin Security Model and set it to false.
DataAccessLayer.Dll - My Data Access Layer Models and Seeds
Entities.Dll - My MVC Models, extensions and interfaces
Services.Dll - Service References to Web Services
Common.Dll - Encryption, Email Senders, and stuff
MVC Project.
|
|
|
|
|
Currently I am having one url with www.domainname/countrycode
1.at present my countrycode is default lets say Uk.
2.my requirment is according to my country location my url should append with countrycode.
Ex: if I type url from India ---> www.domainname.com/in
from UK --> www.domainname.com/uk
|
|
|
|
|
webforms or mvc? You have also posted this in the js forum so are you wanting a server-side solution or not? Don't spam the boards with multiple vague questions in the hope that something hits, be specific in what you're asking.
|
|
|
|
|
Hello
When it comes to a user who has forgotten his password while trying to log-on, for example, one way of him (not the administrator) resetting his password is to ask him to complete a field asking for his username or email, or both, and then sending him a link and 'token' to do so.
What is meant by 'token', please?
Thanks.
|
|
|
|
|
You could set a temporary password for the user, then set the password to expire immediately. This would allow the user to log into the system using the temporary password but would force him to change his password immediately.
In this case, the "token" would be the temporary password you have set for the user. The token is a randomly created string of letters and numbers.
|
|
|
|
|
Bad idea - now anyone who knows the username can lock the user out of their account by constantly requesting a temporary password.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
The token is usually just a random string which an attacker wouldn't be able to guess. A GUID would be a simple example.
Make sure the token is time-limited, and is deleted as soon as the user has reset their password.
It's probably a good idea to only store the hash of the token in the database, to ensure that a hacker with read access to the database couldn't reset arbitrary accounts.
Troy Hunt has a good article which covers some of the other issues you'll want to think about:
Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Many thanks to you both and for the link.
I will take a look at it now.
Would it be simpler (ie no time limit) to send a link to the user's email?
Thanks again
|
|
|
|
|
You have to send the link to the user's email. If you just display the link when the reset is requested, then anyone can reset the password for any account.
The link has to be unique for each reset request, and must not be guessable.
The link should only be valid for a short time (a few hours, or a day at most). Providing a link with no time limit makes it easier for hackers to guess the link. Make sure you store the expiration date in the database, not in the link!
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks again, Richard.
I came across this sample code yesterday that uses such a link:
In my log-in aspx jay time_ version
strBody.Append(("Click here to change your password")
Can I ask, is the link above generated at random
Thanks!
|
|
|
|
|
I don't know, because I can't see the code.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
It's this:
Protected Sub btnForgot_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnForgot.Click
Dim ConnectionString As String = "Data Source=|DataDirectory|students.mdb"
Dim uniqueCode As String = String.Empty
Using conn As New OleDbConnection(ConnectionString)
Using cmd As OleDbCommand = conn.CreateCommand
Try
Dim dr As OleDbDataReader
'Records to match the supplied email (strEmail)
cmd = New OleDbCommand("SELECT * FROM university WHERE strEmail = @strEmail")
conn.Open()
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text.Trim())
cmd.Parameters.AddWithValue("@strEmail", Convert.ToString(strEmail.Text.Trim()))
cmd.Parameters.AddWithValue("@uniqueCode", uniqueCode)
cmd = New OleDbCommand("UPDATE university SET uniqueCode=@uniqueCode where strEmail = @strEmail", conn)
If dr.HasRows Then
dr.Read()
'generate uniqueCode
uniqueCode = Convert.ToString(System.Guid.NewGuid())
End If
dr = cmd.ExecuteReader()
cmd.ExecuteNonQuery()
conn.Close()
cmd.Dispose()
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Using
End Using
'Update the unique random code in the uniqueCode field of the database table
Dim strBody As New StringBuilder()
strBody.Append("<a href=http://localhost:2464/SampleApplication/ResetPasswordVB.aspx?emailId=" + strEmail.Text & "&uniqueCode=" & uniqueCode & ">Click here to reset your password</a>")
SMTP code follows
I know there are some errors. It's that line with localhost:2464 that I was referring to.
Thanks
|
|
|
|
|
Member 8761667 wrote: I know there are some errors.
You're not kidding! 
I don't think there's a need to pass the email address in the link; you should be able to look up the record based purely on the unique code.
Something like this should work:
Protected Sub btnForgot_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnForgot.Click
Const ConnectionString As String = "Data Source=|DataDirectory|students.mdb"
Dim uniqueCode As String = Guid.NewGuid().ToString("N")
Dim recordExists As Boolean = False
Using conn As New OleDbConnection(ConnectionString)
Using cmd As OleDbCommand = conn.CreateCommand()
cmd.CommandText = "UPDATE university SET uniqueCode = @uniqueCode WHERE strEmail = @strEmail"
cmd.Parameters.AddWithValue("@uniqueCode", uniqueCode)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text.Trim())
conn.Open()
Dim recordsAffected As Integer = cmd.ExecuteNonQuery()
If recordsAffected <> 0 Then recordExists = True
End Using
End Using
If recordExists Then
Dim builder As New UriBuilder(Request.Url)
builder.Path = VirtualPathUtility.ToAbsolute("~/ResetPasswordVB.aspx")
builder.Query = "uniqueCode=" & HttpUtility.UrlEncode(uniqueCode)
Dim link As String = builder.Uri.ToString()
...
End If
End Sub
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Wow!
I feel as if I have been hit by Mike Tyson! What a wake up call.
It's my first attempt at it in my defence, but your code is so neat and makes easy reading even though I don't yet understand every line.
I will go through it and research a bit things I am hazy about (especially after that knockout blow!) and when it's all up and running I will post back so that you can admire your craft.
Many thanks, Richard, I am so grateful.
|
|
|
|
|
Hello Richard
Just a quick question about the code you kindly sent to me.
It concerns this line here:
Dim recordExists As Boolean = False
Is there a reason this is not 'true'? Either the user exists in the database or not. If he does, then he gets sent the link; if not, he should register. Isn't it as black and white as that?
If Boolean is set to false, doesn't that suggest that it is unimportant whether he exists or not?
Thanks
|
|
|
|
|
You need to know whether the record exists to know whether you're going to send a "forgotten password" email or a "register" email.
The flag is initially set to False because the code later updates it to True if the record was found. You could reverse that logic, but I think it makes more sense as it is.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: store the expiration date in the database, not in the link!
Or encrypt it and put it in the link. 
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Thanks, Ryan
Adding a Date/Time column to Access sounds a bit easier!
But thanks for suggesting an alternative!
|
|
|
|
|
Hi All,
I am using CodeSmith NetTier generator for the my DAL generation, I have set the ServiceClassNameFormat field to : {0}Service, but still it not generating the class names with Service Suffix, as I am just maintaining the application, changing the name is giving lots of errors.
Can anybody help me in fixing this, I am in need as I am new to the CodeSmith, I am googling too, still its not of much help. Any help a suggestion or code snippet or even a link would be greatly helpful.
Thanks in advance.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
touch screen application in C++
|
|
|
|
|
1) Your "query" isn't a query at all.
2) You've already posted this and surprisingly had an answer that points you in the right direction
3) This isn't a C++ forum
|
|
|
|
|
Instead of posting non-questions in the wrong forum here, you should post those words into Google, and learn how to do basic research for yourself.
|
|
|
|
|
Once again: read this[^], and pay particular attention to point 2.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I want a solution for validating weakly typed model.
not by using jquery validations,angular js, not by combining all the models to a single model
i want validation to to be done on .cshtml page
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
