CodeProject: Anonymous Personalization Trick in Web Parts. Free source code and programming help

Report Article

Discuss

Send to a friend

15 votes for this Article.

Popularity: 4.06 Rating: 3.45 out of 5

Introduction

ASP.NET 2.0 provides a Web Parts framework, allowing programmers to easily integrate drag ’n drop menus etc. in their web portals. This framework is easy to use and all client based design settings are stored by ASP.NET data providers in an easy way. The developer has nothing to do with the save or load process of Web Parts design based settings. This article will not cover how we can use Web Parts. It’s possible to find lots of articles around the web about Web Parts.

ASP.NET 2.0 Web Parts framework works with the Membership framework as well as the Forms or Windows authentication modes. The problem is that, if you don’t want to use any authentication mode, you can’t use Web Parts. The client user, who will able to change the web site's design with Web Parts, should be authenticated. If not authenticated, the ASP.NET Web Parts framework can’t save users' design settings with data providers and for that reason can’t allow even to switch design modes.

The Idea

If we just need that all users connecting to our web site be authenticated, we need to register all users to our web site's authentication system. We will use Forms Authentication and provide some tricky ways. Users will be registered with our site in a hidden way with some cookie. We will recognize our visitors with their cookie and authenticate them automatically to get Web Parts design options available for them.

Using Hidden Authentication

First, we will set up our web site for Forms Authentication. You just need to modify your Web.Config file as below:

        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="Forms" />

We will provide for each visitor a cookie to recognize the user's identity to be able to show them their design settings. We need an identity name for each visitor. We will create a random guide number to use as identity.

Dim MyCookieName As String = "Reminder"
Dim MyCookie As System.Web.HttpCookie = Request.Cookies(MyCookieName)
Dim UserID As String
UserID = System.Guid.NewGuid.ToString.Replace("-", "")
MyCookie = New System.Web.HttpCookie(MyCookieName, UserID)
MyCookie.Expires = DateTime.Now.AddYears(10)
Response.Cookies.Add(MyCookie)

Our cookie name is “Reminder”. You can change the name for your projects. Our Cookie data is the random guide name “UserID” that we generated using .NET Framework's “System.Guid.NewGuid” class. Now we can programmatically recognize our visitors each time they visit our web portal.

We should now authenticate our user with his GUID name "UserID" to our Forms Authentication system. In a normal situation ASP.NET uses cookies to store Forms Authentication data. We will just simulate that process manually.

Dim authTicket As FormsAuthenticationTicket = _
    New FormsAuthenticationTicket(1, UserID, DateTime.Now, _
    DateTime.Now.AddSeconds(30), False, "roles")
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)

Now our user is authenticated to our web site with Forms Authentication and can access Web Parts design properties.

We will have lots of visitors designing our web site for themselves and then just never visit again our web site or just delete their cookie and loose their identity as well as their design settings. So why do we need to store all visitor design settings if they haven’t visited our web site since last year? With the code below we connect manually to the ASP.NET Membership data store and delete users settings and profile manually, checking the last activity date of the user.

Dim LastDate As Date = Date.Now.AddYears(-1)

Dim cnn As System.Data.SqlClient.SqlConnection = New _
  System.Data.SqlClient.SqlConnection(_
  ConfigurationManager.ConnectionStrings("LocalSqlServer").ConnectionString)
Dim cmd As System.Data.SqlClient.SqlCommand

cmd = New System.Data.SqlClient.SqlCommand("DELETE FROM" & _ 
      " aspnet_PersonalizationPerUser where UserID IN " & _ 
      "(SELECT UserID from aspnet_Users where " & _ 
      "[LastActivityDate] < @Date)", cnn)
cmd.Parameters.Add("@Date", Data.SqlDbType.DateTime)
cmd.Parameters.Item("@Date").Value = LastDate
Try
    cnn.Open()
    cmd.ExecuteNonQuery()
Catch ex As Exception
Finally
    cnn.Close()
End Try

cmd = New System.Data.SqlClient.SqlCommand("DELETE FROM" & _ 
      " aspnet_Users where [LastActivityDate] < @Date", cnn)
cmd.Parameters.Add("@Date", Data.SqlDbType.DateTime)
cmd.Parameters.Item("@Date").Value = LastDate
Try
    cnn.Open()
    cmd.ExecuteNonQuery()
Catch ex As Exception
Finally
    cnn.Close()
    cmd.Dispose()
    cnn.Dispose()
End Try

The complete solution is as below:

Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)

If Page.IsPostBack = False Then
    Dim authCookie As HttpCookie = _
        Request.Cookies(FormsAuthentication.FormsCookieName)
    If authCookie Is Nothing Then
        Dim MyCookieName As String = "Reminder"
        Dim MyCookie As System.Web.HttpCookie = _
                     Request.Cookies(MyCookieName)
        Dim UserID As String
        If MyCookie Is Nothing Then
            UserID = System.Guid.NewGuid.ToString.Replace("-", "")
            MyCookie = New System.Web.HttpCookie(MyCookieName, UserID)
            MyCookie.Expires = DateTime.Now.AddYears(10)
            Response.Cookies.Add(MyCookie)
        Else
            UserID = MyCookie.Value
        End If
        Dim authTicket As FormsAuthenticationTicket = New _
          FormsAuthenticationTicket(1, UserID, DateTime.Now, _
          DateTime.Now.AddSeconds(30), False, "roles")
        Dim encryptedTicket As String = _
            FormsAuthentication.Encrypt(authTicket)
        authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
                                                        encryptedTicket)
        Response.Cookies.Add(authCookie)
        Response.Redirect(Request.Url.ToString)
    End If
    
    Dim LastDate As Date = Date.Now.AddYears(-1)
    
    Dim cnn As System.Data.SqlClient.SqlConnection = New _
      System.Data.SqlClient.SqlConnection(_
      ConfigurationManager.ConnectionStrings(_
      "LocalSqlServer").ConnectionString)
    Dim cmd As System.Data.SqlClient.SqlCommand
 
    cmd = New System.Data.SqlClient.SqlCommand("DELETE FROM" & _ 
          " aspnet_PersonalizationPerUser where UserID IN " & _ 
          "(SELECT UserID from aspnet_Users where " & _ 
          "[LastActivityDate] < @Date)", cnn)
    cmd.Parameters.Add("@Date", Data.SqlDbType.DateTime)
    cmd.Parameters.Item("@Date").Value = LastDate
    Try
        cnn.Open()
        cmd.ExecuteNonQuery()
    Catch ex As Exception
        Response.Write(ex.Message)
    Finally
        cnn.Close()
    End Try
    
    cmd = New System.Data.SqlClient.SqlCommand("DELETE FROM" & _ 
          " aspnet_Users where [LastActivityDate] < @Date", cnn)
    cmd.Parameters.Add("@Date", Data.SqlDbType.DateTime)
    cmd.Parameters.Item("@Date").Value = LastDate
    Try
        cnn.Open()
        cmd.ExecuteNonQuery()
    Catch ex As Exception
        Response.Write(ex.Message)
    Finally
        cnn.Close()
        cmd.Dispose()
        cnn.Dispose()
    End Try
End If

End Sub

The scenario starts with checking the Forms Authentication cookie. If we have already authenticated the user, we need not do anything. If there isn’t the Forms Authentication cookie, we check further if we have got our identity cookie. If there is an identity cookie “Reminder”, we can load the user's identity and authenticate it with Forms Authentication. This way, all users' old design settings comes automatically to our web portal. If the user doesn’t have our “Reminder” cookie, we create an identity and store it for that user and authenticate it with the new identity to the authentication system.

After having done all this process, we check for old users and delete the ones which don’t have at least one year activity on the web portal.

Conclusion

You just need to use this system on the "Page_Load" event of your web forms where you are using web parts design properties. Have fun using this tricky method on your future portal developments.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Daron Yndem

Daron Yöndem is an ASP.NET MVP and INETA Turkey Lead. He is the founder of DEVELOAD Software & Design; a local ISV specialized on RIA development, Silverlight and WPF. Daron has two books about ASP.NET AJAX published in Turkish and is a chronic writer in Turkish press including IT Magazines. He is the software editor of PC Magazine Turkey, a monthly journal. Moreover Daron is a Silverlight editor at the official Microsoft Turkey Developer Community Web Site called yazgelistir.com and Silverlight/VB.NET Editor at nedirTV.com, an INETA UG. He is constantly hosting seminars, training sessions at various universities and private sector.

Blog:http://daron.yondem.com

Occupation:	Web Developer
Location:	Turkey

Other popular ASP.NET articles:

Multiple File Upload With Progress Bar Using Flash and ASP.NET
How to use Flash to upload multiple files in a medium-trust hosting environment
CAPTCHA Image
Using CAPTCHA images to prevent automated form submission.
10 ASP.NET Performance and Scalability Secrets
10 easy ways to make ASP.NET and AJAX websites faster, more scalable and support more traffic at lower cost
Paging of Large Resultsets in ASP.NET
An article about optimization and performance testing of MS SQL Server 2000 stored procedures used for paging of large resultsets in ASP.NET
File Upload with ASP.NET
This article shows you how work with uploading of the files using ASP.NET and C#.

Article Top

You must Sign In to use this message board.

Msgs 1 to 22 of 22 (Total in Forum: 22) (Refresh)

FirstPrevNext

Which catalog(database) is used in this article?

PadmaDarji

3:19 30 Sep '08

hi Your article is so fentastic. I have one question in connenction string (LocalSqlServer) which catalog(database) is used? Thanks by me
Sign In·View Thread·PermaLink

Nice Article

sundeep38

5:30 29 Aug '08

It helped me a lot. Thanks Daron!
Sign In·View Thread·PermaLink

Thanks a lot!

jeevansd

23:59 10 Jun '08

Hi, Great Article. It helped me a lot. Thanks for guiding. Keep it up. Thanks Jeevan Desarda Software Developer
Sign In·View Thread·PermaLink

"Personalization is not enabled and/or modifiable" error (I guess the Cookie is expired?) [modified]

Raxxa_

3:02 28 Apr '08

Hello,

I'm using C# and I've also added a statement in Page_Load where I set the DisPlayMode of the WebPartManager to "DesignDisplayMode". This is because I want my page to load in designmode as the default mode. But I keep getting the following error if I wait a while between every drag n drop of my my web parts:
Personalization is not enabled and/or modifiable. The Enabled property must be set to true, and a registered personalization provider must be selected. The current user must be granted the right to modify personalization state.

I'm guessing this is because the FormsAuthenticationTicket has expired. If I keep dragging & dropping my web parts constantly this problem won't occour, but if i stop for a while and try drag & drop again I get the error message above. I know it has to do with my statement where I set the "DesignDisplayMode" and I've tried moving it around in several ways, but it just won't work anyway! (I even removed it entirely from Page_Load and made a button to switch to designmode, but that didn't work either!)

The only thing that solves my problem is to remove the "if (!Page.IsPostBack)" check and let the FormsAuthenticationTicket be renewed every time the page is loaded. But that's not how this trick was ment to work...so...I can't see why no one else ever experienced the same problem?)

Please help!



protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
        {

            //*********** Enable anonymous web parts personalization ************************//
            HttpCookie authCookie = Request.Cookies.Get(FormsAuthentication.FormsCookieName);
            if (authCookie == null)
            {
                string MyCookieName = "Reminder";
                HttpCookie MyCookie = Request.Cookies.Get(MyCookieName);
                string UserID;
                if (MyCookie == null)
                {
                    UserID = System.Guid.NewGuid().ToString().Replace("-", "");
                    MyCookie = new HttpCookie(MyCookieName, UserID);
                    MyCookie.Expires = DateTime.Now.AddYears(10);
                    Response.Cookies.Add(MyCookie);
                }
                else
                {
                    UserID = MyCookie.Value;
                }
                FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, UserID, DateTime.Now, DateTime.Now.AddSeconds(30), false, "roles");
                Session["Expired"] = authTicket.Expiration.ToString();
                string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                Response.Cookies.Add(authCookie);
                Response.Redirect(Request.Url.ToString());
            }

//****** the code for deleting old user data goes here ***************//

     WebPartManager1.DisplayMode = WebPartManager.DesignDisplayMode;

  }//end of if(!Page.IsPostBack)

 WebPartManager1.DisplayMode = WebPartManager.DesignDisplayMode

}//end of Page_Load

modified on Monday, April 28, 2008 8:21 AM

Thanks

semgoksu

11:58 26 Apr '08

Thanks daron ))
Sign In·View Thread·PermaLink

Easier with Authentication Mode "Windows"?

samtaz

5:16 17 Aug '07

All I do is add the following to my web.config:

<?xml version="1.0"?>
<configuration>
   ...
   <system.web>
      ...
      
      <authentication mode="Windows" />
      <identity impersonate="true" userName="[IIS_Server_Domain]\[Some_User]" password="[User_Password]" />
      <roleManager enabled="true" />
      ...
   </system.web>
   ...
</configuration>

Now IIS impersonates the given windows user for every page call, and web parts works just fine! Big Grin

-Sam

2.00/5 (1 vote)

I get error "User does not have permission to perform this action"

Goran___

1:01 25 May '07

FOA -- Very nice trick During first: Try cnn.Open() <------------------ HERE !!! cannot open connection cmd.ExecuteNonQuery() Catch ex As Exception Finally cnn.Close() End Try I'm using standar connectionstring: ("LocalSqlServer"): data source=.\SQLEXPRESS;Integrated security=SSPI;AttachDBFilename=\|DataDirectory\|aspnetdb.mdf;User Instance=true Please help... Regards
Sign In·View Thread·PermaLink

Sql Command Suggest

tychi

1:59 2 Apr '07

IF we use following sql command text, we can use just single SqlCommand without parameter. DELETE FROM aspnet_PersonalizationPerUser WHERE UserID IN (SELECT UserID from aspnet_Users where LastActivityDate < DATEADD(YEAR, -1, GETDATE())); DELETE FROM aspnet_Users WHERE LastActivityDate < DATEADD(YEAR, -1, GETDATE())
Sign In·View Thread·PermaLink

Re: Sql Command Suggest

Daron Yöndem

4:39 25 Apr '07

Yup, thanks for the contribution
Sign In·View Thread·PermaLink

C# Code

cavedog6

8:35 12 Dec '06

Here is the C# code for the first part in case anyone needs it. I didn't need the part that deletes records so I didn't code it.


protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            HttpCookie authCookie = Request.Cookies.Get(
                FormsAuthentication.FormsCookieName);

            if (authCookie == null)
            {
                string MyCookieName = "Reminder";
                HttpCookie MyCookie = Request.Cookies.Get(MyCookieName);
                string UserId;
                if (MyCookie == null)
                {
                    UserId = System.Guid.NewGuid().ToString().Replace("-", "");
                    MyCookie = new HttpCookie(MyCookieName, UserId);
                    MyCookie.Expires = DateTime.Now.AddDays(1);
                    Response.Cookies.Add(MyCookie);
                }
                else
                {
                    UserId = MyCookie.Value;
                }
                FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                    1, UserId, DateTime.Now, DateTime.Now.AddSeconds(30),
                    false, "roles");
                string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                authCookie = new HttpCookie(
                    FormsAuthentication.FormsCookieName, encryptedTicket);
                Response.Cookies.Add(authCookie);
                Response.Redirect(Request.Url.ToString());
            }
        }
    }

Re: C# Code

Daron Yöndem

3:58 22 Dec '06

Thanks for support
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

Re: C# Code completed [modified]

samtaz

0:57 17 Aug '07

Completed the C# translation, havent really tested this yet, but seems to work:


protected void Page_Load(object sender, EventArgs e)
{
                 // allow anonymous personalization of web parts
                if (!Page.IsPostBack)
                {
                    HttpCookie authCookie = Request.Cookies.Get(
                    FormsAuthentication.FormsCookieName);

                    if (authCookie == null)
                    {
                        DateTime LastDate = DateTime.Now.AddYears(-1);

                        System.Data.SqlClient.SqlConnection cnn =
                                new System.Data.SqlClient.SqlConnection(
                                    ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString);

                        System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(
                            "DELETE FROM aspnet_PersonalizationPerUser where UserID IN " +
                              "(SELECT UserID from aspnet_Users where [LastActivityDate] < @Date)", cnn);
                        cmd.Parameters.Add("@Date", System.Data.SqlDbType.DateTime);
                        cmd.Parameters["@Date"].Value = LastDate;
                        try
                        {
                            cnn.Open();
                            cmd.ExecuteNonQuery();
                        }
                        catch (Exception loginE)
                        {
                            Response.Write(loginE.Message);
                        }
                        finally
                        {
                            cnn.Close();
                        }

                        cmd = new System.Data.SqlClient.SqlCommand(
                              "DELETE FROM aspnet_Users where [LastActivityDate] < @Date", cnn);
                        cmd.Parameters.Add("@Date", System.Data.SqlDbType.DateTime);
                        cmd.Parameters["@Date"].Value = LastDate;
                        try
                        {
                            cnn.Open();
                            cmd.ExecuteNonQuery();
                        }
                        catch (Exception loginE)
                        {
                            Response.Write(loginE.Message);
                        }
                        finally
                        {
                            cnn.Close();
                        }
                        
                        string MyCookieName = "Reminder";
                        HttpCookie MyCookie = Request.Cookies.Get(MyCookieName);
                        string UserId;
                        if (MyCookie == null)
                        {
                            UserId = System.Guid.NewGuid().ToString().Replace("-", "");
                            MyCookie = new HttpCookie(MyCookieName, UserId);
                            MyCookie.Expires = DateTime.Now.AddDays(1);
                            Response.Cookies.Add(MyCookie);
                        }
                        else
                        {
                            UserId = MyCookie.Value;
                        }
                        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                        1, UserId, DateTime.Now, DateTime.Now.AddSeconds(30),
                        false, "roles");
                        string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                        authCookie = new HttpCookie(
                        FormsAuthentication.FormsCookieName, encryptedTicket);
                        Response.Cookies.Add(authCookie);
                        Response.Redirect(Request.Url.ToString());
                    }

                }
}

-- modified at 6:21 Friday 17th August, 2007

Re: C# Code

Matt Langley

8:53 16 May '08

I also ported the code to C# before seeing this, and I'm glad to say it came out the same as your port!

However, during testing I have found that the Forms Authentication cookie seems to have to be recreated even on a postback. I don't know if this is because I have a setting wrong somewhere in IIS or whether the authentication cookie is just not persisting (maybe the expires property needs setting).

In anycase, commenting out the '

If (!Page.IsPostBack)

' construct out seems to work very well.

btw, in my case I wanted all users to share the same layout (I'll control which users can access edit and catalog modes using my own login process). If anyone else needs this then you can dispense with the Reminder cookie and GUID based UserID and simply use a constant name like 'common'.

Very handy technique: Hidden authentication. Thanks very much for sharing.

Couple of ?'s

robertfah

9:21 7 Nov '06

I can get your code to work, but am I supposed to see the username in the aspnetdb tables? Also, when I log in and try to switch to design mode of the web parts, it gives me the following error: The specified display mode is currently disabled on this page. Make sure personalization is enabled for the current user. Parameter name: value Any ideas?
Sign In·View Thread·PermaLink

Re: Couple of ?'s

Daron Yöndem

0:14 10 Dec '06

Solving the error you are getting is the main purpose of this article. There should be something wrong about your project. Actually this article is written to solve your problem and it does when I try
Sign In·View Thread·PermaLink

Can I apply this code [modified]

Jamil Akhtar

6:43 9 Aug '06

Can I apply this code in our project. This code are not working properly. I have tried more times but this code is giving error. Jamil Akhtar
Sign In·View Thread·PermaLink	1.20/5 (2 votes)

Re: Can I apply this code

Daron Yöndem

23:09 15 Oct '06

Could you maybe better describe the error you got?
Sign In·View Thread·PermaLink

everyone can modify web page

huqiwei

5:50 20 Jul '06

if do that as your way ,everyone can modify web page , sorry my english is poor
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Re: everyone can modify web page

Daron Yöndem

23:07 15 Oct '06

Actually, that is the main purpose of this article. Daron Yöndem
Sign In·View Thread·PermaLink

How to use Web Parts with Forms Authentication?

Bret Williams

13:02 14 Jul '06

Hi there...excellent article!

Your sentence here is why I'm writing:

"ASP.NET 2.0 Web Parts framework works with the Membership framework as well as the Forms or Windows authentication modes."

Can you please explain to me how to use Web Parts without using the Membership framework? I don't want to use Membership but I do want to use Forms Authentication. I can't find any examples or Microsoft documentation that shows how to accomplish this. Thank you!

Bret Williams

2.85/5 (6 votes)

Re: How to use Web Parts with Forms Authentication?

Daron Yöndem

12:34 24 Sep '06

Check out the MSDN page below http://msdn2.microsoft.com/en-US/library/91ka2e6a.aspx
Sign In·View Thread·PermaLink	2.00/5 (2 votes)

Re: How to use Web Parts with Forms Authentication?

nareshpatel

9:28 15 Oct '06

thanks
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

Last Visit: Tuesday, December 2, 2008 11:42 AM Last Update:Tuesday, December 2, 2008 11:42 AM

General News Question Answer Joke Rant Admin