Comments by Alberto Biasiutti

Alberto Biasiutti 5-Apr-12 3:03am View

I think that creating the correct SQL expression can get more complex in my case, because an example query can ideally go from

-search products that starts with B

to

-search products created after 1/1/2011 where category is (1, 2 or 3), and where the producer belongs to producerCategory (A B or C)

This is just a random example not really relating to my application, but I think (hope) it gives an idea. Since the filters can ideally be omitted by user input, I think that "manually" building the correct query string can become actually insidious.
Since it seems that with my solution E.F. is smart enough to execute the query only at the end, it seems like the right solution for me.
About expression trees, I read some documentation and examples and it actually seems to be rather more complex than your solution ;) thank you again

Alberto Biasiutti 4-Apr-12 3:25am View

Wow, thank you very much for the very long answer! It seems like I could use Entity SQL to do what I want, but I think it would be quite tricky to write the correct expression based on user input.. perhaps Expression Trees is a solution more suitable to my situation. Anyway, I'll accept the solution.

Alberto Biasiutti 4-Dec-11 15:54pm View

Thank you GK... the typo's were not the problem (I wrote the question VEEERY quickly because I was in hurry).. thank you any way, I'll post the solution my boss foundout.

Alberto Biasiutti 1-Dec-11 3:49am View

Thank you again for answering.
I think that I'll take a quite different approach, but anyway I would like to clarify a thing (to better undertand how it works):
IF I'm not wrong, You said that the "crucial" part of "stealing" someone's identity is to access the httpContext and steal the user name. But, from what I understand, the session IS part of the httpContext (in fact, I access it via HttpContext.Current.Session["VariableName"])
Doesn't this technically put it at the same level of security (or vulnerability) of stealing the username?

Alberto Biasiutti 30-Nov-11 3:29am View

By using the singleton pattern approach, can I mantain the values across subsequent requests? This is why I thought to use session: I can access it from wherever I want (through the static classes) and it will stay there for all the time I need, even for subsequent requests.

Alberto Biasiutti 30-Nov-11 2:46am View

Thank you very much.. but isn't it as easy to steal the authorization cookie created by asp.net FormAuthentication?

Alberto Biasiutti 30-Nov-11 2:44am View

Well, I'm stuck between security and performance.. the doubt is: is effectively faster to have the information in session than picking data at each request from the db? If yes, how dangerous is it? I'm already performing base asp.net Form authentication and my users already have roles.. I'll extend the question so that the whole situation is more clear.

Alberto Biasiutti 29-Nov-11 13:17pm View

Thank you for pointing the problem with spawned threads.. teorically it won't be a problem in my case, but I'll evaluate it before proceeding this way.

Thank you again!

Alberto

Alberto Biasiutti 29-Nov-11 13:12pm View

Thank you for pointing out the Singleton pattern, I'll give a look to it.

Alberto

Alberto Biasiutti 16-Sep-11 9:34am View

Maybe the question wasn't clear.. The fact is that I don't do anithing to that poor multiview during post..
without wrapping the panel, even during postBacks, the current view remains selected; If I wrap the panel, it doesn't..

I'll update the question with the solution I adopted for now

Comments by Alberto Biasiutti (Top 10 by date)