ASP.NET - AJAX Security and Reporting

AJAX SecurityReporting

Presented by Peter Gfader

Senior Software Architect

SSA @ SSW

Loves C# and .NET (Java not anymore)

Specializes in

Windows Forms ASP.NET TFS testing Automated tests Silverlight

Peter Gfader

On the task “Filter the ToDoList”

Add “Show all” to the drop down list

Homework?

On the task “Filter the ToDoList”

Add “Show all” to the drop down list

LinqDataSource.Where = ””;

LinqDataSource.WhereParameters.Clear();

ListView.Databind();

Homework?

Course Website

http://sharepoint.ssw.com.au/Training/UTSNET/

Course Timetable

Course Materials

Admin Stuff

Attendance

You initial sheet

Hands On Lab

You get me to initial sheet

Certificate

At end of 10 sessions If I say if you have completed successfully

User Experience / Usability

AJAX

AdditionallyStyling the GridView

http://www.cyberslingers.com/Sandbox/GridView.aspx

Last Week

Session 9: AJAX Security and Reporting Services

Agenda

AJAX History Manager

Solves • Back button• Send links

Reporting

History of reporting Architecture Report Life Cycle Capabilities

Agenda

Agenda

ASP.NET Security Authentication

– Principal– Identity

• Authorization– Role Based Security

New security features in ASP.NET 2.0 Authentication Providers Built in ASP.NET Controls

AJAX History

1. Back button

2. Send link of your current view

http://maps.google.com/ ??

Pain!

1. Enable history in ScriptManager

<asp:ScriptManager ID="ScriptManager1" runat="server" EnableHistory="true" />

Every time this is a relevant history point

Maybe on each AJAX request?

2. Add a history points

ScriptManager1.AddHistoryPoint( "CurrentImage", Image1.ImageUrl);

Restore in that your state

3. Wire up Navigate event

<asp:ScriptManager ID="ScriptManager1" runat="server" EnableHistory="true" onnavigate="ScriptManager1_Navigate" />

protected void ScriptManager1_Navigate(object sender, HistoryEventArgs e){ Image1.ImageUrl = e.State["CurrentImage“];}

Browser dependent

Internet Explorer • iframe• can cause an additional request to the server

Implementation – behind the scenes?

URL holds state of AJAX request

Send links http://localhost:28496/WebSite/PictureViewer.aspx#&&/wEXAQUOQ3VycmVudFBpY3R1cm

UFFn4vaW1hZ2VzLzAxMTJfMDAxNS5qcGe5ZmthLzJ56OTk3xtCWl64oqFRl/SPknA7Y8Vkox5OvA

URLs are added to the history of browser

Back button

Recap

Reporting

SQL Server Reporting Services SSRS

Initially released as add-on for SQL Server 2000 in 2004

Part of SQL 2005 / SQL 2008

Web-based reporting solution

Who has done a report?

History of Reporting 1991-3 – .XLS and .DOC

1992 – Access 1.0

1994 – VB 3 with Crystal Built-In

1995-99 VB 4, 5, 6 (VB Report Designer) A lot continuing with Crystal

1998 – Web .ASP .DOC, .XLS, .PDF

2001 – Visual Studio .NET with Crystal Reports

2004 – Reporting Services as add-on for SQL Server 2000

2005 – Reporting Services with SQL Server 2005

2008 – Reporting Services with SQL Server 2008

2009 – ReportBuilder v3 released

SQL Server 2005 BI

Data acquisition from source systems and integrationData transformation and synthesis

Data enrichment with business logic and hierarchical viewsData discovery through data mining

Data presentation and distributionData access for the masses

Integrate Analyze Report

SQL Server BI Platform

Analysis ServicesOLAP & Data Mining

Reporting Services

Mana

gem

ent To

olsDev

elop

me

nt T

ools

Integration ServicesETL

SQL Server Relational Engine

Delivery Targets(E-mail, SharePoint,Custom)

Output Formats (HTML, Excel, PDF, Custom)

Data Sources(SQL, OLE DB, XML/A, ODBC, Oracle, Custom)

SQL Server

Report Server

XML Web Service Interface

Report Processing

Scheduling & DeliveryRendering

Data Processing Security

Security Services(NT, Passport, Custom)

Reporting Services Architecture

OfficeBrowser Custom Application

Reporting Services is an open and extensible platform supporting the authoring, management and delivery of rich, interactive reports to the entire enterprise.

Reporting Lifecycle

Authoring Management Delivery

Reports are defined in Report Definition Language (RDL), a documented XML schema

Use Microsoft or 3rd party tools that support RDL

Create single reports from multiple data sources(SQL, OLE DB, ODBC, Oracle, and .NET data providers)

Report Authoring

More info on the RDL spec: www.microsoft.com/sql/reporting

Data regions Tablix (SQL 2008) Table -> Tablix List (like Access) -> Tablix Matrix -> Tablix Chart

Subreports

Images

Report Authoring - Controls

Generalized layout report item

Grouped and Detail data

Tablix

Use a table to display detail data

Organize the data in row groups, or both.

The Table template contains three columns with a table header row and a details row for data.

Tablix - Table

Use a matrix to display aggregated data summaries

Grouped in rows and columns, similar to a PivotTable or crosstab.

The number of rows and columns for groups is determined by the number of unique values for each row and column groups

Tablix - Matrix

Use a list to create a free-form layout. You are not limited to a grid layout, but can place fields freely inside the list.

You can use a list to design a form for displaying many dataset fields or as a container to display multiple data regions side by side for grouped data.

Tablix - List

Charts

Charts

Charts

Gauge

Report definitions, folders, and resources are published and managed in a reporting web service

Managed reports can be executed either on-demand or via schedule and can be cached for consistency and performance

Scalable & Extensible server architecture

Report Management

Traditional (paper) and interactive (web) reports

On-demand (“pull”) or event-based (“push”) delivery

Choose from multiple formats (HTML, Excel, PDF, XML)

Deliver reports to many devices (e-mail, file share, etc.)

Ad-hoc Reporting

Report Delivery

Management events can be scheduled on the report server

Caching, Subscriptions, History

Schedules are stored in database and integrated with SQL Agent

When triggered, Agent adds entry to queue

Scheduled events are queued in database and polled by Windows service

Scheduling

What did we see?

Table Control

List Control

Chart Control

Matrix Control

Subreports

What didn't we see?

ASP.NET Chart Control

http://weblogs.asp.net/scottgu/archive/2008/11/24/new-asp-net-charting-control-lt-asp-chart-runat-quot-server-quot-gt.aspx

Dundas Chart (SSRS)

http://www.dundas.com/Products/Chart/RS/Features/NewFeatures.aspx

ASPOSE

http://www.aspose.com/categories/ssrs-rendering-extensions/default.aspx

History of reporting

Architecture

Report Life Cycle

Capabilities

Hands on lab

Summary

Security

Authentication (Who are you?) the process of accepting credentials from a user

and validating those credentials against a designated authority

Authorization (Do you have permission to be here?)

the process of determining whether the proven identity is allowed to access a specific resource.

Glossary

IPrincipal Represents a user GenericPrincipal WindowsPrincipal Every thread has a principal (Thread.CurrentPrincipal)

IIdentity Represents information about the user GenericIdentity WindowsIdentity

Glossary

Windows

Authentication capabilities of IIS Active Directory, Kerberos, NTLM

Forms (most common)

HTML form logon credentials ASP.NET issues a cookie that contains the

credentials or a key

Authentication in ASP.NET

You can configure the type of authentication to use in the web.config file

<configuration>    

<system.web>

<authentication mode=“[Forms|Windows|Passport|

None]" />

    </system.web>

</configuration>

Web.config

Users

SqlMembershipProvider ActiveDirectoryMembershipProvider

Roles

SqlRoleProvider WindowsTokenRoleProvider

Stores

Login

LoginName

LoginStatus

NewUserWizard

Security Controls

User Profile

ASP.NET has built in support for profiles.

It can be configured via Web.Config

<system.web><profiles>

<properties><add name=“MyProperty” type=“string” />

</properties></profiles>

</system.web>

It is read by .NET and a strongly typed class is created

You can access it by going Profile.MyProperty

Summary

History management in ASP.NET

Reporting

Security

Summary

AJAX History in action http://www.asp.net/learn/3.5-SP1/video-242.aspx

Resources

MSDN – Download

Whitepaper www.ssw.com.au/ssw/standards/DeveloperSQLReportingSer

vices

.Net User Groups

Monthly Meetings www.ssw.com.au/NetUG

Resources

Book

www.mannpublishing.com/

The Rational Guide To: SQL Server Reporting Services by Anthony Mann

Resources

Free Web Application Toolkits http://www.microsoft.com/web/downloads/webapptoolkits

UX design patterns http://quince.infragistics.com/

Resources

3 things…

PeterGfader@ssw.com.a

u

http://

peitor.blogspot.com

twitter.com/peitor

Thank You!

Gateway Court Suite 10 81 - 91 Military Road Neutral Bay, Sydney NSW 2089 AUSTRALIA

ABN: 21 069 371 900

Phone: + 61 2 9953 3000 Fax: + 61 2 9953 3105

info@ssw.com.auwww.ssw.com.au