We do admin panel. There is a master page and content pages.

For logged in users, the admin panel should appear on top, the contents of which should change depending on which page is open . How to implement it?

Good people say to make a nested table in the top line of the masterpage and make it hidden for unauthorized ones. I'm not sure about something ... :)

How will the data from the open content page be transferred to the masterpage? (after all, it is necessary for the realization of the declared capabilities) Is it dangerous to just hide it for unauthorized users?

(VS 2010, .NET 4)

  • I ask examples of the use of components Login and LoginView. I found only a step-by-step tutorial on MSDN that didn’t give me anything new - how to check password / login, where to store them, how to memorize a user ... I don’t know ... until I entered the USER table in the database, there are two fields - USERLOGIN and USERPASS - so it is possible? - newby_khv
  • Regarding controls: these controls work on the basis of the membership of the provider (the default implementation wants the best, especially the profile). Everything is configured with virtually no coding, the database must be generated, and not create your own with users (there already is). Controls check passwords and so on automatically. If you want your tables in the database, you need to redefine the respective providers. I will not give examples - in the internet their darkness. Google by membership. - wind
  • On the off site, by the way, too, there are heaps of materials, as in many books on HSA. And what is your CMS? - wind
  • No CMS. I make my first site. Now I am authorizing to access the administrative panel for content management (how difficult it is :)) - consider the CMS and do :) Thanks for your reply. I, nevertheless, I think, to do with the use of TextBox and Button and tables in my database ... what do you think, is this option acceptable in terms of security? :) I posted the code here hashcode.ru/questions/175834 - newby_khv
  • Well, in general, of course, we accept, but honestly speaking poorly, there are no roles and profiles. How to determine whether the user is online, how to add a user role? How to register? Again, you will do it with your hands, despite the fact that such functionality can be simply taken and used. Great in general create. The most adequate option is to override the default providers and customize them. I hope to work with the database occurs on the means of ORM? And more - why create your own CMS when there are already written? Will yours have benefits? It’s easier, again, to have one and, on the basis of it, quickly make projects. - wind

2 answers 2

In theory, if something is hidden in Web Forms , it does not reach the client at all. The invisible element is simply not rendered.

  • Thank. Would you personally use the table for this purpose? And how to transfer from the authorization page information about whether a user has logged in or not to a master page? (Maybe ask a separate question about this?) Good people say, you need to use interstitial data transfer ... I'm not sure about something ... :) It seems that for this they usually use cookies - write authorization data there and from masterpages check them out when loading the page. Only here, what to write down there, so that it is safe ... - newby_khv

In the list of simple options, you can also find the use of the LoginView component, which can be easily configured depending on the role of the incoming user.

  • Thank. I understand this component specifically for such purposes and created? Look for information about him ... or maybe you will give a more or less general example? - newby_khv
  • While smoking, I realized that I got excited, calling your approach acceptable. Read about authentication in any sensible book on ASP. There is no, for example MacDonald, Shpushta and KO - wind