Monday, March 10, 2008

Export GridData to Excel


Export data from Datagrid to Excel

private void btnExportToExcel_Click(object sender,System.EventArgs e)
{
ExportToExcel("Report.xls",DataGrid1);
}
private void ExportToExcel(string strFileName,DataGrid dg)
{
Response.Clear();
Response.Buffer = true;Response.ContentType = "application/vnd.ms-excel";
Response.AddHeader("content-disposition","attachment;filename=" + strFileName);
Response.Charset = "";
this.EnableViewState = false;
System.IO.StringWriter sw = new StringWriter();
System.Web.UI.HtmlTextWriter htw = new HtmlTextWriter(sw);
dg.RenderControl(htw);
Response.Write(sw.ToString());
Response.End();
}

Happy Programming

protecting two different folders with forms authentication

The authorization? settings in web.config affect all files and subfoldersby default wiht the same settings. If you want to change the settings forta specific file or directory you can use the location element:
configuration
system.web

system.web
location path="SomeSubDir"
system.web
authorization
allow roles="Admin"
deny users="*"
authorization
system.web
location
configuration
use open and close angular brackets.


Happy Programming

Forms Authentication techniques in ASP.NET

ASP.NET Forms Authentication

Forms Authentication is a system in which unauthenticated requests are redirected to a Web form where users are required to provide their credentials. Upon submitting the form, and being properly verified by your application, an authorization ticket is issued by your Web application in the form of a cookie. This authorization cookie contains the user's credentials or a key for reacquiring the user's identity (e.g. therefore making the identity persistent). In essence, Forms Authentication is a means for wrapping your Web application around your own login user interface and verification processes.
Forms Authentication Flow

  • A client generates a request for a protected resource (e.g. a secured page from your site).


  • IIS (Internet Information Server) receives the request. If the requesting client is authenticated by IIS, the user/client is passed on to the ASP.NET application. Note that if Anonymous Access is enabled, the client will be passed onto the ASP.NET application by default. Otherwise, Windows will prompt the user for credentials to access the server's resources. Also note that because the authentication mode in the ASP.NET application is set to Forms, IIS authentication cannot be used.


  • If the client doesn't contain a valid authentication ticket/cookie, ASP.NET will redirect the user to the URL specified in the loginURL attribute of the Authentication tag in your web.config file. This URL should contain the login page for your application. At this URL, the user is prompted to enter their credentials to gain access to the secure resource.


  • The client must provide credentials, which are then authenticated/processed by your ASP.NET application. Your ASP.NET application also determines the authorization level of the request, and, if the client is authorized to access the secure resource, an authentication ticket is finally distributed to the client. If authentication fails, the client is usually returned an Access Denied message.


  • The client can then be redirected back to the originally-requested resource, which is now accessible, provided that the client has met the authentication and authorization prerequisites discussed above. Once the authorization ticket/cookie is set, all subsequent requests will be authenticated automatically until the client closes the browser or the session terminates. You can have the user's credentials persist over time by setting the authorization ticket/cookie expiration value to the date you desire to have the credentials persist through. After that date, the user will have to log in again.
    Setting Up Forms Authentication
    Let's take a look at the applicable settings to execute Forms Authentication. In general, setting up Forms Authentication involves just a few simple steps.
    1) Enable anonymous access in IIS. By default, anonymous users should be allowed to access your Web application. In rare cases, however, you may opt to layer an Integrated Windows OS security layer level with Forms authentication. We will discuss how to integrate this layer with anonymous access enabled in the article succeeding this one ("Part 2 (Integration w/ Active Directory)").
    2) Configure your Web application's web.config file to use Forms Authentication. Start by setting the authentication mode attribute to Forms, and denying access to anonymous users. The following example shows how this can be done in the web.config file for your Web application:
    Upon setting the authentication mode to Forms, you'll notice that we appended another child element. The Forms element has five attributes that implement your forms authentication configuration. The attributes and their descriptions are as follows :

    Attribute and Description
    name
    This is the name of the HTTP cookie from which we will store our authentication ticket and information, respectively.
    loginURL
    This is the URL from which your unauthenticated client will be redirected. In most scenarios, this would be your login page, where the client is required to provide their credentials for authentication.
    protection
    This is used to set the method from which to protect your cookie data. The following valid values can be supplied:
    1) All: Specifies to use both data validation and encryption to protect the cookie. Triple DES is used for encryption, if it is available and if the key is long enough (48 bytes). The All value is the default (and suggested) value.
    2) None: Used for sites that are only using cookies for personalization and have weaker requirements for security. Both encryption and validation can be disabled. This is the most efficient performance wise, but must be used with caution.
    3) Encryption: Specifies that the cookie is encrypted using Triple DES or DES, but data validation is not done on the cookie. It's important to note that this type of cookie is subject to chosen plaintext attacks.
    4) Validation: Specifies to avoid encrypting the contents of the cookie, but validate that the cookie data has not been altered in transit. To create the cookie, the validation key is concatenated in a buffer with the cookie data and a MAC is computed/appended to the outgoing cookie.
    timeout
    This is the amount of time (in integer minutes) that the cookie has until it expires. The default value for this attribute is 30 (thus expiring the cookie in 30 minutes).The value specified is a sliding value, meaning that the cookie will expire n minutes from the time the last request was received.
    path
    This is the path to use for the issued cookie. The default value is set to "/" to avoid issues with mismatched case in paths. This is because browsers are case-sensitive when returning cookies.
  • In our web.config file, it's also important to note the value we have for the deny child element of the authorization section (as highlighted below). Essentially, we set that value of the users attribute to "?" to deny all anonymous users, thus redirecting unauthenticated clients to the loginURL.

    Happy Programming

    Friday, February 29, 2008

    regasm.exe, regsvr32.exe,tlbimp.exe and tlbexp.exe

    difference among regasm.exe, regsvr32.exe,tlbimp.exe and tlbexp.exe

    The difference between regasm and regsvr32:
    regasm.exe is used for registering an assembly so that a com client can access its classes and uses them like a com class.
    regasm.exe is used to create COM Callable Wrapper (CCW) around .NET assemblies. .NET managed assemblies(EXEs, DLLs) are different from COM DLLs (which are unmanaged, ie. they interact with the OS directly). So to register an unmanaged DLL we use regsvr32.exe.
    But if wehave a managed .NET assembly and we want to use it with COM components to use it as if it were a COM assembly, then we need to use regasm.exe.
    Regasm.exe creates a type library as well as registers it whereas tlbexp.exe only creates a CCW but does not register it.
    Tlbimp.exe:
    Tlbimp.exe (Type Library Importer) is used to create a Runtime Callable Wrapper around a COM component so that the unmanaged COM library can be used in .NET.

    When do we use Tlbimp and not regasm or regsvr32?

    Tlbexp.exe generates a type library that contains definitions of the types defined in the assembly. Applications such as Visual Basic 6.0 can use the generated type library to bind to the .NET types defined in the assembly.
    The entire assembly is converted at once. You cannot use Tlbexp.exe to generate type information for a subset of the types defined in an assembly.
    You cannot use Tlbexp.exe to produce a type library from an assembly that was imported using the Type Library Importer (Tlbimp.exe). Instead, you should refer to the original type library that was imported with Tlbimp.exe. You can export a type library from an assembly that references assemblies that were imported using Tlbimp.exe.
    Tlbexp.exe generates a type library but does not register it. This is in contrast to the Assembly Registration tool (Regasm.exe), which both generates and registers a type library. To generate and register a type library with COM, use Regasm.exe.
    Type Library Importer
    Tlbimp.exe performs conversions on an entire type library at one time. You cannot use the tool to generate type information for a subset of the types defined within a single type library.

    Happy Programming.