[转]ASP.NET 2.0新特性在PetShop4中的应用2

6.4.2    Membership特性

PetShop 4.0并没有利用Membership的高级功能,而是直接让Membership特性和ASP.NET 2.0新增的登录控件进行绑定。由于.NET Framework 2.0已经定义了针对SQL Server的SqlMembershipProvider,因此对于PetShop 4.0而言,实现Membership比之实现Profile要简单,仅仅需要为Oracle数据库定义MembershipProvider即可。在 PetShop.Membership模块中,定义了OracleMembershipProvider类,它继承自 System.Web.Security.MembershipProvider抽象类。

OracleMembershipProvider类的实现具有极高的参考价值,如果我们需要定义自己的MembershipProvider类,可以参考该类的实现。
事实上OracleMemberShip类的实现并不复杂,在该类中,主要是针对用户及用户安全而实现相关的行为。由于在父类 MembershipProvider中,已经定义了相关操作的虚方法,因此我们需要作的是重写这些虚方法。由于与Membership有关的信息都是存储在数据库中,因而OracleMembershipProvider与SqlMembershipProvider类的主要区别还是在于对数据库的访问。对于SQL Server而言,我们利用aspnet_regsql工具为Membership建立了相关的数据表以及存储过程。也许是因为知识产权的原因, Microsoft并没有为Oracle数据库提供类似的工具,因而需要我们自己去创建membership的数据表。此外,由于没有创建Oracle数据库的存储过程,因而OracleMembershipProvider类中的实现是直接调用SQL语句。以CreateUser()方法为例,剔除那些繁杂的参数判断与安全性判断,SqlMembershipProvider类的实现如下:

public override MembershipUser CreateUser( string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
        MembershipUser user1;
      
//前面的代码略;
      try
      
{
              SqlConnectionHolder holder1
= null;
            
try
            
{
                    holder1
= SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
                  
this.CheckSchemaVersion(holder1.Connection);
                    DateTime time1
= this.RoundToSeconds(DateTime.UtcNow);
                    SqlCommand command1
= new SqlCommand("dbo.aspnet_Membership_CreateUser", holder1.Connection);
                    command1.CommandTimeout
= this.CommandTimeout;
                    command1.CommandType
= CommandType.StoredProcedure;
                    command1.Parameters.Add(
this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
                    command1.Parameters.Add(
this.CreateInputParam("@UserName", SqlDbType.NVarChar, username));
                    command1.Parameters.Add(
this.CreateInputParam("@Password", SqlDbType.NVarChar, text2));
                    command1.Parameters.Add(
this.CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, text1));
                    command1.Parameters.Add(
this.CreateInputParam("@Email", SqlDbType.NVarChar, email));
                    command1.Parameters.Add(
this.CreateInputParam("@PasswordQuestion", SqlDbType.NVarChar, passwordQuestion));
                    command1.Parameters.Add(
this.CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, text3));
                    command1.Parameters.Add(
this.CreateInputParam("@IsApproved", SqlDbType.Bit, isApproved));
                    command1.Parameters.Add(
this.CreateInputParam("@UniqueEmail", SqlDbType.Int, this.RequiresUniqueEmail ? 1 : 0));
                    command1.Parameters.Add(
this.CreateInputParam("@PasswordFormat", SqlDbType.Int, (int) this.PasswordFormat));
                    command1.Parameters.Add(
this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, time1));
                    SqlParameter parameter1
= this.CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey);
                    parameter1.Direction
= ParameterDirection.InputOutput;
                    command1.Parameters.Add(parameter1);
                    parameter1
= new SqlParameter("@ReturnValue", SqlDbType.Int);
                    parameter1.Direction
= ParameterDirection.ReturnValue;
                    command1.Parameters.Add(parameter1);
                    command1.ExecuteNonQuery();
                  
int num3 = (parameter1.Value != null) ? ((int) parameter1.Value) : -1;
                  
if ((num3 < 0) || (num3 > 11))
                  
{
                          num3
= 11;
                    }

                    status
= (MembershipCreateStatus) num3;
                  
if (num3 != 0)
                  
{
                        
return null;
                    }

                    providerUserKey
= new Guid(command1.Parameters["@UserId"].Value.ToString());
                    time1
= time1.ToLocalTime();
                    user1
= new MembershipUser(this.Name, username, providerUserKey, email, passwordQuestion, null, isApproved, false, time1, time1, time1, time1, new DateTime(0x6da, 1, 1));
              }

            
finally
            
{
                  
if (holder1 != null)
                  
{
                          holder1.Close();
                          holder1
= null;
                    }

              }

        }

      
catch
      
{
            
throw;
        }

      
return user1;
}
 

代码中,aspnet_Membership_CreateUser为aspnet_regsql工具为membership创建的存储过程,它的功能就是创建一个用户。

OracleMembershipProvider类中对CreateUser()方法的定义如下:

public override MembershipUser CreateUser( string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object userId, out MembershipCreateStatus status) {
    
//前面的代码略;
//Create connection
OracleConnection connection = new OracleConnection(OracleHelper.ConnectionStringMembership);
connection.Open();
OracleTransaction transaction
= connection.BeginTransaction(IsolationLevel.ReadCommitted);
try {
    DateTime dt
= DateTime.Now;
  
bool isUserNew = true;

  
// Step 1: Check if the user exists in the Users table: create if not    
  int uid = GetUserID(transaction, applicationId, username, true, false, dt, out isUserNew);
  
if(uid == 0) { // User not created successfully!
     status = MembershipCreateStatus.ProviderError;
   
return null;
    }

  
// Step 2: Check if the user exists in the Membership table: Error if yes.
  if(IsUserInMembership(transaction, uid)) {
     status
= MembershipCreateStatus.DuplicateUserName;
   
return null;
    }

  
// Step 3: Check if Email is duplicate
  if(IsEmailInMembership(transaction, email, applicationId)) {
     status
= MembershipCreateStatus.DuplicateEmail;
   
return null;
    }

  
// Step 4: Create user in Membership table     
  int pFormat = (int)passwordFormat;
  
if(!InsertUser(transaction, uid, email, pass, pFormat, salt, "", "", isApproved, dt)) {
     status
= MembershipCreateStatus.ProviderError;
   
return null;
    }

  
// Step 5: Update activity date if user is not new
  if(!isUserNew) {
   
if(!UpdateLastActivityDate(transaction, uid, dt)) {
      status
= MembershipCreateStatus.ProviderError;
    
return null;
     }

    }

    status
= MembershipCreateStatus.Success;
  
return new MembershipUser(this.Name, username, uid, email, passwordQuestion, null, isApproved, false, dt, dt, dt, dt, DateTime.MinValue);
}

catch(Exception) {
  
if(status == MembershipCreateStatus.Success)
     status
= MembershipCreateStatus.ProviderError;
  
throw;
}

finally {
  
if(status == MembershipCreateStatus.Success)
     transaction.Commit();
  
else
     transaction.Rollback();
    connection.Close();
    connection.Dispose();
}

}

代码中,InsertUser()方法就是负责用户的创建,而在之前则需要判断创建的用户是否已经存在。InsertUser()方法的定义如下:

private static bool InsertUser(OracleTransaction transaction, int userId, string email, string password, int passFormat, string passSalt, string passQuestion, string passAnswer, bool isApproved, DateTime dt) {

string insert = "Insert INTO MEMBERSHIP (USERID, EMAIL, PASSWORD, PASSWORDFORMAT, PASSWORDSALT, PASSWORDQUESTION, PASSWORDANSWER, ISAPPROVED, CreateDDATE, LASTLOGINDATE, LASTPASSWORDCHANGEDDATE) VALUES (:UserID, :Email, :Pass, :PasswordFormat, :PasswordSalt, :PasswordQuestion, :PasswordAnswer, :IsApproved, :CDate, :LLDate, :LPCDate)";
OracleParameter[] insertParms
= { new OracleParameter(":UserID", OracleType.Number, 10), new OracleParameter(":Email", OracleType.VarChar, 128), new OracleParameter(":Pass", OracleType.VarChar, 128), new OracleParameter(":PasswordFormat", OracleType.Number, 10), new OracleParameter(":PasswordSalt", OracleType.VarChar, 128), new OracleParameter(":PasswordQuestion", OracleType.VarChar, 256), new OracleParameter(":PasswordAnswer", OracleType.VarChar, 128), new OracleParameter(":IsApproved", OracleType.VarChar, 1), new OracleParameter(":CDate", OracleType.DateTime), new OracleParameter(":LLDate", OracleType.DateTime), new OracleParameter(":LPCDate", OracleType.DateTime) };
insertParms[
0].Value = userId;
insertParms[
1].Value = email;
insertParms[
2].Value = password;
insertParms[
3].Value = passFormat;
insertParms[
4].Value = passSalt;
insertParms[
5].Value = passQuestion;
insertParms[
6].Value = passAnswer;
insertParms[
7].Value = OracleHelper.OraBit(isApproved);
insertParms[
8].Value = dt;
insertParms[
9].Value = dt;
insertParms[
10].Value = dt;

if(OracleHelper.ExecuteNonQuery(transaction, CommandType.Text, insert, insertParms) != 1)
  
return false;
else
  
return true;
}

在为Membership建立了Provider类后,还需要在配置文件中配置相关的配置节,例如SqlMembershipProvider的配置:

< membership defaultProvider ="SQLMembershipProvider" >
< providers >
  
< add name ="SQLMembershipProvider" type ="System.Web.Security.SqlMembershipProvider" connectionStringName ="SQLMembershipConnString" applicationName =".NET Pet Shop 4.0" enablePasswordRetrieval ="false" enablePasswordReset ="true" requiresQuestionAndAnswer ="false" requiresUniqueEmail ="false" passwordFormat ="Hashed" />
</ providers >
</ membership >

对于OracleMembershipProvider而言,配置大致相似:

< membership defaultProvider ="OracleMembershipProvider" >
< providers >
  
< clear />
  
< add name ="OracleMembershipProvider"
     type
="PetShop.Membership.OracleMembershipProvider"
     connectionStringName
="OraMembershipConnString"
     enablePasswordRetrieval
="false"
     enablePasswordReset
="false"
     requiresUniqueEmail
="false"
     requiresQuestionAndAnswer
="false"
     minRequiredPasswordLength
="7"
     minRequiredNonalphanumericCharacters
="1"
     applicationName
=".NET Pet Shop 4.0"
     hashAlgorithmType
="SHA1"
     passwordFormat
="Hashed" />
</ providers >
</ membership >

有关配置节属性的意义,可以参考MSDN等相关文档。

6.4.3    ASP.NET登录控件

这里所谓的登录控件并不是指一个控件,而是ASP.NET 2.0新提供的一组用于解决用户登录的控件。登录控件与Membership进行集成,快速简便地实现用户登录的处理。ASP.NET登录控件包括 Login控件、LoginView控件、LoginStatus控件、LoginName控件、PasswordRescovery控件、 CreateUserWizard控件以及ChangePassword控件。
PetShop 4.0犹如一本展示登录控件用法的完美教程。我们可以从诸如SignIn、NewUser等页面中,看到ASP.NET登录控件的使用方法。例如在 SignIn.aspx中,用到了Login控件。在该控件中,可以包含TextBox、Button等类型的控件,用法如下所示:

< asp:Login ID ="Login" runat ="server" CreateUserUrl ="~/NewUser.aspx" SkinID ="Login" FailureText ="Login failed. Please try again." >
</ asp:Login >

又例如NewUser.aspx中对CreateUserWizard控件的使用:

< asp:CreateUserWizard ID ="CreateUserWizard" runat ="server" CreateUserButtonText ="Sign Up" InvalidPasswordErrorMessage ="Please enter a more secure password." PasswordRegularExpressionErrorMessage ="Please enter a more secure password."
RequireEmail
="False" SkinID ="NewUser" >
< WizardSteps >
            
< asp:CreateUserWizardStep ID ="CreateUserWizardStep1" runat ="server" >
   
</ asp:CreateUserWizardStp >
</ WizardSteps >
</ asp:CreateUserWizard >

使用了登录控件后,我们毋需编写与用户登录相关的代码,登录控件已经为我们完成了相关的功能,这就大大地简化了这个系统的设计与实现。

6.4.4    Master Page特性

Master Page相当于是整个Web站点的统一模板,建立的Master Page文件扩展名为.master。它可以包含静态文本、html元素和服务器控件。Master Page由特殊的@Master指令识别,如:

< %@ Master Language ="C#" CodeFile ="MasterPage.master.cs" Inherits ="MasterPage" % >

使用Master Page可以为网站建立一个统一的样式,且能够利用它方便地创建一组控件和代码,然后将其应用于一组页。对于那些样式与功能相似的页而言,利用Master Page就可以集中处理为Master Page,一旦进行修改,就可以在一个位置上进行更新。

在PetShop 4.0中,建立了名为MasterPage.master的Master Page,它包含了header、LoginView控件、导航菜单以及用于呈现内容的html元素,如图6-3所示:

[转]ASP.NET 2.0新特性在PetShop4中的应用2_第1张图片

图6-3 PetShop 4.0的Master Page

@Master指令的定义如下:

< %@ Master Language ="C#" AutoEventWireup ="true" CodeFile ="MasterPage.master.cs" Inherits ="PetShop.Web.MasterPage" % >

Master Page同样利用codebehind技术,以PetShop 4.0的Master Page为例,codebehind的代码放在文件MasterPage.master.cs中:

public partial class MasterPage : System.Web.UI.MasterPage {

      private const string HEADER_PREFIX = ".NET Pet Shop :: {0}";

      protected void Page_PreRender(object sender, EventArgs e) {
          ltlHeader.Text = Page.Header.Title;
          Page.Header.Title = string.Format(HEADER_PREFIX, Page.Header.Title);          
      }
      protected void btnSearch_Click(object sender, EventArgs e) {
          WebUtility.SearchRedirect(txtSearch.Text);    
      }
}

注意Master Page页面不再继承自System.Web.UI.Page,而是继承System.Web.UI.MasterPage类。与Page类继承 TemplateControl类不同,它是UserControl类的子类。因此,可以应用在Master Page上的有效指令与UserControl的可用指令相同,例如AutoEventWireup、ClassName、CodeFile、 EnableViewState、WarningLevel等。

每一个与Master Page相关的内容页必须在@Page指令的MasterPageFile属性中引用相关的Master Page。例如PetShop 4.0中的CheckOut内容页,其@Page指令的定义如下:

< %@ Page Language ="C#" MasterPageFile ="~/MasterPage.master" AutoEventWireup ="true" CodeFile ="CheckOut.aspx.cs" Inherits ="PetShop.Web.CheckOut" Title ="Check Out" % >

Master Page可以进行嵌套,例如我们建立了父Master Page页面Parent.master,那么在子Master Page中,可以利用master属性指定其父MasterPage:
<%@ Master Language="C#" master="Parent.master"%>

而内容页则可以根据情况指向Parent.master或者Child.master页面。

虽然说Master Page大部分情况下是以声明方式创建,但我们也可以建立一个类继承System.Web.UI.MasterPage,从而完成对Master Page的编程式创建。但在采用这种方式的同时,应该同时创建.master文件。此外对Master Page的调用也可以利用编程的方式完成,例如动态地添加Master Page,我们重写内容页的Page_PreInit()方法,如下所示:

void Page_PreInit(Object sender, EventArgs e)
{
    
this.MasterPageFile = "~/NewMaster.master";
}

之所以重写Page_PreInit()方法,是因为Master Page会在内容页初始化阶段进行合并,也即是说是在PreInit阶段完成Master Page的分配。
ASP.NET 2.0引入的新特性,并不仅仅限于上述介绍的内容。例如Theme、Wizard控件等新特性在PetShop 4.0中也得到了大量的应用。虽然ASP.NET 2.0及时地推陈出新,对表示层的设计有所改善,然而作为ASP.NET 2.0的其中一部分,它们仅仅是对现有框架缺失的弥补与改进,属于“锦上添花”的范畴,对于整个表示层设计技术而言,起到的推动作用却非常有限。

直到AJAX(Asynchronous JavaScript and XML)的出现,整个局面才大为改观。虽然AJAX技术带有几分“旧瓶装新酒”的味道,然而它从诞生之初,就具备了王者气象,大有席卷天下之势。各种支持 AJAX技术的框架如雨后春笋般纷纷吐出新芽,支撑起百花齐放的繁荣,气势汹汹地营造出唯AJAX独尊的态势。如今,AJAX已经成为了Web应用的主流开发技术,许多业界大鳄都呲牙咧嘴开始了对这一块新领地的抢滩登陆。例如IBM、Oracle、Yahoo等公司都纷纷启动了开源的AJAX项目。微软也不甘落后,及时地推出了ASP.NET AJAX,这是一个基于ASP.NET的AJAX框架,它包括了ASP.NET AJAX服务端组件和ASP.NET AJAX客户端组件,并集成在Visual Studio中,为ASP.NET开发者提供了一个强大的AJAX应用环境。

我现在还无法预知AJAX技术在未来的走向,然而单单从表示层设计的角度而言,AJAX技术亦然带了一场全新的革命。我们或者可以期待未来的PetShop 5.0,可以在表示层设计上带来更多的惊喜。

你可能感兴趣的:([转]ASP.NET 2.0新特性在PetShop4中的应用2)