AJAX SecurityReporting
Presented by Peter Gfader
Senior Software Architect
SSA @ SSW
Loves C# and .NET (Java not anymore)
Specializes in
Windows Forms ASP.NET TFS testing Automated tests Silverlight
Peter Gfader
On the task “Filter the ToDoList”
Add “Show all” to the drop down list
Homework?
On the task “Filter the ToDoList”
Add “Show all” to the drop down list
LinqDataSource.Where = ””;
LinqDataSource.WhereParameters.Clear();
ListView.Databind();
Homework?
Course Website
http://sharepoint.ssw.com.au/Training/UTSNET/
Course Timetable
Course Materials
Admin Stuff
Attendance
You initial sheet
Hands On Lab
You get me to initial sheet
Certificate
At end of 10 sessions If I say if you have completed successfully
User Experience / Usability
AJAX
AdditionallyStyling the GridView
http://www.cyberslingers.com/Sandbox/GridView.aspx
Last Week
Session 9: AJAX Security and Reporting Services
Agenda
AJAX History Manager
Solves • Back button• Send links
Reporting
History of reporting Architecture Report Life Cycle Capabilities
Agenda
Agenda
ASP.NET Security Authentication
– Principal– Identity
• Authorization– Role Based Security
New security features in ASP.NET 2.0 Authentication Providers Built in ASP.NET Controls
AJAX History
1. Back button
2. Send link of your current view
http://maps.google.com/ ??
Pain!
1. Enable history in ScriptManager
<asp:ScriptManager ID="ScriptManager1" runat="server" EnableHistory="true" />
Every time this is a relevant history point
Maybe on each AJAX request?
2. Add a history points
ScriptManager1.AddHistoryPoint( "CurrentImage", Image1.ImageUrl);
Restore in that your state
3. Wire up Navigate event
<asp:ScriptManager ID="ScriptManager1" runat="server" EnableHistory="true" onnavigate="ScriptManager1_Navigate" />
protected void ScriptManager1_Navigate(object sender, HistoryEventArgs e){ Image1.ImageUrl = e.State["CurrentImage“];}
Browser dependent
Internet Explorer • iframe• can cause an additional request to the server
Implementation – behind the scenes?
URL holds state of AJAX request
Send links http://localhost:28496/WebSite/PictureViewer.aspx#&&/wEXAQUOQ3VycmVudFBpY3R1cm
UFFn4vaW1hZ2VzLzAxMTJfMDAxNS5qcGe5ZmthLzJ56OTk3xtCWl64oqFRl/SPknA7Y8Vkox5OvA
URLs are added to the history of browser
Back button
Recap
Reporting
SQL Server Reporting Services SSRS
Initially released as add-on for SQL Server 2000 in 2004
Part of SQL 2005 / SQL 2008
Web-based reporting solution
Who has done a report?
History of Reporting 1991-3 – .XLS and .DOC
1992 – Access 1.0
1994 – VB 3 with Crystal Built-In
1995-99 VB 4, 5, 6 (VB Report Designer) A lot continuing with Crystal
1998 – Web .ASP .DOC, .XLS, .PDF
2001 – Visual Studio .NET with Crystal Reports
2004 – Reporting Services as add-on for SQL Server 2000
2005 – Reporting Services with SQL Server 2005
2008 – Reporting Services with SQL Server 2008
2009 – ReportBuilder v3 released
SQL Server 2005 BI
Data acquisition from source systems and integrationData transformation and synthesis
Data enrichment with business logic and hierarchical viewsData discovery through data mining
Data presentation and distributionData access for the masses
Integrate Analyze Report
SQL Server BI Platform
Analysis ServicesOLAP & Data Mining
Reporting Services
Mana
gem
ent To
olsDev
elop
me
nt T
ools
Integration ServicesETL
SQL Server Relational Engine
Delivery Targets(E-mail, SharePoint,Custom)
Output Formats (HTML, Excel, PDF, Custom)
Data Sources(SQL, OLE DB, XML/A, ODBC, Oracle, Custom)
SQL Server
Report Server
XML Web Service Interface
Report Processing
Scheduling & DeliveryRendering
Data Processing Security
Security Services(NT, Passport, Custom)
Reporting Services Architecture
OfficeBrowser Custom Application
Reporting Services is an open and extensible platform supporting the authoring, management and delivery of rich, interactive reports to the entire enterprise.
Reporting Lifecycle
Authoring Management Delivery
Reports are defined in Report Definition Language (RDL), a documented XML schema
Use Microsoft or 3rd party tools that support RDL
Create single reports from multiple data sources(SQL, OLE DB, ODBC, Oracle, and .NET data providers)
Report Authoring
More info on the RDL spec: www.microsoft.com/sql/reporting
Data regions Tablix (SQL 2008) Table -> Tablix List (like Access) -> Tablix Matrix -> Tablix Chart
Subreports
Images
Report Authoring - Controls
Generalized layout report item
Grouped and Detail data
Tablix
Use a table to display detail data
Organize the data in row groups, or both.
The Table template contains three columns with a table header row and a details row for data.
Tablix - Table
Use a matrix to display aggregated data summaries
Grouped in rows and columns, similar to a PivotTable or crosstab.
The number of rows and columns for groups is determined by the number of unique values for each row and column groups
Tablix - Matrix
Use a list to create a free-form layout. You are not limited to a grid layout, but can place fields freely inside the list.
You can use a list to design a form for displaying many dataset fields or as a container to display multiple data regions side by side for grouped data.
Tablix - List
Charts
Charts
Charts
Gauge
Report definitions, folders, and resources are published and managed in a reporting web service
Managed reports can be executed either on-demand or via schedule and can be cached for consistency and performance
Scalable & Extensible server architecture
Report Management
Traditional (paper) and interactive (web) reports
On-demand (“pull”) or event-based (“push”) delivery
Choose from multiple formats (HTML, Excel, PDF, XML)
Deliver reports to many devices (e-mail, file share, etc.)
Ad-hoc Reporting
Report Delivery
Management events can be scheduled on the report server
Caching, Subscriptions, History
Schedules are stored in database and integrated with SQL Agent
When triggered, Agent adds entry to queue
Scheduled events are queued in database and polled by Windows service
Scheduling
What did we see?
Table Control
List Control
Chart Control
Matrix Control
Subreports
What didn't we see?
ASP.NET Chart Control
http://weblogs.asp.net/scottgu/archive/2008/11/24/new-asp-net-charting-control-lt-asp-chart-runat-quot-server-quot-gt.aspx
Dundas Chart (SSRS)
http://www.dundas.com/Products/Chart/RS/Features/NewFeatures.aspx
ASPOSE
http://www.aspose.com/categories/ssrs-rendering-extensions/default.aspx
History of reporting
Architecture
Report Life Cycle
Capabilities
Hands on lab
Summary
Security
Authentication (Who are you?) the process of accepting credentials from a user
and validating those credentials against a designated authority
Authorization (Do you have permission to be here?)
the process of determining whether the proven identity is allowed to access a specific resource.
Glossary
IPrincipal Represents a user GenericPrincipal WindowsPrincipal Every thread has a principal (Thread.CurrentPrincipal)
IIdentity Represents information about the user GenericIdentity WindowsIdentity
Glossary
Windows
Authentication capabilities of IIS Active Directory, Kerberos, NTLM
Forms (most common)
HTML form logon credentials ASP.NET issues a cookie that contains the
credentials or a key
Authentication in ASP.NET
You can configure the type of authentication to use in the web.config file
<configuration>
<system.web>
<authentication mode=“[Forms|Windows|Passport|
None]" />
</system.web>
</configuration>
Web.config
Users
SqlMembershipProvider ActiveDirectoryMembershipProvider
Roles
SqlRoleProvider WindowsTokenRoleProvider
Stores
Login
LoginName
LoginStatus
NewUserWizard
Security Controls
User Profile
ASP.NET has built in support for profiles.
It can be configured via Web.Config
<system.web><profiles>
<properties><add name=“MyProperty” type=“string” />
</properties></profiles>
</system.web>
It is read by .NET and a strongly typed class is created
You can access it by going Profile.MyProperty
Summary
History management in ASP.NET
Reporting
Security
Summary
AJAX History in action http://www.asp.net/learn/3.5-SP1/video-242.aspx
Resources
MSDN – Download
Whitepaper www.ssw.com.au/ssw/standards/DeveloperSQLReportingSer
vices
.Net User Groups
Monthly Meetings www.ssw.com.au/NetUG
Resources
Book
www.mannpublishing.com/
The Rational Guide To: SQL Server Reporting Services by Anthony Mann
Resources
Free Web Application Toolkits http://www.microsoft.com/web/downloads/webapptoolkits
UX design patterns http://quince.infragistics.com/
Resources
Thank You!
Gateway Court Suite 10 81 - 91 Military Road Neutral Bay, Sydney NSW 2089 AUSTRALIA
ABN: 21 069 371 900
Phone: + 61 2 9953 3000 Fax: + 61 2 9953 3105