Truelove project insights (2) security, layout, and architecture

Introduction

There has been no time to write this series in the last two days.Article. Busy as a spider to capture something. Our www.365rss.cn is just getting started. I hope you can check it out and support it. Because the Truelove module was completed several days ago, many of the problems encountered at that time were forgotten (regret it didn't take notes at that time ). Here I will only talk about three things that I can recall now. Form-based security mechanism, webpage Layout Based on Div + CSS, and MVP-based architecture. Let's take a look at one of my parts:

Form-based security mechanism

As a matter of fact, there is no need to talk about the new security model of Asp.net 2.0. For details, refer to msdn and the following article: Asp. NET 2.0 membership, roles, Forms authentication, and security resources. What I want to talk about here is how the website configures and uses its own roles providers and membership providers when using the nbear framework, because if the database that comes with Asp.net isProgramDeployment is inconvenient. Second, he has high requirements and strict requirements on adding a user's password. To configure providers based on the nbear Database Link, you must first configure the nbear database link. Add the following content to the <configuration> node in the web. config file:Code:

nbear connection string

<Connectionstrings><AddName="Maindb" Connectionstring="Server =. \ sqlexpress; database = Truelove; uid = sa; Pwd = passwd" Providername="Nbear. Data. sqlserver9.sqldbprovider9"/></Connectionstrings>
 

In this way, the nbear data connection is configured, which is connected to the local sqlserver 2005 Express. Enter the following code under the <system. Web> node to configure roles providers and membership providers:

Configure roles providers and membership providers

 <! -- Membership -->  <  Membership   Userisonlinetimewindow = "15"   Defaultprovider = "Truelove_membershipprovider"  >     < Providers  >          <  Add   Name = "Truelove_membershipprovider"   Applicationname = "Truelove"   Connectionstringname = "Maindb"   Enablepasswordretrieval = "False"   Enablepasswordreset = "True"  Requiresquestionandanswer = "False"   Requiresuniqueemail = "True"   Passwordformat = "Hashed"   Maxinvalidpasswordattempts = "128"   Minrequiredpasswordlength = "1"   Minrequirednonalphanumericcharacters = "0"   Passwordattemptwindow ="16"   Passwordstrengthregularexpression = ".*"   Type = "System. Web. Security. sqlmembershipprovider, system. Web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a"  />     </  Providers  >
  </  Membership  >
  <! -- Rolemanager -->  < Rolemanager   Enabled = "True"   Cacherolesincookie = "True"   Cookiename = ". Truelove_roles"   Cookietimeout = "90"   Defaultprovider = "Truelove_roleprovider"   Createpersistentcookie = "True"  Maxcachedresults ="1000"  >      <  Providers  >          <  Add   Name = "Truelove_roleprovider"   Applicationname = "Nbear"   Connectionstringname = "Maindb"   Type ="System. Web. Security. sqlroleprovider, system. Web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a"  />  </  Providers  >  </  Rolemanager  >  <! -- Authentication -->  <  Authentication   Mode = "Forms"  >      <  Forms   Loginurl = "~ /Login. aspx"   Name = "Truelove_formsauth"   Protection = "All"   Timeout = "20160"  />  </  Authentication  > 

In fact, it is very easy to set the previous providers connectionstringname to the nbear data connection name. Another thing I want to talk about is because it is a form-based security mechanism. We 'd better plan the entire system and put all files with the same access permissions in the same directory before developing the entire system, this facilitates the use of web. config to Configure permissions. For example, put all our background management functions in the admin folder, create a web. config under the folder, and configure its content as follows:

Web. config configuration in the Admin directory

 <? XML version = "1.0" encoding = "UTF-8" ?>  <  Configuration   Xmlns =Http://schemas.microsoft.com/.NetConfiguration/v2.0"  >      <  System. Web  >          <  Authorization  >              <  Allow   Roles = "Admin"   />              <  Deny   Users ="? "   />          </  Authorization  >      </  System. Web  >  </  Configuration  > 

In this way, only users in the admin roles can access the table. Create a super folder under the Admin directory and only allow users with super permissions to access it. Some pages such as adding and Deleting Users are placed in the folder.

Webpage Layout Based on Div + CSS

In the past, the old mistakes made by ASP websites for a long time were solved by using Table TD and the like, which made the entire page messy and tied together with the business logic. I recently referred to nbear's startkit and some other websites and found that they all use Div + CSS for website layout and style. After slowly studying and understanding it, I realized how the website skin swap was implemented. Everything was done by changing the CSS file.

When I was developing Asp.net 2.0, I emphasized that everything was made into a control. Then I just needed to drag the control onto the page and assemble it into the desired page. During development, I encapsulated all the functions into controls and dragged OK as needed. I encapsulate hotel search in the header into controls, management menus into controls, and N multi-encapsulated controls. I put these controls on the DIV named after the function, so that the assembled page can also be controlled by CSS. During development, I listed a table, which is shown below and can be referred to below (the list is mainly used for viewing when writing CSS files in the future ):

MVP-based architecture

During development, I found that using a three-tier architecture for such small applications is a little too small and a waste of resources. However, I have always been "persistent" and simply make it more complicated. Upgrade the old three-tier architecture to an MVP-based architecture. For the upgrade process, see the Teddy article:

Http://www.cnblogs.com/teddyma/archive/2006/12/20/598546.html

I switched to the MVP architecture mainly because I put my own dataobject to the app_code directory of the web, and then bound the dataobject to an objectdatasource. I found that the system was coupled, in the beginning, IOC was a waste of work. After referring to Teddy's article, I decided to upgrade to the MVP architecture and use the previous IOC as the model. Later, I found that writing dataobject to the implementation of business logic does not make mistakes, such as IOC. In fact, later I realized that Teddy's MVP simply made the page no longer dependent on serviceinterface, but instead made it dependent on a viewinterface and ipresenterinterface, and then put the implementation in presenterimpls, using ipresenterinterface and presenterimpls as IOC configuration is clever.

Summary

This article is very confusing and I feel that there are not many useful things, but I have some experiences when I am working on a project. Let's take a further look at objectdatasource, which will be used in my project. Therefore, I would like to thank objectdatasource for its use and extension next time.