customer modify .aspx file in a form

leila

I am developing an ASP.Net application for a client and they need to
modify the page layout from within a form. like the way you edit a
blog template in Blogger. what is the best approach to do that in
ASP.net? is there a better (and more secure) way than setting
permissions so they can edit the .ASPX files in a form? is there any
way to use variables in that template instead of <asp:label ...> like
the blogger templates?

Nov 18 '05 #1

Subscribe Reply

2134

Brad Quinn

Do not allow your customer to edit the .aspx files
This is a huge security hole, because your customer can add arbitrary code a la <%# /* arbitrary code goes here */ %>

If they need to modify the layout, try to generate html in such a way that this can be done using CSS.

Nov 18 '05 #2

Brad Quinn

I don't know anything about blogger, but failing the CSS solution you could try something like this
(I appologize for the code quality, I just whipped this up as a proof of concept

<%@ Page language="c#" Codebehind="Web Form1.aspx.cs" AutoEventWireup ="false" Inherits="templ ate.WebForm1" %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" ><HTML><HEAD><t itle>WebForm1</title><meta content="Micros oft Visual Studio .NET 7.1" name="GENERATOR "><meta content="C#" name="CODE_LANG UAGE"><meta content="JavaSc ript" name="vs_defaul tClientScript"> <meta content="http://schemas.microso ft.com/intellisense/ie5" name="vs_target Schema"></HEAD><body><for m id="Form1" method="post" runat="server"> <asp:panel id="panelTempla te" runat="server"
First Name: <asp:TextBox id="FirstName" runat="server"> </asp:TextBox><BR
Last Name: <asp:TextBox id="LastName" runat="server"> </asp:TextBox><BR ><asp:Button id="Update" runat="server" Text="Update"></asp:Button><BR> <asp:Label id="FullName" runat="server"> </asp:Label></asp:panel><asp: placeholder id="placeHolder " runat="server"> </asp:placeholder ></form></body></HTML

public class WebForm1 : System.Web.UI.P ag

protected System.Web.UI.W ebControls.Pane l panelTemplate
protected System.Web.UI.W ebControls.Text Box FirstName
protected System.Web.UI.W ebControls.Text Box LastName
protected System.Web.UI.W ebControls.Butt on Update
protected System.Web.UI.W ebControls.Labe l FullName
protected System.Web.UI.W ebControls.Plac eHolder placeHolder

private void Page_Load(objec t sender, System.EventArg s e)
string templateString
@"<TABLE><TR><T D>Last Name:</TD><TD>{LastNam e}</TD></TR><TR><TD>Firs t Name:</TD><TD>{FirstNa me}</TD></TR><TR><TD></TD><TD>{Update} </TD></TR><TR><TD colspan=""2"">{ FullName}</TD></TR></TABLE>"

Template.Apply( placeHolder, panelTemplate, templateString )
#region Web Form Designer generated cod
override protected void OnInit(EventArg s e)
InitializeCompo nent()
base.OnInit(e)
private void InitializeCompo nent() {
this.Update.Cli ck += new System.EventHan dler(this.Updat e_Click)
this.Load += new System.EventHan dler(this.Page_ Load)

#endregio

private void Update_Click(ob ject sender, System.EventArg s e

FullName.Text = string.Format( "{0} {1}", FirstName.Text, LastName.Text )

public class Template
public static void Apply( PlaceHolder ph, Control pt, string template )
SortedList sl = new SortedList()
// Get the order that the controls appear in the templat
string unquoted = Unquote( template );
GetControlOrder ( pt.Controls, unquoted, sl )
int pos = 0
string t
LiteralControl lc
for ( int i = 0; i < sl.Count; i++ )
int index = (int)sl.GetKey( i)
Control c = (Control)sl.Get ByIndex(i)
t = unquoted.Substr ing( pos, index - pos )
pos = index + c.ID.Length + 2
lc = new LiteralControl( Quote( t ) )
ph.Controls.Add ( lc )
ph.Controls.Add ( c )

t = unquoted.Substr ing( pos )
lc = new LiteralControl( Quote( t ) )
ph.Controls.Add ( lc )
pt.Visible = false
private static void GetControlOrder ( ControlCollecti on cc, string template, SortedList sl )
foreach ( Control c in cc )
int i = template.IndexO f( string.Format( "{{{0}}}", c.ID ) )
if ( i != -1 )
sl[i] = c

GetControlOrder ( c.Controls, template, sl )

private static string Unquote( string t )
return t.Replace( "{{", "{{\t" ).Replace( "}}", "\t}}" )
private static string Quote( string t )
return t.Replace( "{{\t", "{{" ).Replace( "\t}}", "}}" )

Nov 18 '05 #3

Similar topics

1733

modify web forms on a different server.CANT see the DESIGN VIEW!

by: pmud | last post by:

Hi I have a website (ASP.NET project using C# ) which is already put up on the server. I need to make some modification to some web pages.So the project files were copied to the a different server where I could modify tha pages. But when I open the .aspx pages with Visual studio.net, then I just see the HTML code & no design view of the page. How should I edit the page when in Visual Studio I cant see the design view. Just in case...

.NET Framework

2992

Open form as Data Entry with Customer Info

by: sara | last post by:

I am learning with a simple application/form. I am ok - enter customer name, list box of customers, select a customer, see the items for that customer. The items form has customer ID and Name in the header; details on continuous form in detail. I want to press a button "Add Garment" and open the customer item form with the customer ID and Name from the view of the form, but open it as Data Entry so the user can add garments.

Microsoft Access / VBA

1727

ASPX --allowing HTML Designers to modify... ???

by: SStory | last post by:

Doing pages for contract..... If I make an ASPX file that does certain things, how simple would it be for a person who know nothing about it to modify the user interface without bothering the ASPX interaction? How would I best build such pages. Many people of course don't want a page that they can't modify at all without programmer intervention. I think ASPX does this. Just curious to hear some comments on the subject from more...

ASP.NET

1958

Cannot run xcacls to modify user rights on a certain file?

by: Quentin Huo | last post by:

Hi: I am working in win 2003 and ASP.NET. I tried to modify the user rights from an ASPX (writen in C#) page through running xcacls. But failed. What I did is: Process myProcess = new Process(); myProcess.StartInfo.FileName = "cmd.exe";

ASP.NET

5936

Dynamic modify App.config

by: Agnes | last post by:

I my login form, I want to let the user choose which database (there are A,B,C three databases ) I know I can use App.config to change the SQL server (database name). However, I don't know how to do in my form ?? Please give some adivce.

Visual Basic .NET

3271

Customer Registration - Temporary data storage

by: Chris | last post by:

All I am cross-posting, as I'm not sure if this is an issue for the data layer or the application layer. If this is unacceptable, can someone let me know so that I don't do this in future. I'm using ASP .NET, framework version 1 and SQL Server 2000. I have an ASPX page with a form for customers to register. When they click on the "Proceed" button, they are shown a preview page of the data that they

ASP.NET

2018

Modify CSS class.

by: Will | last post by:

I have given up looking for a solution so I figured I would break down and ask. I am trying to modify a CSS class in page_load. I have no problem doing it with an ID with the simple HTMLID.Style = "10px"; however I need to apply it to a CSS class not a single ID. What is the code for that?

ASP.NET

2374

Customer Lookup

by: dancole42 | last post by:

I'm self-taught in Access, and as such I'm missing large chunks of knowledge, so I'm hoping someone here with some training can help me. Right now I have an Invoice form with a Customer subform. Right now it's set up so that someone can enter a customer ID, say, 12345, into the invoice form and customer 12345's name, address, etc. shows up in the Customer subform. How do I create a system where a user could start a new invoice, then

Microsoft Access / VBA

26999

The file '/Customer/Login.aspx' has not been pre-compiled...

by: =?Utf-8?B?TWlrZQ==?= | last post by:

I have an asp.net 2.0 web application that I have pre-compiled and deployed to a Windows 2003 server. When I try to access the web application I get the following message in my browser: 'The file '/Customer/Login.aspx' has not been pre-compiled, and cannot be requested'. If I rename the folder containing the web app to something other than 'Customer' then it works! I have tried deleting the folder and recreating it but I get the same...

ASP / Active Server Pages

8851

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8747

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8627

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6179

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

4175

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4335

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2752

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1976

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1737

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General