Using data from Entity Framework 2 to fill a 2010 local SSRS report in ASP.NET

When you design a local SSRS report you are forced to use a Dataset as part of the design process, however, this does not mean that you have to keep the dependancy on a dataset or even retain the dataset in your project once you have completed the design.

Simply use code similar to the C# example that follows to clear the dataset the report is expecting to use and specify the new collection of data it is to use instead:

var context = new AWEntities();

var vendors = from v in context.Vendors
                    where v.CreditRating != 1
                    select v;

ReportDataSource datasource = new ReportDataSource("VendorList", vendors);

You can use the same method to substitute data from Linq to SQL or ADO.NET if they are your DAL technology of choice.

Posted in Entity Framework | Tagged , | Leave a comment

Setting SSRS Report Parameters from ASP.NET C# Code

It is sometimes necessary to customise SSRS (SQL Server Reporting Services) reports at runtime and one way of achieving this is through the use of report parameters. One reason for doing this might be to customise the report title, column headers, currency, number formats and date formats based on the user’s language settings. Continue reading

Posted in ASP.NET | Tagged , | Leave a comment

Back Button issue after Logout in ASP.NET

This is the code most of us would normally use when logging out a user:


A frequent problem is that after a user logs out of their application using this code or similar, if they then use the back button they are presented with pages from the application without having to login. The reason that this problem occurs is because the client browser is caching the output from the pages and when the Back button is pressed the page content shown last is displayed directly from the cache without executing the code behind that might otherwise detect the user is unauthenticated and deny access if instead the page had been requested from the server again.

One solution might be to send appropriate headers with every page in the application to ask the browser not to cache the pages. This will work but it will mean that we will have to ensure that the headers are sent with each and every page either by either posting the same code on every page, using master pages or by having a common base class for every page, it will also mean that when the user uses the Back button in our application they will be hitting the server for the page every time rather than retrieving it from their browser cache which may not be desirable for performance reasons.

My solution is to use a half-way house that prevents the back button returning to an authenticated page after logout, when authenticated allows the back button to work as usual in retrieving the page from the browser cache, but has the downside that the user can still choose to access a page from their browser history after logging off as long as it is still in the browser’s cache.

The first step is to create a logout.aspx page and have our logout button simply redirect the user to this page. The logout page is going to request that the browser does not cache it and then log the user out of the application.

In the Page_Load event for the logout.aspx page, enter the following code:

Response.Cache.SetExpires(DateTime look at these guys.UtcNow.AddMinutes(-1));  

This code will request that the browser does not cache the page, but this will only occur if the response finishes and the page is displayed, i.e. we cannot simply do a SignOut and RedirrectToLoginPage within the Page_Load event.

The next step is to add an Ajax ScriptManager and Timer to the logout.aspx page as we are going to user the timer’s tick event after the page has been displayed for a second to logout and redirect the user. So paste this code into the page (ensuring that you have also included ajax in your project):

<asp:ScriptManager ID="ScriptManager1" runat="server">  
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  

Then you can code the Timer1_Tick event to logout the user and redirect them to the login page. Unfortunately, we cannot use RedirrectToLoginPage to redirect them as this would have a return url of our logout page, so we will put together our own url so that the user is redirected to index.aspx (you could change the code to redirect to any page of your choosing when the user logs in). Paste this code (or similar) into the Timer1_Tick event of the logout.aspx page:

string redirectUrl = FormsAuthentication.LoginUrl + "?ReturnUrl=index.aspx";  

So, when the user clicks the logout button in our application, the logout.aspx page will be displayed, perhaps with a message saying “Logging out…”, for a short period depending on what we have decided is a suitable interval (I use 1 second), and then the user is redirected to the login page. The user will now find that the Back button does not work and when they login they are redirected to the index page.

This solution still has an issue raised by some posters below, and that is if the user clicks the back button multiple times they will be able to get to the old pages, also, the Opera browser does not appear to respect the instructions we pass not to cache the logout page. A workaround to this is to add the following javascript code to thesection of the logout.aspx page:

<script type="text/javascript">

This javascript code will forward the user back if the user gets to the logout page by pressing the back button.

Note that, as discussed above, these tips ara a half-way house solution. If you need to ensure the user has no way to get back to the pages after they logout you must ask the browser not to cache any of the pages by including code similar to the following on every page:

Posted in ASP.NET | Tagged | Leave a comment

Preventing a User From Having Multiple Concurrent Sessions

This article is largely based on information learned within the book “Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB” by Bilal Haidar.

A common question asked regarding ASP.NET is how can you prevent a user logging on more than once at the same time. Unfortunately, the nature of ASP.NET means that you cannot tell if a user is logged in already. Sure you can log the fact a user has accessed your application, but there is no way to tell that they have abandoned their old session, perhaps by closing their browser, and that their new login is therefore valid. Continue reading

Posted in ASP.NET | Tagged , | Leave a comment