|
DerekT-P wrote: I'm a long-term web developer, used to building web-based applications in ASP.Net and using CSS, semantic markup, Javascript, AJAX and dynamically-generated content at the server. I'm happy hand-coding CSS and crafting HTML using classes, defining grids, floats etc. etc.. It sounds like you know what you're doing.
DerekT-P wrote: BUT the site is running on the WIX platform. Oh, my...That's awful. I am so sorry to hear this.
DerekT-P wrote: The webmaster reckons WIX is the bees-knees and claims that "Wix is probably the leading web platform around today. ... Wix is truly state of the art and the market leader." Were you able to keep from laughing when he told you this? What market is he referring to? The local flea market? That's like saying "Notepad" is the industry standard IDE for software development.
I've never encountered a web design editor that improved the quality of my work or allowed me to develop more quickly. I remember using Dreamweaver back when Macromedia owned it. It was such a hassle to do the simplest of things and all it did was get in the way. Then we had NetObjects Cold Fusion. That was just as useless. However, I could say that if a person wants to throw together a cookie-cutter website, and they have no experience whatsoever in this field, then it's probably a great tool.
The thing to remember is that the tool is only as good as the person who uses it. Imagine what Pablo Picasso could do with a box of crayons. Compare that to someone without artistic talent using the most advanced digital art application out there. I'm talking about "Corel Painter". With great accuracy, it simulates the appearance and behavior of traditional media, such as oil painting, pastels, graphite, airbrush, pen and ink, and the list goes on.
Could Pablo Picasso do more with crayons than someone who lacks artistic talent and uses the most advanced tools out there? My money is on Picasso and his crayons every time.
This unfortunate "webmaster" is out of touch with reality. Does he share his other beliefs with you? If so, do those beliefs defy reality? He may have a serious condition. Such a condition could cause him harm.
In the most severe cases, people who undergo this type of psychotic break from reality exhibit delusions of grandeur. An afflicted person might believe they can fly and jump off the roof of a building.
It may start off with using WIX, but that could lead to using things such as Microsoft Edge. Once a person starts using something like that, it's only a matter of time until they start using crack, and Python.
Friends don't let friends use WIX.
|
|
|
|
|
|
DerekT-P wrote: The webmaster reckons WIX is the bees-knees and claims that "Wix is probably the leading web platform around today. ... Wix is truly state of the art and the market leader." Anyone who drops buzzword nonsense like that is not a legit professional. At beast he's been hanging around too many business types and his ego makes him think he knows all about the web or he's just flat-out incompetent. Either way, saying crap like that is amateur hour.
That being said, nothing wrong with WIX. It's not the holy grail home dude pretends it is. But, it does have its place. It's great for people that just want to throw together a simple site or mom and pop shops who don't need anything hard core and just want to put a web page up. It'll never replace custom work or heavy lifting, but it can be a great way to get people started with their own site and maybe do a little ecom or put a family photo album online, etc.
Just know the market it serves. If you're a professional web dev even, and don't want to spend your time working on volunteer sites (like this), it's great. If they need anything with more custom power, they can pay for custom dev work. But, most folks just starting out can't afford that. So, I'm a fan of WIX. Just know its market and don't believe some dude with an ego.
Jeremy Falcon
|
|
|
|
|
I configured my website in IIS to use Windows Authentication, and it works when I don't try to add Authorization Rules.
However, I added an Allow rule to allow only users in the Administrators group, and it gives the below error when attempting to load the page:
HTTP Error 500.19 - Internal Server Error
Quote: Cannot add duplicate collection entry of type 'add' with combined key attributes 'users, roles, verbs' respectively set to ', Administrators, ' This is what my web config looks like:
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="" roles="Administrators" />
</authorization>
</security>
Can anyone see what I'm doing wrong?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
That matches the configuration sample in the documentation:
Security Authorization <authorization> | Microsoft Learn[^]
Based on the error, it sounds like you have authorization rules configured further up the hierarchy - either a parent folder, a parent application, or machine-wide. You could try using IIS Manager to look at the configured rules, using the "Authorization Rules" option in the IIS group rather than the ".NET Authorization Rules" in the ASP.NET group.
As a brute-force approach, you could clear the rules first:
<security>
<authorization>
<clear />
<add accessType="Allow" users="" roles="Administrators" />
</authorization>
</security>
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks, Richard. I didn't realize the multilayered nature of the settings.
I made sure that the settings on the server, website and application were all the same, and now it works.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
My company wants to create an internal portal website as a gateway to our applications that is hosted in an on-premises web server.
I don't want to try to re-invent the identity management, login and authorization process.
Is there any third-party solution that can be integrated with a local website to perform login functionality and user management?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
If it's a Windows server on your local network, why not use integrated / Windows authentication[^]? That way, you don't need to worry about storing or validating the user's credentials.
I generally combine that with a database to map Windows usernames to application-specific roles, with some admin screens to manage the mapping. But if your AD infrastructure is sound, you could potentially use AD group membership to manage access to the site's features, moving all of that admin onto the network administrators instead.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks Richard. I forgot to mention that this portal will eventually be accessible to clients who are not part of our network.
Are you aware of anything that could work with those types of accounts as well?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
|
Thanks, Richard. That's just the type of guidance I was looking for!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: My company wants to create an internal portal website as a gateway to our applications that is hosted in an on-premises web server.
I don't want to try to re-invent the identity management, login and authorization process.
Is there any third-party solution that can be integrated with a local website to perform login functionality and user management?
It's funny you mention this, Richard. Right now, I'm working on an authorization and authentication system for my project. Creating the system from the ground up will take way too much time and effort to implement, so I'm using Google's Identity Services ("GIS") for this. If you just want a simple login prompt, it's fairly easy to implement. I'm implementing a more comprehensive and custom approach, so it will be some time before I get things up and running properly.
Are you developing in a Windows environment? If so, MS Visual Studio allows you to create web applications using a generic user account template. In VS, create a blank web application. You will be prompted to choose a type of user account system. Select the "Individual User Accounts" option, and VS will create your application with a built-in user accounts system. From there, you need to customize the user accounts system, but it only took me a few hours to get up and running.
I haven't looked into any other 3rd party services as of yet, but I plan to allow users to log in with various social media accounts. Microsoft's authentication service looks to be a bit more convoluted. I think you have to go through a process where you verify the identity of your organization before you can implement anything. It sounds like an arduous process.
If you want to take a look at GIS,
see: Authentication | Google for Developers[ ^]
|
|
|
|
|
Yes, we eventually settled upon the automatic login functionality that's baked into ASP.NET Core. It will suffice for now.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: Yes, we eventually settled upon the automatic login functionality that's baked into ASP.NET Core. It will suffice for now.
Yep, that's what I used. I tried using the .NET Framework 4.x before using .NET Core. The former is pretty much depreciated for this type of thing.
One thing that perplexes me is the email functionality in .NET Core. When a new user creates an account, the components that handle the confirmation emails require a 3rd party SMTP service. If I remember correctly, I used something called "SendGrid". I have no idea why this is. I couldn't find anything that would let me integrate SMTP service into the project. I looked everywhere for anything, and using a 3rd party for SMTP service was the only reasonable option. Did you encounter anything like this?
|
|
|
|
|
I forgot to mention Amazon Web Services as an option. It's called "Identity and Access Management (IAM)", and that's the entire extent of my knowledge. Did you look into it? I haven't yet done so.
|
|
|
|
|
Every week I get a Dependabot alerts from github about my repositories, but when I go to have github build the needed PR to do the updates, it always fails with the error "/Gemfile.lock not parseable". The file looks good to me, but then I really have no idea what it's supposed to look like. IS there online service that will parse & lint a gemfile and tell me what's wrong with it?
Truth,
James
|
|
|
|
|
You'll probably want to start with the documentation:
Bundler: gemfile[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I have an Asp.Net MVC API with this controller :
namespace ApiDemo.Controllers
{
[Route("api/[controller]/[action]")]
[ApiController]
public class UsersController : ControllerBase
{
[HttpGet("{id}/{name}/{birthDate}/{isAlive}/{presNo}")]
public IActionResult Get(int id, string name, DateTime birthDate, bool isAlive, int presNo)
{
return StatusCode(200);
}
}
}
When I call this Swagger generates this Request URL:
https:
I don't understand the instances of '%20B' or '%3A22'. They are not always the same. What are these? Where are they coming from?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
It's %20 , not %20B. The %20 is an encoded space character.
The same is true for %3A , not %3A22. The %3A is a colon.
Encoding is required because certain characters are illegal in URLs, like a space or :, unless specified in certain places. For example, a colon is only legal after the protocol and between the hostname and port number.
So, your unencoded URL is:
https:
|
|
|
|
|
OK, so here's another from the same api call:
https:
So how would a client like, say for example a console app, call this? Would the app have to format the URL to convert spaces & colons to look like that??
Thanks!
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
|
Thanks!
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
I posted on this yesterday, but I haven't made any progress.
I'm just trying to set up a simplet test API. Here's my controller:
[Route("api/user")]
[ApiController]
public class UserController : _ControllerBase
{
public UserController(IConfiguration configuration) :
base(configuration)
{
}
[HttpGet("getById/{id}")]
public IActionResult GetById([FromQuery]int id)
{
try
{
var repo = new Repository(GetDataContext());
var owner = repo.GetById(id);
if (owner is null)
{
return NotFound();
}
else
{
return Ok(owner);
}
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpGet]
public IActionResult GetAll()
{
try
{
var repo = new Repository(GetDataContext());
var owners = repo.GetAll();
return Ok(owners);
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpPost]
public IActionResult Test([FromBody]TestEntity testEntity)
{
return StatusCode(200);
}
}
I can call the first two methods, GetAll and GetById like this:
https:
and
https:
and they both return data. But this gives me a Not Found error
[HttpPost]
public IActionResult Test([FromBody]TestEntity testEntity)
{
}
called using Postman like this:
https:
Questions
First, I'm not even sure I have the controller methods set up right. I don't really understand when/why to use the various attributes such as [FromBody] & [FromQuery]. I'm slowly learning by I may have it wrong here.
If I'm passing an object, as opposed to say an int, what should the method signature look like? Do I use FromBody or FromQuery? My Google searches return many different results. What would the correct syntax look like?
Second, the way I'm passing params, seperated by '/' seems wrong. Shouldn't the call to the API look something like this?
https:
Am I doing something wrong here?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
Kevin Marois wrote: called using Postman like this:
https:
Aside from the syntax error in your JSON (no quotes around the name value), that doesn't look like a valid POST request to me.
In Postman, the method should be set to POST , and the JSON should be in the body, not the URL.
Send parameters and body data with API requests in Postman | Postman Learning Center[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
OK, but do I have the method set up correctly?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|