Guest Book As promised, here's the final installment. You can find the download links for the final version of the code at the end of this article. Feel free to use this code and tweak it any way you wish. For demo purposes, the menu is on all the pages but you can easily factor this out into its own form. I would normally make this a separate control, but you will probably be integrating this application into your existing navigation anyway, so...

The membership system in ASP.NET 2.0 is pretty much plug-and-play right out of the box. When I worked with it first, I took some time to read up on the new membership controls before trying them out. For this particular topic, I cannot recommend the following two books highly enough:

Murach's ASP.NET 2.0 Upgrader's Guide (Lowe & Murach)
Pro ASP.NET 2.0 in C# 2005 (MacDonald & Szpuszta)

Just to recap, at this point you should have a working Guest Book application and database. The only thing left to do is to configure the membership system and add some administration forms to allow us to edit, update, delete and publish comments posted by users.


The next item on our list is to use the WSAT tool to add an admin user, create the admin role and add the new admin user to that role. By using a role, we can grant extra privileges to admin users in the future if needed. We can just do it once rather than having to grant them to each admin user individually. A picture is worth a thousand words, so please refer to the pics for guidance.



Access the WSAT by clicking on the icon at the top of Solution Explorer in VS 2008. Note that the administrator role is already set up in the config file and all you have to do is add the admin user to this role. I'm including a picture showing how to set up the access rule using the tool. The main problem people encounter here is the order of the entries in the authorization section of the config file. The administrator role is listed before 'users'. See the config file picture in part II of this series for clarification.

Admin Login

Guest Book Admin

We will add a new form called guestBookAdmin.aspx to the Admin folder which shows a list of the comments awaiting moderation in a GridView. Clicking on one of these brings up the commentDetails.aspx form. This is almost a replica of the addComment.aspx form which is populated with the data for this comment. The comment ID is passed to this new form when the 'select' link on the guestBookAdmin form is clicked. This is then used as a parameter to the stored procedure when fetching the data for this comment. Note also, that there is now a 'publish' check box. The administrator uses this to put a comment live after it has been edited and approved.

Edit Comment Details

Just a few words about the ObjectDataSource control here. This is an amazingly helpful control which we can use to create a declarative link between our front-end Web controls and our data access methods. Note that our data access class must have a default, parameterless constructor and none of the select or update methods can be static. This is just another reason why I prefer to inject a business layer between the front and back-ends. It gives us a nice comfort zone for future code customizations in the shape of new business rules and the like. Plus, we get to use a more friendly syntax. Ideally, each record should be a custom object but that's another story!! Bring on the new Entity Framework :-)

Be sure to check out the brand new security video tutorials from Scott Mitchell.

Download Code: (99.61 kb) (1.01 kb)

kick it on   PHP, ASP, .NET, JSP Resources, Reviews

Guest Book Solution You can also view part I of this article which describes the setting up of this application with Visual Studio 2008 and IIS 7, running on Vista. SQL Server 2005 was used as the database. I had originally blogged on this using VS 2005 but feedback indicated that quite a few people are now using VS 2008, so I upgraded it to VS 2008, which I am currently running on VMWare Workstation... the best $190 I ever spent. This is part II and the full code will be available for download in part III, real soon!

Speaking of feedback, I have been having problems with the comments system on this blog for some time now. So, pretty soon I am upgrading the blog engine and switching to a database version. The plan is to eventually make it a real "Community" site. Watch this space...

The Guest Book application is written in C# and is pretty straightforward. Here I will walk through the creation of the back-end which will allow the site administrator to moderate the comments posted to the guest book by site visitors.

First, we need to set up our membership system. The membership system is where most people seem to get stuck. There are several ways of achieving the same thing and I think that this is what causes much of the confusion. Typically, in an application such as this you would use a CAPTCHA control to combat the spammers, so we are not going to force users to register in order to sign the guest book. We will need an administration area for our admin forms, so we will create an "admin" role. The way I go about this is to create a new folder and call it Admin. Add a config file  to this new folder and set up the authorization rules as shown below.

Admin Web.config

Now, we're going to cheat a little. I'm going to do the TV chef and slip in a little something I pre-prepared earlier in the kitchen (actually gleaned from several of Scott Guthrie's blog postings). I always keep a sample Web.config file handy that I know is set up correctly for a basic membership system. I start this way rather than jumping in right off with the WSAT wizard because I want to have one single database for both my application and membership data. Tidier. So, I manually set up the database connection in the project Web.config file, along with entries for the membership and authentication sections. See the snippets below, and don't forget to include the roleManager tag!

Project Web.config

Now that the membership database connection is configured the way we want it, we can run the aspnet_regsql tool from the command line. This will create the actual membership database objects for us as part of our Guests database. Just navigate from the start menu to SQL Server Management Studio and locate the command line tool under the Configuration Tools folder. Simply enter aspnet_regsql at the prompt and you will be presented with the SQL Server Setup Wizard. Here are some screenshots showing the correct selections to make:

SQL Server Setup Wizard

SQL Server Setup Wizard

SQL Server Setup Wizard

If you go to SSMS and refresh the database, you should now be able to expand the tables icon, and you will see that the wizard had created everything we need for our membership system. At this stage, you are ready to run the WSAT tool and start setting up the admin role and adding the admin user. I will outline this process in the final installment, as well as the creation of our administration forms. Stay tuned!

Membership Database Objects

kick it on   PHP, ASP, .NET, JSP Resources, Reviews

Jigsaw I neglected to point out that the code I posted for this previously was created in VS 2005 running on XP Professional. I'm going to update the code here and do a quick walkthrough of the steps necessary to get this working in Visual Studio 2008 running on Vista. You can find the download links at the end of this article.

Although I don't recommend moving projects from one version of VS to another willy-nilly (it takes very little time to get it up and running from scratch), if you are having problems moving a project between VS versions, you might want to check the version number at the top of the solution file; for VS 2005 you would find something like Version 9.00. When moving a VS 2005 project to VS 2008, you might try changing the 9 to a 10.

I plan on following up some more on this Guest Book application and showing how to develop an administrative back end for it. Right now ,the moderator functionality is built in, in that the 'live' field is not set by default. So, if you want your comment to appear, you will have to change this field value to 'true' manually in the database. The Guestbook table design is shown below.

Guestbook Table

The App_Code folder refused to play nice in the VS 2008 Web project, so I renamed the folder "Layers". Other than that, the code is the same. I've only been using Vista for a few weeks so I'll defer judgement until after the full SP1 release. For developers, I would recommend turning off the User Account Control (UAC) to get rid of those demented pop-ups. This is still a version 2.0 application, so be sure to select this option if creating your project from scratch in VS. Sometimes I will build my own project incrementally as I study other people's code that I have downloaded, just as a learning exercise :-)

VS 2008 Solution Explorer

One of the first things you will notice when moving to this environment is the completely new IIS 7 interface. It's 100% different and I'm finding it a joy to work with. In order to get the application running, you will first have to check some IIS 7 settings. ASP.NET is more integrated than ever before with IIS; no more dependency on command line line utilities like aspnet_regiis.exe – so do not run it to install ASP.NET!

IIS 7 Settings

In IIS, select the Application Pools node and set the Managed Pipeline for the DefaultAppPool to “Classic” in the Application Pools view. You will also need to create a virtual directory. You can do this (or pretty much anything else) from within the new IIS console, but I still prefer to perform this task from within the IDE. Right-click on the project node in solution explorer and select properties. On the Web tab of the properties manager, opt to create a virtual directory. Now, right-click on Default Web Site node in IIS 7 and opt to add a virtual directory. Navigate to the Guestbook folder and select it. Also, don't forget to set Default.aspx as the default page in IIS. In your browser, navigate to http://localhost/guestbook to bring up the home page.

VS 2008 Project Settings

If you start getting security errors, try adding appropriate permissions to the folder in question. If you get the following error:

HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services IIS 7, navigate to and highlight the Guestbook node. In the Category view to the right, double-click on the Authentication icon under Security. Right-click the Windows Authentication entry and opt to enable Windows Authentication. (KB 253667)

The database is very simple; one table and two stored procedures. Create the Guestbook database manually in SQL Server Management Studio (SSMS) and run the three scripts in your query window. Set up your permissions as shown below and you should be good to go.

Database Permissions (74.70 kb) (3.13 kb)

kick it on   PHP, ASP, .NET, JSP Resources, Reviews