Guest Book As promised, here's the final installment. You can find the download links for the final version of the code at the end of this article. Feel free to use this code and tweak it any way you wish. For demo purposes, the menu is on all the pages but you can easily factor this out into its own form. I would normally make this a separate control, but you will probably be integrating this application into your existing navigation anyway, so...

The membership system in ASP.NET 2.0 is pretty much plug-and-play right out of the box. When I worked with it first, I took some time to read up on the new membership controls before trying them out. For this particular topic, I cannot recommend the following two books highly enough:

Murach's ASP.NET 2.0 Upgrader's Guide (Lowe & Murach)
Pro ASP.NET 2.0 in C# 2005 (MacDonald & Szpuszta)

Just to recap, at this point you should have a working Guest Book application and database. The only thing left to do is to configure the membership system and add some administration forms to allow us to edit, update, delete and publish comments posted by users.



The next item on our list is to use the WSAT tool to add an admin user, create the admin role and add the new admin user to that role. By using a role, we can grant extra privileges to admin users in the future if needed. We can just do it once rather than having to grant them to each admin user individually. A picture is worth a thousand words, so please refer to the pics for guidance.





Access the WSAT by clicking on the icon at the top of Solution Explorer in VS 2008. Note that the administrator role is already set up in the config file and all you have to do is add the admin user to this role. I'm including a picture showing how to set up the access rule using the tool. The main problem people encounter here is the order of the entries in the authorization section of the config file. The administrator role is listed before 'users'. See the config file picture in part II of this series for clarification.

Admin Login


Guest Book Admin


We will add a new form called guestBookAdmin.aspx to the Admin folder which shows a list of the comments awaiting moderation in a GridView. Clicking on one of these brings up the commentDetails.aspx form. This is almost a replica of the addComment.aspx form which is populated with the data for this comment. The comment ID is passed to this new form when the 'select' link on the guestBookAdmin form is clicked. This is then used as a parameter to the stored procedure when fetching the data for this comment. Note also, that there is now a 'publish' check box. The administrator uses this to put a comment live after it has been edited and approved.

Edit Comment Details


Just a few words about the ObjectDataSource control here. This is an amazingly helpful control which we can use to create a declarative link between our front-end Web controls and our data access methods. Note that our data access class must have a default, parameterless constructor and none of the select or update methods can be static. This is just another reason why I prefer to inject a business layer between the front and back-ends. It gives us a nice comfort zone for future code customizations in the shape of new business rules and the like. Plus, we get to use a more friendly syntax. Ideally, each record should be a custom object but that's another story!! Bring on the new Entity Framework :-)

Be sure to check out the brand new security video tutorials from Scott Mitchell.

Download Code: (99.61 kb) (1.01 kb)


Comments (6) -

Jeff United States
6/21/2008 6:13:22 PM #

I searched all over before for an example guest book with SQL database and could not find just what I wanted.  This is exactly what I was looking for.

Thanks for the guest book example and education.  


agrace United States
6/22/2008 12:47:13 AM #

Glad to be of help Jeff. Like you, it surprised me when I looked online for sample code for a guest book and couldn't find anything for such a common application...

Rudolf Netherlands
7/6/2008 9:36:30 PM #

Hi agrace,

Nice!. Just what I need. Thanks!!
Onlye 1 thing don't work. I have not Stored procedure named "GetCommentsSummary". Is it possible get it thanks!

I get a clean DB of this Guest book



agrace United States
7/6/2008 10:29:44 PM #


It should have been included in the DB script download, but here it is again:

CREATE PROCEDURE [dbo].[GetCommentsSummary]
  -- SET NOCOUNT ON added to prevent extra result sets from
  -- interfering with SELECT statements.

  SELECT DISTINCT dbo.Guestbook.CommentId, dbo.Guestbook.Name,
    dbo.Guestbook.Email, dbo.Guestbook.Website, dbo.Guestbook.Location,
    dbo.Guestbook.Comment, dbo.Guestbook.PostDate, dbo.Guestbook.Live
  FROM dbo.Guestbook

celopez United States
2/27/2012 9:23:38 PM #

I'm using your guestbook as a learning tool but it seems I have lots more to learn. I'm not able to make it work. Somehow I'm missing a few stored procedures. I cannot locate GetcommentsByID, DeleteComment and UpdateComment. I looked at all your zpped files and they don't seem to have them either. Could you provide those procedures for me?

SimpleScripts United States
7/7/2012 1:28:23 PM #

This post is good, whenever I just visit blogs I comes across some shitty articles written for search engines and irritate users but this information is quite good. It is simple, good and straightforward.