Pulling up the data from the SQL Database Server (other than SharePoint Lists) and reusing the SQL Data Viewer Webpart for SharePoint

- This was actually the inspiration from one of the Sam's Blog. Purpose to repost is to put it all together in my Blog with other SharePoint Related Blogs.

Requirement:

• This Webpart is being developed for SharePoint Sites.
• To make the Webpart more user-friendly, we will provide the Webpart properties for the user to configure the Data source, connection and query instead of making it hard coded
• Username and Password for the Database should be configurable through Webpart properties and once the Password is entered, it must be hidden with the Password character
• User must have the ability to enter the T-SQL command in one of the Webpart property and the query result should be displayed in the Grid View
• The Grid View must have paging and user should be able to control how many records to show in each page by setting a Webpart property
  

Enough of the requirements part, now let us design this:

I am going to design this Webpart development in 3 phases mentioned as follows

1. Developing the re-usable Webpart in Visual Studio 2005 and deploying it to SharePoint (Just with a simple text message – to verify whether the Webpart has been deployed successfully into SharePoint Site or not)
2. Create the Data Access library and display query results in Grid View
3. Customize the Webpart properties for Dynamic connection to SQL Server and to enable paging in Grid View

We had enough design for this custom Webpart. We now see each phase in detail.

Things we need before starting any of the 3 phases:

• Experience in C# or similar programming language
• This has to be developed in Visual Studio 2005 where the SharePoint Server is being hosted.

PHASE I - Building a Webpart project in Visual Studio 2005

• Start Visual Studio 2005 and select File -> New -> Project and click on Visual C# -> Windows -> “Web Control Library”
• In the name field type DataViewer and then Click OK
• In the Solution Explorer, rename the file WebCustomControl1.cs to DataViewer.cs
• Open DataViewer.cs and delete the following lines just below the DataViewer namespace
  [DefaultProperty("Text")]
  [ToolboxData("<{0}:WebCustomControl1 runat=server>")]
• Examine the line below
  public class DataViewer : WebControl
• The above line is inheriting from the WebControl Class and as we are developing the Webpart, we will inherit this from the Webpart class as follows
  Public class DataViewer: System.Web.UI.WebControl.Webparts.Webpart
  You can also write the above line as highlighted below by using the name space on top of the cs file as follows:
  using System.Web.UI.WebControl.Webparts;
  Public class DataViewer: Webpart
• Now delete all the text property code and write the following in the RenderContents method as follows:
  output.Write(“DataViewer Webpart Testing”);
• Now open the assembly.info.cs and modify the AssemblyVersion to [assembly: AssemblyVersion(“1.0.0.0”)]
• Now open the properties page for the Project by right-click on the Project name and select Properties
• Click on the Build on the left menu and change the Output path to the SharePoint WebApplication ‘s Bin folder to make this Webpart available for the whole Site Collection.
• Now build the Project – now dataviewer.dll and dataviewer.pdb will be generated upon successful build.
• Add the SafeControl for this Webpart in the web.config file of the SharePoint Webapplication for which you have choose the Output Path for the build
• Save the web.config file and close it.
• Now go to the SharePoint WebApplication in which you have deployed this Webpart.
• Site Actions -> Site Settings and under Gallery Section click on Webparts and then click on NEW and you will find the recently deployed Webpart, click on this and name the Group type and Quick Add Groups to easily find this Webpart in the Add Webpart gallery.
• Now go to the SharePoint Page where you wanted to add this Webpart and edit the page and click on Add a Webpart and then choose the recently added “DataViewer Webpart”.

Once you have added this Webpart, this Webpart should display the text “DataViewer Webpart Testing” and this concludes Part I.

Further to this phase we will see how the coding is done in Data Access Class followed by how the Webpart properties are developed to re-use this SQL Data Viewer Webpart for SharePoint.







Date Changes, Month Changes, Year Changes, Be Yourself, No Matter What ever Changes......!

Why Decryption when we can go for Encryption in ASP.NET?

As I was a bit busy these days with no work, got deviated in other activities for the welfare of my career and so have to be away in updating my blogs - Anyways.

This time, I would like to share with you, few of my ideas on Encryption and Decryption and more over would like to know what could be the challenges if I follow this while dealing with Password code. I thought, it would be a good idea to put it in the blog and participate in this discussion.


Baseline: WHY TO USE DECRYPTION, WHEN WE CAN MANAGE THE CODE WITH JUST ENCRYPTION. (Specific to only scenarios where we go for Decryption even if it is not necessary)

First thing first: There are several functions and we can create our own encryption functions, however, we have direct functions to encrypt the text and submitt it. i.e.,

FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassWord.Text, "SHA1");

Lets take a simple example of a Registration Screen and Login Screen.


Simple Registration Screen:

If we think about this, we can have just a Username, Password, DOB. (we can have many more but as we are considering simple Registration Form, I am just considering this)

We need to take care of the following:

• Username should be Unique.
• Password should be encrypted while submitting the data to the back-end and
• Any other field such as DOB for verification in case of forgotton password or something else

As I am now confined to with Encryption and Decryption, in this blog, I will worry about only the highlighted thing i.e., "Password should be encrypted while submitting the data to the back-end".

In such scenarios where there is a Registration Form and a Login Form, and where we need to submit the data and need to retrieve the submitted data, using Decryption doesn't make any sense (no offence on making this sentence) because of the following strong reason.

* Not safe to transfer the clear text to the server due to theft and more over Password is the only way to secure and have to be very keen about securely providing the information while sending through electronically.

Simple Login Screen:

If we think about this, we can have just a Username, and Password only.

For this, we need to take care of the following:

•Username should be Unique.
•Password from the Database should be decrypted while checking the login information with the data which is already there in the back-end server.

As I am now confined to with Encryption and Decryption, in this blog, I will worry about only the highlighted thing i.e., "Password from the Database should be decrypted while checking the loging information with the data which is already there in the back-end server.".


We now need to ensure, that the login information matches with one of the records in the Back-end server, hence for this, we usually decrypt the Password residing in the server and then bring it to the Front-end and compare the Clear text value, which is not safe, instead, if we encrypt the login information and compare the encrypted values at the server, and based on the match we will redirect the user to the corresponding pages.


Transffering the sensitive information electronically is not safe atleast to some extent, and hence I prefer to encrypt the login information and compare the encrypted values at the Back-end server as it is going to be a one time job (as mentioned in the specific scenarios only).

Hence, I think "Why Decryption when we can go for Encryption in ASP.NET".

Any comments or contradictions, please feel free to put it here.

Everyday is a learning day.

Date Changes, Month Changes, Year Changes, Be Yourself, No Matter What ever Changes......!