Crowdsourcing is all the rage these days, and even if you’re not managing a social media Web site, sometimes it’s helpful to accept content from end users.
For example, one of my clients has a community calendar on its Web site. Since the inception of the calendar, staff time had been devoted to retyping e-mailed and snail-mailed items into that calendar’s back end.
That was almost entirely wasted time, which my client rightfully wanted applied to something more profitable. My client wanted to allow staff to approve, edit or delete calendar submissions before they appeared on the site, but asked me to shift the burden of actually adding items directly onto the shoulders of site visitors.
Thanks to ASP.NET’s built-in membership system, we can easily provide a simple system for allowing end users to provide content. Not only that, but thanks to the role-based permissions incorporated into membership, we can even presort content to specific sections of the site, based on who is submitting it; grant specific users or user groups the ability to bypass an approval process; throttle contribution allowances; basically, any permission or restriction you might want to use.
I am going to make a simple cancellations notification system as my demo.
After all, everyone wants to know if school is closed, or whether the play is still on in spite of the weather. Because canceling school, play, etc. generally comes down to a single person’s decision — or, at most, a few people — we can easily provide a system to log in, select a few options or enter a bit of text, and save everyone the time and grief such notifications otherwise take.
The specific features I will demo, in this and upcoming blog entries, will be:
- an administrative interface to add, edit and delete memberships;
- another administrative interface to add, edit or delete membership roles (i.e., membership groups), and to assign members to those groups, as well as to assign users to specific schools, organizations, etc.;
- an administrative interface to approve, edit or delete cancellation notices;
- a private form to allow membership to post cancellations for the schools, organizations, etc. with which they have been associated;
- a public view of cancellations that have been approved for viewing.
For the purpose of this demo, we’ll need to make some basic assumptions:
- I will be using SQL Server, the SqlMembershipProvider and SqlRoleProvider. You could use Access, Active Directory or pretty much any other MembershipProvider. In terms of managing membership, whichever provider you use should be transparent; that is, you should be able to use the code I provide with any of the membership providers. In terms of storing and retrieving the cancellation data itself, there will be differences between SQL Server and Access queries; there will be significant differences if you use XML or some other data store.
- Expanding upon the point above, I will be using stored procedures. You can used text-based commands if you prefer. It shouldn’t be all that hard to convert my stored procedures into text commands. I could have written this in LINQ but I’m not all that sure about its future, and again I want to remove complexity from this tutorial.
- This will be written in VB.NET. It shouldn’t be that difficult to convert it to C# if you prefer that language, and for what it’s worth, there’s nothing preventing you from using C# and Visual Basic.NET in the same ASP.NET application.
- I’m doing this in Web forms. I could have gone the MVC route, but I fear that may add a layer of complexity that wouldn’t help new programmers, who are my primary audience. (Microsoft provides an excellent compare-and-contrast video of Web forms vs. MVC on the ASP.NET Web site. While the video doesn’t favor one over the other, I would urge Web programmers who want to go big time to learn the MVC model, as it tends to be the favored Web development methodology at most big design houses / Web sites.)
The Basics Of ASP.NET Membership: Users and Roles
First, let’s take a quick look at the parts of ASP.NET’s membership model that matter to us most. For a complete overview, check out the multipart series on ASP.NET membership at 4guysfromrolla.com.
ASP.NET’s membership model basically works on two tiers: users and roles (which I will also call groups), where users can belong to multiple roles.
In other words, a user login is the basic unit of membership in the ASP.NET membership model. It represents a single entity (e.g., a person). Each user login can belong to zero, one or several roles; and we can grant permission to do something on the site via either to a specific login (user), or the roles to which that login (user) belongs.
In the case of this application, we’re going to manage permissions both ways.
We are going to have four roles:
- Public, who can only view approved reports;
- Reporter, who have access to the form that allows reporting cancellations, but whose reports must be approved;
- SuperReporter, who have the same access as members of the Reporter role, but don’t need approval (that is, their reports go “live” once published); and
- Admin, who have the ability to add, edit or delete any cancellation report, as well as manage the membership of the Reporter and SuperReporter roles.
Each member of the Reporter and SuperReporter roles (groups) will be assigned at least one organization or school for which they can report a cancellation. Some will be assigned to multiple organizations / schools.
There aren’t many built-in tools for membership management, at least in terms of assigning people to roles, activating / deactivating end users, etc. We’ll have to build these tools ourselves, which is a significant part of the reason I’m breaking this project out over several blog posts.
The first code entry will, therefore, be that part of the project: A back end that allows you to create users, assign them to groups, clear lockouts when users exceed the maximum number of login tries, etc.
We also need to have a master list of organizations for which we will accept cancellations, and a way to assign users to those organizations. The next post will cover that, too.
All links in this post on delicious.com: http://delicious.com/dougvdotcom/an-asp-net-system-to-allow-site-members-to-contribute-content-part-1-overview