This is a migrated thread and some comments may be shown as answers.

Popup Edit record security problem

3 Answers 115 Views

Grid

This is a migrated thread and some comments may be shown as answers.

Slava Dolgov asked on 26 Jan 2010, 04:43 AM

We are using the grid with popup form to add/edit records (EditMode="PopUp").
Everything works find on the development server. But when we moved the application to the production, we got a problem with the popup form.

When user clicks on the corresponding "Edit" icon, then we got the following error:

Server Error in '/' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


            [SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +58
   System.Reflection.Assembly.VerifyCodeBaseDiscovery(String codeBase) +118
   System.Reflection.Assembly.get_CodeBase() +35
   System.Web.Handlers.ScriptResourceHandler.GetCodeBaseWithAssert(Assembly assembly) +31
   System.Web.Handlers.ScriptResourceHandler.GetLastWriteTime(Assembly assembly) +36
   System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfoInternal(Assembly assembly) +61
   System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfo(Assembly assembly) +62
   System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +325
   System.Web.Handlers.ScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +33
   System.Web.UI.ScriptManager.GetScriptResourceUrl(String resourceName, Assembly assembly) +89
   System.Web.UI.ScriptRegistrationManager.RegisterClientScriptResource(Control control, Type type, String resourceName) +111
   System.Web.UI.ScriptManager.RegisterClientScriptResource(Control control, Type type, String resourceName) +9

Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3082

It looks like a security problem when the grid tries to get a script from the dll.
I tried different suggestions from the knoledgebase (web.config, WebResource.axd file, etc.), but nothing helped,

The strange thing is that the same version of application works fine on another server.
Unfortunately, the production versionis located on a shared server and we are quite limited in terms of IIS administration...

Any suggestions to fix the problem?

3 Answers, 1 is accepted

answered on 29 Jan 2010, 04:14 AM

Hi Rosen,

First of all, I also found that the problem happens even for simple form (not only popup form).
So, this is not just a popup form problem.

Unfortunately, I was not able to attach the files.
Please see the corresponding code below.

Thanks,
Slava.

This is the web page:
...

<asp:ScriptManager id="ScriptManager" runat="server" />

<telerik:RadGrid ID="grdUsers" Width="99%" AllowFilteringByColumn="True"

AllowSorting="True" PageSize="20" ShowFooter="False" AllowPaging="True" runat="server"

AutoGenerateColumns="False" GridLines="None" ShowStatusBar="True" ShowHeader="True"

OnSortCommand="grdUsers_SortCommand" OnNeedDataSource="grdUsers_NeedDataSource" OnItemDataBound="grdUsers_ItemDataBound" OnItemCreated="grdUsers_ItemCreated"

OnDeleteCommand="grdUsers_DeleteCommand" OnInsertCommand="grdUsers_InsertCommand" OnUpdateCommand="grdUsers_UpdateCommand"

AllowMultiRowSelection="True" >

<MasterTableView EditMode="PopUp" AllowFilteringByColumn="True" ShowFooter="False"

DataKeyNames="id" AllowMultiColumnSorting="True" AllowNaturalSort="True" CommandItemDisplay="Top" TableLayout="Fixed" >

<telerik:GridEditCommandColumn ButtonType="ImageButton" UniqueName="EditCommandColumn" HeaderStyle-Width="30px" HeaderStyle-HorizontalAlign="Center" >

</telerik:GridEditCommandColumn>

<telerik:GridBoundColumn DataField="lastname" HeaderText="Last Name" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="firstname" HeaderText="First Name" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="email" HeaderText="Email" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="password" HeaderText="Password" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="company" HeaderText="Company" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="domain" HeaderText="Domain" FilterControlWidth="75%" HeaderStyle-Width="120px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn UniqueName="approved_text" DataField="approved_text" HeaderText="Approved" SortExpression="approved" HeaderStyle-Width="80px" HeaderStyle-HorizontalAlign="Center">

<telerik:RadComboBox ID="cmbApprovedFilter" width="99%"

SelectedValue='<%# ((GridItem)Container).OwnerTableView.GetColumn("approved_text").CurrentFilterValue %>'

runat="server" OnClientSelectedIndexChanged="ApprovedIndexChanged">

</telerik:RadComboBox>

<telerik:RadScriptBlock ID="RadScriptBlock1" runat="server">

function ApprovedIndexChanged(sender,args) {

var tableView = $find("<%= grdUsers.MasterTableView.ClientID %>");

tableView.filter(

'approved_text',args.get_item().get_value(),"EqualTo");

}

</script>

</telerik:RadScriptBlock>

</FilterTemplate>

</telerik:GridBoundColumn>

<telerik:GridBoundColumn UniqueName="approved" DataField="approved" HeaderText="Approved" Visible="False">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn UniqueName="expdate_text" DataField="expdate_text" SortExpression="expdate" HeaderText="Expired Date" HeaderStyle-Width="100px" HeaderStyle-HorizontalAlign="Center">

<telerik:RadComboBox ID="cmbExpDateFilter" width="99%"

SelectedValue='<%# ((GridItem)Container).OwnerTableView.GetColumn("expdate_text").CurrentFilterValue %>'

runat="server" OnClientSelectedIndexChanged="ExpDateIndexChanged">

</telerik:RadComboBox>

<telerik:RadScriptBlock ID="RadScriptBlock2" runat="server">

function ExpDateIndexChanged(sender,args) {

var tableView = $find("<%= grdUsers.MasterTableView.ClientID %>");

tableView.filter(

'expdate_text',args.get_item().get_value(),"EqualTo");

}

</script>

</telerik:RadScriptBlock>

</FilterTemplate>

</telerik:GridBoundColumn>

<telerik:GridDateTimeColumn DataField="regdate" HeaderText="Register Date" FilterControlWidth="75%" HeaderStyle-Width="130px" HeaderStyle-HorizontalAlign="Center">

</telerik:GridDateTimeColumn>

<telerik:GridBoundColumn DataField="language" HeaderText="Language" Visible="False">

</telerik:GridBoundColumn>

<telerik:GridBoundColumn UniqueName="language_text" DataField="language_text" SortExpression="language_text" HeaderText="Language" HeaderStyle-HorizontalAlign="Center" HeaderStyle-Width="80px">

<telerik:RadComboBox ID="cmbLanguageFilter" width="99%"

SelectedValue='<%# ((GridItem)Container).OwnerTableView.GetColumn("language_text").CurrentFilterValue %>'

runat="server" OnClientSelectedIndexChanged="LanguageIndexChanged">

</telerik:RadComboBox>

<telerik:RadScriptBlock ID="RadScriptBlock3" runat="server">

function LanguageIndexChanged(sender,args) {

var tableView = $find("<%= grdUsers.MasterTableView.ClientID %>");

tableView.filter(

'language_text',args.get_item().get_value(),"EqualTo");

}

</script>

</telerik:RadScriptBlock>

</FilterTemplate>

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="sendemail_name" SortExpression="sendemail_name" HeaderText="Send Email" HeaderStyle-HorizontalAlign="Center" HeaderStyle-Width="80px">

<telerik:RadComboBox ID="cmbSendEmailFilter" width="99%"

SelectedValue='<%# ((GridItem)Container).OwnerTableView.GetColumn("sendemail_name").CurrentFilterValue %>'

runat="server" OnClientSelectedIndexChanged="SendEmailIndexChanged">

</telerik:RadComboBox>

<telerik:RadScriptBlock ID="RadScriptBlock4" runat="server">

function SendEmailIndexChanged(sender,args) {

var tableView = $find("<%= grdUsers.MasterTableView.ClientID %>");

tableView.filter(

'sendemail_name',args.get_item().get_value(),"EqualTo");

}

</script>

</telerik:RadScriptBlock>

</FilterTemplate>

</telerik:GridBoundColumn>

<telerik:GridBoundColumn DataField="sendemail" HeaderText="Send Email" Visible="False">

</telerik:GridBoundColumn>

<telerik:GridButtonColumn ConfirmText="Delete this user?" ConfirmDialogType="RadWindow"

ConfirmTitle="Delete" ButtonType="ImageButton" CommandName="Delete" Text="Delete"

UniqueName="DeleteColumn" HeaderStyle-Width="30px">

</telerik:GridButtonColumn>

</Columns>

<tr>

<td class="Label">First Name</td>

</tr>

<tr>

<td class="Label" valign="middle">Password</td>

<td class="Label">Language</td>

<td>

<asp:dropdownlist id="ddlLanguage" runat="server" cssclass="Dropdownlist" style="width:200px;">

<asp:ListItem Value="1">German</asp:ListItem>

<asp:ListItem Value="2">English</asp:ListItem>

<asp:ListItem Value="3">French</asp:ListItem>

</asp:dropdownlist>

</td>

</tr>

<tr>

<td class="Label">Company</td>

<td class="Label">Domain</td>

</tr>

<tr>

<td class="Label">Email</td>

<td class="Label">Send Email</td>

<table>

<tr>

</tr>

</table>

</td>

</tr>

<tr>

<td class="Label">Approved</td>

<table>

<tr>

</tr>

</table>

</td>

<td class="Label" >Expired Date</td>

</tr>

<tr>

<tr>

<td>

<asp:button id="btnSave" runat="server" CssClass="ButtonText"

Text='<%# (Container is GridEditFormInsertItem) ? "Insert" : "Update" %>'

CommandName='<%# (Container is GridEditFormInsertItem) ? "PerformInsert" : "Update" %>' ></asp:button>

</td>

<td>

<asp:button id="btnCancel" runat="server" CssClass="ButtonText" Text="Cancel"

CausesValidation="False" CommandName="Cancel"></asp:button>

</td>

</tr>

</table>

</td>

</tr>

<TR>

<asp:validationsummary id="vsFile" runat="server" CssClass="errorSummary" Width="100%" ></asp:validationsummary>

</TD>

</TR>

</table>

</FormTemplate>

</EditFormSettings>

<telerik:GridSortExpression FieldName="approved" SortOrder="Ascending" />

</SortExpressions>

</MasterTableView>

<Resizing

AllowColumnResize="True"

AllowRowResize = "False"

ResizeGridOnColumnResize = "True"

ClipCellContentOnResize = "True"

EnableRealTimeResize = "True" />

</ClientSettings>

</telerik:RadGrid>

</form>

This is the source code of the web page:

public partial class users : RadAjaxPage

{

private DataTable GetUsers()

{

DataTable dt =

new DataTable();

OleDbConnection dbCon = Sql.GetConnection(

this.Server);

dbCon.Open();

try

{

System.Data.OleDb.OleDbDataAdapter dbAdapter =

new System.Data.OleDb.OleDbDataAdapter("SELECT * FROM users order by lastname, firstname", dbCon);

dbAdapter.Fill(dt);

dt.Columns.Add(

"language_text", typeof(string));

dt.Columns.Add(

"approved_text", typeof(string));

dt.Columns.Add(

"sendemail_name", typeof(string));

dt.Columns.Add(

"expdate_text", typeof(string));

foreach (DataRow row in dt.Rows)

{

if (!Convert.IsDBNull(row["language"]))

{

int language = Convert.ToInt32(row["language"]);

switch ((process4.enums.Languages)language)

{

case process4.enums.Languages.English:

row[

"language_text"] = "English";

break;

case process4.enums.Languages.German:

row[

"language_text"] = "German";

break;

case process4.enums.Languages.French:

row[

"language_text"] = "French";

break;

}

if (!Convert.IsDBNull(row["approved"]))

{

int approved = Convert.ToInt32(row["approved"]);

switch ((process4.enums.UserApprovedEnum)approved)

{

case process4.enums.UserApprovedEnum.Approved:

row[

"approved_text"] = "Approved";

break;

case process4.enums.UserApprovedEnum.NotApproved:

row[

"approved_text"] = "Not Approved";

break;

case process4.enums.UserApprovedEnum.Banned:

row[

"approved_text"] = "Banned";

break;

}

if (!Convert.IsDBNull(row["sendemail"]))

{

row[

"sendemail_name"] = Convert.ToInt32(row["sendemail"]) == 0 ? "No" : "Yes";

}

if (!Convert.IsDBNull(row["expdate"]))

{

row[

"expdate_text"] = Convert.ToDateTime(row["expdate"]).ToString("d");

}

finally

{

dbCon.Close();

}

return dt;

}

private DataTable GetExpDates()

{

DataTable dt =

new DataTable();

OleDbConnection dbCon = Sql.GetConnection(

this.Server);

dbCon.Open();

try

{

System.Data.OleDb.OleDbDataAdapter dbAdapter =

new System.Data.OleDb.OleDbDataAdapter("SELECT DISTINCT expdate FROM users ORDER by expdate", dbCon);

dbAdapter.Fill(dt);

}

finally

{

dbCon.Close();

}

return dt;

}

protected void fillUsersGrid()

{

try

{

grdUsers.DataSource = GetUsers();

grdUsers.DataBind();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to load users. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

}

protected void Page_Load(object sender, System.EventArgs e)

{

if (this.Session["admin"] != null)

{

Common.InitDateTimeFormat();

if (!this.IsPostBack)

{

fillUsersGrid();

}

else

{

this.Session["GoBack"] = "users.aspx";

this.Response.Redirect("login.aspx");

}

#region

Web Form Designer generated code

override protected void OnInit(EventArgs e)

{

// CODEGEN: This call is required by the ASP.NET Web Form Designer.

InitializeComponent();

base.OnInit(e);

}

protected void InitializeComponent()

{

this.Load += new System.EventHandler(this.Page_Load);

}

#endregion

protected void grdUsers_NeedDataSource(object source, GridNeedDataSourceEventArgs e)

{

try

{

grdUsers.DataSource = GetUsers();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to load users. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

}

protected void grdUsers_SortCommand(object source, Telerik.Web.UI.GridSortCommandEventArgs e)

{

try

{

grdUsers.DataSource = GetUsers();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to load users. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

}

protected void grdUsers_ItemCreated(object sender, GridItemEventArgs e)

{

if (e.Item is GridFilteringItem)

{

GridFilteringItem filter = (GridFilteringItem)e.Item;

RadComboBox combo = (RadComboBox)filter[

"approved_text"].FindControl("cmbApprovedFilter");

combo.Items.Clear();

combo.Items.Add(

new RadComboBoxItem("No Filter"));

combo.Items.Add(

new RadComboBoxItem("Not Approved", "Not Approved"));

combo.Items.Add(

new RadComboBoxItem("Approved", "Approved"));

combo.Items.Add(

new RadComboBoxItem("Banned", "Banned"));

DataTable table = GetExpDates();

combo = (RadComboBox)filter[

"expdate_text"].FindControl("cmbExpDateFilter");

combo.Items.Clear();

combo.Items.Add(

new RadComboBoxItem("No Filter"));

foreach (DataRow row in table.Rows)

{

if(!Convert.IsDBNull(row["expdate"]))

{

string sDate = Convert.ToDateTime(row["expdate"]).ToString("d");

combo.Items.Add(

new RadComboBoxItem(sDate, sDate));

}

combo = (RadComboBox)filter[

"language_text"].FindControl("cmbLanguageFilter");

combo.Items.Clear();

combo.Items.Add(

new RadComboBoxItem("No Filter"));

combo.Items.Add(

new RadComboBoxItem("German", "German"));

combo.Items.Add(

new RadComboBoxItem("English", "English"));

combo.Items.Add(

new RadComboBoxItem("French", "French"));

combo = (RadComboBox)filter[

"sendemail_name"].FindControl("cmbSendEmailFilter");

combo.Items.Clear();

combo.Items.Add(

new RadComboBoxItem("No Filter"));

combo.Items.Add(

new RadComboBoxItem("Yes", "Yes"));

combo.Items.Add(

new RadComboBoxItem("No", "No"));

}

protected void grdUsers_ItemDataBound(object sender, GridItemEventArgs e)

{

try

{

if ((e.Item is GridEditFormItem) && (e.Item.IsInEditMode))

{

GridEditFormItem edititem = (GridEditFormItem)e.Item;

DropDownList lstLanguage = (DropDownList)edititem.FindControl(

"ddlLanguage");

if (e.Item.OwnerTableView.IsItemInserted)

{

RadioButton rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailY");

rdbControl.Checked =

true;

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailN");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedN");

rdbControl.Checked =

true;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedY");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedX");

rdbControl.Checked =

false;

RadDateTimePicker picker = (RadDateTimePicker)edititem.FindControl(

"dtExpDate");

picker.SelectedDate =

new DateTime(DateTime.Now.Year + 1, 1, 1).AddDays(-1);

lstLanguage.SelectedValue = ((

int)process4.enums.Languages.German).ToString();

}

else

{

RadioButton rdbControl =

null;

if (Convert.IsDBNull(edititem["sendemail_name"].Text) || (edititem["sendemail_name"].Text.Length == 0))

{

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailY");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailN");

rdbControl.Checked =

true;

}

else

{

if (edititem["sendemail_name"].Text == "Yes")

{

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailY");

rdbControl.Checked =

true;

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailN");

rdbControl.Checked =

false;

}

else

{

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailY");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbSendEmailN");

rdbControl.Checked =

true;

}

process4.enums.UserApprovedEnum approved = process4.enums.UserApprovedEnum.NotApproved;

if (!Convert.IsDBNull(edititem["approved"].Text))

{

approved = (process4.enums.UserApprovedEnum)

Convert.ToInt32(edititem["approved"].Text);

}

switch (approved)

{

case process4.enums.UserApprovedEnum.Approved:

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedY");

rdbControl.Checked =

true;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedN");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedX");

rdbControl.Checked =

false;

break;

case process4.enums.UserApprovedEnum.NotApproved:

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedY");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedN");

rdbControl.Checked =

true;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedX");

rdbControl.Checked =

false;

break;

case process4.enums.UserApprovedEnum.Banned:

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedY");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedN");

rdbControl.Checked =

false;

rdbControl = (RadioButton)edititem.FindControl(

"rdbApprovedX");

rdbControl.Checked =

true;

break;

}

RadDateTimePicker picker = (RadDateTimePicker)edititem.FindControl(

"dtExpDate");

DateTime time;

if (Convert.IsDBNull(edititem["expdate_text"].Text))

{

time =

new DateTime(DateTime.Now.Year + 1, 1, 1).AddDays(-1);

edititem[

"expdate_text"].Text = time.ToString();

}

else

{

time =

Convert.ToDateTime(edititem["expdate_text"].Text);

}

picker.SelectedDate = time;

if (lstLanguage != null)

{

if (Convert.IsDBNull(edititem["language"].Text))

lstLanguage.SelectedValue = ((

int)process4.enums.Languages.German).ToString();

else

lstLanguage.SelectedValue = edititem[

"language"].Text;

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to edit user. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

}

protected void grdUsers_DeleteCommand(object source, Telerik.Web.UI.GridCommandEventArgs e)

{

GridDataItem item = (GridDataItem)e.Item;

int nID = Convert.ToInt32(item.OwnerTableView.DataKeyValues[item.ItemIndex]["id"]);

OleDbConnection dbCon = Sql.GetConnection(

this.Server);

try

{

dbCon.Open();

OleDbCommand command =

new OleDbCommand("DELETE FROM users WHERE [id]=@id", dbCon);

command.Parameters.AddWithValue(

"@id", nID);

command.ExecuteNonQuery();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to delete user. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

e.Canceled =

true;

}

finally

{

dbCon.Close();

}

protected void grdUsers_UpdateCommand(object source, Telerik.Web.UI.GridCommandEventArgs e)

{

GridEditableItem item = e.Item

as GridEditableItem;

int nID = Convert.ToInt32(item.OwnerTableView.DataKeyValues[item.ItemIndex]["id"]);

string sLastName = ((TextBox)item.FindControl("txtLastName")).Text;

string sFirstName = ((TextBox)item.FindControl("txtFirstName")).Text;

string sEmail = ((TextBox)item.FindControl("txtEmail")).Text;

string sCompany = ((TextBox)item.FindControl("txtCompany")).Text;

string sDomain = ((TextBox)item.FindControl("txtDomain")).Text;

string sPassword = ((TextBox)item.FindControl("txtPassword")).Text;

int nLanguage = Convert.ToInt32(((DropDownList)item.FindControl("ddlLanguage")).SelectedValue);

int nSendemail = 1;

if (((RadioButton)item.FindControl("rdbSendEmailN")).Checked)

nSendemail = 0;

process4.enums.UserApprovedEnum approved = process4.enums.UserApprovedEnum.Approved;

if (((RadioButton)item.FindControl("rdbApprovedN")).Checked)

approved = process4.enums.UserApprovedEnum.NotApproved;

else if (((RadioButton)item.FindControl("rdbApprovedX")).Checked)

approved = process4.enums.UserApprovedEnum.Banned;

DateTime expdate = Convert.ToDateTime(((RadDateTimePicker)item.FindControl("dtExpDate")).SelectedDate);

OleDbConnection dbCon = Sql.GetConnection(

this.Server);

dbCon.Open();

try

{

// Check if there is an user with the same e-mail

OleDbCommand comm =

new OleDbCommand("SELECT [id] FROM USERS WHERE email = @email AND [id] <> @id", dbCon);

comm.Parameters.AddWithValue(

"@email", sEmail);

comm.Parameters.AddWithValue(

"@id", nID);

OleDbDataReader dreader = comm.ExecuteReader();

if (dreader.Read())

{

// this.lblErrorMessage.Text = "User with inputted email already exists.";

e.Canceled =

true;

}

else

{

dreader.Close();

comm.Parameters.Clear();

comm.Connection = dbCon;

comm.CommandText =

"UPDATE users SET email = @email, [password] = @password, " +

" [lastname] = @lastname, [firstname] = @firstname, " +

" [expdate] = @expdate, [company] = @company, [approved] = @approved, " +

" [language] = @language, [domain] = @domain, [sendemail] = @sendemail " +

" WHERE [id] = @id";

comm.Parameters.AddWithValue(

"@email", sEmail);

comm.Parameters.AddWithValue(

"@password", sPassword);

comm.Parameters.AddWithValue(

"@lastname", sLastName);

comm.Parameters.AddWithValue(

"@firstname", sFirstName);

comm.Parameters.Add(

"@expdate", System.Data.OleDb.OleDbType.DBDate).Value = expdate;

comm.Parameters.AddWithValue(

"@company", sCompany);

comm.Parameters.AddWithValue(

"@approved", (int)approved);

comm.Parameters.AddWithValue(

"@language", nLanguage);

comm.Parameters.AddWithValue(

"@domain", sDomain);

comm.Parameters.AddWithValue(

"@sendemail", nSendemail);

comm.Parameters.AddWithValue(

"@id", nID);

comm.ExecuteNonQuery();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to update user. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

e.Canceled =

true;

}

finally

{

dbCon.Close();

}

protected void grdUsers_InsertCommand(object source, Telerik.Web.UI.GridCommandEventArgs e)

{

GridEditableItem item = e.Item

as GridEditableItem;

string sLastName = ((TextBox)item.FindControl("txtLastName")).Text;

string sFirstName = ((TextBox)item.FindControl("txtFirstName")).Text;

string sEmail = ((TextBox)item.FindControl("txtEmail")).Text;

string sCompany = ((TextBox)item.FindControl("txtCompany")).Text;

string sDomain = ((TextBox)item.FindControl("txtDomain")).Text;

string sPassword = ((TextBox)item.FindControl("txtPassword")).Text;

int nLanguage = Convert.ToInt32(((DropDownList)item.FindControl("ddlLanguage")).SelectedValue);

int nSendemail = 1;

if (((RadioButton)item.FindControl("rdbSendEmailN")).Checked)

nSendemail = 0;

process4.enums.UserApprovedEnum approved = process4.enums.UserApprovedEnum.Approved;

if (((RadioButton)item.FindControl("rdbApprovedN")).Checked)

approved = process4.enums.UserApprovedEnum.NotApproved;

else if (((RadioButton)item.FindControl("rdbApprovedX")).Checked)

approved = process4.enums.UserApprovedEnum.Banned;

DateTime expdate = Convert.ToDateTime(((RadDateTimePicker)item.FindControl("dtExpDate")).SelectedDate);

OleDbConnection dbCon = Sql.GetConnection(

this.Server);

dbCon.Open();

try

{

// Check if there is an user with the same e-mail

OleDbCommand comm =

new OleDbCommand("SELECT [id] FROM USERS WHERE email = @email", dbCon);

comm.Parameters.AddWithValue(

"@email", sEmail);

OleDbDataReader dreader = comm.ExecuteReader();

if (dreader.Read())

{

// this.lblErrorMessage.Text = "User with inputted email already exists.";

e.Canceled =

true;

}

else

{

dreader.Close();

comm.Parameters.Clear();

comm.Connection = dbCon;

comm.CommandText =

"INSERT INTO USERS (email,[password],[lastname],[firstname],[expdate],[company],[domain],[regdate],[language],[approved],[sendemail]) " +

" VALUES(@email,@password,@lastname,@firstname,@expdate,@company,@domain,@regdate,@language,@approved,@sendemail)";

comm.Parameters.AddWithValue(

"@email", sEmail);

comm.Parameters.AddWithValue(

"@password", sPassword);

comm.Parameters.AddWithValue(

"@lastname", sLastName);

comm.Parameters.AddWithValue(

"@firstname", sFirstName);

comm.Parameters.Add(

"@expdate", System.Data.OleDb.OleDbType.DBDate).Value = expdate;

comm.Parameters.AddWithValue(

"@company", sCompany);

comm.Parameters.AddWithValue(

"@domain", sDomain);

comm.Parameters.Add(

"@regdate", System.Data.OleDb.OleDbType.DBDate).Value = DateTime.Now;

comm.Parameters.AddWithValue(

"@language", nLanguage);

comm.Parameters.AddWithValue(

"@approved", (int)approved);

comm.Parameters.AddWithValue(

"@sendemail", nSendemail);

comm.ExecuteNonQuery();

}

catch (Exception ex)

{

Label label =

new Label();

label.Text =

"Unable to insert user. Reason: " + ex.Message;

label.ForeColor = Color.Red;

label.Visible =

true;

grdUsers.Controls.Add(label);

e.Canceled =

true;

}

finally

{

dbCon.Close();

}

And this is the web.config:

xml version="1.0"?>

configuration>

configSections>

sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>

sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>

section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>

section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>

sectionGroup>

configSections>

system.web>

<!--

Set compilation debug="true" to insert debugging

symbols into the compiled page. Because this

affects performance, set this value to true only

during development.

-->

<!--

Set compilation debug="true" to insert debugging

symbols into the compiled page. Because this

affects performance, set this value to true only

during development.

--><compilation debug="true" defaultLanguage="c#">

assemblies>

add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add assembly="System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

assemblies>

compilation>

<!--

The <authentication> section enables configuration

of the security authentication mode used by

ASP.NET to identify an incoming user.

-->

authentication mode="Windows"/>

<!--

The <customErrors> section enables configuration

of what to do if/when an unhandled error occurs

during the execution of a request. Specifically,

it enables developers to configure html error pages

to be displayed in place of a error stack trace.

</customErrors>

-->

globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8" culture="de-DE" uiCulture="de-DE"/>

pages>

controls>

add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI"/>

controls>

pages>

httpHandlers>

remove verb="*" path="*.asmx"/>

add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>

add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />

add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/></httpHandlers>

httpModules>

add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/></httpModules>

system.web>

system.webServer>

validation validateIntegratedModeConfiguration="false"/>

modules>

add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

modules>

handlers>

remove name="WebServiceHandlerFactory-Integrated"/>

add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode,runtimeVersionv2.0"/>

handlers>

system.webServer>

location path="Telerik.Web.UI.WebResource.axd">

system.web>

authorization>

allow users="*"/>

authorization>

system.web>

location>

configuration>