Description: The OrderDetails page displays a detailed list of all items placed within a specific Adventure Works Cycles order.
Implementation Notes: This page appears when a user clicks the "Show Details" link for a specific order from the OrderList.aspx page. The OrderID of the product to display is passed to the page as a URL querystring argument (ie: "OrderDetails.aspx?OrderID=99"). Please review the OrderList.aspx page to see how this argument is added when constructing the hyperlink to this page.
Access to the OrderDetails.aspx page limited to authorized users only, per the configuration system. The OrderDetails page logic is encapsulated entirely within its Page_Load event handler. This event handler is called when the page is accessed by a browser client.
Configuration Details: The OrderDetails.aspx page has been configured to deny access to all non-authenticated customers of the Adventure Works Cycles application. This is accomplished by adding an authorization entry within the Adventure Works Cycles's Web.config file:
<location path="OrderDetails.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
The above entry explicitly denies anonymous user access to the OrderDetails.aspx URL (in the configuration entry above, the "?" stands for "anonymous users"). When a non-authenticated user attempts to access this page, the built-in ASP.NET forms-based security system will automatically redirect them to a configured login page. The Adventure Works Cycles configuration entry below specifies that the Login.aspx page will be the designated login page for this application:
<system.web>
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="AdventureWorksStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
</authentication>
</system.web>
Developers are free to customize the look and feel of the login page however they want, and may perform whatever manner of credential validation checks necessary to validate the user (in the Adventure Works Cycles application we check usernames/passwords against a database). After the client successfully identifies themselves (ie: their username and password are correct) they are redirected back to OrderDetails.aspx and granted access to the page. Please review the Login.aspx page to see how this is done within Adventure Works Cycles.
Page_Load Event Handler: The code within the Page_Load event handler extracts the OrderID query string value from the URL. The OrderDetails.aspx Page_Load event handler then utilizes this OrderID value to call the GetOrderDetails method of the OrdersDB class to obtain details about a specific order the customer has placed. This method internally uses the usp_OrdersDetail stored procedure to fetch the product information from the Adventure Works Cycles database.
The specific items within the order are then displayed using an <asp:DataGrid> control. Various style properties have been set on the <asp:datagrid> to make it look nice and presentable. Various <asp:Label> server controls are also then used to output aggregate information about the order (total order price, ship date, order date, etc).