OrderList.aspx Page

Description: The OrderList page displays a list of all orders that the accessing customer has ever placed with Adventure Works Cycles.

Implementation Notes:  This page appears when the user clicks the "Account" button at the top of any page in the Adventure Works Cycles application. 

Access to the OrderList.aspx page limited to authorized users only, per the configuration system.  The OrderList page logic is encapsulated entirely within its Page_Load event handler.  This event handler is called when the page is accessed by a browser client. 

Configuration Details:  The OrderList.aspx page has been configured to deny access to all non-authenticated customers of the Adventure Works Cycles application.  This is accomplished by adding an authorization entry within the Adventure Works Cycles' Web.config file:

    <location path="OrderList.aspx">
        <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>

The above entry explicitly denies anonymous user access to the OrderList.aspx URL (in the configuration entry above, the "?" stands for "anonymous users").  When a non-authenticated user attempts to access this page, the built-in ASP.NET forms-based security system will automatically redirect them to a configured login page.  The Adventure Works Cycles configuration entry below specifies that the Login.aspx page will be the designated login page for this application:

    <system.web>
        <!-- enable Forms authentication -->
        <authentication mode="Forms">
            <forms name="AdventureWorksStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
        </authentication>
    </system.web>

Developers are free to customize the look and feel of the login page however they want, and may perform whatever manner of credential validation checks necessary to validate the user (in the Adventure Works Cycles application we check usernames/passwords against a database).  After the client successfully identifies themselves (ie: their username and password are correct) they are redirected back to OrderList.aspx and granted access to the page.  Please review the Login.aspx  page to see how this is done within Adventure Works Cycles.

Page_Load Event Handler:   The code within the Page_Load event handler utilizes the Page's User object to lookup the authenticated identity of the connected customer.  For Adventure Works Cycles the authenticated identity name is the customer's unique CustomerId.  The OrderList.aspx Page_Load event handler then utilizes this CustomerId value to call the GetCustomerOrders method of the OrdersDB class to obtain a summary of orders the customer has placed.  This method internally uses the usp_OrdersList  stored procedure to fetch the product information from the Adventure Works Cycles database.

The specific items within the order are then displayed using an <asp:DataGrid> control.  Various style properties have been set on the <asp:datagrid> to make it look nice and presentable.  Various <asp:Label> server controls are also then used to output aggregate information about the order (total order price, ship date, order date, etc).

Performance Notes: