Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.

Published byLucy King Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables."— Presentation transcript:

1 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables

2 2 Lab 4 Authentication and Authorization Sample Web Site: https://xray.ion.uwplatt.edu/CS3870/lab4/

3 3 Lab 4 Copy folder Lab3 as Lab4 Modify master page Modify other pages (top line of the source file) Create new pages Modify NavigationURL of master page (Page Properties) (Click on Page in Source View)

4 Database Same database as Lab3 Using both tables 4

5 Accessing Multiple Tables Using Multiple Sets of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ One set of variables for each table Private Shared prodAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared prodBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared prodCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Private Shared memberAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared memberBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared memberCmd As New Data.OleDb.OleDbCommand Public Shared tblMember As New Data.DataTable 5

6 Accessing Multiple Tables Using One Set of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ Could use one set of variables for multiple tables Private Shared myAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared myBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared myCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Public Shared tblMember As New Data.DataTable 6

7 Database Same database as Lab3 Using both tables I used one set of variables and one data table only for Lab4 7

8 8 Function GetUserRole Public Shared Function GetUserRole(...) As String ‘ Setup the command Try con.Open() GetUserRole = cmd.ExecuteScalar() Catch ex Throw ex Finally con.Close() End Try End Function

9 9 Query of GetUserRole SQL Query Select Role from Member Where UserName = username And Password = password VB.NET command text cmd = “Select Role from Member ” & “Where UserName = ‘” & username & “’ ” & “ And Password = ‘” & password & “’”

10 10 Using DataTable ‘ Need Try-Catch-Finally Public Shared Function GetUser(byVal UserName As String, ByVal Password As String, ByRef role As String) As String ‘ using adapter to fill tblLogin If tblLogin.Rows.Count > 0 Then ‘ Role is the 4th column role = tblLogin.rows(0)(3) Return role else role = “” End If End Function Query of GetUser Select * from Member Where UserName = username And Password = password

11 11 Using DataTable Method Find ‘ Table tblMember is loaded already (all records) ‘ May miss recent updates to table Member Protected Sub btnLogin(...) Handles btnLogin.Click... ‘ username is the PK row = DataClass.tblMember.Rows.Find(username) If Not row Is Nothing Then... Else... End If End Sub

12 12 Function GetUserCount Public Shared Function GetUserCount(byVal UserName As String, ByVal Password As String) As Integer Try Dim num As Integer num = cmd.ExecuteScalar() Return num Catch ex As Exception... Finally con.close() End Try End Function Query of GetUserCount (Not for Lab4) Select count(*) from Members Where UserName = username And Password = password

13 13 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

14 14 Web.Config Application Configuration Authentication <forms name="formsAuth" loginUrl="lab4/login.aspx" path="/" protection="All" defaultUrl="~/Lab4/Default.aspx" timeout="60"/>

15 15 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

16 16 Web.Config Forms Based (Cookies) –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued –DefaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page

17 17 Authorization What the user can do Application Configuration

18 18 Authorization Web.Config inside a subfolder

19 19 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

20 20 Authorization In Web.config for a sub-folder Not needed any more after using location tag.

21 Master Page The page is loaded before each content page using the master page Controls on master page Event procedures on master page 21

22 22 Loading Lab4MasterPage Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login ‘ And others Else ‘ UserName and Role ‘ Logoff ‘ And others End If End Sub

23 23 Button Login on the Master Page Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String ‘If Session(“UserName”) = “” Then If btnLogin.Text = “Login” Then ‘ Login Else ‘ Logoff End If End Sub

24 24 Login Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String... If btnLogin.Text = “Login” Then role = DataClass.GetUserRole(username, password) If role = “Admin” or role = “Customer” Then ‘ set Session variables ‘ Redirects an authenticated user back to the requested URL ‘ UserName: Name of the user ‘ True to create a durable cookie (one that is saved across ‘ browser sessions); otherwise, false FormsAuthentication.RedirectFromLoginPage(username, False) Else ‘ message Else ‘ Logoff End If End Sub

25 25 Logoff Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String If btnLogin.Text = “Login” Then ‘ Login Else FormsAuthentication.SignOut() ‘ Session_End? Server.Transfer("Login.aspx") End If End Sub

26 26 Removing Child Node From TreeView ‘ on master page Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login Else ‘ UserName and Role ‘ Logoff If Session("Role") <> "Admin" And ? Then TreeView1.Nodes(2).ChildrenNodes.RemoveAt(2) End If End Sub

27 27 Rejecting Customer Accessing Page Updating.Aspx ‘ Does not allow user to come to the page ‘ Even the link is removed, ‘ the user may know the page Protected Sub Page_Load(…) Handles Me.Load If Session("Role") <> "Admin" Then Server.Transfer(“Default.aspx") 'Response.Redirect(“Default") End If End Sub

Download ppt "1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables."

Similar presentations

Creating a Login Process Creating a users table and a login form that denies access to unauthorized users.

Creating a Login Process Creating a users table and a login form that denies access to unauthorized users.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.

ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
NMD202 Web Scripting Week5. What we will cover today PHPmyAdmin Debugging – using print_r Modifying Data PHP (cont.) 4D Methodology File and IO operations.

NMD202 Web Scripting Week5. What we will cover today PHPmyAdmin Debugging – using print_r Modifying Data PHP (cont.) 4D Methodology File and IO operations.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.

Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:

Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.

Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.

IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.

CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
Programming with Visual Basic.NET An Object-Oriented Approach  Chapter 8 Introduction to Database Processing.

Programming with Visual Basic.NET An Object-Oriented Approach  Chapter 8 Introduction to Database Processing.

Similar presentations

Ads by Google