1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.

Slides:



Advertisements
Similar presentations
Creating a Login Process Creating a users table and a login form that denies access to unauthorized users.
Advertisements

ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
NMD202 Web Scripting Week5. What we will cover today PHPmyAdmin Debugging – using print_r Modifying Data PHP (cont.) 4D Methodology File and IO operations.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Session 11: Security with ASP.NET
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Programming with Visual Basic.NET An Object-Oriented Approach  Chapter 8 Introduction to Database Processing.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Welcome  30 Question & 30 Minutes  Question Will Move Automatically After 1 Min Your Exam Start Now Lecturer : Zalak Thakrar.
1.NET Web Forms Security Issues © 2002 by Jerry Post.
Creating a Web Site to Gather Data and Conduct Research.
1/36 Database Programming with Visual Basic.Net and MS Access IKE Lab. Yunho Song Database Management and Analysis.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
1 CS 3870/CS 5870 Note04 Session Variables and Post Back.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
CSCI 6962: Server-side Design and Programming Database Manipulation in ASP.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
1 CS 3870/CS 5870: Note 13 Lab 6 Authentication and Authorization Roles Management.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.
Sessions, Cookies, &.htaccess IT 210. Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed,
1 CS 3870/CS 5870: Note05 Prog3 Web Application with Database.
Web Development 101 Presented by John Valance
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
1 CS 3870/CS 5870: Note 20 Web Service. 2 What is Web Service? Providing functionality online to other applications, Web and Windows applications. The.
1 CS387/CS587: Note 08 Shopping Bag DataTable. 2 DataClass Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product.
1 CS387/CS587: Note05 Lab 3. 2 Global.asax Must not be under any sub-folder Application_Start Application_End Application_Error Session_Start Session_End.
1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
1.NET Web Forms ADO.NET Structure © 2002 by Jerry Post.
1 CS 3870/CS 5870: Note 16 Web User Controls. Prog 7 Copy Prog6 to Prog7 Modify all files for Prog7 Remove Web.config from sub-folders Make sure Prog7.
1 CS387/CS587: Note04 Lab 3. 2 Master Page All Web pages will be similar Should be created before other web pages Add New Items Controls on the Master.
1 CS 3870/CS 5870: Note 13 Web Service. 2 What is Web Service? Providing functionality online to other Web applications SOAP Simple Object Access Protocol.
Using ADO.Net to Build a Login System Dr. Ron Eaglin.
Configuring and Deploying Web Applications Lesson 7.
1.NET Web Forms Applications: Main Form © 2002 by Jerry Post.
1 CS 3870/CS 5870: Note 14. Prog5 Due 10 PM Wednesday, Oct 21 Authentication and Authorization 2.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
Introduction to ASP.NET, Second Edition2 Chapter Objectives.
Authentication and Authorization
Unit 7 Learning Objectives
Agenda Introduction Security flow for a request Authentication
Web Application with Database
Session Variables and Post Back
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
VB.NET Using Database.
CS 3870 Prog6 Roles Management Due Monday, November 5 Group Assignment.
CS 3870/CS 5870 Web User Controls Events (II).
Created by : Asst. Prof. Ashish Shah
Security - Forms Authentication
Presentation transcript:

1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables

2 Lab 4 Authentication and Authorization Sample Web Site:

3 Lab 4 Copy folder Lab3 as Lab4 Modify master page Modify other pages (top line of the source file) Create new pages Modify NavigationURL of master page (Page Properties) (Click on Page in Source View)

Database Same database as Lab3 Using both tables 4

Accessing Multiple Tables Using Multiple Sets of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ One set of variables for each table Private Shared prodAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared prodBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared prodCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Private Shared memberAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared memberBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared memberCmd As New Data.OleDb.OleDbCommand Public Shared tblMember As New Data.DataTable 5

Accessing Multiple Tables Using One Set of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ Could use one set of variables for multiple tables Private Shared myAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared myBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared myCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Public Shared tblMember As New Data.DataTable 6

Database Same database as Lab3 Using both tables I used one set of variables and one data table only for Lab4 7

8 Function GetUserRole Public Shared Function GetUserRole(...) As String ‘ Setup the command Try con.Open() GetUserRole = cmd.ExecuteScalar() Catch ex Throw ex Finally con.Close() End Try End Function

9 Query of GetUserRole SQL Query Select Role from Member Where UserName = username And Password = password VB.NET command text cmd = “Select Role from Member ” & “Where UserName = ‘” & username & “’ ” & “ And Password = ‘” & password & “’”

10 Using DataTable ‘ Need Try-Catch-Finally Public Shared Function GetUser(byVal UserName As String, ByVal Password As String, ByRef role As String) As String ‘ using adapter to fill tblLogin If tblLogin.Rows.Count > 0 Then ‘ Role is the 4th column role = tblLogin.rows(0)(3) Return role else role = “” End If End Function Query of GetUser Select * from Member Where UserName = username And Password = password

11 Using DataTable Method Find ‘ Table tblMember is loaded already (all records) ‘ May miss recent updates to table Member Protected Sub btnLogin(...) Handles btnLogin.Click... ‘ username is the PK row = DataClass.tblMember.Rows.Find(username) If Not row Is Nothing Then... Else... End If End Sub

12 Function GetUserCount Public Shared Function GetUserCount(byVal UserName As String, ByVal Password As String) As Integer Try Dim num As Integer num = cmd.ExecuteScalar() Return num Catch ex As Exception... Finally con.close() End Try End Function Query of GetUserCount (Not for Lab4) Select count(*) from Members Where UserName = username And Password = password

13 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

14 Web.Config Application Configuration Authentication <forms name="formsAuth" loginUrl="lab4/login.aspx" path="/" protection="All" defaultUrl="~/Lab4/Default.aspx" timeout="60"/>

15 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

16 Web.Config Forms Based (Cookies) –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued –DefaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page

17 Authorization What the user can do Application Configuration

18 Authorization Web.Config inside a subfolder

19 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

20 Authorization In Web.config for a sub-folder Not needed any more after using location tag.

Master Page The page is loaded before each content page using the master page Controls on master page Event procedures on master page 21

22 Loading Lab4MasterPage Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login ‘ And others Else ‘ UserName and Role ‘ Logoff ‘ And others End If End Sub

23 Button Login on the Master Page Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String ‘If Session(“UserName”) = “” Then If btnLogin.Text = “Login” Then ‘ Login Else ‘ Logoff End If End Sub

24 Login Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String... If btnLogin.Text = “Login” Then role = DataClass.GetUserRole(username, password) If role = “Admin” or role = “Customer” Then ‘ set Session variables ‘ Redirects an authenticated user back to the requested URL ‘ UserName: Name of the user ‘ True to create a durable cookie (one that is saved across ‘ browser sessions); otherwise, false FormsAuthentication.RedirectFromLoginPage(username, False) Else ‘ message Else ‘ Logoff End If End Sub

25 Logoff Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String If btnLogin.Text = “Login” Then ‘ Login Else FormsAuthentication.SignOut() ‘ Session_End? Server.Transfer("Login.aspx") End If End Sub

26 Removing Child Node From TreeView ‘ on master page Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login Else ‘ UserName and Role ‘ Logoff If Session("Role") <> "Admin" And ? Then TreeView1.Nodes(2).ChildrenNodes.RemoveAt(2) End If End Sub

27 Rejecting Customer Accessing Page Updating.Aspx ‘ Does not allow user to come to the page ‘ Even the link is removed, ‘ the user may know the page Protected Sub Page_Load(…) Handles Me.Load If Session("Role") <> "Admin" Then Server.Transfer(“Default.aspx") 'Response.Redirect(“Default") End If End Sub

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.