Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 7 Learning Objectives

Published byRoss Rodney Reynolds Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit 7 Learning Objectives"— Presentation transcript:

1 Unit 7 Learning Objectives
How to Control Access to websites Authentication and Authorization Security and Access Control (web.config) ASP.NET Membership controls in code (LoginView) Using user information (Page.User)

2 Authentication It determines that someone is who they say they are
It involves a username and password Microsoft systems have two basic methods Forms based authentication What you typically see when you log into a website Windows based authentication What you see when you log into a computer

3 Windows based authentication
What you see when you log into a computer Forms based authentication What you typically see when you log into a website

4 Authorization Permission to use a resource like a webpage or document
Authenticated uses do more than anonymous users Authorization may be associated with Roles or Users Roles help assigning a group of users the same authority Example: admin, staff or guest. Access Rules determine who is authorized to use what.

5 Authorization or Authentication?

6 Access Rules are settings in web.config
[ This access rule is for the access to the Register page Allows the user that belongs to the role of Admin Deny anonymous users, until they identify themselves [ Provides the authentication type (i.e. FORMS), and the place to login from

7 Multiple Configurations
C:\ASPPUB Access is determined by the access rules closest to the page. How many config files are seen? In this case, the web.config file control access to the Finals folder.

8 How to work with a user’s information
User control User is a property of the Page object User contains information about the user logged into your web page when one of ASP.NET’s implemented authentication methods are used Examples: Matta, LowlyWorm Roles Groupings of access privileges Examples: Manager, Admin, etc.

9 How can User be used for roles?
User has a method called IsInRole IsInRole identifies whether the user belongs to a role User.IsInRole("Admin") if the current user a member of the Admin role, then apply 10% discount User.IsInRole(“Guest") is the current user a member of the Guest role? if ( User.IsInRole(“Admin”) ) TotalAmt=0.9*SubTotalAmt;

10 Using Identity It can be determined if there is a logged in user by using Identity User.Identity.IsAuthenticated gives a boolean value of true if the user is not anonymous Identity can also be used to find the username of the current user with User.Identity.Name

11 L1 #1: ASP.NET security set-up in VWD
The default web site we created at the beginning of the quarter has many uses many of ASP.NET’s security features – we just have to turn the security on So, let’s turn it on as the LastnameU7L1 for the unit 7 folder Open your ASPPub folder in VWD Select ASP.NET Configuration from the Website menu Go to L1 #11

12 L1 #2 You should see a web page that looks something like this, click the Security link Click “Create User”

13 L1 #3 5. Create a user with the following information:
The username is: MIS3200 Password: testing! 6. After the user is created close the browser, you are done with the configuration manager

14 L1 #4 7. Right click on your unit 7 folder- Add a New Item 8. Add a Web Configuration File

15 L1 #5 9. Your file should look like this: 10. To prevent anonymous users from accessing your Unit 7 folder, create your access rules by making your webconfig look like the following:

16 L1 #6 11. Add an lastnameU7L1 file to your Unit 7 folder. 12. Try to run your 7.1 page, what screen do you see? Is it a login screen? Your page should look like this:

17 L1 #7 Your access rule prohibits you, and everyone else, from using your 7 L1 page But something did load? What page is it? Check the URL The one standard exception to the “you can’t use anything” rule is a special page called login.aspx that was created as a part of default settings. It contains a Login control. This serves as the page that any unauthorized access is redirected to

18 [ L1 #8 13. Enter your user name and password (MIS3200 and testing!)
14. You should see your 7 L1 page 15. Close the page and return to VWD 16. Open up your MIS 3200 web.config file Security settings are stored here so DO NOT delete it! Some of the important settings are: [ Authentication mode and location of the login page Next: Opening access in closed areas 

19 L1 #9 Submit your link to the dropbox, make sure your username and password are exactly as described in the directions.

20 Login controls found in the Toolbox
ASP.NET Login controls You have already seen five ASP.NET Login controls CreateUserWizard – used by the Web Site Configuration Tool Login – used on Login.aspx LoginName – used in Site.master LoginStatus– used in Site.master LoginView– used in Site.master There are only two other controls ChangePassword – allows a user to change a password after answering a question PasswordRecovery – changes the user’s password and sends the new to the user via Login controls found in the Toolbox PasswordRecovery requires access to an mail server which we don’t have in the labs

21 Using LoginView The loginview changes what the user sees based on who is logged in A loginview is usually present on the masterpage in the top right corner A loginview can have multiple options for Views. For example: -Controls located in the LoggedIn Template of the LoginView are only visible to those who are logged in -Controls located in the Anonymous Template are seen only by anonymous users

22 Using FindControl When placing controls in a LoginView, they can no longer be accessed directly by the code behind page. This is because the controls are no longer located in the Page, they are now located in the LoginView and must be found. Using FindControl gives us access to controls in the LoginView The control name in quotes must be exactly what you have named your control in the LoginView.

23 L2 #1 Copy your LastnameU7L1 page and then paste it in your Unit 7 folder, and rename it as LastnameU7L2 Go to your Unit 7 web.config file, add the location path lines below. These will prevent anonymous users from accessing only Unit 7 L2, run your page to see if you can now access 7 L1 but not 7 L2

24 L2 #2 Go to the design view of your L2 page
Add a loginview to your page (loginviews are located in the Login section of the Toolbox) Name your loginview lvLogin Switch to the LoggedInTemplate view Add a label inside of your loginview, name the label lblUser 2 1 3

25 L2 #3 Open your codefile by right-clicking anywhere on the page and selecting “View Code” To find the current user, add the System.Web.Security namespace by typing “using System.Web.Security;” without quotes

26 L2 #3 Inside of Page_Load, check if a user is logged in, use an if statement with User.Identity.IsAuthenticated Place the username in a string with User.Identity.Name within the if statement The code inside of your Page_Load should match the code shown below

27 L2 #4 In order to access the label on your page you must find it in your LoginView by using FindControl Then, make your label say a welcome greeting to the logged in user. For example, when MIS3200 logs in it should say “Welcome MIS3200 to my page!” The code in your Page_Load should now look like this:

28 L2 #5 Change your LoginView to Anonymous View
Inside of your LoginView add a hyperlink Set the ID property of your hyperlink to “hlPleaseLogin” and set the Text property to “Please Login” Change the NavigateUrl to the Login page, found under Account.

29 L2 #6 Once the user is logged in you will have to navigate back to the Unit 7 L2 page Submit your link to the L2 to the dropbox page. Make sure your username and password are exactly the same as what are in the directions.

30 Problems? You may run into various problems when working with the security wizard. After making the users, if your pages no longer run and you see the word “login” in the URL without the “.aspx” following it, you likely clicked on something wrong in the L1 which added the following to your web.config file: If you see these lines, delete them to correct the issue.

Download ppt "Unit 7 Learning Objectives"

Similar presentations

Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.

Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.
Welcome to WebCRD.

Welcome to WebCRD.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Microsoft TM SharePoint Content Management SystemTutorial By Mazen Abdallah Student Assistant at CNS 2010.

Microsoft TM SharePoint Content Management SystemTutorial By Mazen Abdallah Student Assistant at CNS 2010.
An Introduction to Using

An Introduction to Using
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Getting Started. Edline Web Site Requirements Provide Students and Parents With: 1.A Brief Course Description 2.Your Email Address 3.Course Syllabus 4.Major.

Getting Started. Edline Web Site Requirements Provide Students and Parents With: 1.A Brief Course Description 2.Your Address 3.Course Syllabus 4.Major.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
What is Dropbox ?– Dropbox is a file storage site which gives you an easy way to save your documents, files, and presentations online and access them from.

What is Dropbox ?– Dropbox is a file storage site which gives you an easy way to save your documents, files, and presentations online and access them from.
GroupWise Tutorial What is GroupWise? GroupWise is an email and calendar service (much like Microsoft outlook) for Collin College faculty and staff.

GroupWise Tutorial What is GroupWise? GroupWise is an and calendar service (much like Microsoft outlook) for Collin College faculty and staff.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.

Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.

Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Topshare websites consists of two area’s: A public domain and a Secure domain. The public domains are regular website, viewable for everyone with a internet.

Topshare websites consists of two area’s: A public domain and a Secure domain. The public domains are regular website, viewable for everyone with a internet.
Career Services Center Employer Training. This is the main login page. The link can be found at www.ttuhsc.edu/son/careerwww.ttuhsc.edu/son/career Employers.

Career Services Center Employer Training. This is the main login page. The link can be found at Employers.
Getting Started with Moodle Getting Started Logging In Entering Your Email Address Viewing a Course Navigating Your Course’s Homepage Personalizing Your.

Getting Started with Moodle Getting Started Logging In Entering Your Address Viewing a Course Navigating Your Course’s Homepage Personalizing Your.
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.

Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
Web Programming: Client/Server Applications Server sends the web pages to the client. –built into Visual Studio for development purposes Client displays.

Web Programming: Client/Server Applications Server sends the web pages to the client. –built into Visual Studio for development purposes Client displays.

Similar presentations

Ads by Google