Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2012.

Published byJulius Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2012."— Presentation transcript:

1 COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2012

2 Week 9: Mechanism of Shopping System, Part 2 n Objectives:  Apply principles of user registration login to the shopping cart system  Explain the logic of creating, storing, and displaying customer orders online  Implement principles of online registration to the asp.net client-server environment  Create a system that saves client-server customer orders, and orderlines to and recalls them from a remote database

3 Ways to Connect server scripts to a Database n Two methods: 1.use a specific control with each script page 2.include a path (or connectivity string) to the database in the web.config file, which will be available to all pages, and their controls n Method 1 is more “portable”; method 2 more economical in use of code…

4 WebXel controls and Database Connectivity n WebXel uses web.config n WebXel controls require a specific label for the connectivity string as a property of the control (don’t recognise “AccessDataSource”)  “constr” was used by default; could be anything n Once the web.config file is working correctly, can use constr as OleDB link for all WebXel controls

5 Customer Registration and Marketing n A user that shows an interest in purchasing goods from an e-commerce site needs to be authenticated in some way  can use cookies to store “clicking” behaviour on their website based on computerID, even if not registered as a user… »according to EU Law, use of cookies must be declared, and the user must give permission  if a customerID is obtained, and email address obtained, the clicking behaviour on the cookie can be put in a wider context

6 Registration & Logon Systems n General website principle:  anyone with a valid email address can apply for and get a login  user needs to see some advantage to them of registering »e.g. contribute to a blog »e.g. access “restricted” pages

7 Alternative approaches to providing login data n System automatically accepts all users who provide their own unique username/password n Administrator posts username/password to a real email address »can then validate the email address (particularly important for e-commerce)

8 Requirements for a Registration System (1) n “Login” link gives an option for previously registered users to gain access to “restricted” pages  could be presented at: »“home” page »payment page »every page in the site… n If user doesn’t bother to login, they don’t get access to the restricted pages

9 Requirements for a Registration System (2) n “Registration” link required to take new users to a “registration page” n User submit details, usually including a username n Some systems:  allow user to choose their own password password… »may be validated against password strength rules n Others send an email to user with username and auto-generated password

10 Allocation of Passwords and Data Protection n Passwords are amongst the most sensitive data a user can supply to a computer system n Highly illegal to reveal someone’s password without their permission  HUGE confusion about this… n If the system generates the password and sends it to the user’s email address…  offers some degree of control and accountability  passes responsibility to user to manage that password

11 Logging on through the Internet n Further responsibility of registration system providers is to protect user data  ESPECIALLY passwords! n Should be stored encrypted n Should be sent through the Internet encrypted  use https and SSL (next semester’s Information Security module…)

12 Creating a Registration System (1) n Essential components: HTML forms & web controls  collects new user information  validates data obtained  saves to one or more tables in a server database n Other essentials of registration:  a “check user” function, to make sure the user doesn’t choose a username that has already been taken  a mechanism to make sure the password is correct »usually getting users to type it in twice and comparing responses before saving/rejecting

13 Creating a Registration Page (2) n Use a wizard…  Dreamweaver & Visual Studio have wizards & templates for creating registration/login pages for systems that use server scripting  allows easy production of registration forms linked to tables in relational databases n But wizards are generalised solutions  May lack flexibility needed to fulfil specific requirements  non-experts don’t get this  continuing problem for industry… (!)

14 Doing it Properly n Understand requirements and where the wizards fall short… n Enhance the generated code until it does what the user needs it to do n Many, many systems have been produced using wizards that aren’t much good to the client…  clients should complain more but massive public ignorance about computer code

15 WebXel Controls for Login/Registration n WebXel designed to extend.net controls to include specific functionality requirements of online shopping systems with cart as session cookie n Login/registration controls:  with form »saves details of new customers to cart then database »puts details of existing customers into cart then screen  with form »authentication of existing users »uses password data provided (with masking!) »compares username/password data with existing data

16 Registration Page n For “new customer” mode:  form fields defined using textbox controls  field names need to mesh with parameters listed in WritetoDB n For “existing customer”  “Eval” command used to extract data directly from database

17 “Checking the Password” n Very easy to make a typo!!!  not helpful if the typo is in your password… n Registration systems therefore always request that password is initially entered twice:  entries can then be compared…  unlikely that the same typo would happen in the same place twice… n Coded by simple “if” statement, with the “else” return the registration page where the user has to retype the password  achieved via web control through “postback” of the rest of the data from cookie, so only the password is retyped

18 Coding the Login (1) n Only two fields used:  Username (in practice, emailaddress)  password n Data typed into the form isn’t written to database…  a server script compares field contents with existing database records  searches by contents of relevant field…  achieved through SQL query n On successful comparison…  a session variable is generated, based on username allows access to the restricted pages »in an e-commerce site, these will be the on-line invoice and subsequent pages to complete the transaction

19 Response to Successful Login n A web control now uses the authenticated username (email address) to extracts existing data from the customer table and display it n This provides an option for the customer to edit this…  complies with requirements of Data Protection Act »customers must be presented with options to update their personal data  also in the business’s own interest »e.g. otherwise they could send mail etc. to the wrong address…

20 Implementation of “existing customer data” n Visual Studio web controls provide “bare bones” of such functionality… n WebXel provides further controls:  WebXel:Login and WebXel:WritetoDB n Need additional C# embedded server- side code customise system to work with WebXel controls

21 WebXel “cart” storage n Several field names used in Customers table:  Emailaddress  Firstname  surname  Address  Password n Need to be stored from database into the cookie n Need to be displayed on getcust and passed as parameters to the cookie n Names need to “mesh” for smooth data passing

22 Passing “emailaddress” parameter to get customer data Getcust page Compare with value extracted from table; if yes populate cart & other scripts EmailAddress value captured fields extracted from remote database Shopping Cart Remote DB Logon page Customer fields displayed customerID

23 “Insert” or “Update” n C# code used with WritetoDB control  creates a system that works for new customers and existing customers using the same form (!)  mechanism is to use an SQL query with “yes/no” response to a check for username »if yes… run update “method” »if no… run insert “method” n Assumes use of connectivity string within web.config (constr by default)

24 Consequence of “Update” option n If the username exists, existing customer details need to be extracted, added to the cookie, and displayed n Existing customer now required to submit password  again SQL check against database  action taken depends on result… »incorrect password generates error message and screen “posted back”. »correct password

25 Consequence of WebXel Login n Once customer data is validated…  contents of shopping cart can now become an order n Further WebXel control WebXel:SaveOrder  uses order data, customer data, and product data to product the online invoice… n May be frustrating to some but this will be dealt with… n Next Week…. n Next Week….

Download ppt "COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2012."

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.
Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
MY NCBI (module 4.5).

MY NCBI (module 4.5).
Welcome to OpenHouse www.openhouse.co.uk.  The OpenHouse website is located at www.openhouse.co.uk  It is recommended that this site is viewed at a.

Welcome to OpenHouse  The OpenHouse website is located at  It is recommended that this site is viewed at a.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Website Development Registering Users – Introducing Cookies.

Website Development Registering Users – Introducing Cookies.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.

Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Information for students Welcome to the S 3 P system. Login to the system by entering your User ID and password. The User ID is the same as your normal.

Information for students Welcome to the S 3 P system. Login to the system by entering your User ID and password. The User ID is the same as your normal.
On-Line Database Placement Application Tutorial. How to Change Your Information On York’s System.

On-Line Database Placement Application Tutorial. How to Change Your Information On York’s System.
Individual User Logins

Individual User Logins
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
COMP2121 Internet Technology Richard Henson April 2011.

COMP2121 Internet Technology Richard Henson April 2011.

Similar presentations

Ads by Google