Download presentation
Presentation is loading. Please wait.
Published byLucy King Modified over 9 years ago
1
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables
2
2 Lab 4 Authentication and Authorization Sample Web Site: https://xray.ion.uwplatt.edu/CS3870/lab4/
3
3 Lab 4 Copy folder Lab3 as Lab4 Modify master page Modify other pages (top line of the source file) Create new pages Modify NavigationURL of master page (Page Properties) (Click on Page in Source View)
4
Database Same database as Lab3 Using both tables 4
5
Accessing Multiple Tables Using Multiple Sets of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ One set of variables for each table Private Shared prodAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared prodBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared prodCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Private Shared memberAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared memberBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared memberCmd As New Data.OleDb.OleDbCommand Public Shared tblMember As New Data.DataTable 5
6
Accessing Multiple Tables Using One Set of Variables Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _ “Data Source=|DataDirectory|\UWPCS3870.accdb" ‘ One connection for one database Private Shared con As New Data.OleDb.OleDBConnection ‘ Could use one set of variables for multiple tables Private Shared myAdapter As System.Data.OleDb.OleDbDataAdapter Private Shared myBuilder As System.Data.OleDb.OleDbCommandBuilder Private Shared myCmd As New Data.OleDb.OleDbCommand Public Shared tblProduct As New Data.DataTable Public Shared tblMember As New Data.DataTable 6
7
Database Same database as Lab3 Using both tables I used one set of variables and one data table only for Lab4 7
8
8 Function GetUserRole Public Shared Function GetUserRole(...) As String ‘ Setup the command Try con.Open() GetUserRole = cmd.ExecuteScalar() Catch ex Throw ex Finally con.Close() End Try End Function
9
9 Query of GetUserRole SQL Query Select Role from Member Where UserName = username And Password = password VB.NET command text cmd = “Select Role from Member ” & “Where UserName = ‘” & username & “’ ” & “ And Password = ‘” & password & “’”
10
10 Using DataTable ‘ Need Try-Catch-Finally Public Shared Function GetUser(byVal UserName As String, ByVal Password As String, ByRef role As String) As String ‘ using adapter to fill tblLogin If tblLogin.Rows.Count > 0 Then ‘ Role is the 4th column role = tblLogin.rows(0)(3) Return role else role = “” End If End Function Query of GetUser Select * from Member Where UserName = username And Password = password
11
11 Using DataTable Method Find ‘ Table tblMember is loaded already (all records) ‘ May miss recent updates to table Member Protected Sub btnLogin(...) Handles btnLogin.Click... ‘ username is the PK row = DataClass.tblMember.Rows.Find(username) If Not row Is Nothing Then... Else... End If End Sub
12
12 Function GetUserCount Public Shared Function GetUserCount(byVal UserName As String, ByVal Password As String) As Integer Try Dim num As Integer num = cmd.ExecuteScalar() Return num Catch ex As Exception... Finally con.close() End Try End Function Query of GetUserCount (Not for Lab4) Select count(*) from Members Where UserName = username And Password = password
13
13 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config
14
14 Web.Config Application Configuration Authentication <forms name="formsAuth" loginUrl="lab4/login.aspx" path="/" protection="All" defaultUrl="~/Lab4/Default.aspx" timeout="60"/>
15
15 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None
16
16 Web.Config Forms Based (Cookies) –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued –DefaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page
17
17 Authorization What the user can do Application Configuration
18
18 Authorization Web.Config inside a subfolder
19
19 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG
20
20 Authorization In Web.config for a sub-folder Not needed any more after using location tag.
21
Master Page The page is loaded before each content page using the master page Controls on master page Event procedures on master page 21
22
22 Loading Lab4MasterPage Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login ‘ And others Else ‘ UserName and Role ‘ Logoff ‘ And others End If End Sub
23
23 Button Login on the Master Page Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String ‘If Session(“UserName”) = “” Then If btnLogin.Text = “Login” Then ‘ Login Else ‘ Logoff End If End Sub
24
24 Login Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String... If btnLogin.Text = “Login” Then role = DataClass.GetUserRole(username, password) If role = “Admin” or role = “Customer” Then ‘ set Session variables ‘ Redirects an authenticated user back to the requested URL ‘ UserName: Name of the user ‘ True to create a durable cookie (one that is saved across ‘ browser sessions); otherwise, false FormsAuthentication.RedirectFromLoginPage(username, False) Else ‘ message Else ‘ Logoff End If End Sub
25
25 Logoff Protected Sub btnLogin_Click(…) Handles btnLogin.Click Dim username, password, role As String If btnLogin.Text = “Login” Then ‘ Login Else FormsAuthentication.SignOut() ‘ Session_End? Server.Transfer("Login.aspx") End If End Sub
26
26 Removing Child Node From TreeView ‘ on master page Protected Sub Page_Load(…) Handles Me.Load If Session("UserName") = "" Then ‘ UserName and Password ‘ Login Else ‘ UserName and Role ‘ Logoff If Session("Role") <> "Admin" And ? Then TreeView1.Nodes(2).ChildrenNodes.RemoveAt(2) End If End Sub
27
27 Rejecting Customer Accessing Page Updating.Aspx ‘ Does not allow user to come to the page ‘ Even the link is removed, ‘ the user may know the page Protected Sub Page_Load(…) Handles Me.Load If Session("Role") <> "Admin" Then Server.Transfer(“Default.aspx") 'Response.Redirect(“Default") End If End Sub
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.