1. 1.NET Web Forms ADO.NET Structure © 2002 by Jerry Post

2. 2 Web Forms Overview Database Forms/Pages Connector Adapters Datasets Fill… Update… DBMain component Employee EmployeeID Last Name First Name Save Dataset … Page_Load DBMain.Fill… Bind data btnSave_Click Get bound data DBMain.Update connector Employee EmployeeIDLastNameFirstName 113PostJerry Dataset (is a big bucket) Adapter: SQL Bind data The data connector is built once. Data adapters and datasets are built for each table/query, and need Fill and Update routines. The dataset is bound to the form with the special array to map column names to form control names.

3. 3 Basic Steps to a Main Form  Create a new project.  Create the database and copy it to a folder on the main computer  Do not use AutoNumber columns—make them Number/Long Integer  Add the AutoNumber table and enter your table names.  Add the TMF.vb file as an Existing file  Add a new form (carefully) as the DBMain Component  Add a data adapter (and connector) to the design view of DBMain  Add the Database Utility code to DBMain  Add a new Web form (as a Main form)  Add the title, controls, and buttons  Add the Main form code (cut/paste/edit) Note: Use Wordpad to open.rtf files. Do not use Word!

4. 4 Login Form for Passwords Folder with Pages Web.config Login.aspx Username Password Logout.aspx Database or LDAP or Web Service UserID Username Password (encrypted) (1)Modify Web.config (2)Create a login.aspx page (and logout.aspx) (3)Modify the database or identify the Web service or LDAP system that contains the username and password

5. 5 Web.config For Forms Login

6. 6 Code for Login.aspx Imports System.Web.Security Private Sub btnLogin_Click(…) Handles btnLogin.Click Dim cmpMain As New DBMain() cmpMain.CheckLogin(Me.DsLogin1, txtUsername.Text, txtPassword.Text) If (DsLogin1.Tables("Employee").Rows.Count <= 0) Then lblMessage.Text = "Invalid login. Please try again." Else FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.Trim, False) End If End Sub

7. 7 Code for Logout.aspx Imports System.Web.Security Private Sub Page_Load(…) Handles MyBase.Load FormsAuthentication.SignOut() Session.Clear() Session.Abandon() End Sub The form contains a label for messages, and maybe a link to restart or go somewhere else. The code clears the entire session and the current authentication. On any other page, a link to this page will cause the user to be logged out and clear any internal data.

8. 8 Security Code in DBMain  Modify the SELECT query to match your database table and column names.  Decide if you want to encrypt the passwords.  If not, remove the MainEcrypts(…) function  If yes, modify the EditEmployee page. #Region "Security Code" Public Function ValidatePerson(ByVal sUser As String, ByVal sPassword As String) As UserData Dim … cnn.ConnectionString = cnnOlePortfolio.ConnectionString strSQL.Append("SELECT PersonID, LastName, FirstName, [UserPassword], PersonCategory, SecurityLevel, IsAdmin, IsReviewer FROM Person WHERE (IsActive <> 0) And Username='") strSQL.Append(sUser) strSQL.Append("'") … If (MainEncrypt(sPassword) = tmf.strDataReadNull(odr, 3)) Then

9. 9 EditUser Code for Encrypted Password Private Sub btnSave_Click...... If (txtUserPassword.Text.Trim = "") Then _ sPW = DsEditPerson1.Tables("Person").Rows(0)("UserPassword") tmf.CopyFormToDataSet(Me, aryColumns, DsEditPerson1, "Person", 0) If (txtUserPassword.Text.Trim <> "") Then DsEditPerson1.Tables("Person").Rows(0)("UserPassword") = _ cmpMain.MainEncrypt(Me.txtUserPassword.Text.Trim) Else DsEditPerson1.Tables("Person").Rows(0)("UserPassword") = sPW End If lblMessage.Text = cmpMain.UpdatePerson(DsEditPerson1, _ DsEditPerson1.Tables("Person").Rows(0)("PersonID"))... End Sub If the password is blank, it has not been changed, so do not attempt to save it.