1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
Transcript of 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
![Page 1: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/1.jpg)
1
CS 3870/CS 5870: Note 07
Lab 3
Lab 4
Test 1: Two Tables
![Page 2: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/2.jpg)
2
Lab 4
Authentication
and
Authorization
Sample Web Site: https://xray.ion.uwplatt.edu/CS3870/lab4/
![Page 3: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/3.jpg)
3
Lab 4
Copy folder Lab3 as Lab4
Modify master page
Modify other pages
(top line of the source file)
Create new pages
Modify NavigationURL of master page
(Page Properties)
(Click on Page in Source View)
![Page 4: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/4.jpg)
Database
• Same database as Lab3
• Using both tables
4
![Page 5: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/5.jpg)
Accessing Multiple TablesUsing Multiple Sets of Variables
Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _
“Data Source=|DataDirectory|\UWPCS3870.accdb"
‘ One connection for one database
Private Shared con As New Data.OleDb.OleDBConnection
‘ One set of variables for each table
Private Shared prodAdapter As System.Data.OleDb.OleDbDataAdapter
Private Shared prodBuilder As System.Data.OleDb.OleDbCommandBuilder
Private Shared prodCmd As New Data.OleDb.OleDbCommand
Public Shared tblProduct As New Data.DataTable
Private Shared memberAdapter As System.Data.OleDb.OleDbDataAdapter
Private Shared memberBuilder As System.Data.OleDb.OleDbCommandBuilder
Private Shared memberCmd As New Data.OleDb.OleDbCommand
Public Shared tblMember As New Data.DataTable
5
![Page 6: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/6.jpg)
Accessing Multiple TablesUsing One Set of Variables
Private Const ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0; ” & _
“Data Source=|DataDirectory|\UWPCS3870.accdb"
‘ One connection for one database
Private Shared con As New Data.OleDb.OleDBConnection
‘ Could use one set of variables for multiple tables
Private Shared myAdapter As System.Data.OleDb.OleDbDataAdapter
Private Shared myBuilder As System.Data.OleDb.OleDbCommandBuilder
Private Shared myCmd As New Data.OleDb.OleDbCommand
Public Shared tblProduct As New Data.DataTable
Public Shared tblMember As New Data.DataTable
6
![Page 7: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/7.jpg)
Database
• Same database as Lab3
• Using both tables
• I used one set of variables
and one data table only for Lab4
7
![Page 8: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/8.jpg)
8
Function GetUserRole Public Shared Function GetUserRole(. . .) As String
‘ Setup the command
Try
con.Open()
GetUserRole = cmd.ExecuteScalar()
Catch ex
Throw ex
Finally
con.Close()
End Try
End Function
![Page 9: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/9.jpg)
9
Query of GetUserRole
SQL Query Select Role from Member
Where UserName = username
And Password = password
VB.NET command text
cmd = “Select Role from Member ” &
“Where UserName = ‘” & username & “’ ” &
“ And Password = ‘” & password & “’”
![Page 10: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/10.jpg)
10
Using DataTable ‘ Need Try-Catch-Finally
Public Shared Function GetUser(byVal UserName As String,
ByVal Password As String,
ByRef role As String) As String
‘ using adapter to fill tblLogin
If tblLogin.Rows.Count > 0 Then
‘ Role is the 4th column
role = tblLogin.rows(0)(3)
Return role
else
role = “”
End If
End Function
Query of GetUserSelect * from Member
Where UserName = username
And Password = password
![Page 11: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/11.jpg)
11
Using DataTable Method Find
‘ Table tblMember is loaded already (all records)
‘ May miss recent updates to table Member
Protected Sub btnLogin(. . .) Handles btnLogin.Click
. . .
‘ username is the PK
row = DataClass.tblMember.Rows.Find(username)
If Not row Is Nothing Then
. . .
Else
. . .
End If
End Sub
![Page 12: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/12.jpg)
12
Function GetUserCount
Public Shared Function GetUserCount(byVal UserName As String,
ByVal Password As String) As Integer
Try
Dim num As Integer
num = cmd.ExecuteScalar()
Return num
Catch ex As Exception
. . .
Finally
con.close()
End Try
End Function
Query of GetUserCount (Not for Lab4)Select count(*) from Members
Where UserName = username
And Password = password
![Page 13: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/13.jpg)
13
Web.Config• Machine.config
– Machine level settings
– Default settings for all Web applications
• Application Web.config
– Under the application root directory
– Apply to the entire application
– Overwrite some settings set in Machine.config
• Local Web.config
– A sub-folder can have its own Web.config file
– Overwrite some settings set in higher level Web.config
– Not every setting can be set in local Web.config
• AUTHENTICATION must be set in application Web.config
• AUTHORIZATION can be different for different sub-folders
• Page Directives
– Apply to the page only
– Overwrite settings set in Web.config
![Page 14: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/14.jpg)
14
Web.Config• Application Configuration
• Authentication
<system.web>
<authentication mode="Forms" >
<forms name="formsAuth"
loginUrl="lab4/login.aspx"
path="/"
protection="All"
defaultUrl="~/Lab4/Default.aspx"
timeout="60"/>
</authentication>
</system.web>
![Page 15: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/15.jpg)
15
Authentication
• To identify the user
• Four Modes
– Windows: IntraNet
– Forms : Internet
– Passport: MS
– None
![Page 16: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/16.jpg)
16
Web.Config
Forms Based (Cookies) – name : cookie's name
– loginUrl : default is login.aspx
– path : the location to save the cookie, default is /
– protection: the amount of protection applied to the cookie • Encryption
• Validation
• All (both, default)
• None
– timeout : minutes (default 30)
a durable cookie could be issued
– DefaultUrl: if the user requests the login.aspx page
Otherwise, go to the requested page
![Page 17: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/17.jpg)
17
Authorization
• What the user can do
• Application Configuration
</system.web>
<authentication mode="Forms">
</authentication>
</system.web>
<location path="Lab4">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!–- could have multiple locations -->
![Page 18: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/18.jpg)
18
Authorization
• Web.Config inside a subfolder
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
![Page 19: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/19.jpg)
19
Authorization
<deny users="*" />
<allow users="*" />
<allow users="[comma separated list of users]"
roles="[comma separated list of roles]"
verbs="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"
verbs="[comma separated list of roles]"/>
* : everyone
? : anonymous
verbs: POST, GET, HEADER, DEBUG
![Page 20: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/20.jpg)
20
Authorization
In Web.config for a sub-folder
<authorization>
<allow users="10001" />
<deny users="*" />
</authorization>
<!-- allow anonymous user even authentication is required in application Web.config -->
<allow users="?" />
Not needed any more after using location tag.
![Page 21: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/21.jpg)
Master Page
• The page is loaded before each content page using the master page
• Controls on master page
• Event procedures on master page
21
![Page 22: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/22.jpg)
22
Loading Lab4MasterPage
Protected Sub Page_Load(…) Handles Me.Load
If Session("UserName") = "" Then
‘ UserName and Password
‘ Login
‘ And others
Else
‘ UserName and Role
‘ Logoff
‘ And others
End If
End Sub
![Page 23: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/23.jpg)
23
Button Login on the Master Page
Protected Sub btnLogin_Click(…) Handles btnLogin.Click
Dim username, password, role As String
‘If Session(“UserName”) = “” Then
If btnLogin.Text = “Login” Then
‘ Login
Else
‘ Logoff
End If
End Sub
![Page 24: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/24.jpg)
24
LoginProtected Sub btnLogin_Click(…) Handles btnLogin.Click
Dim username, password, role As String
. . .
If btnLogin.Text = “Login” Then
role = DataClass.GetUserRole(username, password)
If role = “Admin” or role = “Customer” Then
‘ set Session variables
‘ Redirects an authenticated user back to the requested URL
‘ UserName: Name of the user
‘ True to create a durable cookie (one that is saved across
‘ browser sessions); otherwise, false
FormsAuthentication.RedirectFromLoginPage(username, False)
Else
‘ message
Else
‘ Logoff
End If
End Sub
![Page 25: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/25.jpg)
25
Logoff
Protected Sub btnLogin_Click(…) Handles btnLogin.Click
Dim username, password, role As String
If btnLogin.Text = “Login” Then
‘ Login
Else
FormsAuthentication.SignOut()
‘ Session_End?
Server.Transfer("Login.aspx")
End If
End Sub
![Page 26: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/26.jpg)
26
Removing Child Node From TreeView
‘ on master page
Protected Sub Page_Load(…) Handles Me.Load
If Session("UserName") = "" Then
‘ UserName and Password
‘ Login
Else
‘ UserName and Role
‘ Logoff
If Session("Role") <> "Admin" And ? Then
TreeView1.Nodes(2).ChildrenNodes.RemoveAt(2)
End If
End If
End Sub
![Page 27: 1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.](https://reader036.fdocuments.net/reader036/viewer/2022062322/56649f075503460f94c1cd25/html5/thumbnails/27.jpg)
27
Rejecting Customer Accessing Page Updating.Aspx
‘ Does not allow user to come to the page
‘ Even the link is removed,
‘ the user may know the page
Protected Sub Page_Load(…) Handles Me.Load
If Session("Role") <> "Admin" Then
Server.Transfer(“Default.aspx")
'Response.Redirect(“Default")
End If
End Sub