CIS407A Week 6 iLab Login and Security Levels

Description

iLAB OVERVIEW
Scenario/Summary
In this week’s lab, we will create a login form, validate a user based on their login name and password, and allow them to access the system or not. We will assign a session variable to determine the level of security the user has and allow certain functions to be displayed or not displayed in the existing frmPersonnel form depending on the assigned security level. (NOTE: In some cases the instructions for this lab will be less specific than in earlier labs, because you are expected to apply what you have learned in earlier weeks. Refer to the detailed instructions in previous weeks’ labs if you need to do so.)
Instructions for Week 6 iLab: Login and Security Levels
Deliverables
When you try to log in, if you use User Name = Mickey and Password = Mouse, the frmMain form should open with all links visible. If you use User Name = Minnie and Password = Mouse, the frmMain form should open with only the Salary Calculator, View Personnel, and Search options should be available. You will have a new option called Manage Users that will allow you to add new users and remove or update existing users. Once you have verified that it works, save your website, zip up all files, and submit in the Dropbox.
Note on database connections: We are using a SQLDataSource control for the Edit employees feature we added. You should be using the connection string stored in the web.config file for your database connection for this control. Rather than creating a new connection each time, just use this connection. If you change the folder where your website is (e.g., you copy each week’s work to a new location), you will need to update the web.config. The advantage of using the database connection in the web.config is that you only have to set the configuration in one location.
Before starting this week’s lab, make sure everything is working and that all database connections are properly configured.
iLAB STEPS
STEP 1: Login Form (10 points)
1. Open Microsoft Visual Studio.NET 2008.
2. Click the ASP.NET website named PayrollSystem to open it.
3. Create a new web form named frmLogin.
4. Drop a login control onto the form.
5. Set the properties of the login control as follows:
PROPERTY VALUE
DestinationPageUrl frmMain.aspx
TitleText Please enter your UserName and Password in order to log into the system
6. Add the CoolBiz Productions, Inc. logo to the frmLogin form. Do not hylerlink the logo.
7. Highlight everything in the form, then click Format, Justify, Center. Save your work.
8. Go to the Solution Explorer, right-click on frmLogin, and left-click on Set As Start Page. Then run the website to check if the web form appears correctly.
STEP 2: Login Check (10 points)
9. Create a new DataSet called dsUser. Use the table tblLogin as the database table for this dataset. Do this in the same way you added datasets in the previous labs.
10. Open the clsDataLayer and add the following function:
// This function verifies a user in the tblUser table public static dsUser VerifyUser(string Database, string UserName, string UserPassword) { // Add your comments here dsUser DS; OleDbConnection sqlConn; OleDbDataAdapter sqlDA; // Add your comments here sqlConn = new OleDbConnection(“PROVIDER=Microsoft.Jet.OLEDB.4.0;” + “Data Source=” + Database); // Add your comments here sqlDA = new OleDbDataAdapter(“Select SecurityLevel from tblUserLogin ” + “where UserName like ‘” + UserName + “‘ ” + “and UserPassword like ‘” + UserPassword + “‘”, sqlConn); // Add your comments here DS = new dsUser(); // Add your comments here sqlDA.Fill(DS.tblUserLogin); // Add your comments here return DS; }
11. Double-click on the login control you added. Add the following code to the login control Authenticate event handler:
// Add your comments here dsUser dsUserLogin; // Add your comments here string SecurityLevel; // Add your comments here dsUserLogin = clsDataLayer.VerifyUser(Server.MapPath(“PayrollSystem_DB.mdb”), Login1.UserName, Login1.Password); // Add your comments here if (dsUserLogin.tblUserLogin.Count < 1) { e.Authenticated = false; return; } // Add your comments here SecurityLevel = dsUserLogin.tblUserLogin[0].SecurityLevel.ToString(); // Add your comments here switch (SecurityLevel) { case "A": // Add your comments here e.Authenticated = true; Session["SecurityLevel"] = "A"; break; case "U": // Add your comments here e.Authenticated = true; Session["SecurityLevel"] = "U"; break; default: e.Authenticated = false;
STEP 3: Test and Submit (10 points)
12. Open the frmPersonnel form and add the following code to its Page_Load() function:
// Add your comments here if (Session[“SecurityLevel”] == “A”) { btnSubmit.Visible = true; //Add your comments here } else { btnSubmit.Visible = false; }
13. Set the start page as frmLogin.aspx. Run the website. Try to log in with both User Name = Mickey and Password = Mouse and User Name = Minnie and Password = Mouse. Any other user ID and password should not allow you to log in.
14. When the user logs in we want to restrict what they can see and do based on their user role. The role is stored in the database table tblUserLogin. Mickey Mouse has all privileges whereas Minnie Mouse has read only privileges. We want to control the visibility of the links on the frmMain page.
15. Initially we did not set the ID of any of the Link Button or Image Button controls that we used on frmMain. In order to make our code more maintainable we will change the IDs as follows:
Option Link Button ID Image Button ID Annual Salary Calculator linkbtnCalculator imgbtnCalculator Add New Employee linkbtnNewEmployee imgbtnNewEmployee View User Activity linkbtnViewUserActivity imgbtnViewUserActivity View Personnel linkbtnViewPersonnel imgbtnViewPersonnel Search Personnel linkbtnSearch imgbtnSearch Edit Employees linkbtnEditEmployees imgbtnEditEmployees
16. Modify the main form so that the following options are turned off for nonadmin users:
o Add New Employee o View User Activity o Edit Employees
17. You now have a web application that honors the role of the logged in user. We don’t have a way of managing the user roles and users in the system.
18. Add a new form called frmManageUsers that will allow the user to add new users. The user will also need to be able to view all users and modify or delete any of the users in the database. Add a main form option called Manage Users that is only accessible to admin users. Add the link and image buttons as we have done in the past. Add the CoolBiz logo that is hyperlinked as you did in previous assignments.
o For the security level of the user, use a dropdown list control to allow the user to select from A or U.
o Name the controls with names that make sense.
o Add code as appropriate to the code behind and clsDataLayer.
19. Hints:
o Make sure you reestablish your database connection if you copied the files from a previous lab.
o Update any DataSource controls you added with the new Payroll database location.
o You can turn a control on or off by setting it’s Visible property.
o You can add a data entry form for new users and a grid displaying all users all on the same form.
o To force a gridView to refresh call its DataBind method.
o In order to use the Advanced SQL Generation option (allowing you to update/delete records) there must be a primary key defined on the table you are generating SQL for. tblUserLogin needs to have a primary key set on the UserID column. You can do this in Access.
20. Test your application to make sure you are logging in with an invalid user id. Try to log in with both Minnie and Mickey and make sure the UI adjusts by the role properly. Make sure you can utilize the Manage Users functionality to add/modify/delete and view user information. Once you have verified that everything works, save your project, zip up all files, and submit in the Dropbox.
NOTE: Make sure you include comments in the code provided where specified (where the ” // Your comments here” is mentioned); also, any code you write needs to be properly commented, or else a five point deduction per item (form, class, function) will be made.
Mickey Mouse (Admin)
SCREENSHOTS
SOLUTION
PAYMENT
ENTIRE COURSE
The solution includes a Visual Studio ASP.NET project
Attachments [Move over files to preview content of those files]
CIS407A_Week_6_iLab.zip (407.09 KB)
CIS407A-Week6-Add-User-Screenshot.png
CIS407A-Week6-iLab-Edit-Personnel-Screenshot.png
CIS407A-Week6-MainFrm-Screenshot.png
PayrollSystem
PayrollSystem
App_Code
clsDataLayer.cs
dsPersonnel.xsd
dsPersonnel.xss
dsUser.xsd
dsUser.xss
dsUserActivity.xsd
dsUserActivity.xss
App_Data
PayrollSystem_DB.mdb
Backup
PayrollSystem
PayrollSystem.sln
PayrollSystem.suo
Default.aspx
Default.aspx.cs
frmEditPersonnel.aspx
frmEditPersonnel.aspx.cs
frmLogin.aspx
frmLogin.aspx.cs
frmMain.aspx
frmMain.aspx.cs
frmManageUsers.aspx
frmManageUsers.aspx.cs
frmPersonalVerified.aspx
frmPersonalVerified.aspx.cs
frmPersonnel.aspx
frmPersonnel.aspx.cs
frmSalaryCalculator.aspx
frmSalaryCalculator.aspx.cs
frmSearchPersonnel.aspx
frmSearchPersonnel.aspx.cs
frmUserActivity.aspx
frmUserActivity.aspx.cs
frmViewPersonnel.aspx
frmViewPersonnel.aspx.cs
images
AddEmployee.png
calculator.png
editPersonnel.png
managerUsers.png
search.png
Thumbs.db
ViewPersonnel.png
ViewUserActivity.png
UpgradeLog.XML
web.config
_UpgradeReport_Files
UpgradeReport.css
UpgradeReport.xslt
UpgradeReport_Minus.gif
UpgradeReport_Plus.gif
PayrollSystem.sln
PayrollSystem.suo
PayrollSystem.v12.suo
Preview clsDataLayer.cs
xxxxx xxxxxx.xxx.xxxx;
// xxxxxxxxx xxxxxxxxxx xx xxxxxxx xx xxxxx xxxxxxxx
xxxxx xxxxxx.xxxx.xxxxx;
xxxxx xxxxxx.xxx;
///
/// This class will get the user activity and store it in the database table tblUserActivity ///
public class clsDataLayer { // This function gets the user activity from the tblUserActivity public static dsUserActivity GetUserActivity(string Database) { // creating OLEDB Dataset, OLEDB connection and Data adapter objects dsUserActivity DS; OleDbConnection sqlConn; OleDbDataAdapter sqlDA;
//xxxxxx x xxx xxxxxxxxxx xxx xxxxxxx xxxxxxxxxx xxxxxx xx xxx xxxxxxxxxx xxxxxx
xxxxxxx = xxx xxxxxxxxxxxxxxx(“xxxxxxxx=xxxxxxxxx.xxx.xxxxx.4.0;” +
“xxxx xxxxxx=” + xxxxxxxx);
// xxxxxx x xxx xxxx xxxxxxx xxx xxxxxxx xxxxx xx xxx xxxx xxxxxxx
xxxxx = xxx xxxxxxxxxxxxxxxx(“xxxxxx * xxxx xxxxxxxxxxxxxxx”, xxxxxxx);
// xxxxxxxx xxx xxxx xxx
Preview Default.aspx.cs
xxxxx xxxxxx;
xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx;
xxxxx xxxxxx.xxxx;
xxxxx xxxxxx.xxx;
xxxxx xxxxxx.xxx.xx;
using System.Web.UI.WebControls;
public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) {
}
}
Preview frmEditPersonnel.aspx.cs
xxxxx xxxxxx;
xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx;
xxxxx xxxxxx.xxxx;
xxxxx xxxxxx.xxx;
xxxxx xxxxxx.xxx.xx;
using System.Web.UI.WebControls;
public partial class frmEditPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) {
}
}
Preview frmLogin.aspx.cs
{
}
xxxxxxxxx xxxx xxxxx1_xxxxxxxxxxxx(xxxxxx xxxxxx, xxxxxxxxxxxxxxxxxxxxx x)
{
// Create the object to dsUser Dataset dsUser dsUserLogin; // secutrity Level variable that holds the role of the suer string SecurityLevel; // Verify user login and password from the datbase dsUserLogin = clsDataLayer.VerifyUser(Server.MapPath(“App_Data\PayrollSystem_DB.mdb”), Login1.UserName, Login1.Password); // if user does not exist if (dsUserLogin.tblUserLogin.Count < 1) { e.Authenticated = false; return; } // xxx xxx xxxxxxxx xxxxx xx xxx xxxx xxxxxxxxxxxxx = xxxxxxxxxxx.xxxxxxxxxxxx[0].xxxxxxxxxxxxx.xxxxxxxx(); // xxxxxx xxx xxx xxxxxxxx xxxxx xxxxxx xxxxxx (xxxxxxxxxxxxx) { Preview frmMain.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmMain : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { // This statement will Save the current user activity to tblUserActivity table xxxxxxxxxxxx.xxxxxxxxxxxxxxxx(xxxxxx.xxxxxxx("xxx_xxxx\xxxxxxxxxxxxx_xx.xxx"), "xxxxxxxxxxxx"); xx (xxxxxxx["xxxxxxxxxxxxx"] != "x") //xx xxx xxxxxx xx xxxx xx xxx xxxxx { //xxxxxxx xxx xxxxxxxxx xxxxxx xxx xxxxx xxxxxxxxxxxxxxxxxx.xxxxxxx = xxxxx; Preview frmManageUsers.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmManageUsers : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } xxxxxxxxx xxxx xxxxxx1_xxxxx(xxxxxx xxxxxx, xxxxxxxxx x) { //xxxxxx xx xxx xxx xxxx xx xxxxxxxxxxxx xxxxx xx (xxxxxxxxxxxx.xxxxxxxx(xxxxxx.xxxxxxx("xxx_xxxx\xxxxxxxxxxxxx_xx.xxx"), xxxxxxxxxxx.xxxx, xxxxxxxxxxx.xxxx, xxxxxxx.xxxx)) { Preview frmPersonalVerified.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmPersonalVerified : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { //So here we are initializing text property of the textbox "txtVerifiedInfo" after fetching the //xxxxxx xxxx xxx xxxxxxx xxxxxx xxxxxxxxxxxxxxx.xxxx = xxxxxxx["xxxxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxxxx"].xxxxxxxx() + Preview frmPersonnel.aspx.cs { // xxxxxx xxxx xxxxx xxxx xxx xxxxxxx xxxxxx xx (xxxxxxx["xxxxxxxxxxxxx"] == "x") { btnSubmit.Visible = true; //Allow the user to add the data } else { btnSubmit.Visible = false; } } protected void btnSubmit_Click(object sender, EventArgs e) { xx (xxxxxxxxxxxxxx()) //xx xxxxxxxx xxxxxx xxxxxx xxx xxxxxxxx xxxx { //xxx xxx xxxx xxxxx xxxxxx xx xxx xxxxxxx xxxxxx. xxxxxxx.xxx("xxxxxxxxxxxx", xxxxxxxxxxxx.xxxx);//xxx xxxxx xxxx xx xxxxxxx xxxxxx Preview frmSalaryCalculator.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmSalaryCalculator : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } xxxxxxxxx xxxx xxxxxxxxxxxxxxxxxx_xxxxx(xxxxxx xxxxxx, xxxxxxxxx x) { xxxxxx xxxxxxxxxxxxxx = xxxxxxxxxxxxxx.xxxx; //xxxxxxx xxx xxxxx xx xxxxxx xxxxx xxxx xxx xxxxxxx xxxx x xxxxxx xxxxxx xxxxxxxxxxx = xxxxxxx.xxxxxxxx(xxxxxxxxxxxxxx); //xxxxxxxxxx xxx xxxxxx xxxxx xxxxxxxxxxxxxx xx xxxxxx xxx xxxxxx xx xx x xxxxxx xxxxxxxx Preview frmSearchPersonnel.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmSearchPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } } Preview frmUserActivity.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx; xxxxx xxxxxx.xxxxxxxxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxxx; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; xxxxxx xxxxxxx xxxxx xxxxxxxxxxxxxxx : xxxxxx.xxx.xx.xxxx { xxxxxxxxx xxxx xxxx_xxxx(xxxxxx xxxxxx, xxxxxxxxx x) { xx (!xxxx.xxxxxxxxxx) Preview frmViewPersonnel.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmViewPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { // xxxxxxx xxx xxxxxxx xxxxxxxxxxx xxxxxxxxx = xxx xxxxxxxxxxx(); xxxxxx xxxxxxxxx=""; //xxxx xxxxxx xxxx xxxx xxx xxxxxxx xxxxxx xxxx xxx xxxxxxxx xxxx'x xxxx xxx Preview UpgradeReport.css xxxx-xxxxxx: "xxxxxxx", xxxx-xxxxx; xxxx-xxxx: 70%; xxxx-xxxxxx: 12xx; xxxxxx-xxxxxx: 0xx; xxxxxx-xxxx: 10xx; MARGIN-TOP: 10px } .note { BACKGROUND-COLOR: #ffffff; COLOR: #336699; FONT-FAMILY: "Verdana", sans-serif; FONT-SIZE: 100%; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 0px; MARGIN-TOP: 0px; PADDING-RIGHT: 10px } .xxxxxxxxx { xxxxxxxxxx-xxxxx: #x0x0x0; xxxxxx-xxxxxx: #xxxxxx 0xx xxxxx; xxxxxx-xxxxxxxx: xxxxxxxx; Price: $12 Buy Now Checkout Added to cart Buy More Save More Buy at least TWO items & save up to 30% OFF your ENTIRE order! Rack up instant rebates in your shopping cart. Simply add items to your cart, and see the savings add up. Discounts will automatically be applied on eligible orders. CIS407A Week 6 iLab Login and Security Levels – $12.00 CIS407A Week 7 iLab Error Notification via E-Mail – $12.00 Add to Cart Checkout Added to cart FLASH SALE $57 $72 Save $15 CIS407A Entire Course Get Entire Course You May Also Like: CIS407A Entire Course CIS407A Week 1 iLab Annual Salary Calculator ASP.NET Web Application CIS407A Week 2 iLab User Input Web Pages CIS407A Week 3 iLab User Activity Monitoring CIS407A Week 4 iLab Web Forms with Database Interaction CIS407A Week 5 iLab Transaction Processing CIS407A Week 7 iLab Error Notification via E-Mail