CIS407A Week 7 iLab Error Notification via E-Mail

Description

iLAB OVERVIEW
Scenario/Summary
In this lab, we will incorporate error handling into the login process so that a notice of each invalid login is automatically e-mailed to the technical support staff.
Deliverables
When you try to log in, if your user name is not Mickey, Minnie, or another user you added (that is, if the user name is not found in tblUserLogin), then an e-mail should be sent to the addressrecipient@recipientdomain.com. If the user attempts to bypass the login page by typing a page name in the URL, your web application should redirect the user back to the login page. Once you have verified that it works, save your project, zip up all files, and submit in the Dropbox.
NOTE: E-mails may be blocked due to firewalls, antivirus software, or even Internet service providers that turned off SMTP because of some known security issues. If the code works (does not produce an error when submitting), you will get full credit for this project even if no e-mail message is actually transmitted. Consult with your instructor before submitting if an error occurs or if no e-mail is generated, to be sure.
iLAB STEPS
STEP 1: Business Layer Functionality
1. Open Microsoft Visual Studio.NET 2008.
2. Click the ASP.NET website named PayrollSystem to open it.
3. Create a new class called clsBusiness Layer.
4. Add the following code in the clsBusinessLayer class:
// **** Add the following at the top of the class file, // Add your comments here using System.Net.Mail; //**** Add the following code inside the body of public class clsBusinessLayer **** public static bool SendEmail(string Sender, string Recipient, string bcc, string cc, string Subject, string Body) { try { // Add your comments here MailMessage MyMailMessage = new MailMessage(); // Add your comments here MyMailMessage.From = new MailAddress(Sender); // Add your comments here MyMailMessage.To.Add(new MailAddress(Recipient)); // Add your comments here if (bcc != null && bcc != string.Empty) { // Add your comments here MyMailMessage.Bcc.Add(new MailAddress(bcc)); } // Add your comments here if (cc != null && cc != string.Empty) { // Add your comments here MyMailMessage.CC.Add(new MailAddress(cc)); } // Add your comments here MyMailMessage.Subject = Subject; // Add your comments here MyMailMessage.Body = Body; // Add your comments here MyMailMessage.IsBodyHtml = true; // Add your comments here MyMailMessage.Priority = MailPriority.Normal; // Add your comments here SmtpClient MySmtpClient = new SmtpClient(); // Add your comments here MySmtpClient.Port = 25; MySmtpClient.Host = “127.0.0.1”; // Add your comments here MySmtpClient.Send(MyMailMessage); // Add your comments here return true; } catch (Exception ex) { // Add your comments here return false; } }
STEP 2: Integration
5. Open the frmLogin web form code behind file and add the following code to the body of the if (dsUserLogin.tblUserLogin.Count < 1) statement, just above the return statement: [php light="true"] // Add your comments here // Add your comments here if (clsBusinessLayer.SendEmail("youremail@yourdomain.com", "receiver@receiverdomain.com", "", "", "Login Incorrect", "The login failed for UserName: " + Login1.UserName + " Password: " + Login1.Password)) { Login1.FailureText = Login1.FailureText + " Your incorrect login information was sent to receiver@receiverdomain.com"; } [/php] 6. NOTE: Change the youremail@yourdomain.com and receiver@receiverdomain.com to your e-mail and someone else's e-mail for testing. 7. Optional: Perform this step only if you are doing this lab using Visual Studio 2008 installed on your own computer, your computer has Internet Information Services (IIS) installed, and you have administrative rights to IIS. If you are doing this lab using the iLab (Citrix) server, or if you do not have access to IIS, skip to step 8. Open IIS (Start > Control Panel > Administrative Tools > Internet Information Services), navigate to the Default SMTP Virtual Server, right-click on it, and left-click on Properties.
8. Click here for text description of this image.
9. Click the Access tab, then the Relay button, then Add, and add the IP 127.0.0.1. Click OK, OK, and APPLY when finished.
10. Click here for text description of this image.
11. We have a security hole in our web application. If you start the web application by going to the login page, you can bypass the login page by simply typing the name of a form in the URL (try it). There is some limited protection because of the check we are doing for user role, but it still allows a user to get to pages we don’t want them to get to unless the role is set properly. Add a security check in the Page_Load of each sensitive page (Manage Users, Add New Employee, View User Activity, Edit Employees), check for the Session role item with a value of “A,” and, if the user is accessing these pages without the proper permissions, redirect back to the frmLogin.aspx page.
12. This still leaves the possibility of a person bypassing the login page. We will fix that by using forms authentication. Add the following to the web.config file. (There should already be an authentication section – replace it with this.)

13. This will redirect users to the login page if they have not yet gone through it for login. This process will use a cookie – when the user successfully logs in in a cookie is set that allows the user to go to other pages. If that cookie is not set then the user is redirected to the login page if they try to go to any other page. Add the cookie code by adding this code in the frmLogin.aspx C# code after each place that you have e.Authenticated = true:
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
14. Hints: Make sure you reestablish your database connection if you copied the files from a previous lab. Also, make sure to update the web.config file with the database connection string.
Update any DataSource controls you added with the new payroll database location.
When you manually try to go to a second page by skipping the login page, a cookie is set specifying the name of the page you were attempting to go to. Once you login successfully, ASP.Net will automatically attempt to navigate back to that page. You can reset the cookie so that the next page is frmMain, as expected, by typing that page in the URL for the browser before logging in.
Submit Final Lab (includes all previous lab assignments)
STEP 3: Test and Submit
12. Run your project. When you try to log in, enter a user name that is not Mickey or Minnie (i.e., a user name that is not found in tblUserLogin). An e-mail should be sent to therecipient@recipientdomain.com e-mail address.
Test that frmMain reconfigures properly based on user role. Make sure the user cannot bypass the login page.
Once you have verified that everything works, save your website, zip up all files, and submit in the Dropbox.
NOTE: E-mails may be blocked due to firewalls, antivirus software, or even Internet service providers that turned SMTP off because of some known security issues. If the code works (does not produce an error when submitting), you will get full credit for this project even if no e-mail message is actually transmitted. Consult with your instructor before submitting if an error occurs or if no e-mail is generated. It is expected that no e-mail will be sent if you are using the DeVry iLab (Citrix) server for this lab or if you were not able to configure IIS in step 7.
Make sure you include comments in the code provided where specified (where the ” // Add your comments here” is mentioned), including code you wrote, or else a 5 point deduction per item (form, class, function) will be made.
SCREENSHOTS
SOLUTION
PAYMENT
ENTIRE COURSE
The solution includes a Visual Studio ASP.NET project
Attachments [Move over files to preview content of those files]
CIS407A_Week_7_iLab.zip (386.78 KB)
CIS407A-Week-7-iLab-EditUsers-Screenshot.png
CIS407A-Week-7-iLab-frmMain-Screenshot.png
CIS407A-Week-7-iLab-LogIn-Screenshot.png
PayrollSystem
PayrollSystem
App_Code
clsBusinessLayer.cs
clsDataLayer.cs
dsPersonnel.xsd
dsPersonnel.xss
dsUser.xsd
dsUser.xss
dsUserActivity.xsd
dsUserActivity.xss
App_Data
PayrollSystem_DB.mdb
Backup
PayrollSystem
PayrollSystem.sln
PayrollSystem.suo
Default.aspx
Default.aspx.cs
frmEditPersonnel.aspx
frmEditPersonnel.aspx.cs
frmLogin.aspx
frmLogin.aspx.cs
frmMain.aspx
frmMain.aspx.cs
frmManageUsers.aspx
frmManageUsers.aspx.cs
frmPersonalVerified.aspx
frmPersonalVerified.aspx.cs
frmPersonnel.aspx
frmPersonnel.aspx.cs
frmSalaryCalculator.aspx
frmSalaryCalculator.aspx.cs
frmSearchPersonnel.aspx
frmSearchPersonnel.aspx.cs
frmUserActivity.aspx
frmUserActivity.aspx.cs
frmViewPersonnel.aspx
frmViewPersonnel.aspx.cs
images
AddEmployee.png
calculator.png
editPersonnel.png
managerUsers.png
search.png
Thumbs.db
ViewPersonnel.png
ViewUserActivity.png
UpgradeLog.XML
web.config
_UpgradeReport_Files
UpgradeReport.css
UpgradeReport.xslt
UpgradeReport_Minus.gif
UpgradeReport_Plus.gif
PayrollSystem.sln
PayrollSystem.suo
PayrollSystem.v12.suo
Preview clsBusinessLayer.cs
///
/// xxxxxxx xxxxxxxxxxx xxx xxxxxxxxxxxxxxxx
///
xxxxxx xxxxx xxxxxxxxxxxxxxxx
{
//**** Add the following code inside the body of public class clsBusinessLayer **** public static bool SendEmail(string Sender, string Recipient, string bcc, string cc, string Subject, string Body) { try {
// create an object for MailMessage MailMessage MyMailMessage = new MailMessage(); // set the Sender value MyMailMessage.From = new MailAddress(Sender); // Set the recepient MyMailMessage.To.Add(new MailAddress(Recipient));
// xxxxxx xx xxx xxx xxxxxxxx
xx (xxx != xxxx && xxx != xxxxxx.xxxxx)
{
// xxx xxx xxxxxxxxx
xxxxxxxxxxxxx.xxx.xxx(xxx xxxxxxxxxxx(xxx));
Preview clsDataLayer.cs
xxxxx xxxxxx.xxx.xxxx;
// xxxxxxxxx xxxxxxxxxx xx xxxxxxx xx xxxxx xxxxxxxx
xxxxx xxxxxx.xxxx.xxxxx;
xxxxx xxxxxx.xxx;
///
/// This class will get the user activity and store it in the database table tblUserActivity ///
public class clsDataLayer { // This function gets the user activity from the tblUserActivity public static dsUserActivity GetUserActivity(string Database) { // creating OLEDB Dataset, OLEDB connection and Data adapter objects dsUserActivity DS; OleDbConnection sqlConn; OleDbDataAdapter sqlDA;
//xxxxxx x xxx xxxxxxxxxx xxx xxxxxxx xxxxxxxxxx xxxxxx xx xxx xxxxxxxxxx xxxxxx
xxxxxxx = xxx xxxxxxxxxxxxxxx(“xxxxxxxx=xxxxxxxxx.xxx.xxxxx.4.0;” +
“xxxx xxxxxx=” + xxxxxxxx);
// xxxxxx x xxx xxxx xxxxxxx xxx xxxxxxx xxxxx xx xxx xxxx xxxxxxx
xxxxx = xxx xxxxxxxxxxxxxxxx(“xxxxxx * xxxx xxxxxxxxxxxxxxx”, xxxxxxx);
// xxxxxxxx xxx xxxx xxx
Preview Default.aspx.cs
xxxxx xxxxxx;
xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx;
xxxxx xxxxxx.xxxx;
xxxxx xxxxxx.xxx;
xxxxx xxxxxx.xxx.xx;
using System.Web.UI.WebControls;
public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) {
}
}
Preview frmEditPersonnel.aspx.cs
xxxxx xxxxxx;
xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx;
xxxxx xxxxxx.xxxx;
xxxxx xxxxxx.xxx;
xxxxx xxxxxx.xxx.xx;
using System.Web.UI.WebControls;
public partial class frmEditPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) {
xx (xxxxxxx[“xxxxxxxxxxxxx”] != “x”) //xx xxx xxxxxx xx xxxx xx xxx xxxxx
{
xxxxxxxx.xxxxxxxx(“xxxxxxxx.xxxx”);
}
}
}
Preview frmLogin.aspx.cs
xxxxxxxxx xxxx xxxx_xxxx(xxxxxx xxxxxx, xxxxxxxxx x)
{
}
xxxxxxxxx xxxx xxxxx1_xxxxxxxxxxxx(xxxxxx xxxxxx, xxxxxxxxxxxxxxxxxxxxx x)
{ // Create the object to dsUser Dataset dsUser dsUserLogin; // secutrity Level variable that holds the role of the suer string SecurityLevel; // Verify user login and password from the datbase dsUserLogin = clsDataLayer.VerifyUser(Server.MapPath(“App_Data\PayrollSystem_DB.mdb”), Login1.UserName, Login1.Password); // if user does not exist if (dsUserLogin.tblUserLogin.Count < 1) { x.xxxxxxxxxxxxx = xxxxx; // xxxx xxx xxxxx xx xxx xxxx xx (xxxxxxxxxxxxxxxx.xxxxxxxxx("xxxxxxxxx@xxxxxxxxxx.xxx", "xxxxxxxx@xxxxxxxxxxxxxx.xxx", "", "", "xxxxx xxxxxxxxx", "xxx xxxxx xxxxxx xxx xxxxxxxx: " + xxxxx1.xxxxxxxx + " xxxxxxxx: " + xxxxx1.xxxxxxxx)) Preview frmMain.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmMain : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { // This statement will Save the current user activity to tblUserActivity table xxxxxxxxxxxx.xxxxxxxxxxxxxxxx(xxxxxx.xxxxxxx("xxx_xxxx\xxxxxxxxxxxxx_xx.xxx"), "xxxxxxxxxxxx"); xx (xxxxxxx["xxxxxxxxxxxxx"] != "x") //xx xxx xxxxxx xx xxxx xx xxx xxxxx { //xxxxxxx xxx xxxxxxxxx xxxxxx xxx xxxxx xxxxxxxxxxxxxxxxxx.xxxxxxx = xxxxx; Preview frmManageUsers.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmManageUsers : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (Session["SecurityLevel"] != "A") //If the logged in user is not Admin { xxxxxxxx.xxxxxxxx("xxxxxxxx.xxxx"); } } xxxxxxxxx xxxx xxxxxx1_xxxxx(xxxxxx xxxxxx, xxxxxxxxx x) Preview frmPersonalVerified.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmPersonalVerified : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { //So here we are initializing text property of the textbox "txtVerifiedInfo" after fetching the //xxxxxx xxxx xxx xxxxxxx xxxxxx xxxxxxxxxxxxxxx.xxxx = xxxxxxx["xxxxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxx"].xxxxxxxx() + "x" + xxxxxxx["xxxxxxxxxxxx"].xxxxxxxx() + Preview frmPersonnel.aspx.cs { // xxxxxx xxxx xxxxx xxxx xxx xxxxxxx xxxxxx xx (xxxxxxx["xxxxxxxxxxxxx"] == "x") { btnSubmit.Visible = true; //Allow the user to add the data } else { Response.Redirect("frmLogin.aspx"); btnSubmit.Visible = false; } } xxxxxxxxx xxxx xxxxxxxxx_xxxxx(xxxxxx xxxxxx, xxxxxxxxx x) { xx (xxxxxxxxxxxxxx()) //xx xxxxxxxx xxxxxx xxxxxx xxx xxxxxxxx xxxx { Preview frmSalaryCalculator.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmSalaryCalculator : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } xxxxxxxxx xxxx xxxxxxxxxxxxxxxxxx_xxxxx(xxxxxx xxxxxx, xxxxxxxxx x) { xxxxxx xxxxxxxxxxxxxx = xxxxxxxxxxxxxx.xxxx; //xxxxxxx xxx xxxxx xx xxxxxx xxxxx xxxx xxx xxxxxxx xxxx x xxxxxx xxxxxx xxxxxxxxxxx = xxxxxxx.xxxxxxxx(xxxxxxxxxxxxxx); //xxxxxxxxxx xxx xxxxxx xxxxx xxxxxxxxxxxxxx xx xxxxxx xxx xxxxxx xx xx x xxxxxx xxxxxxxx Preview frmSearchPersonnel.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmSearchPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } } Preview frmUserActivity.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx; xxxxx xxxxxx.xxxxxxxxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxxx; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; xxxxxx xxxxxxx xxxxx xxxxxxxxxxxxxxx : xxxxxx.xxx.xx.xxxx { xxxxxxxxx xxxx xxxx_xxxx(xxxxxx xxxxxx, xxxxxxxxx x) { Preview frmViewPersonnel.aspx.cs xxxxx xxxxxx; xxxxx xxxxxx.xxxxxxxxxxx.xxxxxxx; xxxxx xxxxxx.xxxx; xxxxx xxxxxx.xxx; xxxxx xxxxxx.xxx.xx; using System.Web.UI.WebControls; public partial class frmViewPersonnel : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { // xxxxxxx xxx xxxxxxx xxxxxxxxxxx xxxxxxxxx = xxx xxxxxxxxxxx(); xxxxxx xxxxxxxxx=""; //xxxx xxxxxx xxxx xxxx xxx xxxxxxx xxxxxx xxxx xxx xxxxxxxx xxxx'x xxxx xxx Preview UpgradeReport.css xxxx-xxxxxx: "xxxxxxx", xxxx-xxxxx; xxxx-xxxx: 70%; xxxx-xxxxxx: 12xx; xxxxxx-xxxxxx: 0xx; xxxxxx-xxxx: 10xx; MARGIN-TOP: 10px } .note { BACKGROUND-COLOR: #ffffff; COLOR: #336699; FONT-FAMILY: "Verdana", sans-serif; FONT-SIZE: 100%; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 0px; MARGIN-TOP: 0px; PADDING-RIGHT: 10px } .xxxxxxxxx { xxxxxxxxxx-xxxxx: #x0x0x0; xxxxxx-xxxxxx: #xxxxxx 0xx xxxxx; xxxxxx-xxxxxxxx: xxxxxxxx; Price: $12 Buy Now Checkout Added to cart Add to Cart Checkout Added to cart FLASH SALE $57 $72 Save $15 CIS407A Entire Course Get Entire Course You May Also Like: CIS407A Entire Course CIS407A Week 1 iLab Annual Salary Calculator ASP.NET Web Application CIS407A Week 2 iLab User Input Web Pages CIS407A Week 3 iLab User Activity Monitoring CIS407A Week 4 iLab Web Forms with Database Interaction CIS407A Week 5 iLab Transaction Processing CIS407A Week 6 iLab Login and Security Levels