Docstoc

week8.docx _1849K_ - Student of Fortune

Document Sample
week8.docx _1849K_ - Student of Fortune Powered By Docstoc
					               In this lab, we will incorporate error handling into the login process so that a notice of each invalid
               login is automatically e-mailed to the technical support staff.

                         Instruction to Week 7 iLab: Error Notification via E-Mail
                         Click on the link above to view the tutorial.
                         Please watch this tutorial before beginning the iLab.
                         The tutorial has audio.

               Deliverables
               When you try to log in, if your user name is not Mickey, Minnie, or another user you added (that
               is, if the user name is not found in tblUserLogin), then an e-mail should be sent to the address
               recipient@recipientdomain.com. If the user attempts to bypass the login page by typing a page
               name in the URL, your web application should redirect the user back to the login page. Once you
               have verified that it works, save your project, zip up all files, and submit in the Dropbox.
               NOTE: E-mails may be blocked due to firewalls, antivirus software, or even Internet service
               providers that turned off SMTP because of some known security issues. If the code works (does
               not produce an error when submitting), you will get full credit for this project even if no e-mail
               message is actually transmitted. Consult with your instructor before submitting if an error occurs
               or if no e-mail is generated, to be sure.

                iLAB STEPS

               STEP 1: Business Layer Functionality (10 points)
                   1.   Open Microsoft Visual Studio.NET 2008.
                   2.   Click the ASP.NET website named PayrollSystem to open it.
                   3.   Create a new class called clsBusiness Layer.
                   4.   Add the following code in the clsBusinessLayer class:
wing at the top of the class file,
here
;

ing code inside the body of public class clsBusinessLayer ****

ndEmail(string Sender, string Recipient, string bcc, string cc,
g Body)



here
sage = new MailMessage();
here
new MailAddress(Sender);
here
new MailAddress(Recipient));
here
c != string.Empty) {
here
(new MailAddress(bcc));

here
!= string.Empty) {
here
new MailAddress(cc));
here
 = Subject;
here
Body;
here
tml = true;
here
y = MailPriority.Normal;
here
nt = new SmtpClient();
here
5;
127.0.0.1";
here
ailMessage);
here

) {
here




               STEP 2: Integration (10 points)
                  5. Open the frmLogin web form code behind file and add the following code to the body of
                     the if (dsUserLogin.tblUserLogin.Count < 1) statement, just above the return statement:
here
ur comments here
sinessLayer.SendEmail("youremail@yourdomain.com",
@receiverdomain.com", "", "", "Login Incorrect",
n failed for UserName: " + Login1.UserName +
d: " + Login1.Password))

1.FailureText = Login1.FailureText +
n information was sent to receiver@receiverdomain.com";


                  6.
                     NOTE: Change the youremail@yourdomain.com and receiver@receiverdomain.com to
                     your e-mail and someone else's e-mail for testing.
                  7. Optional: Perform this step only if you are doing this lab using Visual Studio 2008
                     installed on your own computer, your computer has Internet Information Services (IIS)
                     installed, and you have administrative rights to IIS. If you are doing this lab using the iLab
                     (Citrix) server, or if you do not have access to IIS, skip to step 8.

                       Open IIS (Start > Control Panel > Administrative Tools > Internet Information Services),
                       navigate to the Default SMTP Virtual Server, right-click on it, and left-click on Properties.
Click the Access tab, then the Relay button, then Add, and add the IP 127.0.0.1.
Click OK, OK, and APPLY when finished.




   5. We have a security hole in our web application. If you start the web application by going
      to the login page, you can bypass the login page by simply typing the name of a form in
      the URL (try it). There is some limited protection because of the check we are doing for
      user role, but it still allows a user to get to pages we don't want them to get to unless the
      role is set properly. Add a security check in the Page_Load of each sensitive page
                     (Manage Users, Add New Employee, View User Activity, Edit Employees), check for the
                     Session role item with a value of "A," and, if the user is accessing these pages without
                     the proper permissions, redirect back to the frmLogin.aspx page.
                  6. This still leaves the possibility of a person bypassing the login page. We will fix that by
                     using forms authentication. Add the following to the web.config file. (There should already
                     be an authentication section – replace it with this.)
ode="Forms">
="frmLogin.aspx" />


s="?" />

                  7. This will redirect users to the login page if they have not yet gone through it for login. This
                     process will use a cookie – when the user successfully logs in in a cookie is set that
                     allows the user to go to other pages. If that cookie is not set then the user is redirected to
                     the login page if they try to go to any other page. Add the cookie code by adding this
                     code in the frmLogin.aspx C# code after each place that you have e.Authenticated = true:
edirectFromLoginPage(Login1.UserName, false);
                  8. Hints:

                      Make sure you reestablish your database connection if you copied the files from a
                      previous lab. Also, make sure to update the web.config file with the database connection
                      string.

                      Update any DataSource controls you added with the new payroll database location.

                      When you manually try to go to a second page by skipping the login page, a cookie is set
                      specifying the name of the page you were attempting to go to. Once you login
                      successfully, ASP.Net will automatically attempt to navigate back to that page. You can
                      reset the cookie so that the next page is frmMain, as expected, by typing that page in the
                      URL for the browser before logging in.

                      Submit Final Lab (includes all previous lab assignments)

               STEP 3: Test and Submit (10 points)
                  12. Run your project. When you try to log in, enter a user name that is not Mickey or Minnie
                      (i.e., a user name that is not found in tblUserLogin). An e-mail should be sent to the
                      recipient@recipientdomain.com e-mail address.

                      Test that frmMain reconfigures properly based on user role. Make sure the user cannot
                      bypass the login page.

                      Once you have verified that everything works, save your website, zip up all files, and
                      submit in the Dropbox.

                      NOTE: E-mails may be blocked due to firewalls, antivirus software, or even Internet
                      service providers that turned SMTP off because of some known security issues. If the
                      code works (does not produce an error when submitting), you will get full credit for this
                      project even if no e-mail message is actually transmitted. Consult with your instructor
                      before submitting if an error occurs or if no e-mail is generated. It is expected that no e-
                      mail will be sent if you are using the DeVry iLab (Citrix) server for this lab or if you were
                      not able to configure IIS in step 7.

                      NOTE: Make sure you include comments in the code provided where specified (where
the " // Add your comments here" is mentioned), including code you wrote, or else a 5
point deduction per item (form, class, function) will be made.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:12/4/2011
language:English
pages:5
liamei12345 liamei12345 http://
About