Lab: Login and Security Levels

Scenario/Summary

In this week’s lab, we will create a login form, validate a user  based on their login name and password, and allow them to access the  system or not. We will assign a session variable to determine the user’s  level of security and allow certain functions to be displayed or not  displayed in the existing frmPersonnel form depending on the assigned  security level. (NOTE: In some cases, the instructions for this lab will  be less specific than in earlier labs, because you are expected to  apply what you have learned in earlier weeks. Refer to the detailed  instructions in previous weeks’ labs if you need to do so.)

Please watch the tutorial before beginning the Lab.

Transcript   Transcript      

Deliverables

When you try to log in, if you use User Name = Mickey and Password =  Mouse, the frmMain form should open with all links visible. If you use  User Name = Minnie and Password = Mouse, the frmMain form should open  with only the Salary Calculator, View Personnel, and Search options  available. You will have a new option called Manage Users that will  allow you to add new users and remove or update existing users. Once you  have verified that it works, save your website, zip up all files, and  submit it.

Note on database connections: We are using a SQLDataSource control  for the Edit employees feature that we added. You should be using the  connection string stored in the web.config file for your database  connection for this control. Rather than creating a new connection each  time, just use this connection. If you change the folder where your  website is stored (e.g., you copy each week’s work to a new location),  you will need to update the web.config. The advantage of using the  database connection in the web.config is that you only have to set the  configuration in one location.

Before starting this week’s lab, make sure that everything is working and that all database connections are properly configured.

Required Software

Microsoft Visual Studio.NET 

Access the software at to an external site.)Links to an external site..
Steps: 1, 2, and 3

Lab Steps

STEP 1: Login Form

1. In order to do this lab, we need to assign a primary key to the  tblUserLogin table. This will allow us to modify the user login table  from our Manage Users form that we will create later. Go to Windows  Explorer and open the PayrollSystem_DB.accdb. Set the UserID as the Primary key and save the table. Close the database.

2. Open Microsoft Visual Studio.NET.

3. Click the ASP.NET website named PayrollSystem to open it.

4. Create a new Web form named frmLogin.

5. Add the ACIT logo to the top of the frmLogin page. Do not hyperlink the logo.

6. Under the login controls, you will see Login. Drop the Login control onto the form. Set the properties of the login control as follows:

   Property Value   DestinationPageUrl frmMain.aspx   TitleText Please enter your UserName and Password in order to log in to the system.     

7. Highlight everything in the form, then click Format, Justify, Center. Save your work.

8. Go to the Solution Explorer, right-click on frmLogin, and left-click on Set As Start Page.

Then run the website to check if the Web form appears correctly.

If you receive an error, add the following code to the web.config file right above the </configuration> line:

<appSettings>

<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />

</appSettings>

STEP 2: Login Check

9. Create a new DataSet called dsUser. Use the table tblUserLogin as the database table for this dataset. Do this in the same way that you added datasets in the previous labs.

10. Open the clsDataLayer and add the following function:

// This function verifies a user in the tblUser table

public static dsUser VerifyUser(string Database, string UserName, string UserPassword)

{

// Add your comments here

dsUser DS;

OleDbConnection sqlConn;

OleDbDataAdapter sqlDA;

// Add your comments here

sqlConn = new OleDbConnection("PROVIDER=Microsoft.ACE.OLEDB.12.0;" +

"Data Source=" + Database);

// Add your comments here

sqlDA = new OleDbDataAdapter("Select SecurityLevel from tblUserLogin " +

"where UserName like '" + UserName + "' " +

"and UserPassword like '" + UserPassword + "'", sqlConn);

// Add your comments here

DS = new dsUser();

// Add your comments here

sqlDA.Fill(DS.tblUserLogin);

// Add your comments here

return DS;

}    

11. Double-click on the login control that you added. Add the following code to the login control Authenticate event handler:

// Add your comments here

dsUser dsUserLogin;

// Add your comments here

string SecurityLevel;

// Add your comments here

dsUserLogin = clsDataLayer.VerifyUser(Server.MapPath("PayrollSystem_DB.accdb"),

Login1.UserName, Login1.Password);

// Add your comments here

if (dsUserLogin.tblUserLogin.Count < 1)

{

e.Authenticated = false;

return;

}

// Add your comments here

SecurityLevel = dsUserLogin.tblUserLogin[0].SecurityLevel.ToString();

// Add your comments here

switch (SecurityLevel)

{

case "A":

// Add your comments here

e.Authenticated = true;

Session["SecurityLevel"] = "A";

break;

case "U":

// Add your comments here

e.Authenticated = true;

Session["SecurityLevel"] = "U";

break;

default:

e.Authenticated = false;

break;

}

STEP 3: User Authentication, Test and Submit

12. Open the frmPersonnel form and add the following code to its Page_Load() function:

// Add your comments here

if (Session["SecurityLevel"] == "A") {

btnSubmit.Visible = true;

//Add your comments here

} else {

btnSubmit.Visible = false;

}

13. Set the start page as frmLogin.aspx. Run the website. Try to log in with both User Name = Mickey and  Password = Mouse and User Name = Minnie and Password = Mouse. Any other user ID and password should not allow you to log in.

14. When the user logs in, we want to restrict what they can see and do based on their user role. The role is stored in the database table tblUserLogin.  Mickey Mouse has all privileges, whereas Minnie Mouse has read only  privileges. We want to control the visibility of the links on the  frmMain page.

15. Initially, we did not set the ID of any of the Link Button or Image Button controls that we used on frmMain. In order to make our code more maintainable, we will change the IDs as follows:

   Option Link Button ID Image Button ID   Annual Salary Calculator linkbtnCalculator imgbtnCalculator   Add New Employee linkbtnNewEmployee imgbtnNewEmployee   View User Activity linkbtnViewUserActivity imgbtnViewUserActivity   View Personnel linkbtnViewPersonnel imgbtnViewPersonnel   Search Personnel linkbtnSearch imgbtnSearch   Edit Employees linkbtnEditEmployees imgbtnEditEmployees     

16. Modify the main form so that the following options are turned off for nonadmin users:

• Add New Employee
• View User Activity
• Edit Employees

17. You now have a Web application that honors the role of the  logged-in user. We don’t have a way of managing the user roles and users  in the system.

18. Add a new form called frmManageUsers that will  allow the user to add new users. The user will also need to be able to  view all users and modify or delete any of the users in the database.  Add a main form option called Manage Users that is only accessible to admin users. Add the link and image buttons as we have done in the past. Add the ACIT logo that is hyperlinked as you did in previous assignments.

• For the security level of the user, use a dropdown list control to allow the user to select from A or U.
• Name the controls with names that make sense.
• Add code as appropriate to the code behind and clsDataLayer.  Note: You will need to create a SaveUser function that is very similar  to the SavePersonnel function. Use the following as a guide:

public static bool SaveUser(string Database, string UserName, string Password,

string SecurityLevel)

When creating the SaveUser function, be sure to insert the data into the tblUserLogin table with columns: userName, UserPassword, and SecurityLevel.

19. Hints:

• Make sure you reestablish your database connection if you copied the files from a previous lab.
• Update any DataSource controls that you added with the new Payroll database location.
• You can turn a control on or off by setting its Visible property.
• You can add a data entry form for new users and a grid displaying all users all on the same form.
• To force a gridView to refresh, call its DataBind method in the btnAddUser_click  event handler. For example, use the following code in the  btnAddUser_click (be sure to include an Else condition as well if the  user was not added successfully):

if (clsDataLayer.SaveUser(Server.MapPath("PayrollSystem_DB.accdb"),

txtUserName.Text, txtPassword.Text,ddlSecurityLevel.SelectedValue))

{

lblError.Text = "The user was successfully added!";

grdUsers.DataBind();

} 

20. Test your application to make sure that you are logging in with a  valid user ID. Try to log in with both Minnie and Mickey and make sure  that the UI adjusts by the role properly. Make sure that you can utilize  the Manage Users functionality to Add/Modify/Delete and view user  information. Once you have verified that everything works, save your  project, zip up all files, and submit it.

NOTE: Make sure you include comments in the code provided where  specified (where the ” // Your comments here” is mentioned); also, any  code you write needs to be properly commented, or else a 5-point  deduction per item (form, class, function) will be made.

frmManageUsers

Mickey Mouse (Admin) Login:

Minnie Mouse (User) Login: