1

CS 3870/CS 5870: Note 13

Lab 6

Authentication and Authorization

Roles Management

2

Lab 6

Copy folder Lab5 as Lab6

Modify Master Page and Content Pages

Add Session Variables for Lab6

Make sure Lab6 is working

One SQLDataSource for Lab6

• Make a copy of your Lab6

• Remove the SqlDataSource from all three pages

• Close the three pages

3

One SQLDataSource for Lab6

• Lab6MasterPage

• Add an SQLDataSource control before or after the new ContentPlaceHolder

• Configure the data source

• Generate Insert/Delete/Update commands

• Uncheck Use optimistic concurrency

4

Delete Command• Lab6MasterPage

• Source

• DeleteCommand

DeleteCommand="DELETE FROM [Product]

WHERE [ProductID] = @ProductID"

• (Uncheck Use optimistic concurrency)

• DataKeyNames: ProductID5

Function getDataSource

Partial Class Lab6_MasterPage

Public Function getDataSource() As SqlDataSource

Return mySqlDataSource

End Function

Protected Sub LoginStatus1_LoggedOut(. . .)

Handles LoginStatus1.LoggedOut

Response.Redirect("~/Login.aspx")

End Sub

End Class6

Default Page

• Open Default.aspx in Design View

• Click the Smart Tag

• Change SqlDataSource1 to– mySqlDataSource

• Auto-Generate fields

• Close the Smart Tag

• Refresh Fields and Keys for GridView1– Yes

7

Shopping.aspx

Page Directive

<%@ Language=“VB” MasterPageFile="~/Lab6/Lab6MasterPage.master” … %>

<%@ MasterType VirtualPath="~/Lab6/Lab6MasterPage.master" %>

8

Shopping.apsx.vb

Protected Sub txtID_TextChanged

Dim id As String

‘ get id from session variable

Dim db As SqlDataSource =

Master.getDataSource

Dim dv As System.Data.DataView =

db.Select(DataSourceSelectArguments.Empty)

dv.RowFilter = "ProductID = '" & id & "'“

If dv.Count = 1 Then9

Updating.aspx

Page Directive

<%@ Language=“VB” MasterPageFile="~/Lab6/Lab6MasterPage.master” … %>

<%@ MasterType VirtualPath="~/Lab6/Lab6MasterPage.master" %>

10

Updating Page

• Open Updating.aspx in Design View

• Click the Smart Tag

• Change SqlDataSource1 to– mySqlDataSource

• Close the Smart Tag

• Refresh Fields and Keys for DetailsView1– Yes if asked

11

Delete on Updating.aspx

DetailsView1

DataKeyNames: ProductID

12

Inserting on Updating.apsx

Protected Sub DetailsView1_ItemInserted(...) Handles...

Dim id As String = txtID.Text.Trim

Dim db As SqlDataSource =

Master.getDataSource

Dim dv As System.Data.DataView =

db.Select(DataSourceSelectArguments.Empty)

For . . .

‘ setting DetailsView1.PageIndex

13

Creating Roles

• Enabling RoleManager

• Web.config under the root folder

<roleManager enabled="true"></roleManager>

• Default is False

14

New Users

• UserName: Windows

• Role: Member

• Password: cs3340@CSSEUWP

• Email: your UWP email

• Other: your choice

15

New Users

• UserName: WebProtocols

• Roles: Admin and Member

• Password: cs3870@CSSEUWP

• Email: your UWP email

• Other: your choice

16

17

Page SetRoles

18

Private Sub ListRolesBind()

lstRoles.DataSource = Roles.GetAllRoles()

lstRoles.DataBind()

End Sub

Protected Sub Button1_Click(. . .) Handles Button1.Click

Roles.CreateRole(txtRole.Text)

ListRolesBind()

End Sub

Protected Sub Button2_Click(. . .) Handles Button2.Click

Roles.DeleteRole(txtRole.Text)

ListRolesBind()

End Sub

Protected Sub Button3_Click(. . .) Handles Button3.Click

Roles.AddUserToRole(txtUser.Text, lstRoles.SelectedValue)

ListUsersBind()

End Sub

19

Private Sub ListUsersBind()

lstUsersInRole.DataSource =

Roles.GetUsersInRole(lstRoles.SelectedValue)

lstUsersInRole.DataBind()

End Sub

Protected Sub Button4_Click(. . .) Handles Button4.Click

Roles.RemoveUserFromRole(lstUsersInRole.SelectedValue,

lstRoles.SelectedValue)

ListUsersBind()

End Sub

Protected Sub lstRoles_SelectedIndexChanged(. . .)

Handles lstRoles.SelectedIndexChanged

ListUsersBind()

End Sub

20

Web.Config• Application Configuration File under the main web site

<location path="Lab6/Default.aspx">

<system.web>

<authorization>

<allow roles=“Member"/>

<deny users=“*" />

</authorization>

</system.web>

</location>

<location path="Lab6/SetRoles.aspx">

<system.web>

<authorization>

<allow roles="Admin"/>

<deny users="*" />

</authorization>

</system.web>

</location>

21

Role Management

• Users in role Admin can access page SetRoles

• User in role Member cannot access page SetRoles, but can access page Default

Multiple Locations

• This may not work!

• Create sub-folders!

22

23

Sub-Folders and Pages

Member

Default

Shopping

Checkout

Admin

Updating

SetRoles

24

Authorization

• Configuration File under the folder Admin

</system.web>

<authorization>

<allow roles="Admin"/>

<deny users="*" />

</authorization>

</system.web>

25

Authorization

• Configuration File under the folder Member

</system.web>

<authorization>

<allow roles=“Member"/>

<deny users="*" />

</authorization>

</system.web>

Schedule

• Thursday (10-16): Lab206– Lose 5 points if missing class

• Saturday (10-18): – Basic functionalities for bonus points

• Monday (10-20): Lab6 is due at 5pm

• Tuesday (10-21): Review for Test2

• Thursday (10-23): Test2

26

Test 2

• Lab5 and Lab6

• Authentication and Authorization

• Login

• Create User and Roles

• Assign users to roles

• Accessing Database

27