1 cs 3870/cs 5870: note 13 lab 6 authentication and authorization roles management
TRANSCRIPT
1
CS 3870/CS 5870: Note 13
Lab 6
Authentication and Authorization
Roles Management
2
Lab 6
Copy folder Lab5 as Lab6
Modify Master Page and Content Pages
Add Session Variables for Lab6
Make sure Lab6 is working
One SQLDataSource for Lab6
• Make a copy of your Lab6
• Remove the SqlDataSource from all three pages
• Close the three pages
3
One SQLDataSource for Lab6
• Lab6MasterPage
• Add an SQLDataSource control before or after the new ContentPlaceHolder
• Configure the data source
• Generate Insert/Delete/Update commands
• Uncheck Use optimistic concurrency
4
Delete Command• Lab6MasterPage
• Source
• DeleteCommand
DeleteCommand="DELETE FROM [Product]
WHERE [ProductID] = @ProductID"
• (Uncheck Use optimistic concurrency)
• DataKeyNames: ProductID5
Function getDataSource
Partial Class Lab6_MasterPage
Public Function getDataSource() As SqlDataSource
Return mySqlDataSource
End Function
Protected Sub LoginStatus1_LoggedOut(. . .)
Handles LoginStatus1.LoggedOut
Response.Redirect("~/Login.aspx")
End Sub
End Class6
Default Page
• Open Default.aspx in Design View
• Click the Smart Tag
• Change SqlDataSource1 to– mySqlDataSource
• Auto-Generate fields
• Close the Smart Tag
• Refresh Fields and Keys for GridView1– Yes
7
Shopping.aspx
Page Directive
<%@ Language=“VB” MasterPageFile="~/Lab6/Lab6MasterPage.master” … %>
<%@ MasterType VirtualPath="~/Lab6/Lab6MasterPage.master" %>
8
Shopping.apsx.vb
Protected Sub txtID_TextChanged
Dim id As String
‘ get id from session variable
Dim db As SqlDataSource =
Master.getDataSource
Dim dv As System.Data.DataView =
db.Select(DataSourceSelectArguments.Empty)
dv.RowFilter = "ProductID = '" & id & "'“
If dv.Count = 1 Then9
Updating.aspx
Page Directive
<%@ Language=“VB” MasterPageFile="~/Lab6/Lab6MasterPage.master” … %>
<%@ MasterType VirtualPath="~/Lab6/Lab6MasterPage.master" %>
10
Updating Page
• Open Updating.aspx in Design View
• Click the Smart Tag
• Change SqlDataSource1 to– mySqlDataSource
• Close the Smart Tag
• Refresh Fields and Keys for DetailsView1– Yes if asked
11
Delete on Updating.aspx
DetailsView1
DataKeyNames: ProductID
12
Inserting on Updating.apsx
Protected Sub DetailsView1_ItemInserted(...) Handles...
Dim id As String = txtID.Text.Trim
Dim db As SqlDataSource =
Master.getDataSource
Dim dv As System.Data.DataView =
db.Select(DataSourceSelectArguments.Empty)
For . . .
‘ setting DetailsView1.PageIndex
13
Creating Roles
• Enabling RoleManager
• Web.config under the root folder
<roleManager enabled="true"></roleManager>
• Default is False
14
New Users
• UserName: Windows
• Role: Member
• Password: cs3340@CSSEUWP
• Email: your UWP email
• Other: your choice
15
New Users
• UserName: WebProtocols
• Roles: Admin and Member
• Password: cs3870@CSSEUWP
• Email: your UWP email
• Other: your choice
16
17
Page SetRoles
18
Private Sub ListRolesBind()
lstRoles.DataSource = Roles.GetAllRoles()
lstRoles.DataBind()
End Sub
Protected Sub Button1_Click(. . .) Handles Button1.Click
Roles.CreateRole(txtRole.Text)
ListRolesBind()
End Sub
Protected Sub Button2_Click(. . .) Handles Button2.Click
Roles.DeleteRole(txtRole.Text)
ListRolesBind()
End Sub
Protected Sub Button3_Click(. . .) Handles Button3.Click
Roles.AddUserToRole(txtUser.Text, lstRoles.SelectedValue)
ListUsersBind()
End Sub
19
Private Sub ListUsersBind()
lstUsersInRole.DataSource =
Roles.GetUsersInRole(lstRoles.SelectedValue)
lstUsersInRole.DataBind()
End Sub
Protected Sub Button4_Click(. . .) Handles Button4.Click
Roles.RemoveUserFromRole(lstUsersInRole.SelectedValue,
lstRoles.SelectedValue)
ListUsersBind()
End Sub
Protected Sub lstRoles_SelectedIndexChanged(. . .)
Handles lstRoles.SelectedIndexChanged
ListUsersBind()
End Sub
20
Web.Config• Application Configuration File under the main web site
<location path="Lab6/Default.aspx">
<system.web>
<authorization>
<allow roles=“Member"/>
<deny users=“*" />
</authorization>
</system.web>
</location>
<location path="Lab6/SetRoles.aspx">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
21
Role Management
• Users in role Admin can access page SetRoles
• User in role Member cannot access page SetRoles, but can access page Default
Multiple Locations
• This may not work!
• Create sub-folders!
22
23
Sub-Folders and Pages
Member
Default
Shopping
Checkout
Admin
Updating
SetRoles
24
Authorization
• Configuration File under the folder Admin
</system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*" />
</authorization>
</system.web>
25
Authorization
• Configuration File under the folder Member
</system.web>
<authorization>
<allow roles=“Member"/>
<deny users="*" />
</authorization>
</system.web>
Schedule
• Thursday (10-16): Lab206– Lose 5 points if missing class
• Saturday (10-18): – Basic functionalities for bonus points
• Monday (10-20): Lab6 is due at 5pm
• Tuesday (10-21): Review for Test2
• Thursday (10-23): Test2
26
Test 2
• Lab5 and Lab6
• Authentication and Authorization
• Login
• Create User and Roles
• Assign users to roles
• Accessing Database
27