ee portal.doc
TRANSCRIPT
EE PortalASP.NET Project
<!DOCTYPE Final Report>
<head><Lab Chief Engineer Ilana David><Supervisor Viktor Kulikov ></head>
<body><Students= "Liana Lipstov & Pavel Bilenko"></body>
<LI> Software Systems Lab<LI> Department of Electrical Engineering<LI> Technion-Israel Institute of Technology
Contents
1. Chapter 1a. Introductionb. Project goals
2. Chapter 2 :Backgrounda. Technologyb. .NET Frameworkc. Ajaxd. SQL Server 2008e. Visual Web Developer 2008
3. Chapter 3 :Descriptiona. Old portal analyzeb. New portal designc. Design+ effects+ functionalityd. Security
4. Chapter 4 : Architecturea. Data table relationsb. Data Access Layerc. Ajax Control Toolkit controls
5. Chapter 5a. Project contributionb. Thanks and gratitudec. References
1. Chapter 1
<1.a Introduction>
Once upon a time there was an old EE portal. It had poor design, bugs, was based on old .NET framework and couldn’t be open in Visual Studio 2005 or later for debugging or further development. It was written and re-written by different people which caused a great deal of a mess. The code was hard to read and understand, there was pieces of not relevant code that was left there historically from times it have been used for debugging. Not only that, it had an "old" appearance.Then 2 brave students decided to change the situation, make some magic and rewrite the portal, the rest is a history…
Now seriously, among other things when we have re-written the portal we had mostly written new pages, here and there using existing stored procedures. We have made a great deal of transformation and eventually created a better looking and working portal. We have added visual effects, fading in/out windows, dynamic content, expanding space for data etc. making it more friendly and exciting to the user.Some new functionality was added to the portal making it more advanced and comfortable:
Remember me Messages Additional Info button Custom view (show active modules first)
Among other things we have added feedback messages for user actions, improved security, required fields and more.
</1.a Introduction>
<1.b Project Goals>
The goals of our projects were based on 2 requirements, whereas each one had to be fulfilled:
The first one was a portal from the programmer's side: educational with impact on simplicity in maintenance. So our goals were:
Learn SQLLearn working with DB (SQL Server)Learn ASP.NETRe-write the portal using ASP.NET Write in OOP, make an understandable code.Solve the bugs and improve the flow of the codeSecurity
The second one was from the user's side: friendly and exciting to use. This made us think of the user and how he would like to see it, making it as easy for use as possible.We have decided to add the following:
Improve some of the design (make it more modern)Fading in/out windowsDynamic contentExpanding space for data Messages between usersFeedback for user's actionVisual effects
</1.b Project Goals>
2. Chapter 2<2.a Technology>
Following a short summery of the basic development tools and technologies we have used. In the following sub chapters we'll have a better look on them.
What is ASP? ASP stands for: Active Server Pages.ASP is an easy way to add dynamic content to ordinary web pages and allows you easily create full-scale web applications.
What is .NET framework? .NET Framework is really a cluster of several technologies:
CLR (Common Language Runtime): engine that executes all .NET programs and provides automatic services for these applications (memory management, optimization e.t.c)..NET Framework class library: collects thousands of pieces of pre-built functionality that can be “snapped in” to applications.
What is ASP.NET? ASP.NET is an engine that hosts web applications and web services, with almost any feature from the .NET class library. ASP.NET gives you tools to use a higher-level model of server-side web controls. These are created and configured as objects and automatically provide their own HTML output.
Server side programming as an opposite to client side programming: All ASP.NET code executes on the server, the user receives an ordinary HTML page, which can be viewed in any browser. It also allows the web application to be used on any computer that has Internet access. Therefore the server-side programming solves the unwanted problems of client-side programming that are:
Isolation: Client-side code can’t access server-side resources.
– For example, a client-side application has no easy way to read a file or interact with a database on the server
Security: End users can view client-side code. And once malicious users understand how an application works, they can often tamper with it.
Usability: Client- side technologies aren’t supported equally by all browsers and operating systems.
ASP.NET allows web controls to behave like their Windows counterparts by maintaining state and even raising events that can be reacted to in code.
What is Ajax? Ajax is a recent technology which allows posting back page asynchronously and performing partial page refresh.What is Ajax Control Toolkit? Ajax Control Toolkit –is a Microsoft library of useful controls based on AJAX technology to create more interactive controls (such as animation, password strength e.t.c), this controls provides extensions to existing controls adding new functionality and dynamic behavior
Developing environment-our developing environment was Visual Web Developer 2008 and SQL Server 2008.
</2.a Technology>
<2.b .NET Framework>
Microsoft has a time-honored reputation for creating innovative technologies and wrapping them in buzzwords that confuse everyone. Now that developers are finally sorting out ActiveX, COM (Component Object Model), and Windows DNA (Distributed interNet Architecture), Microsoft has a whole new technology called .NET.
Let's have a quick look at the history of web development and learn why the .NET Framework was created.
The Evolution of Web Development
The Internet began in the late 1960s as an experiment. Its goal was to create a truly resilient information network—one that could withstand the loss of several computers without preventing the others from communicating. Driven by potential disaster scenarios (such as nuclear attack), the U.S. Department of Defense provided the initial funding. The early Internet was mostly limited to educational institutions and defense contractors. It flourished as a tool for academic collaboration, allowing researchers across the globe to share information. In the early 1990s, modems were created that could work over existing phone lines, and the Internet began to open up to commercial users. In 1993, the first HTML browser was created, and the Internet revolution began.
HTML and HTML Forms
It would be difficult to describe early websites as web applications. Instead, the first generation of websites often looked more like brochures, consisting mostly of fixed HTML pages that needed to be updated by hand.A basic HTML page is a little like a word-processing document—it contains formatted content that can be displayed on your computer, but it doesn’t actually do anything. The following example shows HTML at its simplest, with a document that contains a heading and single line of text:
<html><head>
<title> Sample Web Page</title></head><body>
<h1>Sample Web Page Heading</h1><p> This is a sample web page.</p>
</body></html>
This will produce the following HTML page in a browser:
HTML 2.0
HTML 2.0 introduced the first seed of web programming with a technology called HTML forms. HTML forms expand HTML so that it includes not only formatting tags but also tags for graphical widgets, or controls. These controls include common ingredients such as drop-
down lists, text boxes, and buttons. Here’s a sample web page created with HTML form controls:
<html><body>
<form><input type="checkbox"> This is choice 1 <br><input type="checkbox"> This is choice 2 <br><br><input type="submit" value="submit">
</form></body>
</html>
The result in a browser:
HTML forms allow web application developers to design standard input pages. When the user clicks the Submit button in the window all the data in the input controls (in this case, the two check boxes) is patched together into one long string and sent to the web server. On the server side, a custom application receives and processes the data. Amazingly, the controls that were created for HTML forms more than ten years ago are still the basic foundation that used to build dynamic ASP.NET pages. The difference is the type of application that
runs on the server side. In the past, when the user clicked a button on a form page, the information might have been e-mailed to a set account or sent to an application on the server that used the challenging CGI (Common Gateway Interface) standard. Today, we work with the much more capable ASP.NET platform.
Server-Side Programming
To understand why ASP.NET was created, it helps to understand the problems of other web development technologies. With the original CGI standard, the web server must launch a completely separate instance of the application for each web request. If the website is popular, the web server must struggle under the weight of hundreds of separate copies of the application, eventually becoming a victim of its own success.To counter this problem, Microsoft developed ISAPI (Internet Server Application Programming Interface), a higher-level programming model. Microsoft used it to build higher-level development platforms, such as ASP and ASP.NET. Both of these technologies allow developers to program dynamic web pages without worrying about the low-level implementation details.
Client-Side Programming
At the same time a new type of programming was gaining popularity. Enhancing web pages by embedding multimedia and miniature applets built with JavaScript, DHTML (Dynamic HTML), and Java code. These client-side technologies don’t involve any server processing. Instead the complete application is downloaded to the client browser, which executes it locally. The greatest problem with client-side technologies is that they aren’t supported equally by all browsers and operating systems. For that reason, ASP.NET is designed as a server-side technology. All ASP.NET code executes on the server. When the code is finished executing, the user receives an ordinary HTML page, which can be viewed in any browser.
The .NET Framework
.NET Framework is really a cluster of several technologies:
The .NET languages: These include C# and VB .NET The CLR (Common Language Runtime): The CLR is the engine that executes all .NET programs and provides automatic services for these applications, such as security checking, memory management, and optimization.The .NET Framework class library: The class library collects thousands of pieces of prebuilt functionality that you can insert into your applicationsASP.NET: This is the engine that hosts web applications and web services, with almost any feature from the .NET class library. ASP.NET also includes a set of web-specific services.Visual Studio: Development tool that contains a rich set of productivity and debugging features.
The IL
The IL=MSIL(Microsoft Intermediate Language) is a lower -level language. All the .NET languages are compiled into IL before the code is executed. The CLR runs only IL code, which means it has no idea which .NET language you originally used. This is the reason that the C# and VB .NET languages provide essentially the same features and performance.The following flow chart shows how the .NET languages are compiled to IL. Every EXE or DLL file that is build with a .NET language contains IL code. This is the file tat deployed to other computers:
</2.b .NET Framework>
Source code in C#
C# compiler(csc.exe)
DLL or exe file in IL
JIT (Just in time) compiler
Native machine code
Execute
The Common Language Runtime
<2.c AJAX >
AJAX
AJAX – stands for JavaScript and XML. It is a group of interrelated web development techniques used on the client-side to create interactive web applications or rich Internet applications. With Ajax, web applications can retrieve data from the server asynchronously in the background without interfering with the display and behavior of the existing page. Using Ajax helps to increase in interactive or dynamic interfaces on web pages and better quality of Web services due to the asynchronous mode. Data is usually retrieved using the XMLHttpRequest (DOM API that can be used inside a web browser scripting language, such as JavaScript, to send an HTTP or an HTTPS request directly to a web server and load the server response data directly back into the scripting language) object.
AJAX Control Toolkit
AJAX Control Toolkit- open-source project built on top of the Microsoft ASP.NET AJAX framework. It provides infrastructure to write reusable, customizable and extensible ASP.NET AJAX extenders and controls, as well as a rich array of controls that can be used out of the box to create an interactive Web experience.
Why AJAX?
In many cases, related pages on a website consist of much content that is common between them. Using traditional methods, that content would have to be reloaded on every request. However, using Ajax, a web application can request only the content that needs to be updated, thus drastically reducing bandwidth usage and load time.The use of asynchronous requests allows the client's Web browser UI to be more interactive and to respond quickly to inputs, and sections of pages can also be reloaded individually. Users may perceive the application to be faster or more responsive, even if the application has not changed on the server side.The use of Ajax can reduce connections to the server, since scripts and style sheets only have to be requested once.
State can be maintained throughout a Web site. JavaScript variables will persist because the main container page need not be reloaded.
The dark side of AJAX:
The main problem we've met was when we've used the Ajax control toolkit. It's supposed to me nice and comportable, easy working, looking great tool, and it is, until you need somethime slight change in it. Then a huge bugs appear, everyhting stops working, or working not the way it's supposes. Not only that, fixing those bugs takes a great amount of time! The solutions often found in a distinct desparate steps, with changing the code in the most unexpected places. Moving to .NET 3.5 SP1 fixed many bugs and “unsupported” parameters combinations.The ease of use of Ajax-powered interfaces often dramatically increases the number of user-generated requests to web servers and their back-ends (databases, or other). This can lead to slower response times and additional hardware needs to support Ajax-powered interfaces.Pages dynamically created using successive Ajax requests do not automatically register themselves with the browser's history engine, so clicking the browser's "back" button may not return the user to an earlier state of the Ajax-enabled page, but may instead return them to the last full page visited before it. Any user whose browser does not support Ajax or JavaScript, or simply has JavaScript disabled, will not be able to use its functionality. The only way to let the user carry out functionality is to fall back to non-JavaScript methods. This can be achieved by making sure links and forms can be resolved properly and rely not solely on Ajax.
</2.c AJAX >
<2.d SQL Server 2008>
Working with Data
Almost every piece of software ever written works with data .Typical Internet application is just a thin user interface shell on top of a sophisticated database program that reads and writes information from a database on the web server. The user might not even be aware that the displayed information originates from a database.
In our project we not only allow the user to perform simple searches and display results in a formatted table but also to retrieve information, which is processed and displayed in the appropriate format and location in the browser. Using a database is an excellent way to start dividing the user interface logic from the content, which allowed us to create a site that can work with dynamic, easily updated data.
DB (Data Base)
The most common way to manage data is by using a database. Database technology is particularly useful for software in large organizations, such as our faculty, which typically requires hierarchical sets of related information. In our case, a database consists of a list of people (authorized users- faculty workers), a list of permissions for those people, and other information from the other tables. This type of information is best described using a relational model, which is the philosophy that underlies all modern database products, including SQL Server. In chapter 3 shown the table relationships of EE portal
SP
SP- Stored procedures are parameterized T-SQL queries that are stored in the server itself. Stored procedures can accept values sent by the client as input parameters, and send back results as output parameters. They can call defined functions, and other stored procedures. The code need not be sent from the client every time.
SQL Server
SQL Server is Microsoft software for managing data storages. Its prime query language is Transact-SQL an implementation of ANSI standard of SQL. The main unit of data storage is a database, which is a collection of tables with typed columns. SQL Server supports
different data types; it can also contain other objects such as store procedures (sp). In our project we have used some of the SPs that have been written by the previous developers of EE portal. Using sp reduces network traffic and improves performance.SQL Server works with SQL- Structured Query Language. We used this language to select, add, and modify data.SQL example statements:
Select statement retrieves records. Update statement modifies existing records. Insert statement adds a new record. Delete statement deletes existing records.
Let's see how it all looks together:
</2.d SQL Server 2008><2.e Visual Web Developer 2008>
Our tool for developing the web site was Visual Web Developer 2008. Visual Web Developer Express is a freeware web development tool that allows developers to evaluate the web development and editing capabilities of the other Visual Studio 2008 editions at no charge. Its main function is to create ASP.NET websites. It has a WYSIWYG
DATA BASE
interface, drag-and-drop user interface designer, enhanced HTML & code editors, a database explorer, support for other web technologies (e.g., CSS, JavaScript, XML) and integrated, design-time validation for standards including XHTML 1.0/1.1 and CSS 2.1.It does have a few limitations although it gives you full support for developing web applications, it doesn’t support any other type of application. This means we can’t use it to develop separate components for use in our applications or to develop Windows applications that interact with web services. When you run a web application, Visual Web Developer starts its integrated web server. Behind the scenes, ASP.NET compiles the code in the Default.aspx page, runs it, and then returns the finalHTML to the browser. When running a web page, the URL in the browser includes a port number. It indicates that the web server is running on your computer (localhost), so its requests aren’t being sent over the Internet. It also indicates that all requests are being transmitted to port number 4235 (for example). That way, the requests won’t conflict with any other applications that might be running on the computer and listening for requests. Every time Visual Web Developer starts the integrated web server, it randomly chooses an available port.Adding Web Controls: adding web controls is easy, all that is need to be done is to drag the desirable control from the Toolbox on the left and drop it onto your web page. The controls in the Toolbox are grouped in numerous categories based on their functions. Ordinary HTML can be injected using the "source view". Double-click either.aspx page in the Solution Explorer (for the designer) or the .aspx.cs page (for the code view). The “code” in question is the C# code, not the HTML markup in the .aspx file. When switching to code view, the page class for your web page appears.
</2.e Visual Web Developer 2008>
3. Chapter 3<3.a Old Portal design>
Old portal analyze
Extensions :
1. .aspx – Design + events handling (client(2. .cs – dynamic page element generation + events handling
(serve(3. .ascx – user controls (design + methods(4. .js – client script code5. .css – style of design6. .asmx – web services7. .config – application configuration
File list :
1. AccessLevel.ascx/cs – Management access levels to different modules (retrivieng from DB and filling tables for given profile)
2. AccessLevelPreset.aspx/cs – Sets the values of access levels (profiles), or gives ability to customize them
3. AddUserGUI.ascx/cs – GUI for add user feature in management page
4. BackUpUserAccessLevels.ascx/cs – backups user access levels5. Default.aspx/cs – main portal page, design6. fadein.js – fading scripts7. help.html – help for default page8. IntranetLogin.ascx/cs – user control for login table and
methods9. Login.aspx/cs – login page10. login.css – login page style11. logout.aspx/cs – delete session cookies12. ManagePresets.ascx/cs – management user access levels13. ModuleLevel.ascx/cs – management module access levels14. ModuleSearch.ascx/cs – edit module data15. NewModule.ascx/cs – adds new module16. PortalFooter.ascx/cs – portal footer17. PortalGrid.ascx/cs – grid with modules for default and login
page18. PortalHeader.ascx/cs – header for default page19. PortalManage.aspx/cs – portal management page20. PortalModule.ascx/cs – user control for module21. PortalService.asmx/cs – web service for various account data
obtaining for portal and labagent
22. SemesterManager.ascx/cs – stores the data about academic semesters and creates new semester.
23. style.css – style for default page24. UpdateModuleGUI.ascx/cs – gui for editing module25. UserSearch.ascx/cs – module for searching existing users26. web.config – website configuration27. wz_tooltip.js – open source library for creating tooltips28. ADconec.cs – old DAL, used to access Database by Semester
Manager user control (from old portal)29. IntranetDB.cs – Intranet DAL, get and set data to database30. PortalDB.cs – Portal DAL inherited from IntranetDB31. DBUtil.cs – general data access functions32. CommonGUI.cs – some minor GUI functions
Program flow :
-> Default.aspxDefault.aspx -> Login.aspx (authorization)Login.aspx -> Default.aspxDefault.aspx -> Modules (links), -> PortalManage.aspx
Dependencies:
1. Login.aspxa. PortalFooter
2. Default.aspxa. AccessLevel.ascxb. AddUserGUI.ascxc. PortalGrid.ascxd. PortalHeader.ascxe. PortalFooter.ascx
Old portal Login page
</3.a Old Portal design >
<3.b New portal Design>
New portal Design
Our approach in creating a new portal was not only make an easy life for the user and better code understanding for the future developer that would deal with it but also to maintain the graphical design theme that was developed for it. If we added buttons we have added them in the same design, if we added some kind of boxes, we maintained the design and the "active/not active colors". Also the colors were made as in the portal or as portal theme so when you put a cursor on a certain button it changes its color accordingly.
New portal Skeleton:
File list(old files signed by *) : 1. AddNewMessage.ascx/cs – creates new message 2. AddNewModule.ascx/cs – adds new module to portal database3. AddNewUser.ascx/cs – adds new user to portal database4. CommonStyle.css – common style for login and portal pages5. Error.aspx/cs – displays error if user try to access portal
management page and don’t have appropriate access level6. FindUser.ascx/cs – implements user management tab
functionality7. FindUserScripts.js – scripts used by FindUser control8. FindUserStyle.css – FindUser control style9. Help.html* – help for using portal page10. Login.aspx/cs – login page11. LoginScripts.js – scripts for login page12. LoginStyle.css – login page style (not common with portal
page)13. logout.aspx/cs – implements logout procedures (delete
session cookie and removes session id user id translation entry from the database)
14. ManageModules.ascx/cs – implements module management tab functionality
15. Messages.ascx/cs – implements messages functionality at portal page
16. Messages.css – messages control style
17. Messages.js – client scripts used by messages control18. Portal.asmx – web service file links to portal class which
implements DAL of the portal to database19. PortalManage.aspx/cs – page for portal management20. PortalManageScripts.js – client javascript used by portal
management PAGE21. PortalModule.ascx/cs – implements portal module control logic
and design, used to create modules blocks for portal page22. PortalModuleStyle.css – style of portal module control23. PortalPage.aspx/cs – the main page of the portal provides
basic messages functionality, modules access page, and user data management.
24. PortalPageScripts.js – scripts used by portal page25. PortalPageStyle.css – style properties used at portal page26. SemesterManager.ascx/cs* - provides semester management
functionality, was changed to provide more friendly appearance and better suits to upgraded portal design(colors)
27. UserMessagesScripts.js – implements user messages functionality
28. UserMessagesStyle.css - 29. UserSettings.ascx/cs – implements user setting tab at portal
page30. UserSettingsScripts.js – scripts used by user settings control31. UserSettingsStyle.css – style used by user settings control32. Web.config – configuration of web application33. Wz_tooltip.js* – open source control used to create popup
windows, newer version was used at our project34. DBUtil.cs* – old portal DAL class used by semester
management control35. Portal.cs – portal DAL class, implements data access logic, no
direct data access was used at this project
</3.b New portal design>
<3.c Design+ effects+ functionality>
New portal "Login" page
The main features that have been added/improved:
Check box "Remember me" added, active for 2 weeks.Password field emptied if incorrect password was entered.Enhanced securityNo hacking with special characters available
New portal "Portal" page
After successful entering of login and password the user transferred to portal page.
The main features that have been added/improved:
Info button – Button with personal data for the user, such as number of students that signed to the lab e.t.c
Mailbox- A comfortable feature for sending e-mails (messages) between the users.
The Mailbox activated when pressed on an envelop (when putting cursor on it changes). Then the image turned to open envelop space expanded to contain the messages.
Click on the open envelop closes the mailbox.Next to envelop a label with "Incoming mail (X)" appears in bold when Mailbox contains X unread messages. When all the messages are read the label next to envelop is gray and no brackets appear next to it. To read a message the users has to click on it:
The messages sorted by the date they arrive.New messages Marked with dark blueOld messages marked with light blueEach message can be deleted separatelyThe message is sent trough "user's management" module.
Pressing the "send message" will send the message. If the operation succeeded, an appropriate message appears.
Portal Definition button – Is a button we added in the main panel of buttons.
This button leads to an option of showing the active modules first.
Selecting the checkbox:
And then pushing the "Update" and "Back to portal" will produce the following:All the active modules are set in the first row and the non –active in the next one.Getting back to "portal definitions" button and unchecking the box will reset the modules appearance to normal.
User Definition button – Allows you to update personal data:
We have solved all the "Hebrew align" problemsMade the table to appear normally setAdded message of success of updating the data. We used Ajax here, the message appears, and then change color and then disappear.We also used Ajax in the "change password" button. First all the other data becomes inactive, then when entering a password the dots (and not characters appear) and there's an indicator for password strength:
User info definitions successfully updated:
When updating the password, other fields are inactive and the Ajax indicator shows the password strength.
If the password re-enter is not the same then appropriate message appears:
All the fields have appropriate validators.
Module: Portal Managment
User Mangment tab:
After successful entering to the portal page, one of the modules is the portal management. Users that belong to groups with appropriate authorization have access to portal management.
The main features that have been added/improved:
Pleasant appearance of the tabs, correct Hebrew align.
We have used Data Set in session, hen when placing a postback there is no refresh (the page is not being load again). Data Set is a cash of Data Base, it means it will improve the paging e.t.c
Appearance of the table when searching for a user was visually improved, it's more modern, pleasant for the eye, when putting a cursor on certain field, it's being highlighted, when clicking on it , it selected in blue color.The titles for the table were deigned to be separated from the table, also we have added "paging" for more comfortable access to the users.
When the user we searched for is found, we can select him and push the update button. A new space being expanded between the search line and the table with the user data that can be updated with new data. After updating user's data a success message appears, then turns from green to blue then disappears:
Clicking "change password" button, makes all fields inactive. If the password re-typed incorrectly, suitable message appears.
Add a new user tab:
This tab allows the user that again has the access to this module to add a new user to the data base of the portal. The required fields
have to be filled. Another field allows the user to load a signature for the user.
Modules Managment tab:
This tab allows the user to update the modules with desirable data and/ or appearance. The module is selected from the drop down list of the modules. Then all the parameters such as: Short description, module headline, picture for active block, picture for inactive block e.t.c can be changed. There is also a "delete" button to delete the selected module.
Adding new module tab:
Accordingly to the previous parameters of modules management, a new module created with a help of this tab.
Semester managment tab:
This tab allows the user to add a new semester, change data about existing semester. The user can fill the box of the year he wants to create the semester, 2 calendars for the beginning and the end of the semester appears. Choosing the right dates and pushing the "execute" button will create a new semester, otherwise appropriate message will appear:
</3.c Design+ effects+ functionality>
<3.d Security>
IIS Security
Before the ASP.NET runtime even gets in touch with an incoming request, IIS verifies the security according to its own configuration. Therefore, before you learn about the details of ASP.NET security, you have to learn about the first gatekeeper in the security pipeline of your web application—IIS. IIS provides you with a couple of essential security mechanisms that act as gatekeepers before ASP.NET starts with the request processing. Basically, IIS includes the following security mechanisms:
Authentication: IIS supports Basic authentication, Digest authentication, Passport authentication, and Windows authentication as well as certificate authentication through an SSL channel. Any authentication IIS performs results in an authenticated Windows user. Therefore, IIS supports authenticating Windows users only.
Authorization: IIS provides built-in support of IP address restrictions and evaluation of Windows ACLs (which is the acronym for Access Control Lists, which are Windows’ way of protecting resources managed by the operating system, such as file system files and folders, registry entries, named pipes, and so on).Confidentiality: Encryption can be enforced through SSL.
Database security
Each user has his own unique UserID. Most of the SP which retrieves user relevant data receives UserID as an argument. To enter the portal user must enter his username and password. Web server checking supplied user data at SQl database, if the pair user login and password is correct, SQL SP creates unique SessionID and enters pair SessionID and UserID in corresponding table. Storing this table allows us to provide user only with SessionID, and keep sensitive data (UserID) at web server side. SessionID data is stored as a cookie on client side if user checked Remember Me option. This cookie is encrypted and system dependant, which prevents using it on other computers. Portal management page is requiring special permissions in order to access it. Because we allow to all existing user to access portal pages folder (IIS Security) we implemented a special check at page load of this page, to prevent access to this page by the users who are not allowed to access it.
</3.d Security>
4. Chapter 4
<4.a Data table relations>
When two tables have a common column or columns, the tables are said to have a relationship between them. The cardinality of a relationship is the actual number of occurrences for each entity.The conceptual data model logically groups the major data elements from the requirements analysis into individual entities. An entity is just something of significance for which you need to store data. The individual data elements are referred to as attributes. The diagram of the conceptual model is useful to communicate the initial understanding of the requirements users. …
Repeated-Value Data Binding
Repeated-value data binding uses one of the special list controls included with ASP.NET. Link one of these controls to a data list source (such as a field in a data table), and the control automatically creates a full list using all the corresponding values. This saves from having to write code that loops through the array or data table and manually adds elements to a control.
The table relations in the new portal can be seen in the following diagram:
</4.a Data table relations>
<4.b Data Access Layer>DAL logic is implemented at Portal.cs file.There are 4 data structures that DAL using:
1. ModuleData – module specific data: URLs to images, status, description etc.
2. PortalData – portal settings: number of modules, portal grid format (number of columns) etc.
3. UserData – user specific data: id, full name, telephone etc.4. MessageData – Message specific data: title, message text, date,
sender, message id
Functions of Portal class used to implement login page functionality:1. LoginCheck – check if user with supplied user name and
password is exist in database if yes, authorized him and creates authorization cookie if needed, else writes error message.
2. SendEmail – checks if supplied e-mail exists in the database if yes sends login information (username and password) to this e-mail, else writes error message.
Functions of Portal class used to implement portal page functionality:1. GetPortalData – gets portal data2. GetUserData – gets user data3. GetModuleData – gets module data4. SetUserData – set user data5. SetModuleData – set module data6. isActive – checks if module is active for current user7. isAdministrator – checks if user has administrator rights8. UpdateUserPortalSettings – updates portal settings for current
user
Functions of Portal class used to implement portal management page functionality:
1. FindUser – retrieves users according to search string and search options
</4.b Data Access Layer>
<4.c Ajax Control Toolkit controls>
At this project we used Ajax Control Toolkit for animation and creating more dynamic controls(controls extensions).AnimationExtender
Used to create animation effects. Fade in and fade out of popup windows and messages, and to change color in fading out message.
UpdatePanelAnimationExtenderUsed to animate UpdatePanel.
Accordion Used to create expandable messages at message box on portal page.
PasswordStrengthUsed to show the user password strength before he changes his password.
TabContainerUsed to create tab interface at portal management page.
TabPanelPanel at TabContainer
CollapsiblePanelExtenderUsed to create expandable panel with advanced options at adding module tab
</4.c Ajax Control Toolkit controls >
5. Chapter 5
<5.a Project contribution>
Beside all the improvements we have made in the EE portal, that are described trought this book, we have benefited a great deal of knowledge and experience with Visual web Developer, SQL server, working with data bases and security.
</5.a Project contribution>
<5.b Thanks and gratitude>
We would like to thank our Lab chief engineer Ilana David for her patience and understanding toward us and for giving us all the time we needed to finish this project.
We would like to thank our supervisor Viktor Kulikov for all his professional guideness and all the extra time he gave us to help us finish the project. We would never have made it unless his kind heart and great knowledge.
</5.b Thanks and gratitude >
<5.c References>
Beginning ASP.NET 2.0 in C# 2005 by Matthew MacDonaldASP.NET Database Programming by Jason Butler and Toni Caudill.
</5.c Referances>
THE END