Case Study: Secure Books Database Application
This case study presents a web application in which a user logs into a secure website to view a list of publications by an author of the user’s choosing. The application consists of several ASPX files. Section 25.6.1 presents the application and explains the purpose of each of its web pages. Section 25.6.2 provides step-by-step instructions to guide you through building the application and presents the markup in the ASPX files.
1. Examining the Completed Secure Books Database Application
This example uses a technique known as forms authentication to protect a page so that only users known to the website can access it. Such users are known as the site’s members. Authentication is a crucial tool for sites that allow only members to enter the site or a por-tion of the site. In this application, website visitors must log in before they are allowed to view the publications in the Books database. The first page that a user would typically re-quest is Login.aspx (Fig. 25.39). You will soon learn to create this page using a Login con-trol, one of several ASP.NET login controls that help create secure applications using authentication. These controls are found in the Login section of the Toolbox.
The Login.aspx page allows a site visitor to enter an existing user name and password to log into the website. A first-time visitor must click the link below the Log In button to create a new user before logging in. Doing so redirects the visitor to CreateNewUser.aspx
(Fig. 25.40), which contains a CreateUserWizard control that presents the visitor with a user registration form. We discuss the CreateUserWizard control in detail in Section 25.6.2. In Fig. 25.40, we use the password pa$$word for testing purposes—as you will learn, the CreateUserWizard requires that the password contain special characters for security purposes. Clicking Create User establishes a new user account. After creating the account, the user is automatically logged in and shown a success message (Fig. 25.41).
Clicking the Continue button on the confirmation page sends the user to Books.aspx (Fig. 25.42), which provides a drop-down list of authors and a table containing the ISBNs, titles, edition numbers and copyright years of books in the database. By default, all the books by Harvey Deitel are displayed. Links appear at the bottom of the table that allow you to access additional pages of data. When the user chooses an author, a postback occurs, and the page is updated to display information about books written by the selected author (Fig. 25.43).
Note that once the user creates an account and is logged in, Books.aspx displays a welcome message customized for the particular logged-in user. As you will soon see, a Log-inName control provides this functionality. After you add this control to the page, ASP.NET handles the details of determining the user name.
Clicking the Click here to log out link logs the user out, then sends the user back to Login.aspx (Fig. 25.44). This link is created by a LoginStatus control, which handles the log out details. After logging out, the user would need to log in through Login.aspx to view the book listing again. The Login control on this page receives the user name and password entered by a visitor. ASP.NET compares these values with user names and pass-words stored in a database on the server. If there is a match, the visitor is authenticated (i.e., the user’s identity is confirmed). We explain the authentication process in detail in Section 25.6.2. When an existing user is successfully authenticated, Login.aspx redirects the user to Books.aspx (Fig. 25.42). If the user’s login attempt fails, an appropriate error message is displayed (Fig. 25.45).
Notice that Login.aspx, CreateNewUser.aspx and Books.aspx share the same page header containing the logo image from the fictional company Bug2Bug. Instead of placing this image at the top of each page, we use a master page to achieve this. As we demonstrate shortly, a master page defines common GUI elements that are inherited by each page in a set of content pages. Just as Visual Basic classes can inherit instance variables and methods from existing classes, content pages inherit elements from master pages—this is known as visual inheritance.
Copyright © 2018-2020 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.