BIS 450 DeVry Week 6 I Lab 7
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>BIS</strong> <strong>450</strong> <strong>DeVry</strong> <strong>Week</strong> 6 I <strong>Lab</strong> 7<br />
Downloading is very simple, you can download this Course here:<br />
https://www.mindsblow.com/product/bis-<strong>450</strong>-devry-week-6-ilab-7/<br />
Or<br />
Contact us at:<br />
SUPPORT@MINDSBLOW.COM<br />
<strong>BIS</strong> <strong>450</strong> <strong>DeVry</strong> <strong>Week</strong> 6 i<strong>Lab</strong> 7<br />
<strong>BIS</strong><strong>450</strong><br />
<strong>BIS</strong> <strong>450</strong> <strong>DeVry</strong> <strong>Week</strong> 6 i<strong>Lab</strong> 7<br />
i<strong>Lab</strong> 7 of 8: Securing the Food Information Guide Database<br />
Submit your assignment to the Dropbox located on the silver tab at the top of this page.<br />
See Syllabus, Due Dates for Assignments & Exams, for due dates.<br />
i L A B O V E R V I E W<br />
Scenario/Summary<br />
You have been asked to secure the Maintain Food Information Web form added in the previous lab so that only an<br />
authorized administrator can make changes to the database.<br />
You will begin by setting up a username and password for the administrator. You will then create a log-in page to allow<br />
the administrator to log in to the site. Finally, you will modify the Maintain Food Information form to deny access unless<br />
the user is logged in as an administrator.<br />
Since this site has only one page with restricted access, and only one administrator who needs to log in to access that<br />
page, you will use a simple security scheme in which the log-in credentials are stored in the site’s configuration file.<br />
You will then be able to utilize a session variable to keep track of whether or not the administrator is logged in. It should<br />
be noted that more complex security schemes exist, which are appropriate for sites with more users and more restricted<br />
content. These security schemes are described in this week’s textbook readings and lecture.<br />
Deliverables<br />
1. Modified Web.config file on Healthy Eating site on the Web server.<br />
2. Login.aspx Web form created on Healthy Eating site on the Web server, with associated code-behind file.<br />
3. Modified Secure/Admin.aspx form on Healthy Eating site on the Web server.<br />
4. Word document submitted to Dropbox with screenshots of:<br />
• Login page after unsuccessful log-in; and<br />
• Admin page after successful log-in displaying logout link.<br />
Grading Rubric<br />
Criteria Points %<br />
Step 2: Modify Web.config File (Web.config).<br />
• appSettings section added to Web.config file on the Web server
• appSettings contains AdminUsername and AdminPassword settings 5 20%<br />
Step 3: Create Log-In Form (Login.aspx).<br />
• Login.aspx form created on the Web server<br />
• Has standard page header, navigation menu, and page footer<br />
• Log-in control added to form 6 24%<br />
Step 4: Add Code to Authenticate and Redirect User (Login.aspx.vb).<br />
• Login1_Authenticate event handler authenticates log-in against credentials in Web.config file.<br />
• Login1_LoggedIn event handler saves username in session state and redirects to original destination page or to home<br />
page. 6 24%<br />
Step 5: Add Logout Link and Authorization Check to Secure/Admin.aspx Form.<br />
• Logout LinkButton added to form<br />
• Click event handler for LinkButton abandons session and redirects to home page<br />
• Page Load event handler redirects to log-in page if UserName session variable not set. 5 20%<br />
Step 6: Test, Capture Screenshots, and Submit (Student Name <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Screenshots.docx).<br />
• Word file submitted to Dropbox with the following screenshots:<br />
o Log-in form with invalid log-on message; and<br />
o Maintain Food Information form with logout link. 3 12%<br />
Total 25 100%<br />
i L A B S T E P S<br />
Preparation<br />
1. Download the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Code Snippets.txt file from Doc Sharing and save it in your working folder for this lab.<br />
2. Using the Citrix remote lab:<br />
a. Follow the log-in instructions located in the i<strong>Lab</strong> tab in Course Home.<br />
b. Upload the file that you downloaded from Doc Sharing into your <strong>BIS</strong><strong>450</strong><strong>Lab</strong>s folder on your Citrix drive. (You created<br />
this folder in <strong>Week</strong> 1).<br />
STEP 1: Open Website on the <strong>DeVry</strong> Web Server.<br />
1. Launch Microsoft Visual Studio 2010.<br />
You must use Visual Studio 2010 in the Citrix environment.<br />
2. Pull down the File menu and select Open, then select Web Site. In the Open website dialog, select FTP Site in the<br />
left column. The connection information that you used in the previous lab should be displayed:<br />
• Server: bisweb.devry.edu<br />
• Port: 21<br />
• Directory: coursefolder/yourname, where coursefolder = folder on the Weblab server for your course (provided by<br />
your professor), and yourname = your first initial and last name, (e.g. jsmith for student, John Smith).<br />
• Passive Mode and Anonymous Login: both unchecked.<br />
• Username: acadDnnnnnnnn, where Dnnnnnnnn = your DSI number.<br />
• Password: Enter the same password that you use for Citrix i<strong>Lab</strong> (must be re-entered each time).<br />
Click Open.
STEP 2: Modify Web.config File.<br />
1. Open the Web.config file for the Healthy Eating site.<br />
2. Open the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Code Snippets.txt file that you downloaded from Doc Sharing. Select and copy the block of<br />
XML code that begins with the tag and ends with . Paste this block of code into the Web.config file immediately before<br />
the tag, as shown:<br />
TIP: In this case, there is only one user who will be logging into the site (the administrator who will maintain the Healthy<br />
Eating database). Other visitors don’t need to log in. We will store the log-in name and password for this user in the<br />
Web.config file, because that’s the simplest solution for a single log-in. For a site with a large number of users, each<br />
with their own username and password, log-in information would most likely be stored in a database table.<br />
3. Save the modified Web.config file.<br />
STEP 3: Create Log-In Form.<br />
1. In the Solution Explorer window, click on the website root (ftp://bisweb.devry.edu/coursefolder/yourname) to select<br />
it; then add a new Web form named Login.aspx to the site.<br />
2. Set the Title property of the Document to Healthy Eating Login.<br />
3. Attach StyleSheet.css to the Web form.<br />
4. As you did when setting up the Web forms in the previous labs, open Default.htm and copy the contents of its element<br />
(in HTML, everything in between the and tags, but not the and tags themselves). Paste these contents inside the div in<br />
Login.aspx (in HTML, in between the<br />
and<br />
tags). Delete the contents of the #main div after pasting.<br />
5. Drag a Login control from the Login section of the Toolbox and drop it onto the form inside div#main. Click Auto<br />
Format on the Login control’s smart tag, select the Classic scheme, and click OK. In the Properties window, set the<br />
DisplayRememberMe property of the Login control to False. Your form should now look like the following:<br />
6. Save the Login.aspx form.<br />
STEP 4: Add Code to Authenticate and Redirect User.<br />
1. Double-click the Login control to create a skeleton event handler for the control’s Authenticate event in the codebehind<br />
file for the form. This procedure will be executed whenever a user tries to log in, to determine if he or she is a<br />
valid user.<br />
2. In the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Code Snippets.txt file that you downloaded from Doc Sharing, select and copy the block of VB<br />
code that begins with the comment, “‘Authenticate user against credentials in Web.config”. Paste this code into the<br />
Login1_Authenticate event handler procedure, in between the Protected Sub Login1_Authenticate(. . . ) and the End<br />
Sub statements, as shown:<br />
TIP: If log-in credentials were stored in a database table, this code would need to execute a SQL query to see if a<br />
record with the username and password exists, instead of comparing the username and password with the values from<br />
the Web.config file. Otherwise, the log-in process would be the same.<br />
3. Now that the user is authenticated, you need to add code to redirect the user to the correct page following a<br />
successful log-in. At the top of the editing window, select Login1 in the left drop-down list (if not already selected) and<br />
select LoggedIn from the right drop-down list. This will create a skeleton event handler procedure for the LoggedIn<br />
event, which fires after a successful log-in:<br />
4. In the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Code Snippets.txt file that you downloaded from Doc Sharing, select and copy the block of VB<br />
code that begins with the comment, “‘Save user name in session state and redirect user”. Paste this into the LoggedIn<br />
event handler, in between the Protected Sub Login1_LoggedIn(. . .) and End Sub” statements:<br />
TIP: This code does two things:<br />
a. It stores the username in a session variable so that other forms can determine whether the user is logged in; and<br />
b. it sends the user to a different page following a successful log-in.
If the user tried to access a restricted page on the site before logging in, and was redirected to the log-in page, the URL<br />
of the page that he or she originally tried to access will be in a URL parameter called ReturnURL; so the log-in code<br />
will send the user back to that page. If there is no ReturnURL (which may happen if the user goes directly to the log-in<br />
form), then the log-in code will send the user to the site’s home page.<br />
5. Save your changes to the code-behind file.<br />
STEP 5: Add Logout Link and Authorization Check to Secure/Admin.aspx Form.<br />
1. Open the Admin.aspx Web form, which is located in the Secure folder. If necessary, switch to the Design view.<br />
2. Drag a LinkButton control from the Standard section of the Toolbox and drop it onto the form to the right of the Find<br />
Food Info Button. Type several spaces to create some separation between the button and the LinkButton control. Set<br />
the (ID) property of the LinkButton to btnLogout and the Text property to Logout.<br />
3. Double-click on the Logout LinkButton to create a skeleton event handler for its click event in the code-behind file.<br />
From the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Code Snippets.txt file, copy the block of VB code that begins with the comment, “‘Log out of<br />
session and redirect to home page”, and paste it into the click event handler in between the Sub btnLogout_Click(. . .)<br />
and End Sub statements, as shown:<br />
4. Set the left drop-down list at the top of the editing window to (Page Events) and set the right drop-down list to Load.<br />
This will create a skeleton event handler for the Page Load event for this page. From the <strong>BIS</strong><strong>450</strong> <strong>Lab</strong> 6 Code<br />
Snippets.txt file, copy the block of VB code that begins with the comment, “Redirect to log-in page if user is not currently<br />
logged in”, and paste it into the event handler in between the Sub Page_Load(. . .) and End Sub statements, as shown:<br />
TIP: Notice that in this code, the URL in the Response.Redirect command that sends the user to the log-in form includes<br />
the URL parameter string “?ReturnURL=Secure/Admin.aspx”. The code that you inserted earlier on the log-in form will<br />
use this parameter to return the user to the Admin.aspx form after they have logged in.<br />
5. Save your changes to the Admin.aspx form and its code-behind file by selecting File, then Save All, or by pressing<br />
CRTL + Shift + S.<br />
STEP 6: Test, Capture Screenshot, and Submit.<br />
1. To test your security setup, in the Solution Explorer window, right-click on Default.htm (the home page) and select<br />
View in Browser. The home page should display as usual, demonstrating that users can still view the home page<br />
without logging in.<br />
2. Click on some of the other links on the navigation bar (BMI Calculator, Calorie Needs, Food Info) to verify that these<br />
pages also display as usual.<br />
3. Click on the Admin link. Instead of seeing the Maintain Food Information form, you should be redirected to your new<br />
log-in page, as shown:<br />
4. Enter the user name, admin, and an invalid password, such as wrong, and click the Login button. You should be<br />
returned to the log-in page, and an error message should be displayed.<br />
5. Capture a screenshot of the Login form with the invalid log-in error message displayed, and paste it into a Word<br />
document.<br />
6. Enter the user name admin and the correct password, which is 2Health! (Remember that this was defined in the<br />
Web.config file). Click the Login button. You should now be redirected to the Maintain Food Information form, which<br />
should include a Logout link as shown:<br />
7. Capture a screenshot of this form with the Logout link visible, and paste it into the same Word document.<br />
8. Click the Logout link. You should be returned to the home page.<br />
9. Save the Word document containing your two screenshots as Your Name <strong>BIS</strong><strong>450</strong> <strong>Lab</strong>6 Screenshot.docx. (Make<br />
sure that the browser URL is visible in both screen shots). Submit this file to the <strong>Week</strong> 6 i<strong>Lab</strong> Dropbox