Step 3: Create Log-In Form (Login.aspx). • Login.aspx form created on the Web server • Has standard page header, navigation menu, and page footer • Log-in control added to form 6 24% Step 4: Add Code to Authenticate and Redirect User (Login.aspx.vb). • Login1_Authenticate event handler authenticates log-in against credentials in Web.config file. • Login1_LoggedIn event handler saves username in session state and redirects to original destination page or to home page. 6 24% Step 5: Add Logout Link and Authorization Check to Secure/Admin.aspx Form. • Logout LinkButton added to form • Click event handler for LinkButton abandons session and redirects to home page • Page Load event handler redirects to log-in page if UserName session variable not set. 5 20% Step 6: Test, Capture Screenshots, and Submit (Student Name BIS450 Lab6 Screenshots.docx). • Word file submitted to Dropbox with the following screenshots: o Log-in form with invalid log-on message; and o Maintain Food Information form with logout link. 3 12% Total 25 100% i L A B S T E P S Preparation 1. Download the BIS450 Lab6 Code Snippets.txt file from Doc Sharing and save it in your working folder for this lab. 2. Using the Citrix remote lab: a. Follow the log-in instructions located in the iLab tab in Course Home. b. Upload the file that you downloaded from Doc Sharing into your BIS450Labs folder on your Citrix drive. (You created this folder in Week 1). STEP 1: Open Website on the DeVry Web Server. 1. Launch Microsoft Visual Studio 2010. You must use Visual Studio 2010 in the Citrix environment. 2. Pull down the File menu and select Open, then select Web Site. In the Open website dialog, select FTP Site in the left column. The connection information that you used in the previous lab should be displayed: • Server: bisweb.devry.edu • Port: 21 • Directory: coursefolder/yourname, where coursefolder = folder on the Weblab server for your course (provided by your professor), and yourname = your first initial and last name, (e.g. jsmith for student, John Smith). • Passive Mode and Anonymous Login: both unchecked. • Username: acadDnnnnnnnn, where Dnnnnnnnn = your DSI number. • Password: Enter the same password that you use for Citrix iLab (must be re-entered each time). Click Open. STEP 2: Modify Web.config File.
1. Open the Web.config file for the Healthy Eating site. 2. Open the BIS450 Lab6 Code Snippets.txt file that you downloaded from Doc Sharing. Select and copy the block of XML code that begins with the tag and ends with . Paste this block of code into the Web.config file immediately before the tag, as shown: TIP: In this case, there is only one user who will be logging into the site (the administrator who will maintain the Healthy Eating database). Other visitors don’t need to log in. We will store the log-in name and password for this user in the Web.config file, because that’s the simplest solution for a single log-in. For a site with a large number of users, each with their own username and password, log-in information would most likely be stored in a database table. 3. Save the modified Web.config file. STEP 3: Create Log-In Form. 1. In the Solution Explorer window, click on the website root (ftp://bisweb.devry.edu/coursefolder/yourname) to select it; then add a new Web form named Login.aspx to the site. 2. Set the Title property of the Document to Healthy Eating Login. 3. Attach StyleSheet.css to the Web form. 4. As you did when setting up the Web forms in the previous labs, open Default.htm and copy the contents of its element (in HTML, everything in between the and tags, but not the and tags themselves). Paste these contents inside the div in Login.aspx (in HTML, in between the and tags). Delete the contents of the #main div after pasting. 5. Drag a Login control from the Login section of the Toolbox and drop it onto the form inside div#main. Click Auto Format on the Login control’s smart tag, select the Classic scheme, and click OK. In the Properties window, set the DisplayRememberMe property of the Login control to False. Your form should now look like the following: 6. Save the Login.aspx form. STEP 4: Add Code to Authenticate and Redirect User. 1. Double-click the Login control to create a skeleton event handler for the control’s Authenticate event in the codebehind file for the form. This procedure will be executed whenever a user tries to log in, to determine if he or she is a valid user. 2. In the BIS450 Lab6 Code Snippets.txt file that you downloaded from Doc Sharing, select and copy the block of VB code that begins with the comment, “‘Authenticate user against credentials in Web.config”. Paste this code into the Login1_Authenticate event handler procedure, in between the Protected Sub Login1_Authenticate(. . . ) and the End Sub statements, as shown: TIP: If log-in credentials were stored in a database table, this code would need to execute a SQL query to see if a record with the username and password exists, instead of comparing the username and password with the values from the Web.config file. Otherwise, the log-in process would be the same. 3. Now that the user is authenticated, you need to add code to redirect the user to the correct page following a successful log-in. At the top of the editing window, select Login1 in the left drop-down list (if not already selected) and select LoggedIn from the right drop-down list. This will create a skeleton event handler procedure for the LoggedIn event, which fires after a successful log-in: 4. In the BIS450 Lab6 Code Snippets.txt file that you downloaded from Doc Sharing, select and copy the block of VB code that begins with the comment, “‘Save user name in session state and redirect user”. Paste this into the LoggedIn event handler, in between the Protected Sub Login1_LoggedIn(. . .) and End Sub” statements: TIP: This code does two things: a. It stores the username in a session variable so that other forms can determine whether the user is logged in; and b. it sends the user to a different page following a successful log-in. If the user tried to access a restricted page on the site before logging in, and was redirected to the log-in page, the URL of the page that he or she originally tried to access will be in a URL parameter called ReturnURL; so the log-in code