STEP 1: Login Form
1. In order to do this lab, we need to assign a primary key to the tblUserLogin table. This will allow us to modify the user login table from our Manage Users form that we will create later. Go to Windows Explorer and open thePayrollSystem_DB.accdb.Set the UserID as the Primary key and save the table. Close the database.
2. Open Microsoft Visual Studio.NET.
3. Click the ASP.NET website named PayrollSystem to open it.
4. Create a new Web form namedfrmLogin.
5. Add theACIT logoto the top of the frmLogin page. Do not hyperlink the logo.
6. Under the login controls, you will seeLogin. Drop the Login control onto the form. Set the properties of the login control as follows:
Property / ValueDestinationPageUrl / frmMain.aspx
TitleText / Please enter your UserName and Password in order to log in to the system.
7. Highlight everything in the form, then click Format, Justify, Center. Save your work.
8. Go to the Solution Explorer, right-click onfrmLogin, and left-click onSet As Start Page.
Then run the website to check if the Web form appears correctly.
If you receive an error, add the following code to theweb.configfile right above the</configuration>line:
appSettings
add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
</appSettings
STEP 2: Login Check
9. Create a new DataSet calleddsUser. Use the tabletblUserLoginas the database table for this dataset. Do this in the same way that you added datasets in the previous labs.
10. Open theclsDataLayerand add the following function:
// This function verifies a user in the tblUser table
publicstaticdsUserVerifyUser(stringDatabase,stringUserName,stringUserPassword)
{
// Add your comments here
dsUser DS;
OleDbConnectionsqlConn;
OleDbDataAdaptersqlDA;
// Add your comments here
sqlConn=newOleDbConnection("PROVIDER=Microsoft.ACE.OLEDB.12.0;"+
"Data Source="+Database);
// Add your comments here
sqlDA=newOleDbDataAdapter("Select SecurityLevel from tblUserLogin "+
"where UserName like '"+UserName+"' "+
"and UserPassword like '"+UserPassword+"'",sqlConn);
// Add your comments here
DS =newdsUser();
// Add your comments here
sqlDA.Fill(DS.tblUserLogin);
// Add your comments here
return DS;
}
11. Double-click on the login control that you added. Add the following code to the login controlAuthenticate event handler:
// Add your comments here
dsUserdsUserLogin;
// Add your comments here
stringSecurityLevel;
// Add your comments here
dsUserLogin= clsDataLayer.VerifyUser(Server.MapPath("PayrollSystem_DB.accdb"),
Login1.UserName,Login1.Password);
// Add your comments here
if(dsUserLogin.tblUserLogin.Count1)
{
e.Authenticated=false;
return;
}
// Add your comments here
SecurityLevel=dsUserLogin.tblUserLogin[0].SecurityLevel.ToString();
// Add your comments here
switch(SecurityLevel)
{
case"A":
// Add your comments here
e.Authenticated=true;
Session["SecurityLevel"]="A";
break;
case"U":
// Add your comments here
e.Authenticated=true;
Session["SecurityLevel"]="U";
break;
default:
e.Authenticated=false;
break;
}
STEP 3: User Authentication, Test and Submit
12. Open thefrmPersonnelform and add the following code to itsPage_Load()function:
// Add your comments here
if(Session["SecurityLevel"]=="A"){
btnSubmit.Visible=true;
//Add your comments here
}else{
btnSubmit.Visible=false;
}
13. Set the start page asfrmLogin.aspx. Run the website. Try to log in with bothUser Name = MickeyandPassword = MouseandUser Name = MinnieandPassword = Mouse.Any other user ID and password should not allow you to log in.
14. When the user logs in, we want to restrict what they can see and do based on their user role. Theroleis stored in the database tabletblUserLogin. Mickey Mouse has all privileges, whereas Minnie Mouse has read only privileges. We want to control the visibility of the links on the frmMain page.
15. Initially, we did not set the ID of any of the Link Button or Image Button controls that we used onfrmMain. In order to make our code more maintainable, we will change the IDs as follows:
Option / Link Button ID / Image Button IDAnnual Salary Calculator / linkbtnCalculator / imgbtnCalculator
Add New Employee / linkbtnNewEmployee / imgbtnNewEmployee
View User Activity / linkbtnViewUserActivity / imgbtnViewUserActivity
View Personnel / linkbtnViewPersonnel / imgbtnViewPersonnel
Search Personnel / linkbtnSearch / imgbtnSearch
Edit Employees / linkbtnEditEmployees / imgbtnEditEmployees
16. Modify the main form so that the following options areturned offfornonadminusers:
- Add New Employee
- View User Activity
- Edit Employees
17. You now have a Web application that honors the role of the logged-in user. We don't have a way of managing the user roles and users in the system.
18. Add a new form calledfrmManageUsersthat will allow the user to add new users. The user will also need to be able to view all users and modify or delete any of the users in the database. Add a main form option calledManage Usersthat is only accessible to admin users. Add the link and image buttons as we have done in the past. Add theACITlogo that is hyperlinked as you did in previous assignments.
- For the security level of the user, use adropdownlist control to allow the user to select from A or U.
- Name the controls with names that make sense.
- Add code as appropriate to the code behind andclsDataLayer. Note: You will need to create a SaveUser function that is very similar to the SavePersonnel function. Use the following as a guide:
publicstaticboolSaveUser(stringDatabase,stringUserName,stringPassword,
stringSecurityLevel)
When creating theSaveUserfunction, be sure to insert the data into thetblUserLogintable with columns: userName, UserPassword, and SecurityLevel.
19. Hints:
- Make sure you reestablish your database connection if you copied the files from a previous lab.
- Update any DataSource controls that you added with the new Payroll database location.
- You can turn a control on or off by setting itsVisibleproperty.
- You can add a data entry form for new users and a grid displaying all users all on the same form.
- To force a gridView to refresh, call itsDataBindmethod in thebtnAddUser_clickevent handler. For example, use the following code in the btnAddUser_click (be sure to include an Else condition as well if the user was not added successfully):
if(clsDataLayer.SaveUser(Server.MapPath("PayrollSystem_DB.accdb"),
txtUserName.Text,txtPassword.Text,ddlSecurityLevel.SelectedValue))
{
lblError.Text="The user was successfully added!";
grdUsers.DataBind();
}
20. Test your application to make sure that you are logging in with a valid user ID. Try to log in with both Minnie and Mickey and make sure that the UI adjusts by the role properly. Make sure that you can utilize the Manage Users functionality to Add/Modify/Delete and view user information. Once you have verified that everything works, save your project, zip up all files, and submit in the Dropbox.
NOTE: Make sure you include comments in the code provided where specified (where the " // Your comments here" is mentioned); also, any code you write needs to be properly commented, or else a 5-point deduction per item (form, class, function) will be made.
frmManageUsers
Mickey Mouse (Admin) Login:
Minnie Mouse (User) Login: