2023 LAB 8 ASP NET Security Student Due Date Apr | Assignment Collections
Computer Science 2023 LAB #8 – ASP.NET Security
2023 LAB 8 ASP NET Security Student Due Date Apr | Assignment Collections
LAB #8 – ASP.NET Security
Student: ______________________
Due Date: Apr. 9th, 2014
Purpose: The purpose of this Lab assignment is to:
· Practice the use of Forms-Based authentication
References:
· Textbook.
· Lecture notes
This assignment may be completed individually by all the students. Submit the solution in a zip file using assignment link on blackboard. The file must be named according to the following rule:
yourlastname_CEIL865Labnumber. Your project should also use the same name.
Example: smith_CEIL865Lab8
If there are two exercises, add to the file name: _Ex1 or _Ex2.
Example: smith_CEIL865Lab8_Ex1
Exercise #1
In this exercise, you’ll implement a simple Forms-based authentication.
Create a new ASP.NET application.
Configuring the application for forms authentication
If the application has a Web.config file in the application root, open it.
If the application does not already have a Web.config file in the application root folder, create one.
Add the following elements to it within <system.web> area:
<authenticationmode=“Forms“>
<formsloginUrl=“Logon.aspx“name=“.ASPXFORMSAUTH“>
<credentialspasswordFormat=“Clear“>
<username=“[email protected]“password=“ceil865“/>
</credentials>
</forms>
</authentication>
<authorization>
<denyusers=“?“/>
</authorization>
Save the Web.config file and close it.
Creating the Logon Page
When users request any page from the Web site and if they have not previously been authenticated, they are redirected to a page named Logon.aspx. You specified this file name earlier in the Web.config file.
The Logon.aspx page collects user credentials (e-mail address and password) and authenticates them. If the user is successfully authenticated, the logon page redirects the user to the page they originally requested. In the example, the valid credentials are hard-coded into the page code.
Create an ASP.NET page named Logon.aspx in your project.
Add the following web controls as shown in the picture:
Four label controls, two text box controls, one check box control, two requiredfieldvalidator controls, two button controls.
Set the text property of the label controls as shown in the picture. Name the text boxes UserMail and UserPass. Set the ControlToValidate property for validator controls respectively to UserMail and UserPass. Name the check box control Persist.
Name button controls respectively BtnLogon, BtnLogonWebConfig. Name the fourth label Message.
Here is the code behind for Logon.aspx page:
public partial class Logon : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void BtnLogon_Click(object sender, EventArgs e)
{
if ((UserEmail.Text == “[email protected]“) && (UserPass.Text == “ceil865”))
FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked);
else
Msg.Text = “Invalid credentials. Please try again.”;
}
protected void BtnLogonWebConfig_Click(object sender, EventArgs e)
{
//Authenticating against values in Web.config
if( FormsAuthentication.Authenticate(UserEmail.Text, UserPass.Text) )
FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked);
else
Msg.Text = “Invalid credentials. Please try again.”;
}
}
The page contains ASP.NET server controls that collect user information and a check box that users can click to make their login credentials persistent. The Log On button’s Click handler contains code that checks the user’s e-mail address and password against hard-coded values. (The password is a strong password that contains various non-alphabetic characters and is at least eight characters long.) If the user’s credentials are correct, the code calls the FormsAuthentication class’s RedirectFromLoginPage method, passing the user’s name and a Boolean value (derived from the check box) indicating whether to persist an authentication ticket as a cookie. The method redirects the user to the page originally requested. If the user’s credentials do not match, an error message is displayed. Note that the page imports the System.Web.Security namespace, which contains the FormsAuthentication class.
Creating the Default Page
Because you specified in the configuration file that all unauthenticated users are denied access to the application’s ASP.NET resources (which includes .aspx files, but not static files such as HTML files or multi-media files including images, music, and so on), when a user requests the page, forms authentication will check the user’s credentials and redirect the user to the logon page if necessary. The page you create will also allow users to log out, which clears their persisted authentication ticket (cookie).
If you don’t have a default page, add a new web form and name it Default.aspx. Add a label control and a button control to the form as shown in the picture below:
Name the label Welcome and the button Sign_Out.
Here is the code behind the page:
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Welcome.Text = “Hello, “ + Context.User.Identity.Name;
}
protected void Sign_Out_Click(object sender, EventArgs e)
{
//removes the forms authentication cookie
FormsAuthentication.SignOut();
//Redirects the browser to the login URL. Clears the cookie
FormsAuthentication.RedirectToLoginPage();
}
}
The page displays the user’s authenticated identity, which was set by the FormsAuthentication class and is available in an ASP.NET page as the Context.User.Identity.Name property. The Sign Out button’s Click handler contains code that calls the SignOut method to clear the user identity and remove the authentication ticket (cookie). It then redirects the user to the logon page:
References:
MSDN documentation
We give our students 100% satisfaction with their assignments, which is one of the most important reasons students prefer us to other helpers. Our professional group and planners have more than ten years of rich experience. The only reason is that we have successfully helped more than 100000 students with their assignments on our inception days. Our expert group has more than 2200 professionals in different topics, and that is not all; we get more than 300 jobs every day more than 90% of the assignment get the conversion for payment.