Web-based Course Information System supporting Accreditation using ASP.NET Master’s Project by Vidhya Sampath Kumaran Division of Computing Studies Committee: Dr. Timothy Lindquist (Chair) Dr. Kevin Gary Prof. Richard Whitehouse

Problem Statement Lack of Dynamic Course Information web pages in Div. of Computing Studies (DCST) Maintenance Requires HTML skilled user Becomes time consuming Lack of software tool in DCST for ABET Accreditation of programs Demonstration of Program outcomes satisfying ABET criteria (“Outcome-based evaluation”)

Lack of Dynamic Course Information web pages in Div. of Computing Studies (DCST)

Maintenance

Requires HTML skilled user

Becomes time consuming

Lack of software tool in DCST for ABET Accreditation of programs

Demonstration of Program outcomes satisfying ABET criteria (“Outcome-based evaluation”)

Related Work TrueOutcomes: Web-based commercial software for outcome assessment ASU BlackBoard and TrueOutcomes Integration Students of DCST EAssessment System University of Bridgeport school of Engineering Course Information System East Tennessee University

TrueOutcomes: Web-based commercial software for outcome assessment

ASU BlackBoard and TrueOutcomes Integration

Students of DCST

EAssessment System

University of Bridgeport school of Engineering

Course Information System

East Tennessee University

Web-based Database-driven Course Information System supporting Accreditation (CISA) tool for DCST that provides: Single database to store course information and outcomes Secured view of web pages to insert, update, and delete information Public view of web pages to display dynamic course information and outcome mappings Project Solution

Web-based Database-driven Course Information System supporting Accreditation (CISA) tool for DCST that provides:

Single database to store course information and outcomes

Secured view of web pages to insert, update, and delete information

Public view of web pages to display dynamic course information and outcome mappings

Technologies Used ASP.NET 2.0 ADO.NET Languages : C# Software Used Visual Studio .NET 2005 PostgreSQL 8.1 Npgsql -.net data provider for PostgreSQL Internet Information Services (IIS) 6.0 Technologies & Software

Technologies Used

ASP.NET 2.0

ADO.NET

Languages : C#

Software Used

Visual Studio .NET 2005

PostgreSQL 8.1

Npgsql -.net data provider for PostgreSQL

Internet Information Services (IIS) 6.0

CISA 3-Tier Architecture ASP.NET Web Forms .aspx Business Logic Layer ( BLL ) ASP.NET Code-behind (.aspx.cs) Data Access Layer ( DAL ) Presentation Tier Logic Tier Data Tier Postgres Database Internet Internet Client Browser Browser Client ADO.NET

Functional Requirements (Secured CISA) Use Case diagram – Secured CISA view Admin. user interaction in CISA Manage Course Info. Manage Course Outcomes Manage Program Manage Program Objectives Assign supp. Program Obj. Manage ABET Outcomes Change Password Admin. User Manage Course Activities CISA secured Assign supp. Program Out. Assign supp. Course Out. Assign supp. ABET Out. Manage Program Outcomes Manage Users

Use Case diagram – Secured CISA view

Admin. user interaction in CISA

Functional Requirements (Public CISA) Use Case diagram – Public CISA view Public user interaction in CISA View Course Description View Course Activities View Program Objectives View Program Outcomes View supp Program Obj. View supp. ABET Out. View ABET Out. Public user View Course Outcomes CISA unsecured View supp. Program Out. View supp. Course Out.

Use Case diagram – Public CISA view

Public user interaction in CISA

Database Schema

Security Application Security Double Layer: IIS and ASP.NET ASP.NET Forms Authentication Unauthorized requests redirected to Login Page Entered credentials validated, cookie set, and user directed to the requested web page Data Security SHA1 Hashed Passwords (non-clear text) in database Parameterized queries Protection against SQL Injection attacks

Application Security

Double Layer: IIS and ASP.NET

ASP.NET Forms Authentication

Unauthorized requests redirected to Login Page

Entered credentials validated, cookie set, and user directed to the requested web page

Data Security

SHA1 Hashed Passwords (non-clear text) in database

Parameterized queries

Protection against SQL Injection attacks

Web UI Features & Controls Master Page Common Layout containing Header, Footer, and Navigation elements Provides uniform look and feel Facilitates changes Data-Bound Server Controls GridView, DataList, Repeater,DropDownList Navigation Control TreeView Validation server Controls

Master Page

Common Layout containing Header, Footer, and Navigation elements

Provides uniform look and feel

Facilitates changes

Data-Bound Server Controls

GridView, DataList, Repeater,DropDownList

Navigation Control

TreeView

Validation server Controls

Deployment Compiled C# code-behind files and other classes into .dll in deployin dir Placed .aspx web form pages in deploy dir Placed Web.Config in deploy dir Created virtual dir in IIS pointing to application’s deploy dir Accessed application via URL: Pubic CISA http://< servername >/< virtualdirectoryname >/public/ Default.aspx Secured CISA http://<servername>/<virtualdirectoryname>/admin/AdminDefault.aspx

Compiled C# code-behind files and other classes into .dll in deployin dir

Placed .aspx web form pages in deploy dir

Placed Web.Config in deploy dir

Created virtual dir in IIS pointing to application’s deploy dir

Accessed application via URL:

Pubic CISA

http://< servername >/< virtualdirectoryname >/public/ Default.aspx

Secured CISA

http://<servername>/<virtualdirectoryname>/admin/AdminDefault.aspx

Conclusion CISA successfully developed, deployed, and tested Secured View for authenticated users Public View of course information and outcomes Optimal database developed Best Practices employed E.g. Separation of Concerns, Parameterized queries Identified problems addressed by CISA Outcome-based evaluation demonstrated by CISA CISA can help DCST accreditation

CISA successfully developed, deployed, and tested

Secured View for authenticated users

Public View of course information and outcomes

Optimal database developed

Best Practices employed

E.g. Separation of Concerns, Parameterized queries

Identified problems addressed by CISA

Outcome-based evaluation demonstrated by CISA

CISA can help DCST accreditation

Future Work Segregating CISA secured view based on user roles Keeping track of semester or year of data entry Displaying multiple sets of ABET Outcomes for different programs Improving CISA Performance E.g. Caching Improving Security Implementing SSL (https) in Secured CISA Encrypting Connection String and storing in Web.Config file Creating Tamper Proof URLs

Segregating CISA secured view based on user roles

Keeping track of semester or year of data entry

Displaying multiple sets of ABET Outcomes for different programs

Improving CISA Performance

E.g. Caching

Improving Security

Implementing SSL (https) in Secured CISA

Encrypting Connection String and storing in Web.Config file

Creating Tamper Proof URLs