This document outlines the steps for iLab 7 of the CIS407A course. The iLab involves incorporating error handling into a login process so that invalid login attempts are emailed to technical support. Students are instructed to build upon the existing PayrollSystem website by adding a business layer class to send emails, integrating email functionality into the login form, and protecting against unauthorized access. The iLab concludes by testing the error notification and access restrictions, and submitting the completed PayrollSystem application.
Cis407 a ilab 7 web application development devry university
1. CIS407A iLab 7 Web Application
Development Devry University
Click this link to get the tutorial:
http://homeworkfox.com/tutorials/general-
questions/6229/cis407a-ilab-7-web-application-development-
devry-university/
iLab 7 of 7: Error Notification via E-Mail (30 Points)
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See Syllabus "Due Dates for Assignments & Exams" for due dates.)
iLABOVERVIEW
Scenario/Summary
In this lab, we will incorporate error handling into the login process so that a notice of each
invalid login is automatically e-mailed to thetechnical supportstaff.
Instruction to Week 7 iLab: Error Notification via E-Mail
Click on the link above to view the tutorial.
Please watch this tutorial before beginning the iLab.
The tutorial has audio.
Deliverables
When you try to log in, if your user name is not Mickey, Minnie, or another user you added (that
is, if the user name is not found in tblUserLogin), then an e-mail should be sent to the address
recipient@recipientdomain.com. If the user attempts to bypass the login page by typing a page
name in the URL, your webapplicationshould redirect the user back to the login page. Once you
have verified that it works, save your project, zip up all files, and submit in the Dropbox.
NOTE: E-mails may be blocked due to firewalls, antivirus software, or evenInternet
serviceproviders that turned off SMTP because of some known security issues. If the code works
(does not produce an error when submitting), you will get full credit for this project even if no e-
mail message is actually transmitted. Consult with your instructor before submitting if an error
occurs or if no e-mail is generated, to be sure.
2. iLABSTEPS
STEP 1: Business Layer Functionality (10 points)
1. Open Microsoft Visual Studio.NET 2008.
2. Click the ASP.NET website named PayrollSystem to open it.
3. Create a new class called clsBusiness Layer.
4. Add the following code in the clsBusinessLayer class:
// **** Add the following at the top of the class file,
// Add your comments here
using System.Net.Mail;
//**** Add the following code inside the body of public class clsBusinessLayer ****
public static bool SendEmail(string Sender, string Recipient, string bcc, string cc,
string Subject, string Body)
{
try {
// Add your comments here
MailMessage MailMessage();
// Add your comments here
MailAddress(Sender);
// Add your comments here
MyMailMessage.To.Add(new MailAddress(Recipient));
// Add your comments here
if (bcc != null && bcc != string.Empty) {
// Add your comments here
3. MyMailMessage.Bcc.Add(new MailAddress(bcc));
}
// Add your comments here
if (cc != null && cc != string.Empty) {
// Add your comments here
MyMailMessage.CC.Add(new MailAddress(cc));
}
// Add your comments here
;
// Add your comments here
;
// Add your comments here
;
// Add your comments here
;
// Add your comments here
SmtpClient SmtpClient();
// Add your comments here
;
;
// Add your comments here
MySmtpClient.Send(MyMailMessage);
// Add your comments here
4. return true;
} catch (Exception ex) {
// Add your comments here
return false;
}
}
STEP 2: Integration (10 points)
5. Open the frmLogin web form code behind file and add the following code to the body of the
if (dsUserLogin.tblUserLogin.Count < 1) statement, just above the return statement:
// Add your comments here
// Add your comments here
if (clsBusinessLayer.SendEmail("youremail@yourdomain.com",
"receiver@receiverdomain.com", "", "", "Login Incorrect",
"The login failed for UserName: " + Login1.UserName +
" Password: " + Login1.Password))
{
+
" Your incorrect login information was sent to receiver@receiverdomain.com";
}
6.
NOTE: Change the youremail@yourdomain.com and receiver@receiverdomain.com to your e-
mail and someone else's e-mail for testing.
7. Optional: Perform this step only if you are doing this lab using Visual Studio 2008 installed
on your own computer, your computer has Internet Information Services (IIS) installed, and you
have administrative rights to IIS. If you are doing this lab using the iLab (Citrix) server, or if you
do not have access to IIS, skip to step 8.
5. Open IIS (Start > Control Panel > Administrative Tools > Internet Information Services),
navigate to the Default SMTP Virtual Server, right-click on it, and left-click on Properties.
Click on image to enlarge.
IIS Admin
8.
Click here for text description of this image.
9. Click the Access tab, then the Relay button, then Add, and add the IP 127.0.0.1. Click OK,
OK, and APPLY when finished.
Click on image to enlarge.
10.
Click here for text description of this image.
11. We have a security hole in our web application. If you start the web application by going to
the login page, you can bypass the login page by simply typing the name of a form in the URL
(try it). There is some limited protection because of the check we are doing for user role, but it
still allows a user to get to pages we don't want them to get to unless the role is set properly. Add
a security check in the Page_Load of each sensitive page (Manage Users, Add New Employee,
View User Activity, Edit Employees), check for the Session role item with a value of "A," and, if
the user is accessing these pages without the proper permissions, redirect back to the
frmLogin.aspx page.
12. This still leaves the possibility of a person bypassing the login page. We will fix that by
using forms authentication. Add the following to the web.config file. (There should already be an
authentication section – replace it with this.)
<authentication >
<forms />
</authentication>
<authorization >
<deny />
</authorization>
6. 13. This will redirect users to the login page if they have not yet gone through it for login. This
process will use a cookie – when the user successfully logs in in a cookie is set that allows the
user to go to other pages. If that cookie is not set then the user is redirected to the login page if
they try to go to any other page. Add the cookie code by adding this code in the frmLogin.aspx
C# code after each place that you have
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
14. Hints:
Make sure you reestablish your database connection if you copied the files from a previous lab.
Also, make sure to update the web.config file with the database connection string.
Update any DataSource controls you added with the new payroll database location.
When you manually try to go to a second page by skipping the login page, a cookie is set
specifying the name of the page you were attempting to go to. Once you login successfully,
ASP.Net will automatically attempt to navigate back to that page. You can reset the cookie so
that the next page is frmMain, as expected, by typing that page in the URL for the browser
before logging in.
Submit Final Lab (includes all previous lab assignments)
STEP 3: Test and Submit (10 points)
12. Run your project. When you try to log in, enter a user name that is not Mickey or Minnie
(i.e., a user name that is not found in tblUserLogin). An e-mail should be sent to the
recipient@recipientdomain.com e-mail address.
Test that frmMain reconfigures properly based on user role. Make sure the user cannot bypass
the login page.
Once you have verified that everything works, save your website, zip up all files, and submit in
the Dropbox.
NOTE: E-mails may be blocked due to firewalls, antivirus software, or even Internet service
providers that turned SMTP off because of some known security issues. If the code works (does
not produce an error when submitting), you will get full credit for this project even if no e-mail
message is actually transmitted. Consult with your instructor before submitting if an error occurs
or if no e-mail is generated. It is expected that no e-mail will be sent if you are using the DeVry
iLab (Citrix) server for this lab or if you were not able to configure IIS in step 7.
NOTE: Make sure you include comments in the code provided where specified (where the " //
Add your comments here" is mentioned), including code you wrote, or else a 5 point deduction
per item (form, class, function) will be made.
7. End Of week 7
*Course Project*
Project Description
The Course Project is simply the cumulative result of completing labs 1 through 7. In lab 1, you
will create a basic PayrollSystem Web application that represents a payroll processing website
for a company. Each subsequent lab will add more features to this application. By the time you
complete lab 7, you will have a finished Web application with a good deal of functionality. You
will be able to log into your application, enter personnel records to be stored in a database,
retrieve and display previously entered records, perform transactions, monitor user activity, and
send e-mail notifications of errors.
After you complete lab 7, but before submitting the project, you should thoroughly test all the
Web pages and the functionality added to the PayrollSystem website over all the labs. Also,
review the feedback you have received from your instructor on the previous labs, and correct any
deficiencies noted. After all problems have been fixed and everything from labs 1–7 works
correctly, simply zip up the entire PayrollSystem website after completing lab 7 and submit it as
your Course Project.
The following sections summarize the features you will add to the website each week. All of
these features should be present and working in the Course Project in order for you to receive
full credit.
See Syllabus/Assignments & Exams for due dates.
Week 1: "Annual Salary Calculator" ASP.NET Web Application
In this lab, you will create a simple ASP.NET Web application using Microsoft Visual Studio
2008 that displays the text "Hello, World" on the home page. You will also add a page and build
an Annual Salary Calculator on that page. This will be used as the foundation for all subsequent
labs.
Week 2: User Input Web Pages
In this lab, you will create an ASP.NET Web application main form containing a list of
hyperlinks and images. You will also add a form with five text boxes and a Submit button. You
will use the form to send information to a second form (which you will also create), where data
from the first form will be displayed so it can be verified by the user.
Week 3: User Activity Monitoring
In this lab, you will save user activity data in a database. A record of each user's IP address and
the current date and time will be created whenever a user visits the Personnel form. You will be
8. able to view a list of all previous user activity records. You will add validation to the form added
in Week 2 to validate the user input.
Week 4: Web Forms with Database Interaction
In this lab, you will start with the form created in Week 2 and add functionality to INSERT
records into a database table and SELECT records for display to the user. You will also add a
search feature to search for records to display.
Week 5: Transaction Processing
In this lab, you will add transaction processing to the database INSERT functionality from the
previous week to make it operate more reliably. Changes to the database will be committed
(made permanent) only if all operations in a transaction are completed successfully. If any
operation in a transaction fails, the entire transaction will be rolled back (undone) so that the
database is left in its original state. This prevents storing incomplete or inconsistent information
in the database when an error occurs. You will add client side validation controls. You will also
add an editable list of database records that will allow the user to view, update, and delete
employee records.
Week 6: Login and Security Levels
In this lab, you will create a login form, use the login control, validate a user based on the login
name and password, and allow access to the system if it's authorized or prevent the user from
accessing the system if unauthorized. You will add the ability to add new users, modify existing
users, delete users, and view all users.
Week 7: Error Notification Via E-Mail
In this lab, you will incorporate error handling into the login process so that a notice of each
invalid login attempt is automatically e-mailed to the technical support staff. You will add
additional security features to make the Web application more secure. You will also add security
logic to specific forms in the Web application.
NOTE: Make sure you include comments in the code provided where specified (where the " //
Your comments here" is mentioned); also, any code you write needs to be properly commented,
or else a five point deduction per item (form, class, function) will be made.
Mickey Mouse (Admin)
Click on image to enlarge.
frmMain After Mickey Login
Click here for text description of this image.