Adding a Login Page
Security under ASP.NET is a fairly large topic, and it’s certainly not my intention to cover it here. However, in order to add security pages to the application, we must understand that security works at the application level, not on a page-by-page basis. This means that we have to create a secure area in a separate directory (I called it secure), and mark this directory as an application using the IIS administration tool. Into this new directory we add a login page, picked from the Security templates, which are available from the New Item dialog: The code that Web Matrix generates for this page is extremely simple: Sub LoginBtn_Click(Sender As Object, E As EventArgs) If Page.IsValid Then If (UserName.Text = « jdoe@somewhere.com ») And _ (UserPass.Text = « password ») Then FormsAuthentication.RedirectFromLoginPage(UserName.Text, true) Else Msg.Text = « Invalid Credentials: Please try again » End If End If End Sub This event handler uses a fixed name and password, so we’ll need to customize it: Sub LoginBtn_Click(Sender As Object, E As EventArgs) If Page.IsValid Then If FormsAuthentication.Authenticate(UserName.Text, UserPass.Text) Then FormsAuthentication.RedirectFromLoginPage(UserName.Text, true) Else Msg.Text = « Invalid Credentials: Please try again » End If End If End Sub Here we’re just taking the details from the screen and passing them into the Authenticate method. How the authentication takes place depends on how the security is configured. This configuration is done using the application configuration file (named web.config), so we add a web.config file to our secure area, using the one provided in the Security templates. The default web.config template contains all of the possible sections commented out, so you don’t have to head to the documentation to look up the details. There are several ways in which we could set the configuration, but we’ll use the simplest; we’ll store the user names and passwords in the credentials section:
Master – Details Grid
Web Matrix has many other template pages that help reduce the amount of code we have to write, although they’ll often require a small amount of customization before they fit our needs exactly. For example, consider a page that shows all of the orders and order details; we could use the Master – Detail Grids template for such a page: We only have to change a few lines of code in this page to get it to do what we want. In the BindMasterGrid procedure, there are two lines that we need to modify (I’ve split them over multiple lines to make it easier to read):Dim ConnectionString As String = « server=(local);database=pubs; » & _ « Integrated Security=SSPI »Dim CommandText As String = « select au_lname as [Last Name], » & _ « au_fname as [First Name], Address, City, » & _ « State from Authors order by [Last Name] »We change these lines to:Dim ConnectionString As String = « server=(local);database=AlandDave; » & _ » Trusted_Connection=true « Dim CommandText As String = « select * from PPQOrders order by OrderDate »We also need to make a small modification to the DataGrid definition; we need to change theDataKeyField property from Last Name to OrderID:<asp:datagrid id= »MasterGrid » DataKeyField= »OrderID » . . .This change can be done either in HTML view, or via the Properties box in Design view.We also need to modify a few lines in the BindDetailGrid procedure. We need to changethis:‘ TODO: update the ConnectionString value for your applicationDim ConnectionString As String = « server=(local);database=pubs; » & _ « Integrated Security=SSPI »‘ TODO: update the CommandText value for your applicationDim filterValue As String = _ CStr(MasterGrid.DataKeys(MasterGrid.SelectedIndex)).Replace(« ‘ », » » »)Dim CommandText As String = « select title as Title, price as Price, » & _ « ytd_sales as [YTD Sales] from titleview » & _ « where au_lname = ‘ » & filterValue & « ‘ »To this:Dim ConnectionString As String = « server=(local);database=AlandDave; » & _ » Trusted_Connection=true « Dim filterValue As String = CStr(MasterGrid.DataKeys(MasterGrid.SelectedIndex))Dim CommandText As String = « select Item, Quantity, Cost » & _ « from PPQOrderItems where fkOrderID= » & filterValue
Télécharger le document complet
