Scenario Summary: This Week's Lab - Create A Login Form

Scenariosummaryin This Weeks Lab We Will Create A Login Form Valid

In this week's lab, we will create a login form, validate a user based on their login name and password, and allow them to access the system or not. We will assign a session variable to determine the user's level of security and allow certain functions to be displayed or not displayed in the existing frmPersonnel form depending on the assigned security level. The objective is to implement role-based access control within a web application that connects to a database, ensuring appropriate user privileges based on login credentials.

The primary deliverables involve setting up a login interface, verifying users against a database, and managing user access levels, including the ability for administrators to add, modify, or delete user accounts. The system will use a SQLDataSource control for database connections, referencing the connection string stored in the web.config file to streamline connectivity. Additionally, the project involves modifying existing forms to show or hide functionality based on the user’s security level, and creating a Manage Users form for user administration.

This implementation requires that after users log in, access to various system functions is restricted according to their assigned roles ("A" for admin, "U" for user). The login process involves checking credentials in the tblUserLogin database and assigning a security level to the session. The main form's links and options will dynamically adjust visibility. Administrators will have rights to manage users through a dedicated form, which allows adding new users, updating existing users, and deleting users, all stored and retrieved from the same database.

Paper For Above instruction

Implementing role-based authentication and authorization in web applications is critical for maintaining security and ensuring that users only access permissible functionalities. This paper discusses the process of creating a login form, validating users, managing user roles, and controlling UI elements based on user privileges within an ASP.NET web application connected to a Microsoft Access database.

The first step involves preparing the user login database. The tblUserLogin table must have a primary key on UserID to facilitate modifications such as add, update, or delete user records in the future. Using Microsoft Access, developers are instructed to set the primary key and save changes before proceeding to the Visual Studio environment. Establishing the database connection via the web.config file streamlines database interactions, avoiding multiple connection instances and simplifying configuration management.

Within Visual Studio, a new Web Form named frmLogin is created. The form includes the application logo and a Login control, configured to navigate to the main page upon successful authentication. The login control's properties are set to display instructions, and the form's design is centered and styled for clarity. Once the form is ready, it is set as the start page, and testing begins to ensure proper layout and function.

Next, the core logic for user validation is implemented in the code-behind. The developers create a dataset named dsUser that maps to the tblUserLogin table. A static method VerifyUser in clsDataLayer class performs database querying, verifying the input username and password against stored credentials. It constructs a database connection string referencing the connection string in web.config, uses an OleDbDataAdapter to fetch the security level corresponding to the user, and returns the dataset containing the user's security information.

During login, the Authenticate event handler of the Login control invokes VerifyUser. If no matching user is found, authentication fails. Otherwise, the system reads the security level ("A" for admin, "U" for user), stores it in the session, and grants access accordingly. According to the user role, different UI elements on the main page are enabled or disabled; for example, only administrators see options like "Add New Employee" and "Edit Employees," while regular users see a limited set of features such as "Salary Calculator" and "Search."

Further, a Manage Users form (frmManageUsers) is developed to provide user administration functionalities. This form includes controls for adding new users, updating and deleting existing users, and displaying all users in a grid view. A method SaveUser in clsDataLayer handles inserting new user records into the database. When a new user is added, the grid view refreshes to display the latest data. The form uses dropdown lists to select user roles and input controls for credentials, ensuring consistent data entry.

The system also incorporates security checks on form load events, especially for sensitive pages such as frmPersonnel. These checks hide or show buttons like "Submit," depending on the user's security level stored in the session. The entire setup emphasizes maintainability—using control IDs that reflect their purpose, centralized connection strings, and comprehensive comments in code to facilitate understanding and future modifications.

Throughout the testing phase, a user attempts logging in with valid credentials for both Mickey (admin) and Minnie (regular user). The application correctly renders UI components based on roles, restricts access to privileged functions, and allows the administrator to manage users effectively. Once tested, all files are zipped for submission, with proper documentation and comments to satisfy coding standards.

References

• Albahari, J., & Albahari, B. (2012). C# 5.0 in a Nutshell: The Definitive Reference. O'Reilly Media.
• Garrett, J. J. (2010). The Elements of User Experience: User-Centered Design for the Web and Beyond. New Riders.
• Harper, R. (2013). Beginning ASP.NET 4.5 in VB and C#: From Novice to Professional. Apress.
• Khan, S. (2017). Practical ASP.NET Web Forms. Packt Publishing.
• Lee, A. (2011). Programming ASP.NET MVC 4. O'Reilly Media.
• Mitchell, C. M. (2012). Database Design for Mere Mortals: A Hands-On Guide to Relational Database Design. Addison-Wesley.
• Saul, L. (2013). Building Secure ASP.NET MVC 4 Applications. Apress.
• Stewart, J. (2016). Access 2016 Programming by Example with VBA, XML, and ASP. Pearson.
• Wexler, P., & McGaharan, P. (2014). Professional ASP.NET Web API. Wrox Press.
• Yin, R. K. (2018). Case Study Research and Applications: Design and Methods. Sage Publications.