FIT5032 week8 Lecture.pdf - FIT5032 Internet Applications Development Week 8 Chris Messom and ABM Russel Caulfield Campus Lecture Overview 1 Review week

FIT5032 week8 Lecture.pdf - FIT5032 Internet Applications...

This preview shows page 1 - 12 out of 63 pages.

FIT5032 Internet Applications Development : Week 8 Chris Messom and ABM Russel Caulfield Campus
Image of page 1
Lecture Overview 1. Review week 7 material 2. Sending Email with ASP.NET 3. Accessing the Web Server File System 4. SignalR
Image of page 2
3 Unit Schedule Week Activities Assessment 0 No formal assessment or activities are undertaken in week 0 1 Intro to Web development and ASP.Net Note: Tutorial/Studio classes commence in Week 1 2 The front end, user experience and accessibility 3 Introduction to C# 4 Entity Framework 5 Fundamentals of Client side Javascript First draft of Application code and design report due for Feedback 6 Validation 7 Security and Microsoft Identity 8 Sending Email, File Upload and Signal R Second draft of Application code and design report due for Feedback 9 Web Optimisations 10 Modern JavaScript Web Development Approaches Third draft of Application code and design report due for Feedback 11 Testing, Deployment and Evolution 12 Revision SWOT VAC No formal assessment is undertaken in SWOT VAC Examination period LINK to Assessment Policy:- bank/academic/education/assessment/assessment-in-coursework- policy.html
Image of page 3
4 § Almost all real world web applications require users to log in to the website to use more than the basic functionality. § Require usernames and passwords § Some applications use role based authentication administrator roles, user roles etc § Security and account information stored on file system or database Log In Concepts
Image of page 4
5 § ASP.Net MVC application Can auto-generate applications with log in functionality § Basic ASP.Net MVC application with users § register § interact with public areas before log in § interact with private areas after log in Log In Systems for ASP.Net MVC
Image of page 5
6 § An Action (e.g. from the HomeController) can be restricted to logged in users Use the [Authorize] annotation [Authorize] public ActionResult Contact () { ViewBag.Message = "Your contact page."; return View(); } Now the user must log in to access the Contact action Securing an Action
Image of page 6
7 § Smaller sections secured adding the "[Authorize] " annotation to the action. § Secured controller, can have unsecured action "[AllowAnonymous] " annotation for that action. Securing/Unsecuring Actions
Image of page 7
8 § Application (controllers and actions) secured using the roles defined for the application (in the AspNetRoles table) § Use '[Authorize(Roles = "Administrator")] name of the roles are your choice. Securing Controllers/Actions based on roles
Image of page 8
9 § Selecting/Viewing items owned by log in user ASP.Net MVC allows us to access the currently logged in user: using Microsoft.AspNet.Identity; ...... string currentUserId = User.Identity.GetUserId() ; ..... Allowing Access to Own Data (Only)
Image of page 9
10 § User id to select just the items that are created by the user (for viewing in the index view.) // GET: Articles public ActionResult IndexUserNames() { //return View(db.Articles.ToList()); string currentUserId = User.Identity.GetUserId() ; return View(db.Articles. Where(m=> m.AuthorId == currentUserId) .ToList()); } Selecting/Viewing items owned by log in user (Part 2)
Image of page 10
11 § Only the users own data is shown Selecting/Viewing items owned by log in user (Part 3)
Image of page 11
Image of page 12

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture