L23 - 6. Security and Reliability Forms_1

L23 - 6. Security and Reliability Forms_1 - Case Study:...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Case Study: Using Integrated Windows Security System Without creating your own security mechanism, you can use Windows access control mechanism Partly from: Jeff Prosise, Programming Microsoft .Net, Core Reference, Microsoft Press.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Y. Chen 2 Case Study: Programming the Security CorpNet: A Web Application models a simple corporate Intranet application; It uses Windows authentication and program the authorization in C# to restrict access; General.aspx , which provides general information about the company; Anyone can see this page . Salaries.aspx , which lists the salary of the employee; Restricted access. Duties.aspx , which accesses the Duties.xml file; Restricted access. Duties.xml , which lists the current employee duties. Restricted access to outsider. Web.config file
Background image of page 2
Y. Chen 3 General.aspx File <%@ Page Language="C#" %> <html> <body> <h1>Welcome to CorpNet!</h1> <hr> Welcome to the corporate intranet! We don't have a lot to offer right now, but check back in a few days and we'll have information regarding the massive layoff that has been the subject of so many rumors. Do remember, though, that we're watching you all the time. We even know who you are because you had to provide a user name and password to see this page. To prove it, your user name is shown below.<br> <h3> <% if (User.Identity.IsAuthenticated) Response.Write (User.Identity.Name); %> </h3> </body> </html> Call Windows authorization mechanism based on the Windows accounts What Web computing model is used (A)Client side scripting (B)Server-side scripting (C)Server-side code behind page
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Y. Chen 4 Salaries.aspx File: Authorization Control <%@ Page Language="C#" %> <html> <body> <h1>Salaries</h1> <hr> <% if (!User.Identity.IsAuthenticated) Response.Write ("Sorry, but no salary information " + "is available for unauthenticated users."); else { if (User.Identity.Name.IndexOf ("Jeff") != -1) Response.Write ("Jeff's salary is $650,000."); else if (User.Identity.Name.IndexOf ("John") != -1) Response.Write ("John's salary is $60,000."); else if (User.Identity.Name.IndexOf ("Bob") != -1) Response.Write ("Bob's salary is $30,000."); else if (User.Identity.Name.IndexOf ("Alice") != -1) Response.Write ("Alice's salary is $70,000."); else if (User.Identity.Name.IndexOf ("Mary") != -1) Response.Write ("Mary's salary is $45,000."); else Response.Write ("No salary information is available for " + User.Identity.Name); } %> </body> </html> To test the program, you may change one of the names, e,g., jeff, to your own login name on your computer. When the login window pops up, you can type your own login name and password Use this piece of C# script to define the access privilege of each user.
Background image of page 4
Y. Chen 5 Duties.aspx File <%@ Import Namespace="System.Data" %> <html> <body> <asp:DataGrid ID="MyDataGrid" Width="40%" RunAt="server" /> <asp:Label ID="Output" RunAt="server" /> </body> </html> <script language="C#" runat="server"> void Page_Load (Object sender, EventArgs e) {
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 46

L23 - 6. Security and Reliability Forms_1 - Case Study:...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online