Click here to Skip to main content
12,070,030 members (60,823 online)
Click here to Skip to main content

Stats

108.4K views
2.4K downloads
47 bookmarked
Posted

SWAT - A simple Web-based Anomalies Tracker - Part 3

, 22 Jun 2003 CPOL
An account of my experience in learning to develop in the .NET environment.
swatpart3_source.zip
Toolbar_Bugs_hover.gif
Toolbar_Help.gif
Toolbar_Help_hover.gif
Toolbar_Home.gif
Toolbar_Home_hover.gif
Toolbar_Logout.gif
Toolbar_Logout_hover.gif
Toolbar_Report.gif
Toolbar_Report_hover.gif
Toolbar_System.gif
Toolbar_System_hover.gif
Global.asax
swat.gif
Swat.csproj.webinfo
Swat.vsdisco
Swat_Bugs.gif
Swat_Modules.gif
Swat_Projects.gif
Swat_Users.gif
SwatLogon.gif
Toolbar_Admin.gif
Toolbar_Admin_hover.gif
Toolbar_Analyze.gif
Toolbar_Analyze_hover.gif
Toolbar_Background.gif
Toolbar_Bugs.gif
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Web.Security;

namespace Swat
{
	/// <summary>
	/// Summary description for WebForm1.
	/// </summary>
	public enum AccessPrivilege
	{
		Developer = 1,
		Administrator = 2,
		Manager = 4
	}
	public class SwatLogon : System.Web.UI.Page
	{
		protected System.Web.UI.WebControls.TextBox txtUserName;
		protected System.Web.UI.WebControls.TextBox txtPassword;
		protected System.Web.UI.WebControls.Button btnConnect;
		protected System.Web.UI.WebControls.Label lblError;
	
		private void Page_Load(object sender, System.EventArgs e)
		{
			// Put user code to initialize the page here
		}

		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{    
			this.btnConnect.Click += new System.EventHandler(this.btnConnect_Click);
			this.Load += new System.EventHandler(this.Page_Load);

		}
		#endregion

		private void btnConnect_Click(object sender, System.EventArgs e)
		{
			SqlConnection cnn;
			SqlDataReader dr;
			string strRedirect = "";
			int nUserID = 0;
			int nRoles = 0;
			//Empty database check. If there are no users defined it
			//means it's a new installation.
			//We allow 'Admin' as the user only if the database is empty
			string ConnectionString = "user id=ASPNET;password=;initial catalog=swatbugs;data source=localhost;Integrated Security=false;connect timeout=30;";
			cnn = new SqlConnection(ConnectionString);
			cnn.Open();
			SqlCommand cmd = cnn.CreateCommand();
			if (txtUserName.Text == "admin")
			{
				//Check to see if the db is empty
				cmd.CommandText = "SWATGetAllUsers";
				cmd.CommandType = CommandType.StoredProcedure;
				dr = cmd.ExecuteReader();
				if(dr.Read() == false)
				{
					nUserID = 0;	//It doesn't matter only admin page
					//will be available
					nRoles = (int)AccessPrivilege.Administrator;
					strRedirect = "SwatMain.aspx";
				}
				dr.Close();
			}
			if (strRedirect.Length == 0)
			{
				cmd.CommandText = "SWATGetUser";
				cmd.CommandType = CommandType.StoredProcedure;
				// Fill our parameters
				cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = txtUserName.Text;
				cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value = txtPassword.Text;
				dr = cmd.ExecuteReader();
				if(dr.Read())
				{
					nUserID = (int)dr["id"];
					if (dr["roles"] != System.DBNull.Value)
					{
						nRoles = System.Convert.ToInt16(dr["roles"]);
						strRedirect = "SwatMain.aspx";
					}
				}
			}			
			cnn.Close();
			if (strRedirect.Length != 0)
			{
				FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(
					1, //Ticket version
					txtUserName.Text, //User name associated with ticket
					DateTime.Now,	//When ticket was issued
					DateTime.Now.AddMinutes(30),	//When ticket expires
					true,	//A persistent ticket
					nRoles.ToString(),	//The user's role
					FormsAuthentication.FormsCookiePath);	//Path cookie valid for
				//Hash the cookie
				string hash = FormsAuthentication.Encrypt(tkt);
				HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
				//Add cookie to the response
				Response.Cookies.Add(ck);
				Response.Cookies["UserID"].Value = nUserID.ToString();
				Response.Cookies["UserID"].Expires = DateTime.MaxValue;
				Response.Cookies["Roles"].Value = nRoles.ToString();
				Response.Cookies["Roles"].Expires = DateTime.MaxValue;
				Response.Redirect(strRedirect, true);
			}
			else
			{
				lblError.Text = "Invalid logon credentials";
			}
		
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Al Alberto
Software Developer (Senior)
United States United States
No Biography provided

You may also be interested in...

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.160208.1 | Last Updated 23 Jun 2003
Article Copyright 2003 by Al Alberto
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid