sse698.Roles

Roles and Restrictions
Roles are used to separate different types of users of website. Each role can used to restrict or grant access to different pages within an website. I created two different roles for my website: an admin role and an user role.

User Role
A "user" is defined as anyone that signs up on the website; basically, customers. A user is restricted from getting into any of the pages that are contained inside the Admin folder (see below). When user signs into through the CompRepair.aspx page, will be directed to the MemberHome.aspx page. If user tries to "fat-finger" a website in the Admin folder, they are denied access. The MemberHome page (seen below) is where a request is submitted. If the submission experience no errors during the database access and e-mailing the user, the user is redirect to the SubmitSuccess.aspx page (below).

If an error occurs the user is redirect to the SubmissionError.aspx page (below). This code is embedded in the MemberHome.aspx.cs file. The action is keyed off the SubmitButton_Click event.The entire class is shown below for completeness, but the e-mail section will be described in the section section of this report. code format="csharp" namespace timbarnesengineering.ComputerRepair {

public partial class MemberHome : System.Web.UI.Page {       string connectionString = "Data Source=barnessql.db.6213163.hostedresource.com; Initial Catalog=barnessql; User ID=#######; Password='#######';"; protected void Page_Load(object sender, EventArgs e)       {

}

protected void SubmitButton_Click(object sender, EventArgs e)       { string subject = SubjectTB.Text; string body = BodyTB.Text; string phone = PhoneTB.Text; string username = User.Identity.Name;

try {               SqlConnection connection = new SqlConnection(connectionString); string query = "INSERT INTO ComputerSubmissions (UserName, Subject, Body, Phone, DateSubmitted)" + " VALUES('" + username + "', '" + subject + "', '" + body + "', '" + phone + "', '" + DateTime.Now + "')"; SqlCommand command = new SqlCommand(query, connection); connection.Open; command.ExecuteNonQuery; connection.Close;

SendEmailToUser(username, subject, body);

Response.Redirect("~/ComputerRepair/Users/SubmitSuccess.aspx"); }           catch {               Response.Redirect("~/ComputerRepair/Users/SubmissionError.aspx"); }       }

private void SendEmailToUser(string username, string subject, string body) {           string emailAddress = GetEMailAddress(username);

MailMessage message = new MailMessage; message.From = new MailAddress("webmaster@timbarnesengineering.com"); message.Bcc.Add(new MailAddress("webmaster@timbarnesengineering.com")); message.To.Add(new MailAddress(emailAddress)); message.Subject = "TimBarnesEngineering Automated Response"; message.Body = "TimBarnesEngineering has recieved your Computer Inquiry regarding:\n\n " + subject + " at " + DateTime.Now + "\n" + "Your business is important to us and we will respond back to you as soon as possible.\n\n" + "Your message: \n" + body + "\n\n Thanks your business"; SmtpClient smtp = new SmtpClient("smtp.1and1.com", 587); smtp.Credentials = new System.Net.NetworkCredential("#######", "#######"); smtp.Send(message);

}

private string GetEMailAddress(string username) {           string email = ""; SqlConnection connection = new SqlConnection(connectionString); string query = "SELECT aspnet_Membership.Email FROM aspnet_Membership INNER JOIN aspnet_Users " + "ON aspnet_Membership.UserId = aspnet_Users.UserId WHERE (aspnet_Users.UserName = '" + username + "')"; SqlCommand command = new SqlCommand(query,           SqlDataReader reader = null; connection);

connection.Open; reader = command.ExecuteReader; while (reader.Read) {               email = reader[0].ToString; }           connection.Close; return email; }

} } code

Admin Role
The Admin role was created to give a access to the data in the database and to keep everyone else away from the same data. When I sign in with my admin account, I get directed to the AdminHome.aspx page instead of the MemberHome.aspx page. The AdminHome.aspx page (below) contains two links to a Users.aspx page and Submissions.aspx page. Each page was created by dragging the desired SQL table into the content container in the design view of Visual Studio. This action automatically creates the SQL commands to retrieve, edit, or delete any of the data in the form. This is a very nice feature in ASP .NET, which saves the developer a lot of time. There are many options on how and what is displayed on the final page by using a pop-up wizard (below). The final display of the Users.aspx and Submissions.aspx pages are shown below. This allows me to modify the database via the web and not a SQL Management tool.