Export (0) Print
Expand All

Logon

Visual Studio .NET 2003

Before a user can either manage an account or make a purchase, he or she must log on to Duwamish 7.0 using a familiar logon process. The Logon page uses ASP.NET forms-based authentication to validate users who supply a unique e-mail alias and a password. A user who has not established an account can create one by clicking the New Customer button. For details on creating a new account, see Account Management.

Implementation

The Logon page uses the following ASP.NET file and C# or Visual Basic .NET code-behind files:

Process Overview

The logon process is initiated in the Web layer. A user enters an e-mail address and password (credentials) and then clicks the Logon button, which calls the Duwamish7.Web.Logon.LogonButton_Click method. Next, the Duwamish7.Web.Logon.LogonButton_Click method creates a hash representation of the password and passes the credentials to the Business Facade layer's Duwamish7.BusinessFacade.CustomerSystem.GetCustomerByEmail method. Next the Duwamish7.DataAccess.Customers.LoadCustomerByEmail method calls the Data Access layer, which in turn calls the GetCustomerByEmail stored procedure (SPROC). The hashed password is then verified against the salted hashed password retrieved from the database via the ComparePasswords method. If the credentials are valid, the customer account information is stored successfully into the Cart object and ASP.NET Forms Authentication validates the credentials via the pageBase class ShoppingCart.Customer() property. If the credentials are not valid, the MismatchLabel is set to visible, which displays the following on the ASP.NET page: 'Invalid email address or password- please try again'.

Note   For further information on salting and hashing passwords, see Password Credential Protection.

To find source code that applies to specific layers in this topic, click the appropriate link:

Business Facade Source Code | Data Access Source Code | SPROC

Web Source Code

The default location for the Duwamish7.Web.Logon.LogonButton_Click method source code is the [Drive letter where Visual Studio .NET is installed]:\Program Files\Microsoft Visual Studio .NET 2003\Enterprise Samples\Duwamish 7.0 CS\Web\Secure\Logon.aspx.cs file.

Note   If the Visual Basic .NET version is installed, Duwamish 7.0 VB replaces Duwamish 7.0 CS in the path, the file name is the same, and the extension is vb rather than cs.

Duwamish7.Web.Logon.LogonButton_Click method:

[C#]
/// <summary>
///     Validates a logon attempt  saves off the customer account information.
///     <param name="sender">The source of the event.</param>
///     <param name="e">An EventArgs that contains the event data.</param>
/// </summary>
public void LogonButton_Click(Object sender, EventArgs e)
{
    CustomerData custData;

    //
    // Check the Email and Password
    //
    MismatchLabel.Visible = false;

    //Validator controls make sure Email and Password exist
    if (!Page.IsValid)
    {
        return;
    }
    
    //
    // Check for already logged on
    //
    if (logonCustomerData != null)
    {
        ShowPanel(LogonPanel, false);
        ShowPanel(DetailsPanel, false);
        ShowPanel(CreatedPanel, false);
        ShowPanel(LoggedOnPanel, true);
        ViewState["target"] = "logon";
        return;
    }

    //
    // Ensure the right panel == visible
    //
    ShowPanel(LogonPanel, true);
    ShowPanel(LoggedOnPanel, false);
    ShowPanel(DetailsPanel, false);
    ShowPanel(CreatedPanel, false);

    //
    // Check the Email and Password combination
    //
    SHA1 sha1 = SHA1.Create();
    byte [] password = sha1.ComputeHash(Encoding.Unicode.GetBytes(LogonPasswordTextBox.Text));

    custData = (new CustomerSystem()).GetCustomerByEmail(LogonEmailTextBox.Text, password);            
    if (custData != null)   //were they valid?
    {
        //
        // 1. Update customer in session.
        // 2. Update customer in cart. 
        //
        base.Customer = custData;
        base.ShoppingCart().Customer = custData;
        FormsAuthentication.RedirectFromLoginPage("*", false);
    }
    else
    {
        MismatchLabel.Visible = true;
    }        
}
[Visual Basic .NET]
'----------------------------------------------------------------
' Sub LogonButton_Click:
'   Validates a logon attempt then saves off the customer account information.
' Parameters:
'   [in] sender: Standard onlcick parameter for the sending object
'   [in] e: Standard click parameter for the event arguments
'----------------------------------------------------------------
Private Sub LogonButton_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
    Dim custData As CustomerData

    '
    ' Check the Email and Password
    '
    MismatchLabel.Visible = False

    '
    'Validator controls make sure Email and Password exist
    '
    If Not Page.IsValid Then 
        Return
    End If
    
    '
    ' Check for already logged on
    '
    If Not logonCustomerData Is Nothing Then
        ShowPanel(LogonPanel, False)
        ShowPanel(DetailsPanel, False)
        ShowPanel(CreatedPanel, False)
        ShowPanel(LoggedOnPanel, True)
        Me.ViewState("target") = "logon"
        Exit Sub
    End If
    '
    ' Ensure the right panel is visible
    '
    ShowPanel(LogonPanel, True)
    ShowPanel(LoggedOnPanel, False)
    ShowPanel(DetailsPanel, False)
    ShowPanel(CreatedPanel, False)
                
    '
    ' Check the Email and Password combination
    ' 
    With New CustomerSystem()
         ' <A href=viewsource.aspx?Title=CustomerSystem.vb&FilePath=../Business/Facade/CustomerSystem.vb>CustomerSystem.GetCustomerByEmail()</A>
         Dim sha1 As SHA1 = SHA1.Create()
         Dim password As byte() = sha1.ComputeHash(Encoding.Unicode.GetBytes(LogonPasswordTextBox.Text))

         custData = .GetCustomerByEmail(LogonEmailTextBox.Text, password)
    End With
    If Not custData Is Nothing Then  'were they valid?
        '
        ' 1. Update customer in session.
        ' 2. Update customer in cart. 
        '
        MyBase.Customer = custData
        MyBase.ShoppingCart.Customer = custData
        FormsAuthentication.RedirectFromLoginPage("*",false)
    Else
        MismatchLabel.Visible = True
    End If        
End Sub

Business Facade Source Code

The default location for the Duwamish7.BusinessFacade.CustomerSystem.GetCustomerByEmail method source code is the [Drive letter where Visual Studio .NET is installed]:\Program Files\Microsoft Visual Studio .NET 2003\Enterprise Samples\Duwamish 7.0 CS\Business\Facade\CustomerSystem.cs file.

Note   If the Visual Basic .NET version is installed, Duwamish 7.0 VB replaces Duwamish 7.0 CS in the path, the file name is the same, and the extension is vb rather than cs.

Duwamish7.BusinessFacade.CustomerSystem.GetCustomerByEmail method:

[C#]
/// <summary>
///     Retrieve a customer given the customer's email and password.
///     <param name="emailAddress">Customer's email address.</param>
///     <param name="password">Customer's account password.</param>
///     <retvalue>The customer or null.</retvalue>
///     <exception> class='System.ApplicationException'>
///         The emailAddress or password is blank.
///     </exception>
/// </summary>
public CustomerData GetCustomerByEmail(String emailAddress, byte [] password)
{
   //
   // Check preconditions
   //
   ApplicationAssert.CheckCondition(emailAddress != String.Empty, "Email address is required", ApplicationAssert.LineNumber);
   ApplicationAssert.CheckCondition(password.Length != 0, "Password is required", ApplicationAssert.LineNumber);
   //
   // Get the customer dataSet
   //
   CustomerData dataSet;
   using (DataAccess.Customers customersDataAccess = new DataAccess.Customers())
   {
      dataSet = customersDataAccess.LoadCustomerByEmail(emailAddress);
   }
   //    
   // Verify the customer's password
   //
   DataRowCollection rows = dataSet.Tables[CustomerData.CUSTOMERS_TABLE].Rows;

   if ( ( rows.Count == 1 ))
   {
      byte [] dbPassword = (byte[])rows[0][CustomerData.PASSWORD_FIELD];

      if (ComparePasswords (dbPassword, password))
         return dataSet;
      else
         return null;
   }
   else
      return null;
[Visual Basic .NET]
'----------------------------------------------------------------
' Function GetCustomerByEmail:
'   Retrieve a customer given the customer's email and password.
' Returns:
'   The customer or Nothing
' Parameters:
'   [in]  emailAddress: Customer's email address
'   [in]  password: Customer's account password
' Throws:
'   PreConditionException
' PreConditions:
'   emailAddress or password is blank
'----------------------------------------------------------------
Public Function GetCustomerByEmail(ByVal emailAddress As String, ByVal password As byte()) As CustomerData
    
    '
    ' Check preconditions
    '
    ApplicationAssert.CheckCondition( Len(emailAddress) > 0, "Email address is required", ApplicationAssert.LineNumber)
    ApplicationAssert.CheckCondition( password.Length > 0, "Password is required", ApplicationAssert.LineNumber)
    
    Dim dataSet As CustomerData ' used manipulate CustomerData
    
    '  
    ' Get the customer dataSet
    '
    With New DataAccess.Customers
         dataSet = .LoadCustomerByEmail(emailAddress)
    End With 

    '
    ' Verify the customer's password
    '
    With dataSet.Tables(CustomerData.CUSTOMERS_TABLE).Rows
        If (.Count = 1)  Then
            Dim dbPassword As byte() 
            dbPassword = CType(.Item(0).Item(CustomerData.PASSWORD_FIELD), byte())
            If (ComparePasswords(dbPassword, password)) Then
                GetCustomerByEmail = dataSet
            End If
        End If
    End With
    
End Function

Data Access Source Code

The default location for the Duwamish7.DataAccess.Customers.LoadCustomerByEmail method source code is the [Drive letter where Visual Studio .NET is installed]:\Program Files\Microsoft Visual Studio .NET 2003\Enterprise Samples\Duwamish 7.0 CS\DataAccess\Customers.cs file.

Note   If the Visual Basic .NET version is installed, Duwamish 7.0 VB replaces Duwamish 7.0 CS in the path, the file name is the same, and the extension is vb rather than cs.

Duwamish7.DataAccess.Customers.LoadCustomerByEmail method:

[C#]
/// <summary>
///     Retrieves the customer with the provided email address.
///     <param name="emailAddress">Email address for customer.</param>
///     <retvalue>CustomerData, a dataset containing detailed customer information.</retvalue>
/// </summary>
public CustomerData LoadCustomerByEmail(String emailAddress)
{
    if ( dsCommand == null )
    {
        throw new System.ObjectDisposedException( GetType().FullName );
    }            
    CustomerData data = new CustomerData();
    //
    // Get the load command
    //
    dsCommand.SelectCommand = GetLoadCommand();
    dsCommand.SelectCommand.Parameters[EMAIL_PARM].Value = emailAddress;

    dsCommand.Fill(data);
    //
    // Check post conditions
    //        
    ApplicationAssert.CheckCondition(data.Tables[CustomerData.CUSTOMERS_TABLE].Rows.Count <= 1, "Integrity Failure: non-unique e-mail address", ApplicationAssert.LineNumber);
    
    return data;
}
[Visual Basic .NET]
'----------------------------------------------------------------
' Function LoadCustomerByEmail:
'   Retrieves the customer with the provided email address.
' Returns:
'   CustomerData, a dataset containing detailed customer information.
' Parameters:
'   [in]  emailAddress: Email address for customer
'----------------------------------------------------------------
Public Function LoadCustomerByEmail(ByVal emailAddress As String) As CustomerData
    Dim data As New CustomerData

    With dsCommand
        Try
            .SelectCommand = GetLoadCommand
            .SelectCommand.Parameters(EMAIL_PARM).Value = emailAddress
            .Fill(data)
        Finally
            If Not .SelectCommand Is Nothing Then
                If Not .SelectCommand.Connection Is Nothing Then
                    .SelectCommand.Connection.Dispose()
                End If
                .SelectCommand.Dispose()
            End If
            .Dispose()
        End Try
    End With
    '
    ' Check post conditions
    '        
    ApplicationAssert.CheckCondition(data.Tables(CustomerData.CUSTOMERS_TABLE).Rows.Count <= 1, "Integrity Failure: non-unique e-mail address", ApplicationAssert.LineNumber)
    

    
    LoadCustomerByEmail = data
End Function

SPROC

The default location for the SQL stored procedure is the [Drive letter where Visual Studio .NET is installed]:\Program Files\Microsoft Visual Studio .NET 2003\Enterprise Samples\Duwamish 7.0 CS\Database\SQLScripts\D7_Sprocs.sql file.

Note   If the Visual Basic .NET version is installed, Duwamish 7.0 VB replaces Duwamish 7.0 CS in the path.
--------------------------------------------------
-- GetCustomerByEmail
--------------------------------------------------
CREATE PROCEDURE GetCustomerByEmail
    @Email NVARCHAR(50) = NULL
AS
    SET NOCOUNT ON

    SELECT c.PKId,
           c.Email,
           c.Password,
           c.Name,
           a.Address,
           a.Country,
           a.PhoneNumber,
           a.Fax
      FROM Customers c, 
           Addresses a
     WHERE c.Email = @Email 
       AND a.CustomerId = c.PKId

    RETURN 0

See Also

Behind the Scenes of Duwamish 7.0 | Architectural Overview | Login

Show:
© 2014 Microsoft