Answers for Day 21


Sams Teach Yourself ASP.NET in 21 Days, Second Edition
By Chris Payne
Table of Contents
Appendix A.  Answers to Quiz Questions



What's the difference between authentication and authorization?


Authentication is the first step in security. It requires the user to supply valid credentials to access an application. Authorization occurs after the user has been authenticated, and it tests user permissions against those set on resources to restrict access.


What's the difference between basic and digest authentication?


Digest authentication encrypts user credentials before sending them across the network, using a one-way encoding technique known as hashing. Basic sends credentials across the network without any encryption.


What's the anonymous user account's name in Windows?


IUSR_MachineName, where MachineName is the name of your Web server.


Write some code to set an authorization cookie and redirect to an originating URL.


 FormsAuthentication.RedirectFromLoginPage("username", false) 

What does the second parameter in the SetAuthCookie method do?


Specifies whether or not a cookie should be persisted across browser restarts, allowing a user to return to the Web site without having to log in again.


Will the following code work?

 <configuration>       <authentication mode="Forms">          <forms name="AuthCookie" loginUrl="day21/login.aspx">          </forms>       </authentication> </configuration> 

No, because the authentication element isn't wrapped in system.web tags. Also, even though the <authentication> tag is present, all users will still be able to access the files in question because there is no <authorization> tag to stop them.


What do the wildcard characters * and ? mean to ASP.NET within the authorization section of web.config?


* means all users, and ? means the anonymous user.


True or False: When impersonation is enabled, ASP.NET can operate on behalf of the operating system.


False. ASP.NET will operate on behalf of the user it impersonates.



Create a login page that validates user credentials against a database. Create a web.config file that uses forms authentication and directs all anonymous users to this login page.


You'll use the existing banking database you created earlier in the book. The code for the web.config file is as follows (put this in the TYASPNET21Days root folder):

 1:    <configuration> 2:       <system.web> 3:          <authentication mode="Forms"> 4:             <forms name="AuthCookie" loginUrl="login.aspx" /> 5:          </authentication> 6:          <authorization> 7:             <deny users="?" /> 8:          </authorization> 9:       </system.web> 10:    </configuration> 

The code for the login page, login.aspx, is as follows:

 1:    <%@ Page Language="VB" %> 2:    <%@ Import Namespace="System.Data" %> 3:    <%@ Import Namespace="System.Data.OleDb" %> 4: 5:    <script runat="server"> 6:       sub Login(Sender as Object, e as EventArgs) 7:          dim intId as integer = 0 8:          dim Conn as new OleDbConnection("Provider=" & _ 9:                "Microsoft.Jet.OLEDB.4.0;" & _ 10:                "Data Source=c:\ASPNET\data\banking.mdb") 11: 12:          dim objCmd as OleDbCommand = new OleDbCommand _ 13:             ("SELECT UserID from tblUsers WHERE " & _ 14:             "Username = '" & tbUserName.Text & "' " & _ 15:             "AND Password = '" & tbPassword.Text & "'", Conn) 16:          dim objReader as OleDbDataReader 17: 18:          try 19:             objCmd.Connection.Open() 20:             objReader = objCmd.ExecuteReader 21: 22:             do while objReader.Read 23:                intId = objReader.GetInt32(0).ToString 24:             loop 25:          catch ex as OleDbException 26:             lblMessage.Text = ex.Message 27:          finally 28:             objReader.Close 29:             objCmd.Connection.Close() 30:          end try 31: 32:          if intID <> 0 then 33:             FormsAuthentication.SetAuthCookie(intID, false) 34:             lblMessage.Text = "<font color=red>Success! </font><p>" 35:          else 36:             lblMessage.Text = "<font color=red>Sorry, invalid username or password!</ graphics/ccc.giffont><p>" 37:          end if 38:       end sub 39:    </script> 40: 41:    <html><body> 42:       <form runat="server"> 43: 44:          <asp:Label  runat="server" /> 45: 46:          Username: 47:          <asp:Textbox  runat="server" /> 48:          Password: 49:          <asp:Textbox  TextMode="password" 50:             runat="server" /><p> 51:          <asp:Button  runat="server" 52:             onClick="Login" text="Submit" /> 53:       </form> 54:    </body></html> 


    Sams Teach Yourself ASP. NET in 21 Days
    Sams Teach Yourself ASP.NET in 21 Days (2nd Edition)
    ISBN: 0672324458
    EAN: 2147483647
    Year: 2003
    Pages: 307
    Authors: Chris Payne

    Similar book on Amazon © 2008-2017.
    If you may any questions please contact us: