How to Configure a Web Application in Visual Studio 2010 to Ensure Security

The sample web application that was illustrated below has one important limitation: It can be accessed by anonymous users that can access important data. If your application just presents information, in most cases anonymous access is a good idea. But if instead your application has the purpose of managing data or restricted information, you want to force users to login with their own credentials, such as username and password. ASP.NET provides a convenient and easy way for configuring web applications to require login credentials (by storing user information inside a SQL Server database) but also roles and registration; another interesting new feature is that in the past you had to implement your own login page while in Visual Studio 2010; this is generated for you when creating the project.

<%@ Master Language=”VB” AutoEventWireup=”false” CodeBehind=”Site.master.vb”
Inherits=”NorthwindOrders.Site” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” xml:lang=”en”>
<head runat=”server”>
<title></title>
<link href=”~/Styles/Site.css” rel=”stylesheet” type=”text/css” />
<asp:ContentPlaceHolder ID=”HeadContent” runat=”server”>
</asp:ContentPlaceHolder>
</head>
<body>
<form runat=”server”>
<div class=”page”>
<div class=”header”>
<div class=”title”>
<h1>
My ASP.NET Application
</h1>
</div>
<div class=”loginDisplay”>
<asp:LoginView ID=”HeadLoginView” runat=”server”
EnableViewState=”false”>
<AnonymousTemplate>
[ <a href=”~/Account/Login.aspx”
ID=”HeadLoginStatus”
runat=”server”>Log In</a> ]
</AnonymousTemplate>
<LoggedInTemplate>
Welcome <span class=”bold”><asp:LoginName
ID=”HeadLoginName”
runat=”server” /></span>!
[ <asp:LoginStatus ID=”HeadLoginStatus”
runat=”server”
LogoutAction=”Redirect” LogoutText=”Log Out”
LogoutPageUrl=”~/”/> ]
</LoggedInTemplate>
</asp:LoginView>
</div>
<div class=”clear hideSkiplink”>
<asp:Menu ID=”NavigationMenu” runat=”server” CssClass=”menu”
EnableViewState=”false” IncludeStyleBlock=”false”
Orientation=”Horizontal”>
<Items>
<asp:MenuItem NavigateUrl=”~/Default.aspx”
Text=”Home”/>
<asp:MenuItem NavigateUrl=”~/About.aspx”
Text=”About”/>
<asp:MenuItem NavigateUrl=”~/Orders.aspx”
Text=”Orders” Value=”Orders”>
</asp:MenuItem>
</Items>
</asp:Menu>
</div>
</div>
<div class=”main”>
<asp:ContentPlaceHolder ID=”MainContent” runat=”server”/>
</div>
<div class=”clear”>
</div>
</div>
<div class=”footer”>
</div>
</form>
</body>
</html>

To start configuring security for your Web application, click the ASP.NET Configuration button in Solution Explorer (the one with the icon representing a hammer). This runs the ASP.NET Web Site Administration Tool, a web application executed in your web browser. Such tool allows configuring different parts in the web application, but for the current example just click the Security tab. When you click this tab, you can access different security options, including setting users and roles. There is also a guided procedure that you can utilize to configure the application security; thus click the Use the Security Setup Wizard to Configure Security Step by Step hyperlink. There are seven steps to complete, but the first one is just a welcome message, so you can click Next. Starting from the second step, execute the following tasks:

1. Specify the access method by selecting between From the Internet and From a Local Area Network. The first option is more restrictive and requires users to register with their credentials, such as username and password. This is particularly useful when you do not know who will access the website and you want a user to log in with credentials. Moreover, if a website is available on the Internet it can be reached by non-Windows environments and therefore Windows authentication is not appropriate. Instead the local intranet option should be used only when the web application runs only inside of your company, because it relies on Windows and domain authentication only, although this simplifies your work because you will not have to configure users. For the current example, where user administration is also covered, select the Internet security and then click Next.

2. Simply click Next at step 3, because we do not need to change storage information (such as the database provider);

3. Click the Enable Roles for This Website check box and then click Next. This is important because securing the web application requires at least one role. Typically a website includes at least an administration role, so in the New Role Name textbox, type Administrator and then click Add Role. The new role will be added to the roles list, so click Next. 

4. Sign up for a new account by providing required information. This is important because the web application requires at least one user that later will be associated to  the role. When ready, click Create User. You will be told that adding the new user was successful, so click Next. 

5. Specify access rules to the web application by allowing or denying access permissions to specific roles or users. The default rule is that all registered users and roles can access the application, but you can delete the existing rule and create new rules granting permissions to selected users/roles. For example you can select a folder of the application, by first expanding the root folder on the left and then selecting the permission (Allow or Deny) for the users or roles in the Rules Applies To item. When set this, click Next.

6. In the last step simply click Finish.

Note:  When you configure users or when users register to claim access to the Web application, the user information is stored inside a default SQL Server database that Visual Studio generates for you. If you want to use a SQL Server database different from the default one, use the Aspnet_regsql.exe command-line tool that creates the appropriate tables.

Conclusion:

With a few steps you quickly configured your application for requesting registration and login. The last step before running the application is associating the main user to the Administrator role. To accomplish this, click Manage Users and then Edit User. When the user administration page appears, click the check box for Administrator. Finally, click Save. Now close the configuration tool, run the application, and try to open the Orders page. As you see, you cannot view the requested page until you do not log in with the previously created user’s credentials. When you log in you can browse the application. The really cool thing is that the Login page generated for you by Visual Studio 2010 is bound to the SQL Server database where user information is stored, so you do not need to write code to check if a user has permissions to access. This is performed for you behind the scenes by the application that takes advantage of auto-generated elements.
Continue Reading

Getting started with Visual Studio 2010: Running a Visual Basic Program

I recommend you to read how to open a visual basic project before reading the following tutorial

 

Let’s consider a sample visual basic program ‘Music Trivia’ for the demonstration. Music Trivia is a simple Visual Basic program designed to familiarize you with the programming tools in Visual Studio. The form you see now has been customized with five objects (two labels,a picture, and two buttons), and I’ve added three lines of program code to make the trivia program ask a simple question and display the appropriate answer. (The program “gives away” the answer now because it is currently in design mode, but the answer is hidden when you run the program.). For now, try running the program in the Visual Studio IDE.

 

Running the Music Trivia program

1. Click the Start Debugging button (the green right-pointing arrow) on the Standard toolbar to run the Music Trivia program in Visual Studio.

 

Tip: You can also press F5 or click the Start Debugging command on the Debug menu to run a program in the Visual Studio development environment.

 

Visual Studio loads and compiles the project into an assembly (a structured collection of modules, data, and manifest information for a program), prepares the program for testing or debugging, and then (if the compilation is successful) runs the program in the development environment. While the program is running, an icon for the program appears on the Windows taskbar. After a moment, you see the MusicTrivia form again, this time with the photograph and answer label hidden from view, as shown here:

 

image

 

Music Trivia now asks its important question: “What rock and roll instrument is often played with sharp, slapping thumb movements?”

 

2. Click the Answer button to reveal the solution to the question. The program displays the answer (The Bass Guitar) below the question and then displays a photograph of an obscure Seattle bass player demonstrating the technique, as shown here. The test program works.

 

image

3. Click Quit to close the program. The form closes, and the Visual Studio IDE becomes active again.

Continue Reading

Getting started with Visual Studio 2010: Opening a Visual Basic project

I recommend you to read how to download and install Visual Studio before you continue with the following tutorial.

 

Starting Visual Studio 2010

1. On the Windows taskbar, click Start, click All Programs, and then click the Microsoft Visual Studio 2010 folder. The folders and icons in the Microsoft Visual Studio 2010 folder appear in a list.

 

2. Click the Microsoft Visual Studio 2010 icon. If this is the first time you are starting Visual Studio, the program will take a few moments to configure the environment. If you are prompted to identify your programming preferences at this time, select Visual Basic development settings.

 

When Visual Studio starts, you see the development environment on the screen with its many menus, tools, and component windows, as shown here. (These windows are sometimes called tool windows.) You also should see a Start Page containing a set of tabs with links, guidance and learning resources, news, and project options. The Start Page is a comprehensive source of information about your project, as well as resources  within the Visual Basic development community. This is one avenue for receiving new information about Visual Studio after you purchase the software.

 

Open a Visual Basic project

1. On the Start Page, click the Open Project link.
The Open Project dialog box shown in the following screen shot opens on the screen. (You can also display this dialog box by clicking the Open Project command on the File menu or by pressing CTRL+O.) Even if you haven’t used Visual Studio before, the Open Project dialog box will seem straightforward because it resembles the familiar Open dialog box in Microsoft Office Word or Microsoft Office Excel.

 

 

2. Browse to the project’s main folder and go through the sub folders where the solution file(with .sln extension) is existed.

 

3. For example, consider the project’s main folder as ‘Chap01’ and ‘Musictrivia’ as sub folder. Open the Chap01\Musictrivia folder, and then double-click the MusicTrivia solution file. (If your system shows file name extensions, this file will end with .sln.) Visual Studio loads the MusicTrivia form, properties, and program code for the MusicTrivia solution. The Start Page may still be visible in the center of the screen. In the upper-right corner of the screen, Solution Explorer lists some of the files in the solution.

 

Visual Studio provides a special check box named Always Show Solution to control several options related to solutions within the IDE. The check box is located on the Projects and Solutions/General tab of the Options dialog box, which you open by clicking the Options command on the Tools menu. If the check box is selected, a subfolder is created for each new solution, placing the project and its files in a separate folder beneath the solution. Also, if
you select the Always Show Solution check box, a few options related to solutions appear in the IDE, such as commands on the File menu and a solution entry in Solution Explorer. If you like the idea of creating separate folders for solutions and seeing solution-related commands and settings, select this check box. You’ll learn more about these options in further tutorials.

Continue Reading

Getting started with Visual Studio 2010: Downloading Visual Basic 2010 Express

Before you start with Visual Basic programming, first download the Visual Basic 2010 Express. To download Visual Basic 2010 Express, complete the following steps:

 


1. Open a Web browser (such as Internet Explorer), and go to http://www.microsoft.com/express.

2. Follow the instructions on the screen to download Visual Basic 2010 Express. On the Express Web site, you will also see an Express product feature chart that compares the Express product to the full versions of Visual Studio. Although there are some key differences between the full versions and Visual Basic 2010 Express, many of these differences have no effect on how you learn the essential techniques and features of Visual Basic programming. After you experiment with the Express product, you can decide whether you want to upgrade to one of the full versions of Visual Studio or not.

 

Hardware and Software Requirements

You’ll need the following hardware and software to install and practice the Visual Studio 2010,

-- Windows 7, Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008
-- Visual Studio 2010 (Professional, Premium, or Ultimate) or Visual Basic 2010 Express
-- 1.6 GHz processor
-- 1 GB RAM
-- 3 GB of available hard drive space
-- 5400 RPM hard disk drive
-- DirectX 9–capable video card that runs at a display resolution of 1024 × 768 or higher
-- DVD drive
You also need to have Administrator-level access to your computer.

 

After Installation is completed, learn how to start & open projects in Visual Studio 2010

Continue Reading

What is a project and solution file in Visual Studio 2010

In Visual Studio, programs under development are typically called projects or solutions because they contain many individual components, not just one file. Visual Basic 2010 programs include a project file (.vbproj) and a solution file (.sln), and if you examine these files within a file browsing utility such as Windows Explorer, you’ll notice that the solution file icons have a tiny 10 in them, an indication of their version number. (Visual Basic 2010 is referred to as VB 10 internally.)

 

 

A project file contains information specific to a single programming task. A solution file contains information about one or more projects. Solution files are useful to manage multiple related projects. Opening the project file (.vbproj) has the same effect as opening the solution file (.sln). But for a multi-project solution, you will want to open the solution file. Visual Basic 2010 offers a new file format for its projects and solutions, but the basic terminology that you might have learned while using Visual Basic 2005 or 2008 still applies.

Continue Reading