Database Storage with the ASP.NET Web Matrix: Unsubscribe Page - Calling the Function

(Page 3 of 4 )

Switch back to the Design view and double-click the submit button.  The following If statement will do everything we need when placed in between the Sub and End Sub lines of code:

If removeUser(txtUsername.Text) <> 0 Then
        lblSuccess.Text = "You have been removed"
Else
        lblUsernameError.Text = "* Your username does not appear
to exist"
End If

This will call the function and output a success message when data is removed, or an error message advising that the Username was not found in the database.  Use the play button to test the page and have a go at removing people from the database table.

So that is the unsubscribe page itself created, but at the moment (if this were a live page instead of a development page) anyone could access the page and run data operations without even entering a password.  To rectify this, you can create a special XML file to tell the web server who is allowed to view the unsubscribe page.  The file that can do this is of course the web.config file.  The Web Matrix has a template for a web.config file in the Security section of the page templates, so click the new file button and create one.  Note that this file can only be called web.config, so don’t worry about choosing a file name for it.

This will create a commented file containing some of the most common tags. There are others, but these will not be mentioned as we have no use for them.

 

As you can see, the configuration is separated into common sections that control different aspects of the web server’s behavior in different situations.  The section we are interested in at this point is the authentication section.  You will need to uncomment the following code block and change it so that it appears like this:

<authentication mode="Forms">

              <forms name=".ASPXAUTH"
                           loginUrl="login.aspx"
                           protection="Validation"
                           timeout="999999" />

</authentication>

This will set the authentication mode to Forms (case-sensitive) and specify the name of the login page that users will need to be redirected to when trying to access a protected resource.  Save this page for now and close the file. What you could do now is add an authorization code block and set it so that all pages in the same folder as the web.config file are protected until a registered user logs in, or specify a particular page that is protected using the location tag.  The problems with these approaches is that either all of your pages are protected (no good for a product catalogue or similar), or that you need to add a new location tag each time you create a protected page (not much fun if there are 50 protected pages, for example.

Next: Setting up a Web Directory Structure >>
 

More ASP.NET Articles
More By Dan Wellman

Comments On: Database Storage with the ASP.NET Web Matrix: Unsubscribe Page

· Welcome to the third article in the built-in code wizard series. I hope you find it...   >>> Post your comment now!