Programming an ASP.NET AJAX Server-Centric Based Online Shopping Website - Logging On and Logging Off

(Page 4 of 4 )

User Logging on and Logging off

When the user clicks the "Login" button on the main page of the sample (i.e. "Product.aspx"), another page named "UserLogin.aspx" is navigated to for him to log into the system, where he should enter his username and password correctly, or else the related improper login information will displayed before him. Note the login and logoff pages are all traditional ASP.NET pages with nothing ajaxified.

Author's Note: because the online shopping demonstration is pretty long and features somewhat complicated logic we choose to leave the article space mainly for ASP.NET AJAX related topics and the important inner workings of the application. Therefore, not every part of the sample that should have been ajaxified has been ajaxified. The design of the two pages herein exemplifies this.

Okay, now let’s as usual take a first look at the design-time snapshot of the login page in Figure 9.

Figure 9—the design-time snapshot of the login page

To force the user to enter the login information we have simply utilized two ASP.NET server controls, includingRequiredFieldValidator. Now, let’s check out the related programming to see what happens when the user clicks the "OK" button to try to log into the system.

protected void SureBtn_Click(object sender,EventArgs e) {

if (UserName.Text == null || UserName.Text == "" || UserName.Text.Length <= 0)

{

ShowMessage("The username is empty. Please input the username!");

return;

}

if (Password.Text == null || Password.Text == "" || Password.Text.Length <= 0) {

ShowMessage("The password is empty. Please input the password!");

return;

}

String userId = "";

User user = new User();

SqlDataReader recu = user.GetUserLogin(UserName.Text.Trim(),Password.Text.Trim());

if (recu.Read()){

userId = recu["UserID"].ToString();

}

recu.Close();

if ((userId != null) && (userId != "")){

Session["UserID"] = userId;

Session["UserName"] = UserName.Text;

Response.Redirect("~/Desktop/Product.aspx");

}

else{

ShowMessage("The username/password you just entered is invalid, please try again!");

}

}

Here, we first simply verify whether the username and password are empty, then by fetching the original user information, verify whether the information entered is valid or not. When the user fails to fill in the username or his password he will be shown the related error prompt. With the user successfully logging in, the current login information is temporarily saved into the Session variableand the user will be redirected to the product viewing page, namely "product.aspx." Here we achieve verification of the information by invoking the member function GetUserLoginof class Userto get the user's original information.

As is well known, in really good web applications the "logging off" function is a must have. With the log-off function supported, the user can more safely use the application. For example, if the browser supports the Sessionand the user chooses to let the browser remember his login information when the user first logs into the system, then when he simply closes or leaves the current application the personal, private data he entered will still be kept in the browser’s variables. This is very dangerous!

In fact, the log-off page is pretty simple. First, there is nothing on the 
"UserLogoff.aspx" page. Second, only the Page_Loadfunction in the "UserLogoff.aspx.cs" page is coded, as is listed in the following:

protected void Page_Load(object sender, EventArgs e){

Session["UserID"] = null;

Session.Clear();

Session.Abandon();

Response.Redirect("~/Default.aspx");

}

As you’ve seen, the really important private data within Sessionis cleared. And finally, the user is redirected to the "Default.aspx" page which does nothing but redirect the user to the main page, "Product.aspx."

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Programming an ASP.NET AJAX Server-Centric Based Online Shopping Website

>>> Be the FIRST to comment on this article!