DESIGNING THE APPLICATION |
Chapter 20 |
481 |
|
|
|
|
|
FIGURE 20-14 The QueryStat.aspx form
ConfirmRes.aspx
The ConfirmRes.aspx form is used to confirm reservations before flight departure. Just as with the CancelRes.aspx form, the ConfirmRes.aspx form uses the ticket number to confirm a reservation.
Summary
This chapter discussed how to design an application for an airline portal.The first step to design the application is to create the database schema by using either SQL Server Enterprise Manager or Query Analyzer.
The next step is to design the Web forms of the application by using the list of controls specified against each form of the application. Then, you change the default name and classes associated with each Web form. Finally, you update the changed class name in the @ Page directive of the Web form so that the application can identify the classes associated with each Web form. The design of your application is now ready.
This page intentionally left blank
484 Project 4 CREATING AN AIRLINE RESERVATION PORTAL
In the last chapter, you designed the forms for the SkyShark Airlines application. In this chapter, you will implement the business logic for running the application and fulfilling the business requirements of SkyShark Airlines that were dis-
cussed in Chapter 18, “Project Case Study and Design.”
Coding the Logon and Logoff
Functionality
The logon and logoff functionality of the Web application is implemented by the use of Session variables. To log on to the Web site, the user supplies the logon name and password on the default.aspx page. After the user has been successfully authenticated, the username and the role of the user are stored in session variables. These values are used for identifying the user on each page of the Web application. When the user decides to log off, the Session variables for the user are cleared and the user is no longer able to browse the Web site.
TIP
You can also authenticate users by using the ASP.NET authentication mechanism. This mechanism is discussed in Chapter 25, “Securing the Application.”
The next sections will implement the functionality described previously in the default.aspx and Logoff.aspx forms.
The Default.aspx Form
The default.aspx form uses the dtUsers table to authenticate users. Before you write the code for the default.aspx form, drag the dtUsers table from Server Explorer to the design view of the form. Visual Studio .NET automatically configures SqlDataAdapter and SqlConnection controls for the form. You can read a
IMPLEMENTING THE BUSINESS LOGIC |
Chapter 21 |
485 |
|
|
|
|
|
description of these controls in Chapter 19, “Basics of ASP.NET Web Applications,” in the section “Coding the Application.”
After you add SqlDataAdapter and SqlConnection controls to the form, you can generate a dataset for the form. To generate the dataset, follow these steps:
1.Click anywhere on the form.
2.Click on the Data menu and select Generate Dataset.The Generate Dataset dialog box will appear.
3.In the Generate Dataset dialog box, click on the New option and click on OK.
4.A new DataSet control is added to your project.
All the three data controls are visible in Component Designer in the Design view of the form, as you can see in Figure 21-1.
FIGURE 21-1 Data controls appear in Component Designer
A DataAdapter control has a default set of queries associated with it for selecting, inserting, updating, and deleting data from the SQL Ser ver table with which the DataAdapter control is associated.These queries are specified by the SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand properties of the DataAdapter control.
486 Project 4 CREATING AN AIRLINE RESERVATION PORTAL
If required, you can change the default queries associated with the DataAdapter control. For example, the default SelectCommand associated with the sqlDataAdapter1 control, which you added to the form for the dtUsers table, is
SELECT Username, Password, Role, PasswordChanged FROM dtUsers. This quer y
returns all the records from the dtUsers table.
However, to validate a single user, you need not retrieve all the records from the dtUsers table. Therefore, you can modify the SelectCommand property to
SELECT Username, Password, Role, PasswordChanged FROM dtUsers WHERE
(UserName=@username). The modified query accepts the @username parameter at run time and retrieves the record from the table that has the same username as specified by the user.
After you add and configure data controls for the default.aspx form, double-click on Submit to write the code for the Click event of the form.
The code for the Click event of the Submit button is logically divided into three parts:
1.Retrieve data from the dtUsers table. The username and password specified by the user are used to retrieve the details of the user from the
dtUsers table. To retrieve data, you can use the Fill method of the sqlDataAdapter1 control.The Fill method runs the SELECT query associated with the control and updates data into the dataset that is passed to the method as a parameter. The code for retrieving data from the database is given as follows:
string username, password; int datarows;
username=txtUserName.Text.Trim(); password=txtPassword.Text.Trim(); sqlConnection1.Open();
sqlDataAdapter1.SelectCommand.Parameters[“@UserName”].Value=username; datarows=sqlDataAdapter1.Fill(dataSet11,”UserDetails”); sqlConnection1.Close();
2.Check username and password supplied by the user. If the username specified by the user matches with any record in the database, then the data inserted into the dataset will have at least one row in it. The number of records retrieved from the database can be ascertained by checking the return value of the Fill method described previously. If no rows have
IMPLEMENTING THE BUSINESS LOGIC |
Chapter 21 |
487 |
|
|
|
|
|
been returned by the SELECT query, then the username specified by the user is incorrect. However, if the SELECT query returns data but the password does not match, then the password specified by the user is incorrect. The code that uses the logic described above to check the username and password is given as follows:
if (datarows==0) lblMessage.Text=”Incorrect user name”;
else
{
if (dataSet11.Tables[“UserDetails”].Rows[0][1].ToString(). Trim()==password)
{
//The credentials supplied by the user are correct
}
else
lblMessage.Text=”Incorrect password”;
}
3.Store username and role in session variables and redirect the user.
When the user is successfully authenticated, the username and the role of the user are stored in Session variables and the user is redirected to the home page of one of the roles in the organization, depending upon the role of the user retrieved from the database. The code to implement this functionality is given as follows:
string Role; Role=dataSet11.Tables[“UserDetails”].Rows[0][2].ToString().Trim(); Session[“usrName”]=username;
Session[“usrRole”]=Role; if (Role==”Disabled”)
{
lblMessage.Text=”Your account has been disabled. Please contact the network administrator.”;
return;
}
FormsAuthentication.GetAuthCookie(username,false); switch(Role)
