Tuesday, February 11, 2014

Autonticatin page codes


Login Page


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using A = System.Web.Security;
using BL;

namespace PerfectWeb.Account
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated) {

                Response.Redirect(A.FormsAuthentication.DefaultUrl);
            }

         
        }

        BL.UserEntity objEnt = new UserEntity();
        BL.User objUser = new User();

        protected void btnLogin_Click(object sender, EventArgs e)
        {
          
            if (Page.IsValid)
            {
                bool isOK = false;
                try
                {
                    objEnt.UserName = txtUserName.Text;
                    objEnt.Password = txtPassword.Text;
                    isOK = objUser.ValidateUser(objEnt);
                }
                catch (EntityEx ex)
                {

                    lblMessage.Text = ex.Message;
                    return;
                }
                catch(Exception ex) {

                    lblMessage.Text = ex.Message;
                    if (Trace.IsEnabled)
                    {
                        Trace.Warn(ex.Message);
                    }
                }

                if (isOK)
                {

                    Session["User"] = objEnt.UserName;
                    A.FormsAuthentication.SetAuthCookie(objEnt.UserName, ChkIsLog.Checked);
                   // Roles.AddUserToRole(objEnt.UserName, "Admin");
                    A.FormsAuthentication.RedirectFromLoginPage(objEnt.UserName, ChkIsLog.Checked);
                }
                else {

                    lblMessage.Text = "invalied";
                }

            }
           
        }

    }
}

////////////////////

Logout Page


   protected void HeadLoginStatus_LoggingOut(object sender, LoginCancelEventArgs e)
        {
            A.FormsAuthentication.SignOut();

            Response.Redirect(A.FormsAuthentication.LoginUrl);
        }


Authontication

<?xml version="1.0"?>
 <configuration>

  <location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

  <location path="FUCK.aspx">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
 
  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
 
  </configuration>

/////////////////////////
Session["User"] = objEnt.UserName;
                    FormsAuthentication.SetAuthCookie(objEnt.UserName, ChkIsLog.Checked);
                    FormsAuthentication.RedirectFromLoginPage(objEnt.UserName, ChkIsLog.Checked);

/////////////////////////
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" defaultUrl="~/Profiler/UpdateInfo.aspx" />
    </authentication>


//////////////////////////
    <customErrors mode="On" defaultRedirect="Views/Shared/Error.aspx">
      <error statusCode="404" redirect="Views/Shared/NotFound.htm"/>
    </customErrors>
    <machineKey validationKey="AutoGenerate " decryptionKey="AutoGenerate" validation="SHA1"/>
    <trace enabled="true" pageOutput="false"/>

/////////////////////////////////






Wednesday, January 22, 2014

dbAccess.cs

dbAccess.cs Text


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
namespace ADO.W1
{
    public partial class dbAccess
    {
        private string connS = "";
        public dbAccess()
        {
            connS = System.Configuration.ConfigurationManager.ConnectionStrings["Test"].ToString();

        }

        // UPDATE
        public bool UPDATE(string sql)
        {

            SqlConnection conn = new SqlConnection(connS);
            SqlCommand cmd = new SqlCommand(sql,conn);

            try
            {
                conn.Open();
                cmd.ExecuteNonQuery();
                return true;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return false;

            }
            finally
            {

                conn.Close();
                cmd.Dispose();
                conn.Dispose();
            }

        }

        // SELECT
        public DataTable SELECT(string sql)
        {

            SqlDataAdapter da = new SqlDataAdapter(sql,connS);
            DataTable dt = new DataTable("info");

            try
            {
                da.Fill(dt);
                int r = dt.Rows.Count;
                return dt;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return null;
            }
            finally
            {
                da.Dispose();
                dt.Dispose();
            }
        }

        //SELECT FROM READER
        public DataTable SELECT_READER(string sql) {

            SqlConnection conn = new SqlConnection(connS);
            SqlCommand cmd = new SqlCommand(sql, conn);
            DataTable dt = new DataTable("info");
            SqlDataReader rd = null;
            try
            {
                conn.Open();
                rd = cmd.ExecuteReader();
                dt = GetReaderTable(rd.GetSchemaTable());
                object[] array = new object[dt.Columns.Count];

                while (rd.Read())
                {
                    for (int i = 0; i < dt.Columns.Count; i++)
                    {
                        array[i] = rd.GetValue(i);
                    }

                    dt.Rows.Add(array);

                }

                return dt;
               
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return null;
            }
            finally {

                conn.Close();
                rd.Dispose();
                conn.Dispose();
                dt.Dispose();
                cmd.Dispose();
            }
        }

        private DataTable GetReaderTable(DataTable pdt) {

            DataTable dt = new DataTable("info");

            for (int i = 0; i < pdt.Rows.Count; i++)
            {
                dt.Columns.Add(pdt.Rows[i][0].ToString());
            }

            return dt;
        }


        //SELECT FROM REDER_REDER
        public SqlDataReader SELECT_READER(string sql,bool mode)
        {
            SqlConnection conn = new SqlConnection(connS);
            SqlCommand cmd = new SqlCommand (sql,conn);
            try
            {
                conn.Open();
                SqlDataReader rd =  cmd.ExecuteReader();
                int dep = rd.Depth;
                return rd;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return null;

            }
            finally {

                conn.Close();
                cmd.Dispose();
                conn.Dispose();
            }
        }
    }
}

dbAccessSP


DBAccess_SP

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Windows.Forms;

namespace ADO.SP
{
    partial class dbAccessSP
    {
        private string connS = "";
        public dbAccessSP()
        {
            connS = System.Configuration.ConfigurationManager.ConnectionStrings["Test"].ToString();
        }

        // PROPERTIES
        private string sp_name ="";
        public void SetName(string sp_name) {

            this.sp_name = sp_name;
        }

        private DataTable para_db = new DataTable();
        public void SP_Para(DataTable sp_para)
        {
            this.para_db = sp_para;
        }

        // UPDATE
        public bool UPDATE_SP() {

            string SPName = this.sp_name;
            DataTable dt = this.para_db;

            SqlConnection conn = new SqlConnection(connS);
            SqlCommand cmd = new SqlCommand(SPName, conn);

            cmd.CommandType = CommandType.StoredProcedure;

            for (int i = 0; i < dt.Rows.Count; i++)
            {
                cmd.Parameters.AddWithValue("@"+dt.Rows[i][0].ToString (), dt.Rows[i][1].ToString ());
            }

            try
            {
                conn.Open();
                cmd.ExecuteNonQuery();
                return true;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return false;
            }
            finally {
                conn.Close();
                cmd.Dispose();
                conn.Dispose();
            }
        }

        // SELECT

        //SELECT FROM READER
        public DataTable SELECT_SP()
        {

            string SPName = this.sp_name;
            SqlConnection conn = new SqlConnection(connS);
            SqlCommand cmd = new SqlCommand(SPName, conn);
            DataTable dt = this.para_db;
            SqlDataReader rd = null;

            cmd.CommandType = CommandType.StoredProcedure;

            for (int i = 0; i < dt.Rows.Count; i++)
            {
                cmd.Parameters.AddWithValue("@" + dt.Rows[i][0].ToString(), dt.Rows[i][1].ToString());
            }

            try
            {
                conn.Open();
                rd = cmd.ExecuteReader();
                dt = GetReaderTable(rd.GetSchemaTable());
                object[] array = new object[dt.Columns.Count];

                while (rd.Read())
                {
                    for (int i = 0; i < dt.Columns.Count; i++)
                    {
                        array[i] = rd.GetValue(i);
                    }

                    dt.Rows.Add(array);

                }

                return dt;

            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                return null;
            }
            finally
            {

                conn.Close();
                rd.Dispose();
                conn.Dispose();
                dt.Dispose();
                cmd.Dispose();
            }
        }

        private DataTable GetReaderTable(DataTable pdt)
        {

            DataTable dt = new DataTable("info");

            for (int i = 0; i < pdt.Rows.Count; i++)
            {
                dt.Columns.Add(pdt.Rows[i][0].ToString());
            }

            return dt;
        }

        public DataTable ParaHolder() {

            DataTable dt = new DataTable();
            dt.Columns.Add("para");
            dt.Columns.Add("values");
            return dt;
        }
    }

}

------------------------------------------------------------

Caller

dbAccessSP objdb = new dbAccessSP();
        private void button1_Click(object sender, EventArgs e)
        {
            objdb.SetName("SPInsertStudent");
            DataTable para = objdb.ParaHolder();
            para.Rows.Add("name",txtName.Text);
            para.Rows.Add("address",txtAddress.Text);
            para.Rows.Add("tp",txtTP.Text);
            para.Rows.Add("dob",dateTimePicker1.Value.ToShortDateString());
            objdb.SP_Para(para);
            if (objdb.UPDATE_SP()) {
                loadINFo();
                MessageBox.Show("success");
            }
            else
            {
                MessageBox.Show("not success5");
            }
        }
        private void UpdateStudents_Load(object sender, EventArgs e)
        {
            loadINFo();
        }
        public void loadINFo() {
       
            objdb.SetName("SPSelectStudents");
            DataTable para = objdb.ParaHolder();
            objdb.SP_Para(para);
            dataGridView1.DataSource =  objdb.SELECT_SP();
        }

 


CONNECTION STRING


Encript Connection String

SqlConnectionStringBuilder c = new SqlConnectionStringBuilder();
c.ConnectTimeout = 15;
 c.DataSource = @"JANZ-PC\SQLEXPRESS";
c.InitialCatalog = "TEST119KEPPI";
c.IntegratedSecurity = true;
c.Encrypt = true; 
c.TrustServerCertificate = true;
 SqlConnection conn = new SqlConnection (c.ConnectionString);
 conn.Open();
 MessageBox.Show(text: "success");

Encript Connection String Web.Config

using System.Configuration;
using System.Web.Configuration;

Configuration config = WebConfigurationManager.OpenWebConfiguration("~/Security");
        ConnectionStringsSection connStr = (ConnectionStringsSection)config.GetSection("connectionStrings");
        connStr.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

        config.Save();

Links

Sql server row level policy