Step- Create a new class called clsBusiness Layer.

Add the following code in the clsBusinessLayer class:

// **** Add the following at the top of the class file,

// Add your comments here

using System.Net.Mail;

//**** Add the following code inside the body of public class clsBusinessLayer ****

public static bool SendEmail(string Sender, string Recipient, string bcc, string cc, string Subject, string Body)

{

try {

// Add your comments here

MailMessage MyMailMessage = new MailMessage();

// Add your comments here

MyMailMessage.From = new MailAddress(Sender);

// Add your comments here

MyMailMessage.To.Add(new MailAddress(Recipient));

// Add your comments here

if (bcc != null && bcc != string.Empty) {

// Add your comments here

MyMailMessage.Bcc.Add(new MailAddress(bcc));

}

// Add your comments here

if (cc != null && cc != string.Empty) {

// Add your comments here

MyMailMessage.CC.Add(new MailAddress(cc));

}

// Add your comments here

MyMailMessage.Subject = Subject;

// Add your comments here

MyMailMessage.Body = Body;

// Add your comments here

MyMailMessage.IsBodyHtml = true;

// Add your comments here

MyMailMessage.Priority = MailPriority.Normal;

// Add your comments here

SmtpClient MySmtpClient = new SmtpClient();

// Add your comments here

MySmtpClient.Port = 25;

MySmtpClient.Host = "127.0.0.1";

// Add your comments here

MySmtpClient.Send(MyMailMessage);

// Add your comments here

return true;

} catch (Exception ex) {

// Add your comments here

return false;

}

}

STEP 2: Integration

Open the frmLogin web form code behind file and add the following code to the body of the if (dsUserLogin.tblUserLogin.Count < 1) statement, just above the return statement:

// Add your comments here

// Add your comments here

if (clsBusinessLayer.SendEmail("[email protected]", "[email protected]", "", "", "Login Incorrect", "The login failed for UserName: " + Login1.UserName + " Password: " + Login1.Password))

{

Login1.FailureText = Login1.FailureText + " Your incorrect login information was sent to [email protected]";

}

NOTE: Change the [email protected] and [email protected] to your e-mail and someone else's e-mail for testing.
Optional: Perform this step only if you are doing this lab using Visual Studio 2008 installed on your own computer, your computer has Internet Information Services (IIS) installed, and you have administrative rights to IIS. If you are doing this lab using the iLab (Citrix) server, or if you do not have access to IIS, skip to step 8.

Open IIS (Start > Control Panel > Administrative Tools > Internet Information Services), navigate to the Default SMTP Virtual Server, right-click on it, and left-click on Properties.

Click the Access tab, then the Relay button, then Add, and add the IP 127.0.0.1. Click OK, OK, and APPLY when finished.
We have a security hole in our web application. If you start the web application by going to the login page, you can bypass the login page by simply typing the name of a form in the URL (try it). There is some limited protection because of the check we are doing for user role, but it still allows a user to get to pages we don't want them to get to unless the role is set properly. Add a security check in the Page_Load of each sensitive page (Manage Users, Add New Employee, View User Activity, Edit Employees), check for the Session role item with a value of "A," and, if the user is accessing these pages without the proper permissions, redirect back to the frmLogin.aspx page.

This still leaves the possibility of a person bypassing the login page. We will fix that by using forms authentication. Add the following to the web.config file. (There should already be an authentication section - replace it with this.)

This will redirect users to the login page if they have not yet gone through it for login. This process will use a cookie - when the user successfully logs in in a cookie is set that allows the user to go to other pages. If that cookie is not set then the user is redirected to the login page if they try to go to any other page. Add the cookie code by adding this code in the frmLogin.aspx C# code after each place that you have e.Authenticated = true:

FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);

Hints:

Make sure you reestablish your database connection if you copied the files from a previous lab. Also, make sure to update the web.config file with the database connection string.

Update any DataSource controls you added with the new payroll database location.

When you manually try to go to a second page by skipping the login page, a cookie is set specifying the name of the page you were attempting to go to. Once you login successfully, ASP.Net will automatically attempt to navigate back to that page. You can reset the cookie so that the next page is frmMain, as expected, by typing that page in the URL for the browser before logging in.