38
Mark Dixon 1 18 – Web applications: Server-side code (ASP.Net)
| Date post: | 31-Dec-2015 |
| Category: |
Documents |
| Upload: | judith-robertson |
| View: | 224 times |
| Download: | 1 times |
Mark Dixon 1
18 – Web applications:Server-side code (ASP.Net)
Mark Dixon 2
Session Aims & Objectives• Aims
– To introduce the fundamental ideas involved in server-side code
• Objectives,by end of this week’s sessions, you should be able to:
– create an asp web-page, including:• HTML, and• server-side VB.Net
Mark Dixon 3
Example: Logon (analysis)SPECIFICATION
• User Requirements – protection from fraud and invasion of privacy
• Software Requirements– Functional:
– logon page, user must type name and password–following pages can only be accessed after
successful logon– Non-functional
should be very difficult to hack
hotmail, Amazon, University portal, utility bills (gas, electricity, phone, internet), Travel (flights, ferry, car rental)
Mark Dixon 4
Example: Logon (design)• Restrict access to
home page
Mark Dixon 5
Example: Logon (code v1)• Using Client-side VB Script
<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="parMsg"></p> </body></html>
<script language="vbscript"> Sub btnLogon_onClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft051" Then window.navigate "home.htm" Else patMsg.innerText = "Login details incorrect." End If End Sub</script>
Logon.htm
<html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>
Home.htm
Mark Dixon 6
Example: Login (Problem)• View Source – shows client-side script:
Reveals bothusername & password
Mark Dixon 7
networkconnection
Web Hardware and Software
ClientServer
BrowserApplication(MS Explorer,Chrome, Safari)
Web-serverApplication
(MS IIS,Apache)
Mark Dixon 8
BrowserApplication
(MS Explorer, Firefox)
Request-Response Cycle
Web-serverApplication
(MS IIS, Apache)
Logon.htm
Request
<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="parMsg"></p> </body></html>
<script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft051" Then window.navigate "home.htm" Else parMsg.innerText = "Login details incorrect." End If End Sub</script>
Response
Client-side code:Code sent to ClientInterpreted by browser
Mark Dixon 9
Client-side limitations• Insecure (code visible to client)
• Cannot interact directly with Database (on server)
Mark Dixon 10
Server-side Code• So far – all code executes on client (IE)
– VBScript– JavaScript
• Server-side Code – executes on server– classic ASP – VBScript– ASP.Net
• VB.Net• C#
– JSP (Java)– PhP
Mark Dixon 11
Server-side Script (what)
• ASP – active server pages– code not sent to client
• code secure (can't be viewed by client)
– executed on server• takes time – request-response cycle• requires server software (e.g. IIS)
• ASP pages will NOT work by double clicking on file
Mark Dixon 12
Example: Empty Page
• ASP.Net code:– .aspx (not .htm)– VB (not vbscript)
– runat="server" runs code on server
<%@ Page Language="VB" %>
<script runat="server">
</script>
<html> <head><title></title></head> <body>
</body></html>
Empty.aspx
Mark Dixon 13
Example: Date• ASP code:
– .aspx (not .htm)– VB (not vbscript)
– variables have type
– Now is current date and time (on server)
– runat="server" gives server code access to object
<%@ Page Language="VB" %><script runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Now().ToString("ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Now().ToString("HH:mm") parT.InnerText = s End Sub</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>
Date.aspx
Mark Dixon 14
Request-Response CycleBrowser
Application(MS Explorer, Firefox)
Web-serverApplication
(MS IIS, Apache)
Date.aspx
Request
<html> <head><title>Today's Date</title></head> <body> <p id="parD">The date today is Mon 9 Feb 2009</p> <p id="parT">The time now is 00:57</p> </body></html>
Response
<%@ Page Language="VB" %><script runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Now().ToString("ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Now().ToString("HH:mm") parT.InnerText = s End Sub</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>
Server-side code: run on server(never sent to Client)
Mark Dixon 15
View Source• Code executed at server
– code is never sent to client
• View, Source – does not show code:
Mark Dixon 16
Data Types• Variant – all types of data
– slow, memory hungry
• Boolean – true or false (on/off, yes/no)
• Integer – whole numbers (-32768 to 32768)
• Long – whole numbers (large)
• Single – decimal numbers
• Double – decimal numbers (more precise)
• String – text
• Object – object instances
Mark Dixon 17
Data Type Selection• Number of e.g. 4 Integer/Long
Rooms
• Height e.g. 1.87m Single/Double
• Surname e.g. Smith String
• Car Reg e.g. XY55 ABC String
Mark Dixon 18
Using data types• Variable declaration
Dim x As Long
• Parameters Sub Thing(boo As String, y As Long)
• Functions Function IsTall() As Boolean
Mark Dixon 19
Question: Data types• Declare a variable to store:
– an animal's weight in kg (e.g. 34.6)
– whether a person has a driving licence or not
– the title of a book
– a phone number (e.g. 01752 586225)
Dim weight As Double
Dim licence As Boolean
Dim title As String
Dim phone As String
Mark Dixon 20
Example: AddNum (server-side)<%@ Page Language="VB" %><script runat="server"> Sub btnAdd_Click(s As Object, e As EventArgs) Handles btnAdd.ServerClick Dim N1 As Double Dim N2 As Double N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End Sub</script>
<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server“ /> <p id="parRes" runat="server"></p> </form> </body></html>
AddNum.aspx
• input tags inside form
• button: runat server
• button:submit refreshes page (sending data to server)
Mark Dixon 21
<html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body></html>
<script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub</script>
<script language="VB" runat="server"> Sub btnAdd_Click(s As Object, e As EventArgs) Handles btnAdd.ServerClick Dim N1 As Double Dim N2 As Double N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End Sub</script>
<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server“ /> <p id="parRes" runat="server"></p> </form> </body></html>
AddNum.aspxAddNum.htm
Client-side vs. Server-side Code
Both use VB language (i.e. Sub, If, Dim, For, etc.)
Mark Dixon 22
Example: Apples
<%@ Page Language="VB" %><script runat="server"> Sub btnGo_Click(s As Object, e As EventArgs) Handles btnGo.ServerClick parRes.InnerHtml = parRes.InnerHtml & "<img src='Apple.gif' />" End Sub</script>
<html> <head><title>Apples</title></head> <body> <form runat="server"> <input id="btnGo" type="submit" value="Go" runat="server“ /> <p id="parRes" runat="server"></p> </form> </body></html>
Apples.aspx
Mark Dixon 23
Errors<%@ Page Language="vbscript" %><script runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub
parD.innerText = ""</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT"></p> </body></html>
vbscript cannot run at server (should be VB)
parT is undefined(should have runat="server")
Declaration expected(assignment must be in sub)
Date.aspx
Mark Dixon 24
Running your ASP pages• within Visual Studio
– Run (play) button (F5)– only available to you on development PC
• using Internet Information Services (IIS)– makes PC a server– page available to all computers on internet
Mark Dixon 25
• IIS / personal web server on Windows CDStart, Control Panel, Programs and Features
IIS - Installing
WindowsFeatures
IIS
ASP.Net
Mark Dixon 26
IIS: Enabling/Disabling• Start, Control Panel, Administrative Tools,
Internet Services Manager
Stop
Start
Mark Dixon 27
IIS: Exposing pages• Put ASP pages in:
– C:\INetPub\wwwRoot(this part of hard disk exposed to outside world)
• Execute pages by putting:– localhost
(in web browser, e.g. IE, means local machine)
• ASP pages don't work by double-clicking
Mark Dixon 28
IIS – Date.asp
localhost/test/date.aspx
C:\INetPub\wwwRoot\Date.aspx
Mark Dixon 29
Tutorial Demo: First.htm• Create a new text file in web server's root folder:
– Open Windows Explorer (My Computer)– Ensure folders are displayed– Navigate to: C:\INetPub\wwwRoot– Right click on the background– Click New– Click Text Document
• Rename file– Right click– Click Rename– Type file name (First.htm)– Click Yes (when asked to confirm change of extension)
Mark Dixon 30
Tutorial Demo: First.htm• Put some code in the file:
– Right Click on the file– Click Open with Notepad– Type the following code:<html> <head><title></title></head> <body> Hello world! </body></html>
• View the file– Open Internet Explorer– Navigate to: http://localhost/First.htm
Mark Dixon 31
Tutorial Demo: First.htm• View each others' pages
– In your browser, type: http://SMB109xx/First.htmwhere xx is the machine number of someone else's computeryou should see their page
• See changes take effect:– One person change their page (colour, etc.)– Other person refresh browser
you should see changes
Mark Dixon 32
Tutorial Demo: Date.aspx• Create a web-site page (same as before):
– Open Visual Studio– Click the File menu– Click the New Web Site… item– Click the Browse button– Select an existing folder to put your work in– Type the name of a subfolder– Click Yes to create the subfolder– Click Empty Web Site– Click OK
Mark Dixon 33
Tutorial Demo: Date.aspx• Create a new aspx page:
– Click Add New Item icon on tool bar– Double Click html page icon– Right click file– Click Rename item– Change name (date.aspx)– Click Yes to confirm extension change– Paste the code in from the lecture slides– Click the Run button
Mark Dixon 34
Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:
see how vulnerable client-side code is
• Task 1: Get the Login (v1) example from the lecture working.
• Task 2: Use view source – you should be able to see the code.
Mark Dixon 35
Tutorial Exercise: Date• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script
• Task 1: Get the Date example from the lecture working.
• Task 2: Add code that displays good morning/afternoon/evening/night, depending on the time of day.
Mark Dixon 36
Tutorial Exercise: Student Loan• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script from scratch to solve a problem
• Task 1: Create a web page that allows the user to enter their salary and the computer calculates the annual and monthly payments for their student loan. Hint: Use your client-side code (from term 1), and the AddNum example from the lecture.
Mark Dixon 37
Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script from scratch to solve a problem
• Task 1: Create a login page that uses server-side code to check the username and password entered by the user. Hint: Use the AddNum example as inspiration. Hint2: Use the following code to send the user to the homepage: Response.Redirect("Home.htm")
• Task 2: Use view source – you should NOT be able to see the code.
Mark Dixon 38
Tutorial Exercise: Apples• LEARNING OBJECTIVE:
use variables with specific data types in ASP code
• Task 1: Get the apples example (from the lecture) working.
• Task 2: Modify your program so that the user enters a number, and the code adds that number of apple images.
• Task 3: Modify your program so that the user enters another number, and the code adds a new line tag for that number of apples. Hint: Within the loop divide the number of apples by the second number, if the result is a whole number add a new line tag.
