1

Online Exam Monitoring With Password Resistant Protocol

ABSTRACT:

Password authentication systems, which are used as first level of defense, are not

efficient enough to withstand the dynamic techniques of attackers. An important usability goal

for authentication systems is to support users in selecting better passwords. We propose a new

Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed

to restrict such attacks. While PGRP limits the total number of login attempts from unknown

remote hosts to as low as a single attempt per username, legitimate users in most cases can make

several failed login attempts before being challenged with an ATT. The major goal of this work

is to reduce the guessing attacks as well as encouraging users to select more random, and

difficult passwords to guess. Well known security threats like brute force attacks and dictionary

attacks can be successfully abolished using this method.

Introduction:

Online uses have been rapidly increased in the real world. Difficulty involved in this,

how secure we are to protect our own privacy details such as password. Here we involve

developing a secure application to prevent our privacy information by using Password Guessing

Resistant Protocol (PGRP).

Online guessing attacks on password-based systems are inevitable and commonly

observed against web applications and logins. In a recent report, identified password guessing

attacks on websites is a top cyber security risk. As an example of password guessing attacks, one

experimental Linux honey pot setup as been reported to suffer on average 2,805 malicious login

attempts per computer per day. A legitimate user has rights to access computer and network

resources are compromised by identifying the user id/Password combination of legitimate user.

Password guessing attacks can be classified into two.

2

Brute Force Attack: A Brute Force attack is a type of password guessing attack and it

consist of trying every possible code, combination, or password until you find the correct one.

This type of attack may take long time to complete.

Dictionary Attack: A dictionary attack is another of password guessing attack which uses a

dictionary of common words to identify the user’s password.

We achieve this by developing an online exam monitoring system with PGRP. We

selected this concept since many hacking activities are done to extract the question paper posted

by the staff in the online. Here we restrict this attempt by restricting the number of attempts

made to attempt the password guess to login to the account.

Scope of the project:

In this project we use PGRP which involved in restricting the number of attempts made

by the botnet or machine. The user is allowed to enter user id and password only once in distrust

(unknown) machine. If the entered user id or password is wrong then intimation will be given. In

trust (known) machine if the user id/password is wrong then the user will be given three chances.

If the user fails to login on third chance then intimation will be given. Finally we restrict the

number of attempts on trusted machine and distrusted machine. Using PGRP we restricted the

Brute force and Dictionary attack.

Online exam monitoring with PGRP involved in restricting the attempt made to Password

guess attack made to staff login. Thus we can limit the hackers not to access the Question paper.

3

EXISTING SYSTEM:

The use of passwords is a major point of vulnerability in computer security, as passwords

are often easy to guess by automated programs running dictionary attacks. Passwords remain the

most widely used authentication method despite their well-known security weaknesses. User

authentication is clearly a practical problem. In the existing work an automated test that humans

can pass, but current computer programs can't pass: any program that has high success over a

captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. Logic problems

have also been suggested as a basis for captcha and these present similar difficulties, as

generation seems to be difficult. All the agents could start operating at a specific time, trying to

login into accounts in a specific server using random passwords or using a dictionary attack. It is

difficult to deny such type of attack since bots may pass through this security level.

EXISTING TECHNIQUE:

CAPTCHA

DISADVANTAGES:

Attackers can try only limited number of guesses from a single machine before being

locked out, delayed, or challenged to answer Automated Turing Tests

Locking is generally temporary; the adversary can mount a DoS attack by making enough

failed login attempts to lock a particular account.

4

Literature survey:

How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation

Author Name: Elie Bursztein, Steven Bethard, Celine Fabry, John C. Mitchell, Dan Jurafsky

Paper Year: May 2010.

Description:

Captchas are designed to be easy for humans but hard for machines. However, most

recent research has focused only on making them hard for machines. In this paper, we present

what is to the best of our knowledge the first large scale evaluation of captchas from the human

perspective, with

the goal of assessing how much friction captchas present to the average user.

For the purpose of this study we have asked workers from Amazon’s Mechanical Turk

and an underground captcha breaking service to solve more than 318 000 captchas issued from

the 21 most popular captcha schemes (13 images schemes and 8 audio scheme). Analysis of the

resulting data reveals that captchas are often difficult for humans, with audio captchas being

particularly problematic. We also find some demographic trends indicating, for example, that

non-native speakers of English are slower in

General and less accurate on English-centric captcha schemes. Evidence from a week’s worth of

eBay captchas (14,000,000 samples) suggests that the solving accuracies found in our study are

close to real-world values, and that improving audio captchas should become a priority, as nearly

1% of all

captchas are delivered as audio rather than images. Finally our study also reveals that it is more

effective for an attacker to use Mechanical Turk to solve captchas than an underground service.

5

Password Protected Smart Card and Memory Stick Authentication Against Off-line Dictionary Attacks

Author Name: Yongge Wang

Paper Year: March 3, 2012

Description:

We study the security requirements for remote authentication with password protected

smart card. In recent years, several protocols for password-based authenticated key exchange

have been proposed. These protocols are used for the protection of password based

authentication between a client and a remote server.

In this paper, we will focus on the password based authentication between a smartcard

owner and smart card via distrusted card reader. In a typical scenario, a smart card owner inserts

the smart card into distrusted card reader and input the password via the card reader in order for

the smart card to carry out the process of authentication with a remote server. In this case, we

want to guarantee that the card reader will not be able to impersonate the card owner in future

without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we

want the assurance that an adversary could not use the smart card to impersonate the card owner

even though the sample space of passwords may be small enough to be enumerated by an off-

line adversary.

6

Understanding CAPTCHA-Solving Services in an Economic Context

Author Name: Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy,Geoffrey M.

Voelker and Stefan Savage

Paper Year: Aug. 2010.

Description:

Reverse Turing tests, or CAPTCHAs, have become an ubiquitous defense used to protect

open Web resources from being exploited at scale. An effective CAPTCHA resists existing

mechanistic software solving, yet can be solved with high probability by a human being. In

response, a robust solving ecosystem has emerged, reselling both automated solving technology

and real time human labor to bypass these protections. Thus,CAPTCHAs can increasingly be

understood and evaluated in purely economic terms; the market price of a solution vs the

monetizable value of the asset being protected. We examine the market-side of this question in

depth, analyzing the behavior and dynamics of CAPTCHA-solving service providers, their price

performance, and the underlying labor markets driving this economy.

CAPTCHA:Using Hard AI Problems For Security

Author Name: Luis von Ahn1, Manuel Blum1, Nicholas J. Hopper, and John Langford

Paper Year: May 2003.

Description:

We introduce captcha, an automated test that humans can pass, but current computer

programs can't pass: any program that has high success over a captcha can be used to solve an

unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of

captchas. Since captchas have many applications in practical security, our approach introduces a

new class of hard problems that can be exploited for security purposes. Much like research in

7

cryptography has had a positive impact on algorithms for factoring and discrete log, we hope that

the use of hard AI problems for security purposes allows us to advance of Artificial Intelligence.

We introduce two families of AI problems that can be used to construct captchas and we show

that solutions to such problems can be used for communication. Captchas based on these AI

problem families, then, imply a win-win situation: either the problems remain unsolved and there

is a way to differentiate humans from computers, or the problems are solved and there is a way

to communicate covertly on some channels.

Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed

Passwords

Author Name: Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern

Paper Year:2010

Description:

In this paper we attempt to determine the effectiveness of using entropy, as defined in

NIST SP800-63, as a measurement of the security provided by various password creation

policies. This is accomplished by modeling the success rate of current password cracking

techniques against real user passwords. These data sets were collected from several different

websites, the largest one containing over 32 million passwords. This focus on actual attack

methodologies and real user passwords quite possibly makes this one of the largest studies on

password security to date. In addition we examine what these results mean for standard password

creation policies, such as minimum password length, and character set requirements.

Usability of CAPTCHAs Or usability issues in CAPTCHA design

Author Name: Jeff Yan, Ahmad Salah El Ahmad

Paper Year: July 2008

Description:

8

CAPTCHA is now almost a standard security technology, and has found widespread

application in commercial websites. Usability and robustness are two fundamental issues with

CAPTCHA, and they often interconnect with each other. This paper discusses usability issues

that should be considered and addressed in the design of CAPTCHAs. Some of these issues are

intuitive, but some others have subtle implications for robustness (or security). A simple but

novel framework for examining CAPTCHA usability is also proposed.

PROPOSED SYSTEM:

The proposal in the present paper, called Password Guessing Resistant Protocol (PGRP),

significantly improves the security-usability trade-off, and can be more generally deployed

beyond browser-based authentication. Our proposed system enforces ATTs after a few failed

login attempts are made from unknown machines. We define known machines as those from

which a successful login has occurred within a fixed period of time. These are identified by their

IP addresses saved on the login server as a white list, or cookies stored on client machines.

PGRP accommodates both graphical user interfaces and character-based interfaces, while the

previous protocols deal exclusively with the former, requiring the use of browser cookies. PGRP

uses either cookies or IP addresses, or both for tracking legitimate users. The proposed system

is more restrictive against brute force and dictionary attacks while safely allowing a large

number of free failed attempts for legitimate users.

PROPOSED TECHNIQUE:

PASSWORD GUESSING RESISTANT PROTOCOL (PGRP)

ADVANTAGES:

It makes brute force and dictionary attacks ineffective even for adversaries with access to

large botnets.

It is suitable for organizations of both small and large number of user accounts.

9

Module:

Authentication:

Login

Forget Password

Admin

Staff

Upload the question paper

Candidate

New user registration

Exam registration

Online Exam and Result

Module description:

Authentication:

The process of identifying an individual usually based on a username and password. In

security systems, Authentication merely ensures that the individual is who he or she claims to be,

but says nothing about the access rights of the individual.

Login:

In Staff and Admin login we are going to check whether the system is trusted machine or

distrust machine. If the machine is trusted then the staff or admin is allowed with 3 attempts. If

the machine is distrusted machine then the staff is allowed with single attempt. In Candidate

login, candidate or the user may attempt many number of attempt. Process Involved is to

Check the login name and password

Then allows the authorized user to use these pages.

10

If the unauthorized user attempts to access staff login then restrict that user and give the

information.

Forget Password:

When the users forget their password then the user can access this forget password. It is

used to create a new password. To ensure that user accessing forget password is a legitimate

user, the user will be asked a question. These questions and their answers are created, while the

user is registering to the site. If the user enters the answer then the entered text will be matched

with the database. If the result is true, then the user will be allowed to enter the new password to

access the site. If the result is false, user will not be allowed to enter the new password to access

the site.

Admin:

In this module when the admin attempts to login we need to find whether the machine is

trusted or it is distrusted machine. It is found by IP address .If the IP address is used by the

11

machine to access the site frequently is stored then that machine is trusted machine. For that

particular machine the admin login is allowed to attempt up to three numbers of attempts. The

machine is considered distrusted machine if the admin login is made as new attempt then the user

will be given single chance to enter the user name or password to access the site.

After the admin logged in then the admin will have the access over the application to

control. In this application admin has the privilege to control the uploaded question paper. This

admin have the control for deleting the question paper too.

Staff:

In this module the staff will be hosting the question paper which is needed for the candidate

to write online exam. For this process the staff has to login first. To login, the staff needs to

provide authenticable user name and password within three attempts in a trusted system. In a

distrusted machine the staff has to enter the user name and password within single attempt. If the

attempts go more than given limit then intimation will be provided.

12

Candidate:

In this module the candidate are given access only to login and answer the exam. To

login into the candidate login, first the users have to register into application by giving their

detail. While login the candidate can attempt n number of login attempt to attend the exam.

13

Candidate LoginRegister for particular exam

Write the exam

View the Exam Result

Online Exam and Result:

Candidates who need to write the exam, first they need to register themselves in

application. After the registration the candidates can write the exam. If the candidates closed the

window where they are writing the exam the session will expire and they cannot continue the

exam. The candidate’s results will be displayed immediately as soon as they complete the exam.

Technique:

Password Guessing Resistant Protocol

The login protocol should make brute force and dictionary attacks ineffective even for

adversaries with access to large botnets (i.e., capable of launching the attack from many remote

hosts).The protocol should not have any significant impact on usability (user convenience). For

example: for legitimate users, any additional steps besides entering login credentials should be

minimal. Increasing the security of the protocol must have minimal effect in decreasing the login

usability.

14

Two processes involved in this:

1) If the login attempt is wrong for the system at first chance in trusted (known) system then the

user will be provided with two more chance (totally three chance). If the user attempts third time,

then user fails to login. Then intimation will be given.

2) If the login attempt is wrong for the system at first chance in distrusted (unknown) system

then the user will not be provided with another chance. Then intimation will be given.

Input and Output Design:

Login:

Input: Enter the login name and password

Output: If trusted user then allows accessing the corresponding page else intimation will be

given.

New login registration:

Input: Provide the name and their details

Output: Loaded into the database

New Exam:

Input: upload the question and details of the exam

Output: saved into database

Exam registration:

Input: select the exam name and provide the candidate details

Output: it will give the unique registration number

15

Online Exam:

Input: candidate can answer the corresponding questions

Output: check whether the answer is correct or not

Result:

Input: enter the registration number

Output: it show the result of the corresponding registration number

HARDWARE AND SOFTWARE REQUIREMENTS

SOFTWARE REQUIREMENTS:

Operating system :- Windows7

Front End :- Microsoft Visual Studio .Net 2010

Coding Language :- C#

Backend :- SQL Server 2005

HARDWARE REQUIREMENTS:

Processor : Pentium Dual Core 2.00GHZ

Hard disk : 40 GB

Mouse : Logitech.

RAM : 2GB(minimum)

Keyboard : 110 keys enhanced.

16

System Design:

USE CASE DIAGRAM:

A use case diagram is a type of behavioral diagram created from a Use-case analysis.

The purpose of use case is to present overview of the functionality provided by the

system in terms of actors, their goals and any dependencies between those use cases

17

Admin

Candidate

Staff

Schedule Exam

Login

Question paper

Exam registration

Write the exam

Monitor the exam

View result

In this use case diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

18

Class Diagram:

A class diagram in the UML is a type of static structure diagram that describes the

structure of a system by showing the system’s classes, their attributes, and the relationships

between the classes.

Private visibility hides information from anything outside the class partition. Public

visibility allows all other classes to view the marked information.

Protected visibility allows child classes to access information they inherited from a parent

class.

New Exam

Exam NameQuestion

save into database()

Exam

Registration NoExam time

Display Question()

Admin

namePassword

Monitor exam()View result()

Staff

namePassword

New Exam()Schedule()

Result

Exam nameRegistration No

Exam result()

Candidate

namePassword

registration()exam()

19

StaffName=staffPassword=***

UploadQuestion paper

CandidateName=Cand1Password=***

Online exam

Answer paperView result

AdminMonitor examView result

In this class diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

Object Diagram:

An object diagram in the Unified Modeling Language (UML) is a diagram that shows a

complete or partial view of the structure of a modeled system at a specific time.

An Object diagram focuses on some particular set of object instances and attributes, and

the links between the instances. A correlated set of object diagrams provides insight into how an

arbitrary view of a system is expected to evolve over time.

Object diagrams are more concrete than class diagrams, and are often used to provide

examples, or act as test cases for the class diagrams. Only those aspects of a model that are of

current interest need be shown on an object diagram.

20

In this object diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

State Diagram:

A state diagram is a type of diagram used in computer science and related fields to

describe the behavior of systems. State diagrams require that the system described is composed

of a finite number of states; sometimes, this is indeed the case, while at other times this is a

reasonable abstraction. There are many forms of state diagrams, which differ slightly and have

different semantics.

Login Staff Upload question

Exam Question

Candidate

Exam registration

Write the exam

Monitor the exam

Display result

21

In this state diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

Activity Diagram:

Activity diagram are a loosely defined diagram to show workflows of stepwise activities

and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be

used to describe the business and operational step-by-step workflows of components in a system.

UML activity diagrams could potentially model the internal logic of a complex operation. In

many ways UML activity diagrams are the object-oriented equivalent of flow charts and data

flow diagrams(DFDs)from structural development.

The following Activity diagram shows how the optimization of work flows in this project

22

Login

StaffAdmin

Candidate

Insert question

Schedule exam Exam details Exam registration

Conduct Exam

Online exam

Result

Logout

In this activity diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

23

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

Sequence diagram:

A sequence diagram in UML is a kind of interaction diagram that shows how processes

operate with one another and in what order.

It is a construct of a message sequence chart. Sequence diagrams are sometimes called

Event-trace diagrams, event scenarios, and timing diagrams.

The below diagram shows the sequence flow shows how the optimization of work flows

in this project

Login Admin Staff Candidate Exam allotment Registration Online exam Result

Authenticate

Authenticate

Schedule exam

Write exam

Maintanence

view result

Authenticate

Register

Exam maintanence

View result

In this sequence diagram, the staff login to the account, schedule the exam and upload the

question paper. The candidate register to the application and then login to the application then

24

the candidate can write the exam and view the result. The admin monitors the exam and can view

the result.

Collaboration Diagram:

A collaboration diagram show the objects and relationships involved in an interaction,

and the sequence of messages exchanged among the objects during the interaction.

The collaboration diagram can be a decomposition of a class, class diagram, or part of a

class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case

diagram.

The collaboration diagram shows messages being sent between classes and object

(instances). A diagram is created for each system operation that relates to the current

development cycle (iteration).

25

Login

Admin

Staff

Candidate

Exam allotment

Registration

Online exam Result

1: Authenticate

5: Authenticate

7: Authenticate

8: Maintanence

2: Schedule exam

3: Register

6: view result

9: view result

4: Write exam

In this collaboration diagram, the staff login to the account, schedule the exam and

upload the question paper. The candidate register to the application and then login to the

application then the candidate can write the exam and view the result. The admin monitors the

exam and can view the result.

Component Diagram:

Components are wired together by using an assembly connector to connect the

required interface of one component with the provided interface of another component. This

illustrates the service consumer - service provider relationship between the two components.

26

An assembly connector is a "connector between two components that defines that one

component provides the services that another component requires. An assembly connector is a

connector that is defined from a required interface or port to a provided interface or port."

When using a component diagram to show the internal structure of a component, the

provided and required interfaces of the encompassing component can delegate to the

corresponding interfaces of the contained components.

Login

Candiadate

StaffAdmin

Schedule Maintain detail

Register.

Conduct exam

Monitor exam

Result

27

User

0 Admin

LoginMonitor exam

D0 Database

In this component diagram, the staff login to the account, schedule the exam and upload

the question paper. The candidate register to the application and then login to the application

then the candidate can write the exam and view the result. The admin monitors the exam and can

view the result.

Data Flow Diagram:

A data flow diagram (DFD) is a graphical representation of the “flow” of data through an

information system. It differs from the flowchart as it shows the data flow instead of the control

flow of the program. A data flow diagram can also be used for the visualization of data

processing. The DFD is designed to show how a system is divided into smaller portions and to

highlight the flow of data between those parts.

LEVEL 0:

28

User

1 Staff

LoginSchedule examUpload question

D1 Database

User 2 Candidate

RegisterLoginWrite examView result

D2 Database

Here admin logs in and monitors the examination conducting process. And he updates them in

the database. Admin can view the student activities and staff activities

LEVEL 1:

The staff can login and upload new questions on variety of topics. The staff can schedule the

exam process and update them in the database.

Level 2:

29

1 Staff

LoginSchedule examUpload question

D1 Database

0 Admin

LoginMonitor exam

D0 Database

2 Candidate

RegisterLoginWrite examView result

D2 Database

User

In level 2, the user can login and take the test and view the results. Registered users can login

directly whereas new users can register themselves before taking up the test.

All Level:

30

AdminMaintain the Data Contact Exam

Candidate details Staff DetailSchedule Question

Display the Result

RegistrationResult

The all level diagram sums up the whole process happening from level 0 to level 2. It shows all

the activities of admin, staff and users.

E-R Diagram:

In software engineering, an entity-relationship model (ERM) is an abstract and

conceptual representation of data. Entity-relationship modeling is a database modeling method,

used to produce a type of conceptual schema or semantic data model of a system, often

a relational database, and its requirements in a top-down fashion. Diagrams created by this

process are called entity-relationship diagrams, ER diagrams, or ERDs.

Admin:

31

CandidateExam Register

Register NO

Online Exam

Question

Exam Result

Register NO Result

Time Question

StaffExam Schedule Question and answer

Answer

View the Result

Exam Name Result

The admin monitors the exam and see the activities of staff and candidates. Admin

maintains and updates the data of staff and candidates.

Candidate:

The user can login and take the test and view the results. Registered users can login

directly whereas new users can register themselves before taking up the test.

Staff:

32

Schedule Exam

Upload Exam

Monitor the Online Exam

Online Exam

Register the Exam

Write the Online Exam

Staff Admin Candidate

Login

The staff can login and upload new questions on variety of topics. The staff can schedule the

exam process and update them in the database.

System Architecture:

This system architecture will give explanation about the entire concept about project.

When a staff login into the application then schedule the exam. Scheduling the exam involved at

what time the exam to be processed for the student and upload the question paper. The staff can

also view the result of the students who attended the exam. In the admin section after the admin

logged in the admin only have the access to delete the uploaded Question paper. We allow

candidates only to register their details and write the exam and view the result. After registration

process completed the candidate can login to the application then they can write their exam.

Then the user can view their result.

33

DEVELOPMENT TOOLS

5.1. GENERAL

This chapter is about the software language and the tools used in the development of the project.

The platform used here is Dot Net. The Primary languages are C-Sharp. In this project AJAX is

chosen for implementation.

5.2 FEATURES OF .NET

Microsoft .NET is a set of Microsoft software technologies for rapidly building

and integrating XML Web services, Microsoft Windows-based applications, and Web solutions.

The .NET Framework is a language-neutral platform for writing programs that can easily and

securely interoperate. There’s no language barrier with .NET: there are numerous languages

available to the developer including Managed C++, C#, Visual Basic and Java Script. The .NET

framework provides the foundation for components to interact seamlessly, whether locally or

remotely on different platforms. It standardizes common data types and communications

protocols so that components created in different languages can easily interoperate.

“.NET” is also the collective name given to various software components built

upon the .NET platform. These will be both products (Visual Studio.NET and Windows.NET

Server, for instance) and services (like Passport, .NET My Services, and so on).

5.2.1 THE .NET FRAMEWORK

The .NET Framework has two main parts:

1. The Common Language Runtime (CLR).

2. A hierarchical set of class libraries.

34

The CLR is described as the “execution engine” of .NET. It provides the environment within

which programs run. The most important features are

Conversion from a low-level assembler-style language, called Intermediate

Language (IL), into code native to the platform being executed on.

Memory management, notably including garbage collection.

Checking and enforcing security restrictions on the running code.

Loading and executing programs, with version control and other such features.

The following features of the .NET framework are also worth description:

MANAGED CODE

The code that targets .NET, and which contains certain extra Information - “metadata” - to

describe itself. Whilst both managed and unmanaged code can run in the runtime, only managed

code contains the information that allows the CLR to guarantee, for instance, safe execution and

interoperability.

MANAGED DATA

With Managed Code comes Managed Data. CLR provides memory allocation

and Deal location facilities, and garbage collection. Some .NET languages use Managed Data by

default, such as C#, Visual Basic.NET and JScript.NET, whereas others, namely C++, do not.

Targeting CLR can, depending on the language you’re using, impose certain constraints on the

features available. As with managed and unmanaged code, one can have both managed and

unmanaged data in .NET applications - data that doesn’t get garbage collected but instead is

looked after by unmanaged code.

35

COMMON TYPE SYSTEM

The CLR uses something called the Common Type System (CTS) to strictly enforce

type-safety. This ensures that all classes are compatible with each other, by describing types in a

common way. CTS define how types work within the runtime, which enables types in one

language to interoperate with types in another language, including cross-language exception

handling. As well as ensuring that types are only used in appropriate ways, the runtime also

ensures that code doesn’t attempt to access memory that hasn’t been allocated to it.

COMMON LANGUAGE SPECIFICATION

The CLR provides built-in support for language interoperability. To ensure that you can

develop managed code that can be fully used by developers using any programming language, a

set of language features and rules for using them called the Common Language Specification

(CLS) has been defined. Components that follow these rules and expose only CLS features are

considered CLS-compliant.

THE CLASS LIBRARY

.NET provides a single-rooted hierarchy of classes, containing over 7000 types.

The root of the namespace is called System; this contains basic types like Byte, Double, Boolean,

and String, as well as Object. All objects derive from System. Object. As well as objects, there

are value types. Value types can be allocated on the stack, which can provide useful flexibility.

There are also efficient means of converting value types to object types if and when necessary.

The set of classes is pretty comprehensive, providing collections, file, screen, and

network I/O, threading, and so on, as well as XML and database connectivity.

The class library is subdivided into a number of sets (or namespaces), each

providing distinct areas of functionality, with dependencies between the namespaces kept to a

minimum.

36

LANGUAGES SUPPORTED BY .NET

The multi-language capability of the .NET Framework and Visual Studio .NET

enables developers to use their existing programming skills to build all types of applications and

XML Web services. The .NET framework supports new versions of Microsoft’s old favorites

Visual Basic and C++ (as VB.NET and Managed C++), but there are also a number of new

additions to the family.

Visual Basic .NET has been updated to include many new and improved language

features that make it a powerful object-oriented programming language. These features include

inheritance, interfaces, and overloading, among others. Visual Basic also now supports

structured exception handling, custom attributes and also supports multi-threading.

Visual Basic .NET is also CLS compliant, which means that any CLS-compliant

language can use the classes, objects, and components you create in Visual Basic .NET.

Managed Extensions for C++ and attributed programming are just some of the

enhancements made to the C++ language. Managed Extensions simplify the task of migrating

existing C++ applications to the new .NET Framework.

C# is Microsoft’s new language. It’s a C-style language that is essentially “C++

for Rapid Application Development”. Unlike other languages, its specification is just the

grammar of the language. It has no standard library of its own, and instead has been designed

with the intention of using the .NET libraries as its own.

Microsoft Visual J# .NET provides the easiest transition for Java-language

developers into the world of XML Web Services and dramatically improves the interoperability

of Java-language programs with existing software written in a variety of other programming

languages.

Active State has created Visual Perl and Visual Python, which enable .NET-aware

applications to be built in either Perl or Python. Both products can be integrated into the Visual

Studio .NET environment. Visual Perl includes support for Active State’s Perl Dev Kit.

37

Other languages for which .NET compilers are available include

FORTRAN

COBOL

Eiffel

ASP.NET

XML WEB SERVICES

Windows Forms

Base Class Libraries

Common Language Runtime

Operating System

Fig 5.2.1 .Net Framework

FEATURES OF C#

1. C# is a simple, modern, object oriented language derived from C++ and Java. 

2. It aims to combine the high productivity of Visual Basic and the raw power of C++. 

3. It is a part of Microsoft Visual Studio7.0. 

4. Visual studio supports Vb, VC++, C++, Vbscript, Jscript. All of these languages provide

access to the Microsoft .NET platform. 

5. .NET includes a Common Execution engine and a rich class library. 

6. Microsoft's JVM equiv. is Common language run time (CLR). 

7. CLR accommodates more than one languages such as C#, VB.NET, Jscript, ASP.NET, C++. 

8. Source code --->Intermediate Language code (IL) ---> (JIT Compiler) Native code. 

38

9.The classes and data types are common to all of the .NET languages. 

10. We may develop Console application, Windows application, and Web application using C#. 

11. In C# Microsoft has taken care of C++ problems such as Memory management, pointers etc. 

12.It supports garbage collection, automatic memory management and a lot. 

MAIN FEATURES OF C# 

SIMPLE 

1. Pointers are missing in C#. 

2. Unsafe operations such as direct memory manipulation are not allowed. 

3. In C# there is no usage of "::" or "->" operators. 

4. Since it`s on .NET, it inherits the features of automatic memory management and garbage

collection. 

5. Varying ranges of the primitive types like Integer, Floats etc. 

6. Integer values of 0 and 1 are no longer accepted as Boolean values. Boolean values are pure

true or false values in C# so no more errors of "="operator and "=="operator. "==" is used for

comparison operation and "=" is used for assignment operation. 

MODERN 

1.C# has been based according to the current trend and is very powerful and simple for building

interoperable, scalable, robust applications. 

2. C# includes built in support to turn any component into a web service that can be invoked over

the Internet from any application running on any platform. 

OBJECT ORIENTED 

1. C# supports Data Encapsulation, inheritance, polymorphism, interfaces. 

2. (int, float, double) are not objects in java but C# has introduces structures (structs) which

enable the primitive types to become objects

39

int i=1;

string a=i.Tostring(); //conversion (or) Boxing

TYPE SAFE 

1. In C# we cannot perform unsafe casts like convert double to a Boolean. 

2. Value types (primitive types) are initialized to zeros and reference types (objects and classes

are initialized to null by the compiler automatically. 

3. Arrays are zero base indexed and are bound checked. 

4. Overflow of types can be checked. 

INTEROPERABILITY 

1. C# includes native support for the COM and windows based applications. 

2. Allowing restricted use of native pointers. 

3. Users no longer have to explicitly implement the unknown and other COM interfaces, those

features are built in. 

4. C# allows the users to use pointers as unsafe code blocks to manipulate your old code. 

5. Components from VB NET and other managed code languages and directly be used in C#. 

SCALABLE AND UPDATEABLE 

1. .NET has introduced assemblies, which are self-describing by means of their manifest.

Manifest establishes the assembly identity, version, culture and digital signature etc. Assemblies

need not to be register anywhere. 

2. To scale our application we delete the old files and updating them with new ones. No

registering of dynamic linking library. 

3. Updating software components is an error prone task. Revisions made to the code can affect

the existing program C# support versioning in the language. Native support for interfaces and

method overriding enable complex frame works to be developed and evolved over time. 

40

5.2.2 OBJECTIVES OF .NET

The .net framework is one of the tools provided by the .net platform. It provides an Environment

for building, deploying and running web services and other applications like Console

applications; Windows based applications, Web sites. It is a Common architecture for all .net

programming languages.

The Main Objectives of .NET Framework

1) Platform Independent

2) Language Independent

3) Language Interoperability

4) Security

5) Database Connectivity

6) Globalization of Application

1) Platform Independent: As dll or exe files are executable in any operating system 

with the help of the CLR (common language runtime), hence .net is called as platform

independent.

CLR is platform dependent.

CLR for Windows is called CLR.

CLR for Linux is called Mono CLR.

CLR for light weight devices is called Compact CLR.

CLR is not available for DOS and Windows95.

2) Language Independent: As .net application logic can be developed in any .net framework

compatible languages, hence it is called as Language Independent.

It supports 11 languages and 1 specification

41

e.g.:  C#.net

       VB.net

        J#.net

       Cobol.net

       PHP.net

       PERL.net   etc.....

Specification is ASP.net 

It provides set of rules to be followed while integrating with the language.

3)  Language Interoperability: The code written in one language should be used from

the application developed using other language.

4) Security: The .net applications attains high level of security.

5) Database Connectivity: A new Database connectivity model to connect Database.

6) Globalization of Application: Designing the applications for supporting multiple 

languages and cultures.

42

5.2.3 COMPONETS OF .NET FRMEWORK

The .NET Framework is an integral Windows component that supports building and running the

next generation of applications and XML Web services. The .NET Framework is designed to

fulfill the following objectives:

To provide a consistent object-oriented programming environment whether object code is

stored and executed locally, executed locally but Internet-distributed, or executed

remotely.

To provide a code-execution environment that minimizes software deployment and

versioning conflicts.

To provide a code-execution environment that promotes safe execution of code, including

code created by an unknown or semi-trusted third party.

To provide a code-execution environment that eliminates the performance problems of

scripted or interpreted environments.

To make the developer experience consistent across widely varying types of applications,

such as Windows-based applications and Web-based applications.

To build all communication on industry standards to ensure that code based on the .NET

Framework can integrate with any other code.

The .NET Framework has two main components: the common language runtime and the .NET

Framework class library. The common language runtime is the foundation of the .NET

Framework. You can think of the runtime as an agent that manages code at execution time,

providing core services such as memory management, thread management, and remoting, while

also enforcing strict type safety and other forms of code accuracy that promote security and

robustness. In fact, the concept of code management is a fundamental principle of the runtime.

Code that targets the runtime is known as managed code, while code that does not target the

runtime is known as unmanaged code. The class library, the other main component of the .NET

Framework, is a comprehensive, object-oriented collection of reusable types that you can use to

develop applications ranging from traditional command-line or graphical user interface (GUI)

43

applications to applications based on the latest innovations provided by ASP.NET, such as Web

Forms and XML Web services.

The .NET Framework can be hosted by unmanaged components that load the common language

runtime into their processes and initiate the execution of managed code, thereby creating a

software environment that can exploit both managed and unmanaged features. The .NET

Framework not only provides several runtime hosts, but also supports the development of third-

party runtime hosts.

For example, ASP.NET hosts the runtime to provide a scalable, server-side environment for

managed code. ASP.NET works directly with the runtime to enable ASP.NET applications and

XML Web services, both of which are discussed later in this topic.

Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form

of a MIME type extension). Using Internet Explorer to host the runtime enables you to embed

managed components or Windows Forms controls in HTML documents. Hosting the runtime in

this way makes managed mobile code (similar to Microsoft® ActiveX® controls) possible, but

with significant improvements that only managed code can offer, such as semi-trusted execution

and isolated file storage.

The following illustration shows the relationship of the common language runtime and the class

library to your applications and to the overall system. The illustration also shows how managed

code operates within a larger architecture.

.NET Framework in context

44

The following sections describe the main components and features of the .NET Framework in greater detail.

1. COMMON LANGUAGE RUNTIME

The common language runtime manages memory, thread execution, code execution, code safety

verification, compilation, and other system services. These features are intrinsic to the managed

code that runs on the common language runtime.With regards to security, managed components

are awarded varying degrees of trust, depending on a number of factors that include their origin

(such as the Internet, enterprise network, or local computer). This means that a managed

component might or might not be able to perform file-access operations, registry-access

operations, or other sensitive functions, even if it is being used in the same active application.The

runtime enforces code access security. For example, users can trust that an executable embedded

in a Web page can play an animation on screen or sing a song, but cannot access their personal

data, file system, or network. The security features of the runtime thus enable legitimate Internet-

deployed software to be exceptionally feature rich.

The runtime also enforces code robustness by implementing a strict type-and-code-verification

infrastructure called the common type system (CTS). The CTS ensures that all managed code is

45

self-describing. The various Microsoft and third-party language compilers generate managed

code that conforms to the CTS. This means that managed code can consume other managed

types and instances, while strictly enforcing type fidelity and type safety.

In addition, the managed environment of the runtime eliminates many common software issues.

For example, the runtime automatically handles object layout and manages references to objects,

releasing them when they are no longer being used. This automatic memory management

resolves the two most common application errors, memory leaks and invalid memory references.

The runtime also accelerates developer productivity. For example, programmers can write

applications in their development language of choice, yet take full advantage of the runtime, the

class library, and components written in other languages by other developers. Any compiler

vendor who chooses to target the runtime can do so. Language compilers that target the .NET

Framework make the features of the .NET Framework available to existing code written in that

language, greatly easing the migration process for existing applications.

While the runtime is designed for the software of the future, it also supports software of today

and yesterday. Interoperability between managed and unmanaged code enables developers to

continue to use necessary COM components and DLLs.

The runtime is designed to enhance performance. Although the common language runtime

provides many standard runtime services, managed code is never interpreted. A feature called

just-in-time (JIT) compiling enables all managed code to run in the native machine language of

the system on which it is executing. Meanwhile, the memory manager removes the possibilities

of fragmented memory and increases memory locality-of-reference to further increase

performance.

Finally, the runtime can be hosted by high-performance, server-side applications, such as

Microsoft® SQL Server™ and Internet Information Services (IIS). This infrastructure enables

you to use managed code to write your business logic, while still enjoying the superior

performance of the industry's best enterprise servers that support runtime hosting.

46

2. BASE CLASS LIBRARY.

The .NET Framework class library is a collection of reusable types that tightly integrate with the

common language runtime. The class library is object oriented, providing types from which your

own managed code can derive functionality. This not only makes the .NET Framework types

easy to use, but also reduces the time associated with learning new features of the .NET

Framework. In addition, third-party components can integrate seamlessly with classes in

the .NET Framework.

For example, the .NET Framework collection classes implement a set of interfaces that you can

use to develop your own collection classes. Your collection classes will blend seamlessly with

the classes in the .NET Framework.

As you would expect from an object-oriented class library, the .NET Framework types enable

you to accomplish a range of common programming tasks, including tasks such as string

management, data collection, database connectivity, and file access. In addition to these common

tasks, the class library includes types that support a variety of specialized development scenarios.

For example, you can use the .NET Framework to develop the following types of applications

and services:

Console applications.

Windows GUI applications (Windows Forms).

ASP.NET applications.

XML Web services.

Windows services.

For example, the Windows Forms classes are a comprehensive set of reusable types that vastly

simplify Windows GUI development. If you write an ASP.NET Web Form application, you can

use the Web Forms classes.

47

5.3 FEATURES OF THE COMMON LANGUAGE RUNTIME

Common Language Runtime is a heart of the .net framework. It actually manages the code

during Execution. The Code that runs under the CLR is called “Managed Code”. The code that

is executed  under .net runtime gets benefits like cross language inheritance,

cross language exception handling, enhanced Security, Versioning and development support, a

simplified model for component interaction, debugging and Profiling services.

CLR Managed Code Execution Process

The Process of Compiling and executing managed code is given below

When you compile a program written in any of language that target CLR, the compiler

translate it into Microsoft Intermediate Language (MSIL) or IntermediateLanguage (IL).

It does not depend on Language and always get translated to IL, This

ensures language Interoperability.

In addition to translating the code into IL, Compiler also produces metadata about the

program during the process of compilation. Metadata contains the description ofthe

program such as Classes and interfaces, the dependencies etc.

The IL and the metadata are linked in an assembly.

The Compiler creates .EXE or .Dll File.

When you execute the .exe or .dll file, the code and all the other relevant information

from the base class library is sent to the class Loader, who loads the code in memory.

Before code gets executed, The Just-in-Time (JIT) compiler translates the code from IL

to native code (machine code). CLR supplies a JIT compiler for each supports CPU

architecture. During the process of compilation, the JIT compiler compiles only the code

that is required during execution instead of compiling the complete IL code.

During JIT Compilation, the code is also checked for type safety. Type Safety ensures

that object are accessed in a compatible way. Type Safety also ensures that objects are

isolated from each other and are therefore safe from any malicious corruption.

48

After Converted to native code, converted code is sent to .net runtime manager.

The .net runtime manager executed the code, while executed the code, a security check is

performed to ensure that the code has the appropriate permission for accessing the

available resources.

Features provided by CLR

Some of the features provided by the CLR are as follows:

Automatic memory management: - The CLR provides the Garbage

Collection feature for managing the life time of object. This relives a programmer from

memory management task.

Standard Type System: - The CLR Implement a formal Specification called the

Common Type System (CTS). CTS is important part of rules that ensures that objects

written in different language can interact with each other.

Language interoperability: - It is the ability of an application to interact with another

application written in a different programming language. Language interoperability helps

maximum code reuse. The CLR provides support for language interoperability by

specifying and enforcing CTS and by providing metadata.

Platform Independence: - The Compiler compiles code language, which is CPU-

independent. This means that the code can be executed from any platform that supports

the .Net CLR.

Security Management: - In .net platform, Security is achieved through the code

access Security (CAS) model. In the model, CLR enforces the restriction an managed

code through the object called “permissions”. The CLR allows the code to perform only

that task for which it has permissions. In other words, the CAS model specifies what the

code can access instead of specifies who can access resources.

Type Safety: - This feature ensures that object is always accessed in compatible ways.

Therefore the CLR will prohibit a code from assign a 10-byte value to an object that

occupies 8 bytes.

49

Benefits of CLR 

          Followings are some of benefits of the CLR

Performance improvement

The ability to easily use components developed in other languages.

Extensible types provided by library.

New Language features such as inheritance, interfaces etc.

Complete Object-Oriented design.

Very Strong Type Safety.

A good blend of Visual Basic simplicity and c++ power.

Syntax and keywords similar to c and c++.

Use of delegates rather than function pointers for increased type safety and security.

    

5.4 AJAX – AN OVERVIEW

In the world of Web programming, AJAX stands for Asynchronous JavaScript And XML,

which is a technique for developing more efficient interactive Web applications. AJAX enables

complex interactive Web site elements to remain loaded while switching between pages, so that

they do not have to be served up separately each time a visitor navigates to another site page.

This Personal Learning Resource gives a brief overview of AJAX, discusses its advantages and

disadvantages, and also lists numerous other resources for additional training on this

development method.

AJAX (Asynchronous JavaScript And XML) Key Components

AJAX itself is not considered to be a unique technology, but a Web development method

incorporating features from several different technologies and languages. AJAX uses a

communication technology (typically SOAP and XML) to send and receive an asynchronous

50

request/response to the server, and then leverages presentation technologies (JavaScript, DOM,

HTML, and CSS) to process the response. The AJAX method implements the following

technologies to ease the process of producing consistent and interactive Web pages:

1. XHTML  (HTML) and CSS, for marking up and styling information.

2. The DOM accessed with a client-side scripting language,

especially ECMAScript implementations like JavaScript and JScript, to dynamically

display and interact with the information presented.

3. The XMLHttpRequest object to exchange data asynchronously with the Web server. In

some AJAX frameworks and in certain situations, an iFrame object is used instead of

the XMLHttpRequest object to exchange data with the Web server.

4. XML is commonly used as the format for transferring data back from the server, although

any format will work, including preformatted HTML, plain text, JSON and even EBML.

Using Ajax technologies in Web applications provides many challenges for developers interested

in adhering to WAI accessibility  guidelines. Developers need to provide fallback options for

users on other platforms or browsers, as most methods of AJAX implementation rely on features

only present in desktop graphical browsers.

.

51

5.4.1 EVOLUTION OF AJAX

In his blog, A Brief History of AJAX, Aaron Swartz talks about the evolution of AJAX. Various

vendors contributed to this effort. The tipping point came when Google used it for Google Maps

and Gmail and when Jesse James Garrett coined the term AJAX.AJAX completely changed the

browsing experience. Now vendors like Sun and TIBCO are jumping in with tools to build

AJAX style applications. I just did a search on Google on AJAX applications, and got about 1.87

million hits. Also stumbled upon a link to the Top-10 AJAX applications posted in Sep, 2005.

5.4.2 BENEFITS OF AJAX

Ajax is new very promising technology, which has become extremely popular these days. Here

are the benefits of using Ajax:

Ajax can be used for creating rich, web-based applications that look and works like a

desktop application

 

Ajax is easy to learn. Ajax is based on JavaScript and existing technologies like XML,

CSS, DHTML. etc. So, its very easy to learn Ajax

   Ajax can be used to develop web applications that can update the page data continuously

without refreshing the whole page

What is Ajax?

Asynchronous JavaScript and XML or Ajax for short is new web development technique used

for the development of most interactive website. Ajax helps you in making your web application

more interactive by retrieving small amount of data from web server and then showing it on your

application. You can do all these things without refreshing your page. 

Usually in all the web applications, the user enters the data into the form and then clicks on the

submit button to submit the request to the server. Server processes the request and returns the

view in new page ( by reloading the whole page). This process is inefficient, time consuming,

52

and a little frustrating for you user if the only the small amount of data exchange is required. For

example in an user registration form, this can be frustrating thing for the user, as whole page is

reloaded only to check the availability of the user name. Ajax will help in making your

application more interactive. With the help of Ajax you can tune your application to check the

availability of the user name without refreshing the whole page.

Understanding the technology behind Ajax

Ajax is not a single technology, but it is a combination of many technologies. These technologies

are supported by modern web browsers. Following are techniques used in the Ajax applications.

JavaScript:

JavaScript is used to make a request to the web server. Once the response is returned by

the webserver, more JavaScript can be used to update the current page. DHTML and CSS

is used to show the output to the user. JavaScript is used very heavily to provide teh

dynamic behavior to the application.

 

Asynchronous Call to the Server:

Most of the Ajax application used the XMLHttpRequest object to send the request to the

web server. These calls are Asynchronous and there is no need to wait for the response to

come back. User can do the normal work without any problem.

  

XML:

XML may be used to receive the data returned from the web server. JavaScript can be

used to process the XML data returned from the web server easily.

How Ajax Works?

When user first visits the page, the Ajax engine is initialized and loaded. From that point of time

user interacts with Ajax engine to interact with the web server. The Ajax engine operates

asynchronously while sending the request to the server and receiving the response from server.

53

Ajax life cycle within the web browser can be divided into following stages:

User Visit to the page:  User visits the URL by typing URL in browser or clicking a link

from some other page.

 

Initialization of Ajax engine:

When the page is initially loaded, the Ajax engine is also initialized. The Ajax engine can

also be set to continuously refresh the page content without refreshing the whole page.

 

Event Processing Loop:

* Browser event may instruct the Ajax engine to send request to server and receive the

response data

* Server response - Ajax engine receives the response from the server. Then it calls the

JavaScript call back functions

* Browser (View) update - JavaScript request call back functions is used to update the

browser. DHTML and css is used to update the browser display.

5.5 MAIN FEATURES OF XML:

XML files are text files, which can be managed by any text editor.

XML is very simple, because it has less than 10 syntax rules.

XML is extensible, because it only specifies the structural rules of tags. No specification on tags them self.

Because of these features, XML offers following advantages as described by en.wikipedia.org:

XML provides a basic syntax that can be used to share information between different

kinds of computers, different applications, and different organizations. XML data is

stored in plain text format. This software- and hardware-independent way of storing data

allows different incompatible systems to share data without needing to pass them through

many layers of conversion. This also makes it easier to expand or upgrade to new

operating systems, new applications, or new browsers, without losing any data.

With XML, your data can be available to all kinds of "reading machines" (Handheld

computers, voice machines, news feeds, etc), and make it more available for blind people,

or people with other disabilities.

54

XML provides a gateway for communication between applications, even applications on

wildly different systems. As long as applications can share data (through HTTP, file

sharing, or another mechanism), and have an XML parser, they can share structured

information that is easily processed. Databases can trade tables, business applications can

trade updates, and document systems can share information.

It supports Unicode, allowing almost any information in any written human language to

be communicated.

It can represent common computer science data structures: records, lists and trees.

Its self-documenting format describes structure and field names as well as specific

values.

The strict syntax and parsing requirements make the necessary parsing algorithms

extremely simple, efficient, and consistent.

Content-based XML markup enhances searchability, making it possible for agents and

search engines to categorize data instead of wasting processing power on context-based

full-text searches.

XML is heavily used as a format for document storage and processing, both online and

offline.

It is based on international standards.

It can be updated incrementally.

It allows validation using schema languages such as XSD and Schematron, which makes

effective unit-testing, firewalls, acceptance testing, contractual specification and software

construction easier.

The hierarchical structure is suitable for most (but not all) types of documents.

It is platform-independent, thus relatively immune to changes in technology.

Forward and backward compatibility are relatively easy to maintain despite changes in

DTD or Schema.

55

Its predecessor, SGML, has been in use since 1986, so there is extensive experience and

software available.

5.6 FEATURES OF SQL SERVER

Microsoft SQL Server 2005

The following is a list of the new features provided in SQL Server 2005:

User-defined functions

Indexed views

Distributed partitioned views

INSTEAD OF and AFTER triggers

New data types

Cascading RI constraints

Multiple SQL Server instances

XML support

Log shipping

The rest of this section takes a closer look at each of these new features and provides a

reference to subsequent chapters where more information about the new feature can be found.

SQL-SERVER database consist of six type of objects,

They are,

1. TABLE

2. QUERY

3. FORM

4. REPORT

5. MACRO

56

TABLE:

A database is a collection of data about a specific topic.

VIEWS OF TABLE:

We can work with a table in two types,

1. Design View

2. Datasheet View

DESIGN VIEW

To build or modify the structure of a table we work in the table design view. We can

specify what kind of data will be hold.

DATASHEET VIEW

To add, edit or analyses the data itself we work in tables datasheet view mode.

QUERY:

A query is a question that has to be asked the data. Access gathers data that answers the

question from one or more table. The data that make up the answer is either dynaset (if you edit

it) or a snapshot(it cannot be edited).Each time we run query, we get latest information in the

dynaset.Access either displays the dynaset or snapshot for us to view or perform an action on

it ,such as deleting or updating.

57

SQL Server 2005 Introduction

SQL Server 2000 will be soon reaching its five-year mark, which in terms of software life-cycle

translates into fairly advanced maturity. While this is still far from retirement age, the name of its

successor, SQL Server 2005, suggests that it might be time for you to start looking into what the

new generation has to offer. The release of SQL Server 2005, originally introduced as Yukon,

has already been postponed, but its current Beta 2 implementation (with several incremental

Community Technical Previews expected before Beta 3 becomes available early next year)

brings promise of a timely RTM stage (planned for summer next year). In this series of articles,

we will look into functional highlights of the new incarnation of the Microsoft database

management system, focusing on those that are likely to remain unchanged in the final product.

Improvements to the database engine, the details of which are not published by Microsoft, and

the corresponding changes to the main infrastructure components are reflected by a substantial

number of new features as well as enhancements to existing ones. The most relevant ones can be

grouped into several categories, such as high availability and scalability, security, data

management, administration and maintenance, and development.

The demand for high availability is becoming increasingly common and is no longer limited to

major corporate and governmental clients. This results not only from a growing level of

customer expectations, but also from the new political climate associated with more stringent

legislative and regulatory requirements, in which disaster recovery and business continuity are

more relevant then ever. However, businesses are also, at the same time, extremely interested in

keeping their costs to a minimum. Microsoft tries to address these expectations by implementing

scalability enhancements, which ensure that SQL Server can perform equally well in

environments of any size, and by the introduction of several versions of SQL Server 2005

(geared towards more specialized needs) such as:

SQL Server Standard Edition - offering the most diverse set of features and intended for

the majority of clients.

SQL Server 2005 Express Edition - serving as the replacement for Microsoft Data Engine

(MSDE) and available for download from t. Like its predecessor, it was designed with

developers in mind, however, unlike the previous version, it also includes a Web based

management interface.

58

SQL Server 2005 Mobile Edition - as a successor to SQL Server 2000 Windows CE

Edition, it is intended for Windows mobile-based devices, such as Tablet PCs, Pocket

PCs, and Smart phones

Among the most significant changes introduced in the areas of high availability and scalability in

SQL Server 2005 are the following:

Database mirroring - allows running hot-standby system closely synchronized with the

primary source. This provides an extension of log shipping functionality, which existed in

SQL Server 2000, with a number of additional enhancements, such as low-latency,

automatic failover and fallback, and two-way synchronization.

Online restore - provides the ability to restore data without taking a database offline,

which was the case in earlier versions of SQL Server. Users are only prevented from

accessing data that is being restored.

failover clustering - even though this is not a new feature, its SQL Server 2005

implementation offers significant improvements, such as eight-node clustering (in

combination with Windows 2003 Server Enterprise Edition) and support for failover of

Notification Services, Analysis Services, and a number of SQL Server Agent related

tasks (such as replication or job management and processing).

Online indexing - indexes can now be created, dropped, and rebuilt (performed typically

in order to eliminate index fragmentation) at the same time that the underlying table data

is being queried or modified. In SQL Server 2000, rebuilding a non-clustered index

places a shared lock on the underlying table, which restricts operations on it to SELECT

statements. When rebuilding a clustered index, SQL Server 2000 places an exclusive lock

on the table, preventing access to it altogether until the operation is completed.

Support for both 32- and 64-bit Windows 2003 Server platforms, including both Intel and

AMD (Option with Direct Connect Architecture) processors.

Table partitioning - provides the ability to partition tables across file groups in a database,

which optimizes operation on large tables.

Database snapshot and snapshot isolation - snapshots generate a read-only view of the

underlying database, which can be used, for example, to quickly recover data after

unintentional or erroneous change. Note that a snapshot is different from a copy, since it

59

occupies only the space required to contain changes applied to the database after it has

been created, greatly limiting storage requirements. Snapshot isolation provides parallel

access to the last committed row in a database, which can be used to eliminate blocking

issues when dealing with users operating simultaneously on the same data set.

replication - its SQL Server 2000 implementation has been enriched by the introduction

of a new peer-to-peer topology, the ability to replicate via HTTP and HTTPS (to

accommodate secure communication over the Internet), and cross-platform replication

from Oracle databases.

SQL Service Broker - provides functionality of asynchronous message routing and

guaranteed delivery, intended primarily for scenarios involving complex, simultaneous,

distributed, and interdependent data processing tasks (common in e-commerce

applications). In essence, this is a message queuing mechanism native to SQL Server

2005, which can be configured and managed using extensions to the T-SQL data

manipulation language.

fast recovery - allows connections to a database when bringing it on-line as soon as its

transaction log has been rolled forward (in previous versions of SQL Server, connections

were permitted only after incomplete transactions had been rolled back).

With the surging wave of virus threats and the rising rate of vulnerabilities, database

administrators (as well as computer professionals in other fields) have been devoting more and

more of their time and attention to the area of security. This process has been further accelerated

by increasing the number of regulatory requirements (such as Sarbanes-Oxley Act or Health

Insurance Portability and Accountability Act) enforced in various sectors of the market dealing

with large quantities of data. Microsoft's commitment in this area has greatly improved since the

announcement of the Secure Computing Initiative and resulted in the following security-related

changes in SQL Server 2005:

"secure by default" settings,

enforceable SQL Server-based login strong password policies,

native data encryption, protected with passwords or certificates,

Authorization enhancements.

60

In the area of data management, changes are also significant, encompassing new extraction,

transform, and load (ETL) features as well as analytical and data mining processing

enhancements:

SQL Server Integration Services - is a revamped implementation of SQL Server 2000-

based Data Transformation Services (for more information on DTS in SQL Server 2000,

refer to our series of articles), with performance, usability, and manageability

improvements. In its new form, SQL Server Integration Services contains Business

Intelligence Workbench and SQL Server Workbench utilities, which further simplify

extracting data from various sources and distilling it for use in data-warehousing and

analytical applications.

Analysis Services - offering better performance of OLAP and data mining processing.

built-in support for both relational and XML-structured data - available through the

addition of the XML data type, allowing storing XML fragments and documents in SQL

Server databases (for more information on XML in SQL Server 2000, you can refer to

our series of articles on the Database Journal Web site). It is also worth mentioning that

SQL Server 2005 has new VARCHAR (MAX) data type - along with NVARCHAR

(MAX) and VARBINARY (MAX) - with the ability to store up to 2GB of data,

supplementing TEXT, NTEXT, and IMAGE data types.

A number of administrative and maintenance tasks have been eliminated or simplified, by either

automating them or introducing new\improved management utilities. Functionality in this area

has also been extended through reporting and notification services (although note that

corresponding products are available on SQL Server 2000 platform):

self-tuning capabilities have been enhanced,

SQL Server Management Studio - replacing a number of SQL Server 2000 management

utilities, including SQL Server Enterprise Manager, SQL Query Analyzer (replaced by

SQL Server Management Studio Query Editor - with extra features such as statement

auto-completion or results presented in XML form), SQL Server Analysis Services,

Reporting Services, and Notification Services, as well as providing management for SQL

Server Mobile Edition databases.

61

Reporting Services - enhanced from its recently released, SQL Server 2000-based

version, offers the ability to create, manage, and view reports. Integrating it with SQL

Server 2005 eliminates the need for such external tools as Crystal Reports (or similar

third party products).

Notification Services - provides the ability to generate and send custom subscription-

based notifications, (triggered by data changes or according to a pre-determined

schedule), via a variety of messaging mechanisms, such as e-mail, phone, or instant

messenger.

Last, but definitely not least, there are significant enhancements in the area of development, such

as the following:

more powerful programming model,

Close integration with Visual Studio 2005, Web Services, and Common Language

Runtime (reflected by the dependency on Microsoft .NET Framework 2.0) - provides the

ability to use .NET-based stored procedures, functions, and triggers. This way, it is

possible to perform SQL development with .NET programming languages, taking

advantage of functionality present in the .NET framework. At the same time, this helps

consolidate application and database development tasks, making Transact-SQL,

and .NET programming languages interchangeable

1. Database mirroring

Database mirroring is a new high-availability feature in SQL Server 2005. It's similar to server

clustering in that failover is achieved by the use of a stand-by server; the difference is that the

failover is at the database level rather than the server level. The primary database continuously

sends transaction logs to the backup database on a separate SQL Server instance. A third SQL

Server instance is then used as a witness database to monitor the interaction between the primary

and the mirror databases.

2. Database snapshots

A database snapshot is essentially an instant read-only copy of a database, and it is a great

candidate for any type of reporting solution for your company. In addition to being a great

reporting tool, you can revert control from your primary database to your snapshot database in

62

the event of an error. The only data loss would be from the point of creation of the database

snapshot to the event of failure.

3. CLR integration

With SQL Server 2005, you now have the ability to create custom .NET objects with the

database engine. For example, stored procedures, triggers, and functions can now be created

using familiar .NET languages such as VB and C#. Exposing this functionality gives you tools

that you never had access to before such as regular expressions.

4. Service Broker

This feature gives you the ability to create asynchronous, message-based applications in the

database entirely through TSQL. The database engine guarantees message delivery, message

order consistency, and handles message grouping. In addition, Service Broker gives you the

ability to send messages between different SQL Server instances. Server Broker is also used in

several other features in SQL Server 2005. For example, you can define Event Nonfictions in the

database to send a message to a Queue in the database when someone attempts to alter a table

structure, of if there is a string of login failures.

5. DDL triggers

In previous articles, I outlined how you can use data definition language (DDL) triggers in SQL

Server 2005 to implement custom database and server auditing solutions for Sarbanes-Oxley

compliance. DDL triggers are defined at the server or database level and fire when DDL

statements occur. This gives you the ability to audit when new tables, stored procedures, or

logins are created.

6. Ranking functions

SQL Server 2005 provides you with the ability to rank result sets returned from the database

engine. This allows you to customize the manner in which result sets are returned, such as

creating customized paging functions for Web site data.

63

7. Row versioning-based isolation levels

This new database engine feature improves database read concurrency by reducing the amount of

locks being used in your database. There are two versions of this feature (both of which must be

enabled at the database level:

Read Committed Isolation Using Row Versioning is used at the individual statement

level, and guarantees that the data is consistent for the duration of the statement.

Snapshot Isolation is used at the transaction level, and guarantees that the data is

consistent for the duration of the transaction.

The database engine is able to guarantee the consistency through row versions stored in the temp

db database. When a statement or transaction is issued with their respective isolation levels, read

operations accessing the same data that is being involved in a transaction will read from the

previous version of the data that is stored in temp db. Using these techniques in the appropriate

situations can significantly decrease your database locking issues.

8. XML integration

SQL Server 2005 introduces the new XML data-type. You can store full XML documents in this

new data-type, and you can place validations on the well-formed documents in the database.

Additional enhancements include the ability to query the XML documents and create indexes on

the XML data-type.

9. TRY...CATCH

In a previous article, I outlined how you can use the new TRY...CATCH constructs in SQL

Server 2005 to catch and handle deadlocks when they occur in the database. This long-awaited

feature simplifies error handling in the database.

64

Code:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

public partial class SNewExam : System.Web.UI.Page

{

BAL bl = new BAL();

static int qno = 1;

static int tnq = 1;

string Ename;

protected void Page_Load(object sender, EventArgs e)

{

if (!IsPostBack)

{

qno = 1;

}

}

protected void btnPatSubmit_Click(object sender, EventArgs e)

{

Ename = txt_ExamName.Text.ToString();

bl.CreateExamTable(Ename);

bl.CreateResultTable(Ename);

Panel2.Visible = true;

lblQueNo.Text = qno.ToString();

btnPatSubmit.Enabled = false;

}

#region Submit Questions

protected void btnSubmit_Click(object sender, EventArgs e)

{

try

{

tnq = Convert.ToInt32(txt_NoOfQuestion.Text);

65

bl.InsertToExamTable(Ename, qno, txt_Question.Text, txt_Option1.Text,

txt_Option2.Text, txtOption3.Text, txt_Option4.Text, txt_Answer.Text);

if (tnq == qno)

{

Panel2.Visible = false;

lbtnLaunchexam.Visible = true;

}

else

{

qno++;

lblQueNo.Text = qno.ToString();

txt_Question.Text = string.Empty;

txt_Option1.Text = string.Empty;

txt_Option2.Text = string.Empty;

txtOption3.Text = string.Empty;

txt_Option4.Text = string.Empty;

txt_Answer.Text = string.Empty;

}

}

catch (Exception)

{

throw;

}

}

#endregion

}

BAL.cs

public bool CreateExamTable(string Ename)

{

try

{

dl.CreateExamTable(Ename);

return true;

}

catch(Exception)

66

{

return false;

}

}

public bool InsertToExamTable(string Ename, int qno, string Ques, string

Opt1, string Opt2, string Opt3, string Opt4, string Ans)

{

try

{

dl.InsertToExamTable(Ename, qno, Ques, Opt1, Opt2, Opt3, Opt4, Ans);

return true;

}

catch (Exception)

{

return false;

}

}

public bool CreateResultTable(string Ename)

{

try

{

dl.CreateResultTable(Ename);

return true;

}

catch (Exception)

{

return false;

}

}

DAL.cs

#region Create Exam Que table

public bool CreateExamTable(string Ename)

{

67

try

{

con.Open();

SqlCommand cmd = new SqlCommand("create table " + Ename + "(qno

int,ques varchar(1000),opt1 varchar(200),opt2 varchar(200),opt3 varchar(200),opt4

varchar(200),ans varchar(200))", con);

cmd.ExecuteNonQuery();

return true;

}

catch (Exception)

{

return false;

}

finally

{

con.Close();

con.Dispose();

}

}

#endregion

#region Insert into exam table

public bool InsertToExamTable(string Ename, int qno, string Ques, string

Opt1, string Opt2, string Opt3, string Opt4, string Ans)

{

try

{

con.Open();

SqlCommand cmd = new SqlCommand("insert into " + Ename + " values(" +

qno + ",'" + Ques + "','" + Opt1 + "','" + Opt2 + "','" + Opt3 + "','" + Opt4 +

"','" + Ans + "')", con);

cmd.ExecuteNonQuery();

return true;

}

catch (Exception)

{

68

return false;

}

finally

{

con.Close();

con.Dispose();

}

}

#endregion

#region Create Result table

public bool CreateResultTable(string Ename)

{

try

{

con.Open();

SqlCommand cmd = new SqlCommand("create table r" + Ename + "(RNO INT

IDENTITY(1,1),REGNO BIGINT REFERENCES CLOGIN(REGNO),CNAME VARCHAR(20),PERCENTAGE

INT,RESULT VARCHAR(20),TERMINATE VARCHAR(50))", con);

cmd.ExecuteNonQuery();

return true;

}

catch (Exception)

{

return false;

}

finally

{

con.Close();

con.Dispose();

}

}

#endregion

69

Candidate registration:

Code:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

public partial class CNRegister : System.Web.UI.Page

{

BAL bl = new BAL();

protected void Page_Load(object sender, EventArgs e)

{

}

protected void btnSubmit_Click(object sender, EventArgs e)

{

bool status=bl.register(txt_LoginName.Text, txt_RegisterNO.Text,

txt_CandidateName.Text, txt_Password.Text, txt_ConPassword.Text, txt_MobNo.Text,

txt_City.Text, txt_Major.Text, txt_Depart.Text);

if (status == true)

{

Lblsuccess.text= "registered successfully";

}

}

70

}

BAL.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

public class BAL

{

DAL dl = new DAL();

public bool register(string LoginName, string RegisterNo, string CandidateName, string

Password, string ConPassword, string MobileNo, string City, string Major, string Department)

{

try

{

dl.register(LoginName, RegisterNo, CandidateName, Password, ConPassword,

MobileNo, City, Major, Department);

return true;

}

catch

{

return false;

}

}

}

DAL.cs:

71

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Data;

using System.Data.SqlClient;

using System.Configuration;

public class DAL

{

SqlConnection con = new

SqlConnection(ConfigurationManager.ConnectionStrings["NS02Con"].ConnectionString);

public bool register(string LoginName, string RegisterNo, string CandidateName, string

Password, string ConPassword, string MobileNo, string City, string Major, string Department)

{

try

{

con.Open();

SqlCommand cmd = new SqlCommand("sp_Registration", con);

cmd.CommandType = CommandType.StoredProcedure;

cmd.Parameters.AddWithValue("@LoginName", LoginName);

cmd.Parameters.AddWithValue("@RegisterNo",RegisterNo);

cmd.Parameters.AddWithValue("@CandidateName",CandidateName);

cmd.Parameters.AddWithValue("@Password",Password);

cmd.Parameters.AddWithValue("@ConPassword", ConPassword);

cmd.Parameters.AddWithValue("@MobileNo",MobileNo);

cmd.Parameters.AddWithValue("@City", City);

cmd.Parameters.AddWithValue("@Major",Major);

cmd.Parameters.AddWithValue("@Department",Department);

cmd.ExecuteNonQuery();

72

return true;

}

catch (Exception)

{

return false;

}

finally

{

con.Close();

con.Dispose();

}

}

}

Code:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data;

public partial class CRegistration : System.Web.UI.Page

{

BAL bl = new BAL();

string Ename;

protected void Page_Load(object sender, EventArgs e)

{

if (Session["name"]== "Candidate")

{

Response.Redirect("CLogin.aspx");

73

}

else

{

lblUserName.Text = Session["name"].ToString();

if (!IsPostBack)

{

DataSet ds = new DataSet();

int NoOfExam;

ds = bl.viewexamList();

ddlChooseExam.DataSource = ds;

ddlChooseExam.DataTextField = "Ename";

ddlChooseExam.DataValueField = "ScheduleId";

ddlChooseExam.DataBind();

NoOfExam = ds.Tables[0].Rows.Count;

lblNoOfExam.Text = Convert.ToString(NoOfExam);

}

}

}

protected void btnGetdetails_Click(object sender, EventArgs e)

{

Panel2.Visible = true;

Ename = ddlChooseExam.SelectedItem.Text.ToString();

List<DataFetch> df = bl.viewExamDetail(Ename);

lblExamName.Text = df[0].E_Name;

lblNoQuestion.Text = df[0].Tnq.ToString();

lblDuration.Text = df[0].Tnq.ToString() + "mins";

}

protected void btnRegisterExam_Click(object sender, EventArgs e)

{

try

{

74

Ename = ddlChooseExam.SelectedItem.Text.ToString();

string CandName = Session["CandUserName"].ToString();

bool RegStatus = bl.CheckCandExamRegistration(Ename, CandName);

if (RegStatus)

{

lblAlreadyReg.Visible = true;

Panel2.Visible = false;

}

else

{

bl.insertCanExamRegister(Ename, CandName);

lblRegMess.Visible = true;

}

}

catch (Exception)

{

throw;

}

}

protected void ImageButton1_Click(object sender, ImageClickEventArgs e)

{

Panel2.Visible = false;

}

}

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using System.Diagnostics;

public partial class CTest : System.Web.UI.Page{ CTestBal bl = new CTestBal(); protected void Page_Load(object sender, EventArgs e)

75

{

// to clear value when we press back button Response.Cache.SetCacheability(HttpCacheability.NoCache);

Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));

Response.Cache.SetNoStore();

if (Session["name"] == "Candidate") {

Response.Redirect("CLogin.aspx");

} else { lblUserName.Text = Session["name"].ToString(); }

if (!IsPostBack) { ddlExam.DataSource= bl.viewExamName(); ddlExam.DataTextField = "Ename"; ddlExam.DataValueField = "Ename"; ddlExam.DataBind(); } } protected void btnEnter_Click(object sender, EventArgs e) { string reg = txt_RegisterNO.Text; Session["reg"] = reg; string logname = Session["name"].ToString(); string ename = ddlExam.SelectedItem.Text.ToString(); Session["ename"] = ename.ToString(); bool registerNoCheck=bl.registerNoInsertCheck(reg,logname,ename); if (registerNoCheck) { Panel2.Visible = true; lblRegStatus.Visible = true; lblRegStatus.Text = "All the best"; btnEnter.Enabled = false;

} else { lblRegStatus.Visible = true; lblRegStatus.Text = "Please register for the exam first";

} } protected void btnOk_Click(object sender, EventArgs e) { if ((CheckBox1.Checked == true) && (CheckBox2.Checked == true) && (CheckBox3.Checked == true)) {

76

string curBrows; HttpBrowserCapabilities browser=new HttpBrowserCapabilities(); browser = Request.Browser; curBrows = browser.Browser;

if (curBrows == "IE") { int count = 0; string[] allprocess=new string[100]; Process[] prs = Process.GetProcesses(); int ie = 0, other = 0; foreach (Process procs in prs) { try { count++; allprocess[count] = procs.ProcessName; switch (allprocess[count]) { case "ssmsee": procs.Kill(); break; case "IEXPLORE": ie++; break; case "WINWORD": //word procs.Kill(); break; case "MSACCESS": //access procs.Kill(); break; case "notepad": procs.Kill(); //text break; case "EXCEL": //excel procs.Kill(); break; case "POWERPNT": //ppt procs.Kill(); break; case "firefox": procs.Kill(); break; case "AcroRd32": //pdf procs.Kill(); break; case "opera": //opera

77

procs.Kill(); break; default: other++; break; } } catch { } } if (ie > 1) { lblIntExp.Text = "Close the other Internet Explorer except running this application"; } else { Session["other"] = other.ToString(); Response.Redirect("Exam.aspx"); }

} else { lblIntExp.Text = "You have to set default browser as Internet Explorer"; } }

else {

lblCheckboxStatus.Text = "check whether all the check box are clicked"; }

}}

BAL

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Data;

/// <summary>/// Summary description for CTestBal/// </summary>public class CTestBal{

78

CTestDal dl = new CTestDal(); public DataSet viewExamName() { return dl.viewExamName(); }

public bool registerNoInsertCheck(string reg, string logname, string ename) { return dl.registerNoInsertCheck(reg, logname, ename); }

}

DAL

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Data;using System.Data.SqlClient;using System.Configuration;/// <summary>/// Summary description for CTestDal/// </summary>public class CTestDal{ SqlConnection con =new SqlConnection(ConfigurationManager.ConnectionStrings["NS02Con"].ConnectionString); public DataSet viewExamName() { try { con.Open(); SqlCommand cmd = new SqlCommand("sp_SelectExamList", con); cmd.CommandType = CommandType.StoredProcedure; SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = cmd; DataSet ds = new DataSet(); da.Fill(ds); return ds; } catch (Exception) { throw; } finally { con.Close(); }

79

}

public bool registerNoInsertCheck(string reg,string logname,string ename) { try { con.Open(); SqlCommand cmd = new SqlCommand("select regno from [r" + ename + "] where regno= '" + reg + "'", con); SqlDataReader dr; dr = cmd.ExecuteReader(); if (dr.HasRows) { //regno exist in the table return true; } else { //regno does not exist so insert

//SqlCommand cmd1 = new SqlCommand("insert into [r" + ename + "] (LoginName,RegNo) values('" + logname + "' , '" + reg + "') ",con); //cmd1.ExecuteNonQuery(); return false; }

} catch (Exception) { throw; } finally { con.Close(); }

}

}

Code:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data;

public partial class CRegistration : System.Web.UI.Page

{

80

BAL bl = new BAL();

string Ename;

protected void Page_Load(object sender, EventArgs e)

{

if (Session["name"]== "Candidate")

{

Response.Redirect("CLogin.aspx");

}

else

{

lblUserName.Text = Session["name"].ToString();

if (!IsPostBack)

{

DataSet ds = new DataSet();

int NoOfExam;

ds = bl.viewexamList();

ddlChooseExam.DataSource = ds;

ddlChooseExam.DataTextField = "Ename";

ddlChooseExam.DataValueField = "ScheduleId";

ddlChooseExam.DataBind();

NoOfExam = ds.Tables[0].Rows.Count;

lblNoOfExam.Text = Convert.ToString(NoOfExam);

}

}

}

protected void btnGetdetails_Click(object sender, EventArgs e)

{

Panel2.Visible = true;

Ename = ddlChooseExam.SelectedItem.Text.ToString();

List<DataFetch> df = bl.viewExamDetail(Ename);

lblExamName.Text = df[0].E_Name;

lblNoQuestion.Text = df[0].Tnq.ToString();

lblDuration.Text = df[0].Tnq.ToString() + "mins";

81

}

protected void btnRegisterExam_Click(object sender, EventArgs e)

{

try

{

Ename = ddlChooseExam.SelectedItem.Text.ToString();

string CandName = Session["CandUserName"].ToString();

bool RegStatus = bl.CheckCandExamRegistration(Ename, CandName);

if (RegStatus)

{

lblAlreadyReg.Visible = true;

Panel2.Visible = false;

}

else

{

bl.insertCanExamRegister(Ename, CandName);

lblRegMess.Visible = true;

}

}

catch (Exception)

{

throw;

}

}

protected void ImageButton1_Click(object sender, ImageClickEventArgs e)

{

Panel2.Visible = false;

}

}

82

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using System.Diagnostics;

public partial class Exam : System.Web.UI.Page{ static string sename; static string RegNo; static int i; static string qans; static string sans; static int tca; static int tnq; static int count; int MaxTPQ = 60; static int OTemp; ExamBAL bl = new ExamBAL(); protected void Page_Load(object sender, EventArgs e) {

// to clear value when we press back button Response.Cache.SetCacheability(HttpCacheability.NoCache);

Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));

Response.Cache.SetNoStore(); //end

Panel3.Visible = false; if (!IsPostBack) { lblSession.Text = Session["name"].ToString(); count = MaxTPQ; sename = Session["ename"].ToString(); RegNo = Session["reg"].ToString(); tnq = bl.scheduleDetails(sename); lblNoOfQuestion.Text = tnq.ToString(); lblMaximumTime.Text = tnq.ToString() + "Mins"; i = 1; tca = 0; read(sename,i); } } public void read(string ename,int qno) { string Ques, Op1, Op2, Op3, Op4, Ans; var t1 = bl.ExamQuestion(ename, qno); Ques = t1.Item1; Op1 = t1.Item2; Op2 = t1.Item3; Op3 = t1.Item4; Op4 = t1.Item5; Ans = t1.Item6;

83

lblQno.Text = i.ToString() + "." + Ques; if (tnq == i) { lblRemQuestion.Text = "No more"; } else { lblRemQuestion.Text = (tnq - i).ToString(); } RadioButton1.Text = Op1; RadioButton2.Text = Op2; RadioButton3.Text = Op3; RadioButton4.Text = Op4; qans = Ans; } public void check() { if (RadioButton1.Checked == true) { sans = RadioButton1.Text;

} else if (RadioButton2.Checked == true) { sans = RadioButton2.Text;

} else if (RadioButton3.Checked == true) { sans = RadioButton3.Text; } else if (RadioButton4.Checked == true) { sans = RadioButton4.Text; } else { sans = "NA";

}

if (sans == qans) { tca++; } RadioButton1.Checked = false; RadioButton2.Checked = false; RadioButton3.Checked = false; RadioButton4.Checked = false; }

protected void btnNext_Click(object sender, EventArgs e) { count = MaxTPQ; lblElapsedTime.Text = count.ToString(); check(); i++;

84

if (i <= tnq) { read(sename,i); Panel3.Visible = false; } else { Timer1.Enabled = false; Panel1.Visible = false; Panel2.Visible = false; Panel3.Visible = true;

lblCorrectAnswer.Text = "Exam Completed Successfully"; Timer1.Dispose(); result1(); } System.Timers.Timer t = new System.Timers.Timer(); t.Start(); } protected void Timer1_Tick(object sender, EventArgs e) { --count; lblElapsedTime.Text = count.ToString(); if ((count % 3) == 0) { int count1 = 0; string[] allprocess = new string[100]; Process[] prs = Process.GetProcesses(); int word = 0, text = 0, pdf = 0, ppt = 0, access = 0, ie = 0, ff = 0, opera = 0, excel = 0, other = 0, sql = 0, otherpre = 0; int chrome=0; otherpre = Convert.ToInt32(Session["other"].ToString()); foreach (Process proces in prs) { try { count1++; allprocess[count1]=proces.ProcessName; switch(allprocess[count1]) { case "ssmsee": sql++; proces.Kill(); Terminate("SQLSERVER"); break; case "IEXPLORE": ie++; if(ie>1) Terminate("INTERNET EXPLORE"); break; case "WINWORD": word++; proces.Kill(); Terminate("MS Word"); break; case "MSACCESS":

85

access++; proces.Kill(); Terminate("MS Access"); break; case "notepad": proces.Kill(); text++; Terminate("Notepad"); break; case "EXCEL": excel++; proces.Kill(); Terminate("Excel"); break; case "POWERPNT": ppt++; proces.Kill(); Terminate("MS Powerpoint"); break; case "firefox": ff++; proces.Kill(); Terminate("FireFox"); break; case "AcroRd32": pdf++; proces.Kill(); Terminate("Acrobat Reader"); break; case "opera": opera++; proces.Kill(); Terminate("Opera"); break; case "chrome": chrome++; proces.Kill(); Terminate("Chrome"); break; default: other++; break;

} } catch(Exception) { throw; } } if(OTemp!=0) { if (other > OTemp) Terminate("Other Application"); OTemp=other; } } if(count==0)

86

{ check(); i++; if(i<=tnq) { read(sename,i); } else { Timer1.Enabled=false; Panel1.Visible=false; Panel2.Visible = false; Panel3.Visible = true; lblCorrectAnswer.Text=tca.ToString(); result1(); } count=MaxTPQ; }

} public void Terminate(string AppName) { bl.Terminate(AppName, sename, RegNo); Session["Status"] = " You have been Terminated from the Exam "; Response.Redirect("CPage.aspx"); return;

} public void result1() { int per; string result=string.Empty; per = (tca * 100) / tnq; if (per >= 50) { result = "Pass";

} else { result = "Fail"; } bl.StoreResult(sename, per, result, RegNo); Panel3.Visible = true; } protected void btnOk_Click(object sender, EventArgs e) { Response.Redirect("CPage.aspx"); }}

BAL

using System;using System.Collections.Generic;

87

using System.Linq;using System.Web;

/// <summary>/// Summary description for ExamBAL/// </summary>public class ExamBAL{ ExamDAL dl = new ExamDAL();

public ExamBAL(){

//// TODO: Add constructor logic here//

} public int scheduleDetails(string ename) { try { return dl.ScheduleDetails(ename); } catch { throw; }

} public Tuple<string, string, string, string, string, string> ExamQuestion(string ename, int qno) { try { return dl.ExamQuestion(ename, qno); } catch (Exception) { throw; } } public void Terminate(string AppName, string sename, string RegNo) { try { dl.Terminate(AppName, sename, RegNo); } catch { throw; } } public void StoreResult(string ename, int per, string result, string regno) { try { dl.StoreResult(ename, per, result, regno); } catch {

88

throw; }

}}

DAL

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Data;using System.Data.SqlClient;using System.Configuration;

/// <summary>/// Summary description for ExamDAL/// </summary>public class ExamDAL{ SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["NS02Con"].ConnectionString);

public ExamDAL(){

//// TODO: Add constructor logic here//

} public int ScheduleDetails(string ename) { try { int tnq; con.Open(); SqlCommand cmd = new SqlCommand("schedulelist", con); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@ename", ename); SqlDataReader dr = cmd.ExecuteReader(); dr.Read(); tnq = Convert.ToInt32(dr["tnq"].ToString()); return tnq; } catch (Exception) { throw; }

89

finally { con.Close(); }

} public Tuple<string,string,string,string,string,string> ExamQuestion(string ename,int qno) { try {

con.Open(); SqlCommand cmd = new SqlCommand("select * from [" + ename + "] where qno = " + qno + "", con); SqlDataReader dr = cmd.ExecuteReader(); dr.Read(); string eques = dr["ques"].ToString(); string eopt1 = dr["opt1"].ToString(); string eopt2 = dr["opt2"].ToString(); string eopt3 = dr["opt3"].ToString(); string eopt4 = dr["opt4"].ToString(); string eans = dr["ans"].ToString(); var t1 = new Tuple<string, string, string, string, string, string>(eques, eopt1, eopt2, eopt3, eopt4, eans); return t1;

} catch (Exception) { throw; } finally { con.Close(); }

} public void Terminate(string AppName,string sename,string RegNo) { con.Open(); SqlCommand cmd = new SqlCommand("update [r" + sename + "] set percentage=0,result='Terminate',Terminate='" + AppName + "' where RegNo=" + RegNo + "", con); cmd.ExecuteNonQuery(); con.Close(); } public void StoreResult(string ename,int per,string result,string regno) { con.Open(); SqlCommand cmd = new SqlCommand("update [r" + ename + "] set percentage=" + per + ", result='" + result + "' where RegNo= '" + regno + "'", con); cmd.ExecuteNonQuery(); con.Close(); }}

90

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;

public partial class CPage : System.Web.UI.Page{ protected void Page_Load(object sender, EventArgs e) {

// to clear value when we press back button Response.Cache.SetCacheability(HttpCacheability.NoCache);

Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));

Response.Cache.SetNoStore();

Label3.Text = Session["name"].ToString(); if (Session["status"] == null) { Session["status"] = "Exam completed"; Label2.Text = Session["status"].ToString(); } else { Session["status"] = "Exam Completed"; Label2.Text = Session["status"].ToString(); } }}

protected void btnDelete_Click(object sender, EventArgs e) { string delExamname = ddlExam.SelectedItem.Text.ToString(); bool status=bal.deleteExam(delExamname); if (status) { Label3.Visible = true; Label3.Text = "selected exam has been deleted"; } else { Label3.Visible = true; Label3.Text = "selected exam has not been deleted"; }

91

}

BAL

public bool deleteExam(string ename) { try { return dl.deleteExam(ename); } catch { return false; } }DAL

public bool deleteExam(string ename) { try { con.Open(); SqlCommand cmd = new SqlCommand("sp_deleteexam", con); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@ename", ename); cmd.ExecuteNonQuery(); return true; } catch (Exception) { return false; } finally { con.Close(); } }

92

Database table design:

Exam Question table:

Result table:

93

Candidate new registration:

White list table

Black list table

94

SNAPSHOTS

Staff New exam:

The above page displays the UserInterface for creating the exam table which

contains the name of the table for storing the questions and the total number of

questions in the table.

95

In this module the staff will be uploading the question paper. Before uploading the

question paper staff will be setting the question pattern.

96

Candidate:

The above page displays the User Interface for candidate login to the application

by providing username and password. If the candidate is new then they need to

register for the application to access.

97

In this user interface the candidate will be allowed to register with his basic

details.

98

Candidate Exam registration:

99

In this module candidate will register for the application first. Then the candidate will be allowed

to see the exam details and the candidate can register for the exam.

100

Online Exam

101

102

EXAM FINISHED SUCCESSFULLY

103

104

105

Staff view Result

106

107

108

Admin Update Exam

109

Admin Deleting Exam

110

Admin View Result

111

Staff Attempts Wrong Password:

112

Staff Account Blocked

113

Staff Upload question

Encrypt

Store in database

DecryptStudent write exam

Security question

After the login

If answer matches

Proceed to other process

Stay in login page

Future Enhancement:

Secure data store:

In this module the staff will be storing the question paper. Here the data to be stored is

stored by encrypting the given question and retrieved by decrypting the question and answer at

that time of writing the exam.

Secure Login:

The security question will be asked even after the login is success. This is to avoid even

the password attempt is success .We can block the hacker even if he knows the password.

114

Given Input and expected output:

Secure data store:

Given Input: Staff store exam in encrypted.

Expected output: view the exam after decrypted.

Secure Login:

Given Input: Ask security question and get answer for that question.

Expected output: Enter the answer and to another process.

Advantages:

It makes brute force and dictionary attacks ineffective even for adversaries with access to large botnets.

Both Human and machine cannot have access to the account if they are not authorized.

Security is enhanced, due to limiting of the login attempts.

Hackers cannot hack the question paper since to access the question paper the hacker

need to login first.

Application:

Banking sector:

We can apply our technique to secure our account from the unauthorized access even if

someone tries to hack up the account it can be prevented.

115

E-Mail

Nowadays hacking up of user email-id is increased dramatically we can prevent it by

applying our technique to secure the authentication process.

Government sector

Most of the government organization websites contains highly secured data which should

be prevented from unauthorized access thus we can apply our technique and secure it.

Conclusion:

Password guessing attacks have been prolonging in this world. To put an end to this we

do this project by using PGRP.PGRP will restrict the number of attempt made by a botnet or a

machine and allowing the legitimate user to have a full secured access over their account. PGRP

appears suitable for organizations of both small and large number of user accounts. PGRP will

also restrict Brute force attack and Dictionary attack, so it enhances a securable use of their

account.

References:

E. Bursztein, S. Bethard, J.C. Mitchell, D. Jurafsky, and C.Fabry,

“How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation,” Proc. IEEE Symp. Security and Privacy, May 2010.

116

Password Protected Smart Card and Memory Stick Authentication Against Dictionary Attacks Yongge Wan, March 3, 2012

Usability of CAPTCHAs Or usability issues in CAPTCHA design

Jeff Yan, Ahmad Salah El Ahmad July 2008

Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed

Passwords

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern 2010

CAPTCHA: Using Hard AI Problems For Security

Luis von Ahn1, Manuel Blum1, Nicholas J. Hopper, and John Langford May 2003.

Understanding CAPTCHA-Solving Services in an Economic Context

Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy,Geoffrey M.Voelker and

Stefan Savage Aug. 2010.