Assignment 2 - Retail store with Entity Framework II
This week you will trap errors from duplicate product-category assignments, add authentication for the admin
pages, and add a front end to display your products.
To access the admin page on the sample site username is firstname.lastname@example.org and
password is Admin.1
- product/index - Trapping exceptions: the interface for assigning products to categories allows users
to select existing product-categories. The ProductCategory table contains a
constraint which throws an exception on duplicates. The user should never see yellow screens
so In this step you will
trap the exceptions and give the user a polite message.
- Throw the exception and note the line number where it occurred. Wrap the
offending statement and the existing return redirect statement inside
the try part of a try-catch
In the "catch" add a polite message about duplicate entries to ViewBag. Add code to
the view to display the ViewBag message.
Authentication: the admin pages need to be protected by authentication
so that unauthorized users cannot access it. Visual Studio's default
MVC site includes "ASP.NET Identity" authentication.
To confirm this in your project check your controllers folder
for the "Account" and "Manage" controllers.
Views folder will contain the corresponding views. If your project was not created with Identity authentication (see image on right) it can be added to an existing project, although it might be easier to create a new project and copy over your existing code.
- In a public web site it is important to use HTTPS throughout an authenticated session to prevent
session hijacking. We will not be adding HTTPS to this assignment because it requires several configuration changes within Visual Studio. If you do want to use HTTPS this article describes how to enable HTTPS in Visual Studio.
- Authentication and authorization: Best practice for securing an MVC site is to require authorization for the controller and then allow anonymous access to specific action
methods. Your site should require authorization for access any of the administration pages. Do this by adding the following line of code to to the four controllers used for your Retail Admin pages: RetailController, ProductsController, CategoriesController, and ProductCategoriesController.
[Authorize(Users = "email@example.com")]
public class ProductsController : Controller
- Rebuild your project and open a view. You should be prompted to login. Click "Register as a new user" and create a user firstname.lastname@example.org and password Admin.1 (for grading purposes you must use this username/password.) This will add the new user to the database "DefaultConnection."
- retail/index -
Listing products: this exercise creates a home page for the retail site that displays 4-6
random products from the database.
- Use your admin pages to add at least six products with images to your database. Add at least
four categories and assign product to categories.
- Add an index method to the RetailController and allow anonymous access by decorating its action method
with the AllowAnonymous Attribute.
- The index action method in the retail controller will retrieve N random records from the database, similar to the MIS 324 music store project. Add Dapper to your project as described in MIS
324 assignment 5.
- DataRepository: Create a DataRepository
using Dapper as described in MIS
324 assignment 5.. If you have access to your music store's "MusicRepository" you can copy it. A good name would be "RetailRepository."
- Dapper needs a connection string in the web.config. Copy the connection strings from MIS 324 assignment 5 and add it to web.config. A good name would be "RetailStore".
- Similar to MIS 324, create a method in the RetailRepository named something like GetRandom () and write a sql statement to retrieve 4-6 random items. Call this method from the Retail/controller index method.
- Use VS to add an index view. Template is List and model is Product.
- Improve the layout to display the product names and small images.
The images need to have the desired display size inserted into the file name.
Here is one way to do this using Razor:
string image = item.ImageName;
int dot = image.LastIndexOf(".");
string size = "." + "200";
image = image.Insert(dot, size);
<a href='@Url.Action("Detail/" + item.ProductID)'>
class='productImage' alt="@item.ItemName" title="@item.ItemName" />
- retail/details- Add
a details page that displays the medium or large size image and other product attributes.
- When you used VS to scaffold the product database it
created a "Details" action method in the ProductsController
and a corresponding view. Cut and paste them into your Retail controller
and views folder. Modify view as needed.
- Publishing: By default VS publishes only files needed to execute the project. This compiles .cs files into a binary and omits
items in the content folder. Change this setting by right-clicking on your project folder and selecting "Properties." Select "Package/Publish Web" and change "Only files needed to run this application" to "All files in this project folder."
Submission instructions: Submit assignments via
the Canvas course management system.
Submit the full URL for each exercise in the assignment, listing the URLs
in the same order that they are listed in the assignment. To minimize typos in URLs
it is strongly recommended
that you copy the URLs from the address bar of the browser
rather than trying to type them. Incorrect URLs
will not be graded and no credit will be given.
When pages are connected via navigation it is only
necessary to submit the URL of the first page.