Syllabus Schedule Project Canvas Assignment 1 Assignment 2 Assignment 3 Assignment 4

Assignment 2 - Retail store with Entity Framework II

This week you will trap errors from duplicate product-category assignments, add authentication for the admin pages, and add a front end to display your products. To access the admin page on the sample site username is and password is Admin.1

  1. product/index - Trapping exceptions: the interface for assigning products to categories allows users to select existing product-categories. The ProductCategory table contains a constraint which throws an exception on duplicates. The user should never see yellow screens so In this step you will trap the exceptions and give the user a polite message.
    1. Throw the exception and note the line number where it occurred. Wrap the offending stattement and the existing return redirect statement inside the try part of a try-catch block. In the "catch" add a polite message about duplicate entries to ViewBag.  Add code to the view to display the ViewBag message.
  2. identity retail/admin - Authentication: the admin pages need to be protected by authentication so that unauthorized users cannot access it. Visual Studio's default MVC site includes "ASP.NET Identity" authentication. To confirm this in your project check your controllers folder for "Account" and "Manage" controllers. Views folder will contain the corresponding views. To activate authentication all you need to do is require authorization on any part of the site and .NET MVC will automatically create a database for storing user information. 
    1.  It is important to use HTTPS throughout an authenticated session to prevent session hijacking. The article describes how: Enabling SSL with IIS Express in Visual Studio. Note the 5 digit port number assigned to SSL.
    2. Change your project default URL to use SSL as desribed here: How to: Specify the Web Server for Web Projects in Visual Studio. The URL should specify https and use the 5 digit port number from the previous step. 
    3. Best practice for securing an MVC site is to require authorization for the entire site and then allow anonymous access to specific action methods.To require authorization and HTTPS add the following two lines to App_Start/FilterConfig:
       filters.Add(new System.Web.Mvc.AuthorizeAttribute());
       filters.Add(new RequireHttpsAttribute());
    4. Rebuild your project and open a view. You should be prompted to login. Click "Register as a new user" and create a new user. When you submit the form VS will create a new database named "DefaultConnection."
    5. To view the new database in VS you will need to add a connection string to your web.config. Copy an existing localDB connection string and point it to the database "DefaultConnection"  Once you save the web.config you can open Server Explorer and see the new database. Take a look at the tables.
    6. Currently anyone can register and access the admin pages. Create a user and password Admin.1 (for grading purposes you must use this username/password.) Restrict access to the admin pages with the AuthorizeAttribute.Users property. Allow only the user to access the retail/admin action method. The Products, Categories, and ProductCategory controllers should also be restricted.
  3. retail/index - Listing products: this exercise creates a home page for the retail site that displays 4-6 random products from the database.
    1. Use your admin pages to add at least six products with images to your database. Add at least four categories and assign product to categories.
    2. Allow anonymous access to the index view by decorating its action method with the AllowAnonymous Attribute. identity database
    3. The index action method in the retail controller will retrieve N random records from the database. This can be done with LINQ but it easier to use SQL. The following two statements execute a sql statement and return a list of records. You need to modify the SQL to use the Product table and model. The two lines of code go in the retail index action method. The controller needs to import the Product model so add a using directive pointing to the Models namespace. The controller also needs an instance of the RetailStoreEntities object. Copy this line of code from one of the controllers built by VS, such as the ProductController. 
         string sql = "Select * from student";
         List<Student> studentList = db.Students.SqlQuery(sql).ToList();
      Pass the productList in the view. Use VS to create a new index view.
    4. Test!
    5. Improve the layout to display the product names and small images. The images need to have the desired display size inserted into the file name. Here is one way to do this using Razor:
                 string image = item.ImageName;
                 int dot = image.LastIndexOf(".");
                 string size = "." + "200";
                 image = image.Insert(dot, size);                
              <a href='@Url.Action("Detail/" + item.ProductID)'>
                  <img src="~/content/productImages/@image"
                       class='productImage' alt="@item.ItemName" title="@item.ItemName" />
  4. retail/details- Add a details page that displays the medium or large size image and other product attributes.
    1. When you used VS to scaffold the product database it created a "Details" action method in the ProductsController and a corresponding view. Cut and paste them into your Retail controller and views folder. Modify view as needed.


Submission instructions: Submit assignments via the Canvas course management system. Submit the full URL for each exercise in the assignment, listing the URLs in the same order that they are listed in the assignment. To minimize typos in URLs it is strongly recommended that you copy the URLs from the address bar of the browser rather than trying to type them. Incorrect URLs will not be graded and no credit will be given.

When pages are connected via navigation it is only necessary to submit the URL of the first page.

Regular Expressions HTML Color Names Color Picker ASCII Character Codes Unicode Character Codes