ASP.NET Web Forms

Adjusting the Web.Config File

The Web.Config file in the root folder for the project contains, as its name suggests, configurations or settings for the whole web site. In particular it contains two connection strings for the two databases used by the web site. In this example there should be a connection string for the TalskIsCheap.accdb Access 2010 database, and a connection for the SQL Server Express database (called aspnetdb.mdf by default). This second database is part of the ASP.NET Membership system that will be used to contain user names and passwords when users register or login.

Connection Strings

In this example the TalsIsCheap connection string is to an Access 2010 database file. If you are using other versions of Access the connection string will be different. Please check that the ApplicationServices connection string is to an AttachedDBF otherwise when you move the folder to College the database will not be in the folder but left behind on your drive C:\Programm Files...

If the ApplicationServices connection string is to a InitialCatalog=xxx please change it by copying and pasting from this Web.Config file. This file contains four different connections strings to choose form. You may also need to change the names of the SQLEXPRESS SQL Server, by default it is called SQLEXPRESS, but that depends upon the name chosen during installation. If it was installed as part of Visual Studio then it will have the default name. You can check it by going to Tools -> Options -> Database Tools -> Data Connections.

If you have installed SQL Server Express yourself and have changed the default name (because you have more than one version installed) then change the name in this dialog to match.

Database Tools

Authorization & Security

The Microsoft system used to ensure that only people authorized to do so can access restricted parts of the web site is based on user names, passwords and roles. This is refered to as the ASP.NET Membership system and it can be configured in a variety of ways including password requirements, how many login attempts a user can make before being barred. These are configurations are included in the main web.config file as shown below.

Membership

The only changes I suggest you make to this part of the web.config file is to change requriesUniqueEmail from false to true, and add passwordFormat="Clear" so that you can see the passwords. Normally passwords would be encrypted, but as this is just used for educational purposes it is better to be able to see the passwords as entered. The settings have been folded so that there is one per line, but the whole thing is just one XML statement and starts with <add ... and ends with/>

Once this is in place you can use the membership system and register yourself as a user. You will then be logged into the system as an authorized user. We will use that later to restrict some users to client pages only, whilst admin users will have access to all the web pages.

The users email address will be used to link the membership database to the TalkIsCheap database, which is why the users email address must be unique.