ASP.NET Web Forms
Adjusting the Web.Config File
The Web.Config file in the root folder for the project
contains, as its name suggests, configurations or
settings for the whole web site. In particular
it contains two connection strings for the two databases
used by the web site. In this example there should
be a connection string for the TalskIsCheap.accdb
Access 2010 database, and a connection for the SQL Server Express
database (called aspnetdb.mdf by default).
This second database is part of the ASP.NET Membership
system that will be used to contain user names and
passwords when users register or login.
In this example the TalsIsCheap connection
string is to an Access 2010 database file. If you are using
other versions of Access the connection string will be different.
Please check that the ApplicationServices connection string
is to an AttachedDBF otherwise when you move the folder to
College the database will not be in the folder but left behind
on your drive C:\Programm Files...
If the ApplicationServices connection string is to a InitialCatalog=xxx
please change it by copying and pasting from this
Web.Config file.
This file contains four different connections strings
to choose form.
You may also need to change the names of the SQLEXPRESS
SQL Server, by default it is called SQLEXPRESS, but
that depends upon the name chosen during installation.
If it was installed as part of Visual Studio then it will
have the default name. You can check it by going to
Tools -> Options -> Database Tools -> Data Connections.
If you have installed SQL Server Express yourself and have
changed the default name (because you have more than one
version installed) then change the name in this dialog
to match.
Authorization & Security
The Microsoft system used to ensure that only people
authorized to do so can access restricted parts of the
web site is based on user names, passwords and roles.
This is refered to as the ASP.NET Membership system and it
can be configured in a variety of ways including
password requirements, how many login attempts a user
can make before being barred. These are configurations
are included in the main web.config file as shown below.
The only changes I suggest you make to this part of the web.config
file is to change requriesUniqueEmail from false to true,
and add passwordFormat="Clear" so that you can see the passwords.
Normally passwords would be encrypted, but as this is just
used for educational purposes it is better to be able to see
the passwords as entered. The settings have been folded so
that there is one per line, but the whole thing is just
one XML statement and starts with <add ...
and ends with/>
Once this is in place you can use the membership system and
register yourself as a user. You will then be logged into
the system as an authorized user. We will use that later
to restrict some users to client pages only, whilst admin
users will have access to all the web pages.
The users email address will be used to link the membership
database to the TalkIsCheap database, which is why the
users email address must be unique.