首页 > > 详细

辅导5ENT1070、讲解Aims留学生、SQL程序语言调试、SQL辅导解析R语言编程|辅导Python编程

5ENT1070 – Web Services
User Authentication in WCF
Aims
• Add a new table to your MDF file to store User Info
• Modify your previous WCF solution to allow for the registration of users
• Modify further to enable verification of users before other database requests are made
• Test it works and submit your WCF solution on StudyNet. Please include screen shots of the
Test Client as further evidence!
Task 1 – Add a ‘Users’ table to your database
• Copy your previous WCF solution to Desktop and open with Visual Studio.
o This should be the WCF solution from the lab “Databases with WCF”.
• The first thing we need to do is create a new table for storing User Information.
o In your Visual Studio Window, go to your Server Explorer (Usually located as a side
tab on the left hand side).
o Open the connection by expanding the database (When open you will see a little
green connected icon).
o Right click on the database and select New Query.
o Write a query to CREATE a new table that contains columns for ID, User Name, User
Password, First Name, Last Name, and Permissions.
▪ CAUTION: Do not call any column password, as this is a keyword in SQL and
will cause issues.
▪ Also do not put spaces in column names as this will cause an error.
▪ Keywords like CREATE are not case sensitive so do not have to be upper case
▪ Table and variable names ARE case sensitive, so how you write them in your
CREATE query is how they must be written anywhere afterwards.
o NOTE: the use of variable type VARBINARY(64) which is a byte array of 64 bytes
(Byte[64]). This is because a 512-bit SHA3 algorithm will output 64 bytes of data (8
bits in a byte therefore 512/8=64).
o Once executed, check the table exists by refreshing your database in the Server
Explorer to see if it appears in the Tables folder.
Task 2 – Add User Registration capability to WCF
• Now the next thing to do is create a new DataContract which will represent a User object.
o Open your IService1.cs file and after the close bracket for your public interface
IService1, write a [DataContract] with a class called User. This class should reflect
variables you have in your database, except for password, which is a varbinary in
your table but must be a string here, as shown below:
▪ NOTE: Don’t forget to add [DataMember] to each of your variables as shown
below!
• Next we need to add an [OperationContract] to the WCF which allows you to register a user.
This is done inside the public interface IService1 declaration.
o This contract will be called RegisterUser and return an int, with the parameter of a
User object:
o Now open your Service1.svc.cs file to write this OperationContract logic.
o This is where we need to install a library package to your WCF from NuGet, which
will give you the ability to use SHA3 to hash passwords:
▪ Click on the Tools tab in Visual Studio.
▪ Go to NuGet Package Manager -> Manage NuGet Packages for Solution…
▪ Click on the Browse tab and search for SHA3, you should get the option
shown below (the latest stable version may be different, please use the
latest available):
▪ Make sure your project is checked on the right hand side and click the Install
button in the bottom right corner. This will download the libraries and add
them to your project.
▪ Finally, in your Service1.svc.cs file declare a global declaration of
SHA3.SHA3Managed using a 512-bit size:
o Now we can write our OperationContract for registerUser and implement SHA3
hashing during the SQL INSERT:
▪ Open your Service1.svc.cs and create a new method as shown below:
▪ Don’t worry if you see an error, the method isn’t finished yet!
▪ Next we need to add functionality that will allow us to connect to an SQL
Database and run an INSERT query to our Users table, with the data within
the User object called ‘u’:
▪ Notice the use of sha3Provider, which will take the string value of
u.Password, convert it into a Byte array, then hash it and put the hashed
data into the SqlCommand.
▪ This registerUser method will return an int of how many rows were affected
by this query (Should be 1 if successful), otherwise -1 if an exception
occurred.
o While this file is still open, run the solution and try adding a user with the WCF Test
Client.
▪ NOTE: ID value will not be used in this registerUser method, so no need to
enter it in the Test Client.
o Enter at least one user like this with permission of 0 (Zero), as this will be admin
(remember the password!).
o Verify by checking your database table via Server Explorer.
o Password data now shows in the database as a hexadecimal representation of
hashed data, not a plaintext password! Using SHA3, the correct password will
ALWAYS produce exactly the same hash data.
Task 3 – Private User Verification
• Next we need to be able to verify if a user is registered.
o Stop the program and open your Service1.svc.cs file.
o Write a new method called vaidateUser which returns an int and uses string
username and password, and also an OUT function with a User Object:
▪ Using the out feature means we can send out objects as well as return some
value. Here we can return a number to indicate success or not, while also
spitting out a User object.
▪ Making it private means that only this class can use this method.
o Inside this method you need to add another SqlConnection, as you have before. This
time it will do a SELECT function with the Users table:
▪ SELECT will look for username and password as a hash in the Users table.
▪ This method will return 1 if the user exists, 0 if they do not and -1 if an
exception occurs.
o Next we need to add a global User object, for our OUT to update later…
o We can’t test this method using the Test Client directly, because it is a private
method, so we need to use it in one of our OperationContracts to check it works:
▪ In your Service1.svc.cs file, find your GetData method you wrote in the
previous lab and add two parameters to the method declaration, string
AdminName and string AdminPass.
▪ You will also need to make this change in your IService1.cs file.
o Next we need to add an if statement around ALL of the method contents, so that the
logic of this method will only run IF a valid users credentials are given:
o This will only return data IF the user exists, but it will not check the users
permissions. We can modify the IF statement to check this also:
o Adding this will check if the user exists (== 1), then will check if permission is zero
(admin) or (||) is equal to the house id being requested.
o Now we can run this and test with the Test Client.
▪ NOTE: Check your Houses table to make sure you are getting data for a
house id that exists.
▪ Also if you use a username and password for a user who is not permission 0,
null will be returned IF the user permission does not match the requested
house id.
Task 4 – Add Validation to Other Operation Contracts
Use the steps from Task 3 to replicate the use of the validateUser method in other methods you
have. You are trying to prevent:
• Unauthorised registration of users (If any user can register themselves as admin there is no
security!). This is why I asked you to register at least one admin permission before protecting
the registration function. If you forget a password, you will have to temporarily comment
out your code that checks credentials, in order to register a new admin, before reinstating
the code again.
• Unauthorised update of device data (verify permission before update).

联系我们 - QQ: 99515681 微信:codinghelp
程序辅导网!