473,700 Members | 2,747 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Pin Login Application Using Asp


Hello Dev. Guru,
I want to at this time introduce myself. I am Stanley Ojadovwa by name.
I知 a freelance and a newbie in web application development. I知
currently using ASP as my application server technology with Microsoft
access as my database source.

Just as I have introduced myself, I知 a newbie in web application
development. I知 currently working on an application that will allow
students to check their results and admission status online, but they
will have to get a PIN Number or Code before they will be able to do
exactly that.

Now, what I have in mind is that a student will enter their names,
examination numbers and the PIN Code into a form and then click on the
submit button. The feedback after clicking on submit is that the
particular student examination records and status are queried from
that database and displayed for that student to see.

Validation Rules:

The application must display only the records that belong to that
student.
The PIN Code entered by the student must correspond to the one already
stored in the database.
The application must be in a way that the PIN Code cannot be used by
more than one student. That is if another student wants to use that PIN
Code, an error message should appear telling the student that the pin
code has been used by another student depending on how or what message
you want to display.
The PIN Code must not be used for more than a specified number of
times.

Now that was a brief overview of the kind of application I want to
develop. However, I知 having problem with its development. I decided to
write to see if there is a way you can help me out. You might have seen
the source code for such an application before now, please send it to
me or you may want to help me by writing a quick one of such
application, or a anything you have in mind regarding the application.

Anyway, I have gone ahead with its development. I will give a brief
idea of how far I have gone. What I did was to create a database with
three tables namely; PIN, LOGIN and RESULT. The PIN table contains all
the pin numbers which will be entered by the webmaster such that when
the student enters a particular pin code it will query that table to see
if the pin exist else it will tell the student that it is an invalid pin
code. If the pin exist in the PIN table the form input should be
submitted to the LOGIN table and then store the input in a cookies and
then be directed to another page which will query the RESULT table based
on the information stored in the cookies to bring out the particular
student痴 information.

To avoid to much details visit www.jambonline.org for a
sample of the kind of application I知 talking about.

I will really appreciate if I get a response from you regarding this
application. Thanks for your understanding and support.

See you at the top!

Stanley

Note: Below is a copy of the place I知 having a problem. I want to add
the form input into the login table if it does not already exist and
then direct them to Query_result page where their result will then be
sorted from the RESULT table. Also if the input is in the login table
already they should be redirected to Query_result page.

Incase you want a sample of the database, you can send me an email so
that I can attach it to the email back to you.I have already attached
some of the pages i have developed
+----------------------------------------------------------------+
| Attachment filename: prosessresult.t xt |
|Download attachment: http://www.codecomments.com/attachme...postid=3480939 |
+----------------------------------------------------------------+
--
xcelmind
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Jan 11 '07 #1
1 3068

"xcelmind" <xc************ *@mail.codecomm ents.comwrote in message
news:xc******** *****@mail.code comments.com...
>
Hello Dev. Guru,
I want to at this time introduce myself. I am Stanley Ojadovwa by name.
I'm a freelance and a newbie in web application development. I'm
currently using ASP as my application server technology with Microsoft
access as my database source.
Access (aka MS Jet) is a poor choice for multi-user database applications.
If at all possible, you would be well-advised to use SQL Express, which is
free just like Jet is, but is a much more stable and capable database
engine.

Just as I have introduced myself, I'm a newbie in web application
development. I'm currently working on an application that will allow
students to check their results and admission status online, but they
will have to get a PIN Number or Code before they will be able to do
exactly that.

Now, what I have in mind is that a student will enter their names,
examination numbers and the PIN Code into a form and then click on the
submit button. The feedback after clicking on submit is that the
particular student examination records and status are queried from
that database and displayed for that student to see.

Validation Rules:

The application must display only the records that belong to that
student.
The PIN Code entered by the student must correspond to the one already
stored in the database.
The application must be in a way that the PIN Code cannot be used by
more than one student. That is if another student wants to use that PIN
Code, an error message should appear telling the student that the pin
code has been used by another student depending on how or what message
you want to display.
That is not a secure design! A message that tells the user their chosen PIN
is already in use, effectively gives away the secret half of some other
student's credentials! Anyone that knows the names of the other students
only needs to try each of them with the PIN s/he now knows in in use -- and
is guaranteed access to someone else's data in the course of such an attack.

Also, name is a poor choice for a login value, no guarantee of uniqueness.
Email is a better choice, otherwise, allow the user to choose a login (this
would be where you must prompt for another value to enforce uniqueness.)

If forcing unique PINs is intended as a work-around for same-named students,
it is an extremely poor tactic. Login is the public [or semi-private] half
of the credentials pair. Password is the exclusively private half. For
sensitive data, nothing should *ever* divulge the password to *anyone*. For
data that isn't really sensitive, mechanisms to recover a password by
sending it to its owner have become fairly accepted, but secure applications
will only provide a way to reset the password.

This authentication model is in place in litteraly thousands (if not
millions) of applications; it's proven and accepted. You'd likely be
further ahead to work-around the reasons you want to alter the model, and
leave the model itself intact.
The PIN Code must not be used for more than a specified number of
times.
Why?
Now that was a brief overview of the kind of application I want to
develop. However, I'm having problem with its development. I decided to
write to see if there is a way you can help me out. You might have seen
the source code for such an application before now, please send it to
me or you may want to help me by writing a quick one of such
application, or a anything you have in mind regarding the application.

Anyway, I have gone ahead with its development. I will give a brief
idea of how far I have gone. What I did was to create a database with
three tables namely; PIN, LOGIN and RESULT. The PIN table contains all
the pin numbers which will be entered by the webmaster such that when
Wait, the webmaster enters the PINs? What, then the user gets it on a slip
of paper handed-out in class, or via snail-mail? Eeesh, if you absolutely
must go this way, at the very least, cut the web admin people a break by
generating PIN values.

the student enters a particular pin code it will query that table to see
if the pin exist else it will tell the student that it is an invalid pin
code. If the pin exist in the PIN table the form input should be
submitted to the LOGIN table and then store the input in a cookies and
then be directed to another page which will query the RESULT table based
on the information stored in the cookies to bring out the particular
student's information.
Two tables unnecessarily complicates design, input and function. A single
table that stores login, password, and any other details that describe the
user, is a more workable design. You then query that one table for a row
with both login and password fields that match the submitted values... but
that's a generality...

To be efficient your design must consider some environmental factors, like
the source of results data, and how it will be associated with students.
Surely each student already has some unique identifier assigned by the
school; presumably results will be linked using that?

So [based on my assumptions] the scenario should be something like this:

1. A conceptual account exists for each student by virtue of enrollment;
2. Each account needs to be "activated" before it can be used to access
account-specific content to, prevent unauthorized access before credentials
have been established;
3. The process of activation involves verifying that the user is who he says
he is, and then establishing credentials;
3.a. Verification involves user input of info that will be known or
available to each respective student while at the same time, not commonly
known or available to others (test numbers from one or a few recent tests
should be a good fit here)
3.b. When establishing credentials, assign a login value if you absolutely
must, but let the user set the password.
4. Once an account is activated, users can view results;
4.a. Why not just list all available results in a list, so the user can
click a link, rather than needing some number;
As for whatever implememtation difficulties you may be having, you'll get
more answers if you provide:

1. A description of the problem; i.e., the error message, or what its not
doing that you think it should;
2. Just enough code to show the context of the problem (noting which line
throws the error, if any);
3. Which behavior or aspects you're having difficulty understanding;
-Mark

To avoid to much details visit www.jambonline.org for a
sample of the kind of application I'm talking about.

I will really appreciate if I get a response from you regarding this
application. Thanks for your understanding and support.

See you at the top!

Stanley

Note: Below is a copy of the place I'm having a problem. I want to add
the form input into the login table if it does not already exist and
then direct them to Query_result page where their result will then be
sorted from the RESULT table. Also if the input is in the login table
already they should be redirected to Query_result page.

Incase you want a sample of the database, you can send me an email so
that I can attach it to the email back to you.I have already attached
some of the pages i have developed
+----------------------------------------------------------------+
| Attachment filename: prosessresult.t xt |
|Download attachment:
http://www.codecomments.com/attachme...postid=3480939 |
+----------------------------------------------------------------+
--
xcelmind
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Jan 12 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1323
by: Yoni Gibbs | last post by:
Hi, I need to build a "login manager" using C#, for a desktop application. I am new to .NET, having previously only worked in COM, so please forgive my ignorance. What I need is a "login manager" application that runs in the background and keeps the client's connection details ready for any other application to request, as there will be various applications (and various instances of the same application) all needing access to this...
2
2778
by: Beginner | last post by:
I know this is an old question, but searching all over the internet plus several MS security conferences, still haven't got a straight anwser. Basically, the login.aspx is on one dedicated server in the domain using AD. ASP.NET applications run on other servers (not neccessary in domain) and trying to use authentication server. How could this be done? - Most response says you need to set MachineKey the same, but that alone doesn't...
1
2439
by: MichaelR | last post by:
I have an asp.net application using forms authentication. 1. It has a simple login page (login.aspx) that uses FormsAuthentication.RedirectFromLoginPage(. . . ). 2. My application has a logout function that Redirects to signout.aspx. Signout.aspx invokes FormsAuthentication.Signout() when it loads. 3. Signout.aspx also has a login button that redirects to my application page (index.aspx). Because the user is no longer authenticated,...
19
2534
by: Siobhan | last post by:
Hi What is the recommended way to store a user's database credentials across the pages of a web application so that each time the database is accessed the system doesn't have to ask them for their username and password again We have previously stored these in a session variable (encrypted) and retrieved from their - but are worried about the impact on performance if the number of users increases. Had thought about cookies but worried...
10
4507
by: et | last post by:
I have an asp.net program that uses a connection string, using integrated security to connect to a sql database. It runs fine on one server, but the other server gives me the error that "Login failed for user "NT AUTHORITY/ANONYMOUS LOGON". Why would this be? There is no reason it should even be trying to login to using NT Authority/Anonymous login. The IIS Server is set to turn off anonymous logins, and use integrated security, and my...
14
2625
by: clintonG | last post by:
This is an appeal for peer support sent to Microsoft as will be noted in closing. The Login control does not include a Cancel button. The only option is to convert the Login control to a template which is not such a bad thing in itself but it means all other controls in the application must also be converted to templates to maintain a consistent UI. So much for writing 70% less code when foolish morons release a control with no cancel...
9
2567
by: dana lees | last post by:
Hello, I am developing a C# asp.net application. I am using the authentication and authorization mechanism, which its timeout is set to 60 minutes. My application consists of 2 frames - a header frame and a main frame. When i enter the application, i see the login screen on the whole screen, but when the authentication expires, the login screen appears on both frames.
6
3354
by: AppleBag | last post by:
I'm having the worst time trying to login to myspace through code. Can someone tell me how to do this? Please try it yourself before replying, only because I have asked this a couple of times in the past in other places, and while the help was much appreciated, it seemed everyone just wanted to 'theoretically' explain how to do it, but when I tried to do it myself, I couldn't login. I want to simply pass the email address and password to...
0
12770
by: barrybevel | last post by:
Hi, I'm trying to login to the www.vodafone.ie website using HttpWebRequest. It works fine with IE/Firefox and the .NET Web Control too, just not with my code. I think it's a redirect 302 problem. I'm using this code in a ASP.NET 2.0 application just in case that matters, maybe someone knows a better way to do this?
0
8718
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we値l explore What is ONU, What Is Router, ONU & Router痴 main usage, and What is the difference between ONU and Router. Let痴 take a closer look ! Part I. Meaning of...
0
8642
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9066
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8916
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7802
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project用lanning, coding, testing, and deployment謡ithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6558
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4400
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4652
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3083
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.