代写5ENT1070、代做Aims留学生、SQL程序语言调试、SQL代写

日期：2020-04-02 10:15

5ENT1070 – Web Services

User Authentication in WCF

Aims

? Add a new table to your MDF file to store User Info

? Modify your previous WCF solution to allow for the registration of users

? Modify further to enable verification of users before other database requests are made

? Test it works and submit your WCF solution on StudyNet. Please include screen shots of the

Test Client as further evidence!

Task 1 – Add a ‘Users’ table to your database

? Copy your previous WCF solution to Desktop and open with Visual Studio.

o This should be the WCF solution from the lab “Databases with WCF”.

? The first thing we need to do is create a new table for storing User Information.

o In your Visual Studio Window, go to your Server Explorer (Usually located as a side

tab on the left hand side).

o Open the connection by expanding the database (When open you will see a little

green connected icon).

o Right click on the database and select New Query.

o Write a query to CREATE a new table that contains columns for ID, User Name, User

Password, First Name, Last Name, and Permissions.

? CAUTION: Do not call any column password, as this is a keyword in SQL and

will cause issues.

? Also do not put spaces in column names as this will cause an error.

? Keywords like CREATE are not case sensitive so do not have to be upper case

? Table and variable names ARE case sensitive, so how you write them in your

CREATE query is how they must be written anywhere afterwards.

o NOTE: the use of variable type VARBINARY(64) which is a byte array of 64 bytes

(Byte[64]). This is because a 512-bit SHA3 algorithm will output 64 bytes of data (8

bits in a byte therefore 512/8=64).

o Once executed, check the table exists by refreshing your database in the Server

Explorer to see if it appears in the Tables folder.

Task 2 – Add User Registration capability to WCF

? Now the next thing to do is create a new DataContract which will represent a User object.

o Open your IService1.cs file and after the close bracket for your public interface

IService1, write a [DataContract] with a class called User. This class should reflect

variables you have in your database, except for password, which is a varbinary in

your table but must be a string here, as shown below:

? NOTE: Don’t forget to add [DataMember] to each of your variables as shown

below!

? Next we need to add an [OperationContract] to the WCF which allows you to register a user.

This is done inside the public interface IService1 declaration.

o This contract will be called RegisterUser and return an int, with the parameter of a

User object:

o Now open your Service1.svc.cs file to write this OperationContract logic.

o This is where we need to install a library package to your WCF from NuGet, which

will give you the ability to use SHA3 to hash passwords:

? Click on the Tools tab in Visual Studio.

? Go to NuGet Package Manager -> Manage NuGet Packages for Solution…

? Click on the Browse tab and search for SHA3, you should get the option

shown below (the latest stable version may be different, please use the

latest available):

? Make sure your project is checked on the right hand side and click the Install

button in the bottom right corner. This will download the libraries and add

them to your project.

? Finally, in your Service1.svc.cs file declare a global declaration of

SHA3.SHA3Managed using a 512-bit size:

o Now we can write our OperationContract for registerUser and implement SHA3

hashing during the SQL INSERT:

? Open your Service1.svc.cs and create a new method as shown below:

? Don’t worry if you see an error, the method isn’t finished yet!

? Next we need to add functionality that will allow us to connect to an SQL

Database and run an INSERT query to our Users table, with the data within

the User object called ‘u’:

? Notice the use of sha3Provider, which will take the string value of

u.Password, convert it into a Byte array, then hash it and put the hashed

data into the SqlCommand.

? This registerUser method will return an int of how many rows were affected

by this query (Should be 1 if successful), otherwise -1 if an exception

occurred.

o While this file is still open, run the solution and try adding a user with the WCF Test

Client.

? NOTE: ID value will not be used in this registerUser method, so no need to

enter it in the Test Client.

o Enter at least one user like this with permission of 0 (Zero), as this will be admin

(remember the password!).

o Verify by checking your database table via Server Explorer.

o Password data now shows in the database as a hexadecimal representation of

hashed data, not a plaintext password! Using SHA3, the correct password will

ALWAYS produce exactly the same hash data.

Task 3 – Private User Verification

? Next we need to be able to verify if a user is registered.

o Stop the program and open your Service1.svc.cs file.

o Write a new method called vaidateUser which returns an int and uses string

username and password, and also an OUT function with a User Object:

? Using the out feature means we can send out objects as well as return some

value. Here we can return a number to indicate success or not, while also

spitting out a User object.

? Making it private means that only this class can use this method.

o Inside this method you need to add another SqlConnection, as you have before. This

time it will do a SELECT function with the Users table:

? SELECT will look for username and password as a hash in the Users table.

? This method will return 1 if the user exists, 0 if they do not and -1 if an

exception occurs.

o Next we need to add a global User object, for our OUT to update later…

o We can’t test this method using the Test Client directly, because it is a private

method, so we need to use it in one of our OperationContracts to check it works:

? In your Service1.svc.cs file, find your GetData method you wrote in the

previous lab and add two parameters to the method declaration, string

AdminName and string AdminPass.

? You will also need to make this change in your IService1.cs file.

o Next we need to add an if statement around ALL of the method contents, so that the

logic of this method will only run IF a valid users credentials are given:

o This will only return data IF the user exists, but it will not check the users

permissions. We can modify the IF statement to check this also:

o Adding this will check if the user exists (== 1), then will check if permission is zero

(admin) or (||) is equal to the house id being requested.

o Now we can run this and test with the Test Client.

? NOTE: Check your Houses table to make sure you are getting data for a

house id that exists.

? Also if you use a username and password for a user who is not permission 0,

null will be returned IF the user permission does not match the requested

house id.

Task 4 – Add Validation to Other Operation Contracts

Use the steps from Task 3 to replicate the use of the validateUser method in other methods you

have. You are trying to prevent:

? Unauthorised registration of users (If any user can register themselves as admin there is no

security!). This is why I asked you to register at least one admin permission before protecting

the registration function. If you forget a password, you will have to temporarily comment

out your code that checks credentials, in order to register a new admin, before reinstating

the code again.

? Unauthorised update of device data (verify permission before update).