SSE698Project3

=Introduction= This project covers the second set of deliverables for the web site designed for Britches Bakery. Previously, Ms. Britches’ web site was pushed into production as a static web site, with not online ordering capabilities. The new version of the site will include some enhancements. The new web site will now include online ordering capabilities, as well as the ability to track those orders. For this project we will cover not only the online ordering functionality, but also an overview of the database design to support the site, how to handle the login process for users, and exception handling.

=Database Design= Even static web sites could benefit from the use of a database to store the data used in the site, but a site with online ordering capabilities and order tracking capability absolutely require some type of data storage. The developers from Gluvna Enterprises have decided that they should be tracking only a few things for this small site:


 * User Login
 * Customer Information
 * Menu Item Information
 * Order Information

Most of the data being stored is self explanatory and can be easily surmised because the developers gave all the tables and columns very descriptive names; however Ms. Britches was confused as to why they were choosing to store the price of a menu item in two separate locations. She noticed that they had it in the MenuItem table as well as in the OrderMenuItem table. When she questioned them, their explanation made perfect sense. Their reasoning was that over time, the price of a menu item can and probably will change and therefore they needed to store the current price of an item with order information to account for those changes. When a menu item price changes, if we do not store what the price of the menu item was when it was ordered originally, then any reporting on those orders would be wrong and we could not go back to determine what historical sales numbers truly were.

Ms. Britches was also concerned about the fact that user passwords are stored, and easily accessible to anyone who can access her database. She is adamant about the fact that she does not want to anyone to be able to access the accounts, she wants her customer data to be secure. The development team assures her that they will be encrypting the passwords so that the password data stored is not simply a “text” value, but will actually be an encrypted value of the password that will be handled by the code they are writing.

They also assure her that they will be using a Secure Socket Layer (SSL) for all customer data to be passed across networks. They explain to her that SSL is a data transport security protocol that provides security for communications over networks such as the Internet. SSL encrypts the segments of network connections at the Transport Layer end-to-end. The following diagram is a visual representation of how SSL works:



Now that Ms. Britches is a little bit more informed, she feels more secure about her customer data.

=Login Handling= The Britches Bakery web site will require a login in order for users to place online orders. As part of the login process, they will be using Microsoft data encryption in addition to using SSL for data encryption. The following is the login page: When the user clicks the login page, the application validates the data against what is stored in the database using the following code: code protected void btnLogin_Click(object sender, EventArgs e) { Guid token = Guid.NewGuid; if (checkLogin(txtUserID.Text, txtPassPhrase.Text, token)) { Session.Add("token", token); Session.Add("userID", txtUserID.Text); Response.Redirect("Main.aspx"); } else lblError.Visible = true; }

internal bool checkLogin(string userID, string passPhrase, Guid token) { return CSecurity.validateLogin(userID, passPhrase, token); } code The CSecurity.validateLogin method encrypts the data and validates it against the database: code internal static bool validateLogin(string userName, string passPhrase, Guid token) { return validateAgainstDatabase(userName, doEncryption(passPhrase), token); }

private static string doEncryption(string passphrase) { string result = string.Empty; MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider; UTF8Encoding encoder = new UTF8Encoding;

Byte[] arr = md5.ComputeHash(encoder.GetBytes(passphrase)); for (int i = 0; i < arr.Length; i++) result = string.Format("{0}{1}", result, arr[i]);

return result; } code =Online Ordering Capabilities= In order to have a successful online business, the site should have a "shopping cart" that customers can use to purchase products. The developers created a simple shopping cart by taking a few simple steps:

1.Build the user interface
The user interface for this site cart is the actual menu and menu item pages for Britches Bakery. It is very simple code that basically takes the item and added to the a dataset manipulated and stored in the user http session. This dataset is available to all pages and objects in it's current state during the browser session started by the user when they logged into the site.

2.Build the DataTable structure
The DataTable structure was developed and determined when the team did the database analysis. The DataTable was created as part of a strongly typed dataset to handle the data for the cart:

3.Add items to the cart
On the Menu Item page, a "Add To Cart" button has been added to the page to enable the user to add the item to their cart. Once the button is clicked, the following executes to actually "add" the item to the user's cart: code protected void btnAddToCart_Click(object sender, EventArgs e)       { CCommon.ds.Order.Rows.Add(Request.QueryString["ID"].ToString); Response.Redirect("Menu.aspx"); } code

4.Keep a running total
It is a good idea to keep and display a running total number of items on your shopping cart link. This ensures that the customer knows how many items they have in their cart. Unfortunately, due to the tight deadlines associated with this application the developers did not get this feature in their cart. It is their hope that Ms. Britches will contact them in the future so that they can give her all the features she needs to have a successful website. =Exception Handling= Microsoft defines an exception as "any error condition or unexpected behavior that is encountered by an executing program. Exceptions can be raised because of a fault in your code or in code that you call (such as a shared library), unavailable operating system resources, unexpected conditions the common language runtime encounters (such as code that cannot be verified), and so on. Your application can recover from some of these conditions, but not from others. Although you can recover from most application exceptions, you cannot recover from most runtime exceptions."

As developers, the Gluvna Enterprises team is expected to handle all exceptions to the best of their ability, as well throw exceptions as needed to ensure proper behavior of the application. The best way to handle exceptions is to use try-catch blocks around your code.

code public static void validateLogin {           bool fRedirect = true; string errorMessage = string.Empty; try {               if (HttpContext.Current.Session["token"] != null) if (CSecurity.validateToken( new Guid(HttpContext.Current.Session["token"].ToString), HttpContext.Current.Session["userID"].ToString)) {                       fRedirect = false; }

if (fRedirect) HttpContext.Current.Response.Redirect("Login.aspx"); }           catch (Exception ex) {               errorMessage = ex.Message; //Or do some other kind of handling if you please

} code Inside the "try" block you see the code that should be executed, barring any abnormal error that could occur during that execution. The "try" means that the application should try to execute the code, but we want to make sure we catch any exceptions so that we can handle those exceptions gracefully without an application runtime error. The "catch" block tells the application how to handle the errors. Many times developers will also add a "finally" block to the "try-catch" block. A "finally" block contains any code that you want executed, whether and exception occurs or not. Statements in a finally block always execute.

=Final Pages= The final pages of the Britches Bakery web site follow: