ChangePassword.aspx. The ChangePassword.aspx form is used for changing the password of a user. This form has a consistent interface across all roles in the airline.

Header.aspx. The Header.aspx form is used for displaying the header of every form, which contains the banner.

Logoff.aspx. The Logoff.aspx form is used for logging off a user from the Web application. The Logoff.aspx form is shown in Figure 18-13.

FIGURE 18-13 Logging off users from the Web application

Enabling Security with the Directory Structure

Whenever you create a new application, you need to secure it. This especially holds true for ASP.NET applications because they need to be protected from unauthorized intruders from the Internet. Security is not an issue that can be dealt with only after applications are complete. Instead, you need to plan for the security of the application from the conception stage.

ASP.NET enables you to implement directory-level security. Thus, you can grant permissions to different uses for accessing forms stored in different directories. This ability of ASP.NET is especially useful for your airline application.

426 Project 4 CREATING AN AIRLINE RESERVATION PORTAL

SkyShark Airlines has different roles defined for its executives. Each role has a set of tasks defined for it. These tasks do not overlap. Therefore, your application should not allow a line-of-business executive to add a new flight by using the ASP.NET forms that is to be used by business managers. As a result, you need to authenticate users to access the Web site and restrict users from accessing forms based upon their respective roles.

To enable such a security model on your Web site, you can implement either of the following methods:

Place ASP.NET forms into different folders based upon the roles of users who need to access these forms and use different security settings for the folders.

Programmatically manage access to ASP.NET forms of the Web application.

In the airline application, I implement both the methods described above. Different folders are created for forms pertaining to different roles and access to ASP.NET forms is controlled programmatically. You can learn about restricting access to ASP.NET forms programmatically in Chapter 25,“Securing the Application.” However, I will examine the directory structure of the application, which is always finalized in the early phases of the project.

In the SkyShark Airlines application, the ASP.NET forms pertaining to the three business roles are given as follows:

Business managers. AddFl.aspx, RequestID.aspx, Reports.aspx, and FreqFl.aspx

Line-of-business executives. CreateRes.aspx, CancelRes.aspx, QueryStat.aspx, and ConfirmRes.aspx

Network administrators. ManageUsers.aspx and ManageDatabases.aspx

The application root directory should therefore have three subdirectories: BM, LOB,and NA.Each of these subdirectories will store files as per the scheme given in the previous list. The final directory structure for the SkyShark Airlines application is given in Figure 18-14.