ASP.NET, security, the session, HTTP Handlers, Web.config

• Create ASP.NET application with users authentication and authorization
  
  • Application contains 3 pages (A.aspx, B.aspx and Login.aspx)
  • Only logged in users can access pages other than the login one
  • Standard ASP.NET Forms authentication and authorization mechanism has to be used
  • Users' credentials has to be stored in the standard web.config file's section, two users have to be created
    • User: user, password: usr
    • User: admin, password: adm
  • Only admin user can access B.aspx page
• Ensure background image for the pages
  
  • Both pages contain links to both pages, logged in user name and link to logout
    • Try to not duplicate the page's content code
  • Both pages have a random background image
  • Image is a bitmap of size 256x256 with 10 circles of random color
  • During the same session background image do not change (can be created only once while the single session)
  • No temporary files can be created on the server

• Hints:
  • configuration/location element (web.config)
  • configuration/system.web/authentication element (web.config)
  • configuration/system.web/authorization element (web.config)
  • Login, LoginName, LoginStatus controls
  • WebConfigurationManager, AuthenticationSection, FormsAuthenticationUser classes
  • <body style="background-image: url(BGHandler.aspx)">
  • HttpSessionState Page.Session {get;} property

• Approximate points:
  • authentication (only logged in users can access the pages): 2.5
  • authorization (only admin can access the B page): 1.0
  • page content: 1.5
  • background image generation: 2.5
  • correct displaying a background image: 2.5

• Links for uploading:
  • Solutions
  • Corrections