Beruflich Dokumente
Kultur Dokumente
ABSTRACT:
Password authentication systems, which are used as first level of defense, are not efficient
enough to withstand the dynamic techniques of attackers. An important usability goal for
authentication systems is to support users in selecting better passwords. We propose a new
Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed
to restrict such attacks. While PGRP limits the total number of login attempts from unknown
remote hosts to as low as a single attempt per username, legitimate users in most cases can make
several failed login attempts before being challenged with an ATT. The major goal of this work is
to reduce the guessing attacks as well as encouraging users to select more random, and difficult
passwords to guess. Well known security threats like brute force attacks and dictionary attacks
can be successfully abolished using this method.
Introduction:
Online uses have been rapidly increased in the real world. Difficulty involved in this,
how secure we are to protect our own privacy details such as password. Here we involve
developing a secure application to prevent our privacy information by using Password Guessing
Resistant Protocol (PGRP).
Brute Force Attack: A Brute Force attack is a type of password guessing attack and it
consist of trying every possible code, combination, or password until you find the correct one.
This type of attack may take long time to complete.
Dictionary Attack: A dictionary attack is another of password guessing attack which uses a
dictionary of common words to identify the users password.
We achieve this by developing an online exam monitoring system with PGRP. We
selected this concept since many hacking activities are done to extract the question paper posted
by the staff in the online. Here we restrict this attempt by restricting the number of attempts
made to attempt the password guess to login to the account.
EXISTING SYSTEM:
The use of passwords is a major point of vulnerability in computer security, as passwords
are often easy to guess by automated programs running dictionary attacks. Passwords remain the
most widely used authentication method despite their well-known security weaknesses. User
authentication is clearly a practical problem. In the existing work an automated test that humans
can pass, but current computer programs can't pass: any program that has high success over a
captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. Logic problems
have also been suggested as a basis for captcha and these present similar difficulties, as
generation seems to be difficult. All the agents could start operating at a specific time, trying to
login into accounts in a specific server using random passwords or using a dictionary attack. It is
difficult to deny such type of attack since bots may pass through this security level.
EXISTING TECHNIQUE:
CAPTCHA
DISADVANTAGES:
Attackers can try only limited number of guesses from a single machine before being
locked out, delayed, or challenged to answer Automated Turing Tests
Locking is generally temporary; the adversary can mount a DoS attack by making enough
failed login attempts to lock a particular account.
Literature survey:
How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
Author Name: Elie Bursztein, Steven Bethard, Celine Fabry, John C. Mitchell, Dan Jurafsky
Paper Year: May 2010.
Description:
Captchas are designed to be easy for humans but hard for machines. However, most
recent research has focused only on making them hard for machines. In this paper, we present
what is to the best of our knowledge the first large scale evaluation of captchas from the human
perspective, with
the goal of assessing how much friction captchas present to the average user.
For the purpose of this study we have asked workers from Amazons Mechanical Turk
and an underground captcha breaking service to solve more than 318 000 captchas issued from
the 21 most popular captcha schemes (13 images schemes and 8 audio scheme). Analysis of the
resulting data reveals that captchas are often difficult for humans, with audio captchas being
particularly problematic. We also find some demographic trends indicating, for example, that
non-native speakers of English are slower in
General and less accurate on English-centric captcha schemes. Evidence from a weeks worth of
eBay captchas (14,000,000 samples) suggests that the solving accuracies found in our study are
close to real-world values, and that improving audio captchas should become a priority, as nearly
1% of all
captchas are delivered as audio rather than images. Finally our study also reveals that it is more
effective for an attacker to use Mechanical Turk to solve captchas than an underground service.
Description:
We study the security requirements for remote authentication with password protected
smart card. In recent years, several protocols for password-based authenticated key exchange
have been proposed. These protocols are used for the protection of password based
authentication between a client and a remote server.
In this paper, we will focus on the password based authentication between a smartcard
owner and smart card via distrusted card reader. In a typical scenario, a smart card owner inserts
the smart card into distrusted card reader and input the password via the card reader in order for
the smart card to carry out the process of authentication with a remote server. In this case, we
want to guarantee that the card reader will not be able to impersonate the card owner in future
without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we
want the assurance that an adversary could not use the smart card to impersonate the card owner
even though the sample space of passwords may be small enough to be enumerated by an offline adversary.
Description:
Reverse Turing tests, or CAPTCHAs, have become an ubiquitous defense used to protect
open Web resources from being exploited at scale. An effective CAPTCHA resists existing
mechanistic software solving, yet can be solved with high probability by a human being. In
response, a robust solving ecosystem has emerged, reselling both automated solving technology
and real time human labor to bypass these protections. Thus,CAPTCHAs can increasingly be
understood and evaluated in purely economic terms; the market price of a solution vs the
monetizable value of the asset being protected. We examine the market-side of this question in
depth, analyzing the behavior and dynamics of CAPTCHA-solving service providers, their price
performance, and the underlying labor markets driving this economy.
Description:
We introduce captcha, an automated test that humans can pass, but current computer
programs can't pass: any program that has high success over a captcha can be used to solve an
unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of
captchas. Since captchas have many applications in practical security, our approach introduces a
new class of hard problems that can be exploited for security purposes. Much like research in
cryptography has had a positive impact on algorithms for factoring and discrete log, we hope that
the use of hard AI problems for security purposes allows us to advance of Artificial Intelligence.
We introduce two families of AI problems that can be used to construct captchas and we show
that solutions to such problems can be used for communication. Captchas based on these AI
problem families, then, imply a win-win situation: either the problems remain unsolved and there
is a way to differentiate humans from computers, or the problems are solved and there is a way to
communicate covertly on some channels.
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed
Passwords
Author Name: Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern
Paper Year:2010
Description:
In this paper we attempt to determine the effectiveness of using entropy, as defined in
NIST SP800-63, as a measurement of the security provided by various password creation
policies. This is accomplished by modeling the success rate of current password cracking
techniques against real user passwords. These data sets were collected from several different
websites, the largest one containing over 32 million passwords. This focus on actual attack
methodologies and real user passwords quite possibly makes this one of the largest studies on
password security to date. In addition we examine what these results mean for standard password
creation policies, such as minimum password length, and character set requirements.
Description:
7
CAPTCHA is now almost a standard security technology, and has found widespread
application in commercial websites. Usability and robustness are two fundamental issues with
CAPTCHA, and they often interconnect with each other. This paper discusses usability issues
that should be considered and addressed in the design of CAPTCHAs. Some of these issues are
intuitive, but some others have subtle implications for robustness (or security). A simple but
novel framework for examining CAPTCHA usability is also proposed.
PROPOSED SYSTEM:
The proposal in the present paper, called Password Guessing Resistant Protocol (PGRP),
significantly improves the security-usability trade-off, and can be more generally deployed
beyond browser-based authentication. Our proposed system enforces ATTs after a few failed
login attempts are made from unknown machines. We define known machines as those from
which a successful login has occurred within a fixed period of time. These are identified by their
IP addresses saved on the login server as a white list, or cookies stored on client machines. PGRP
accommodates both graphical user interfaces and character-based interfaces, while the previous
protocols deal exclusively with the former, requiring the use of browser cookies. PGRP uses
either cookies or IP addresses, or both for tracking legitimate users. The proposed system
is
more restrictive against brute force and dictionary attacks while safely allowing a large number
of free failed attempts for legitimate users.
PROPOSED TECHNIQUE:
PASSWORD GUESSING RESISTANT PROTOCOL (PGRP)
ADVANTAGES:
It makes brute force and dictionary attacks ineffective even for adversaries with access to
large botnets.
It is suitable for organizations of both small and large number of user accounts.
Module:
Authentication:
Login
Forget Password
Admin
Staff
Candidate
Exam registration
Module description:
Authentication:
The process of identifying an individual usually based on a username and password. In
security systems, Authentication merely ensures that the individual is who he or she claims to be,
but says nothing about the access rights of the individual.
Login:
In Staff and Admin login we are going to check whether the system is trusted machine or
distrust machine. If the machine is trusted then the staff or admin is allowed with 3 attempts. If
the machine is distrusted machine then the staff is allowed with single attempt. In Candidate
login, candidate or the user may attempt many number of attempt. Process Involved is to
Check the login name and password
Then allows the authorized user to use these pages.
If the unauthorized user attempts to access staff login then restrict that user and give the
information.
Forget Password:
When the users forget their password then the user can access this forget password. It is
used to create a new password. To ensure that user accessing forget password is a legitimate user,
the user will be asked a question. These questions and their answers are created, while the user is
registering to the site. If the user enters the answer then the entered text will be matched with the
database. If the result is true, then the user will be allowed to enter the new password to access
the site. If the result is false, user will not be allowed to enter the new password to access the
site.
Admin:
In this module when the admin attempts to login we need to find whether the machine is
trusted or it is distrusted machine. It is found by IP address .If the IP address is used by the
10
machine to access the site frequently is stored then that machine is trusted machine. For that
particular machine the admin login is allowed to attempt up to three numbers of attempts. The
machine is considered distrusted machine if the admin login is made as new attempt then the user
will be given single chance to enter the user name or password to access the site.
After the admin logged in then the admin will have the access over the application to
control. In this application admin has the privilege to control the uploaded question paper. This
admin have the control for deleting the question paper too.
Staff:
In this module the staff will be hosting the question paper which is needed for the candidate
to write online exam. For this process the staff has to login first. To login, the staff needs to
provide authenticable user name and password within three attempts in a trusted system. In a
distrusted machine the staff has to enter the user name and password within single attempt. If the
attempts go more than given limit then intimation will be provided.
11
Candidate:
In this module the candidate are given access only to login and answer the exam. To login
into the candidate login, first the users have to register into application by giving their detail.
While login the candidate can attempt n number of login attempt to attend the exam.
12
Candidate
Login
Technique:
Password Guessing Resistant Protocol
The login protocol should make brute force and dictionary attacks ineffective even for
adversaries with access to large botnets (i.e., capable of launching the attack from many remote
hosts).The protocol should not have any significant impact on usability (user convenience). For
example: for legitimate users, any additional steps besides entering login credentials should be
minimal. Increasing the security of the protocol must have minimal effect in decreasing the login
usability.
13
14
Online Exam:
Input: candidate can answer the corresponding questions
Output: check whether the answer is correct or not
Result:
Input: enter the registration number
Output: it show the result of the corresponding registration number
HARDWARE AND SOFTWARE REQUIREMENTS
SOFTWARE REQUIREMENTS:
Operating system
:- Windows7
Front End
Coding Language
:- C#
Backend
HARDWARE REQUIREMENTS:
Processor
Hard disk
: 40 GB
Mouse
: Logitech.
RAM
: 2GB(minimum)
Keyboard
15
System Design:
USE CASE DIAGRAM:
A use case diagram is a type of behavioral diagram created from a Use-case analysis.
The purpose of use case is to present overview of the functionality provided by the
system in terms of actors, their goals and any dependencies between those use cases
16
Login
Schedule Exam
Admin
Staff
Question paper
Candidate
Exam registration
View result
In this use case diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
17
Class Diagram:
A class diagram in the UML is a type of static structure diagram that describes the
structure of a system by showing the systems classes, their attributes, and the relationships
between the classes.
Private visibility hides information from anything outside the class partition. Public
visibility allows all other classes to view the marked information.
Protected visibility allows child classes to access information they inherited from a parent
class.
Admin
name
Password
Staff
name
Password
Candidate
name
Password
Monitor exam()
View result()
New Exam()
Schedule()
registration()
exam()
Exam
Registration No
Exam time
New Exam
Exam Name
Question
Display Question()
18
Result
Exam name
Registration No
Exam result()
In this class diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
Object Diagram:
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a
complete or partial view of the structure of a modeled system at a specific time.
An Object diagram focuses on some particular set of object instances and attributes, and
the links between the instances. A correlated set of object diagrams provides insight into how an
arbitrary view of a system is expected to evolve over time.
Object diagrams are more concrete than class diagrams, and are often used to provide
examples, or act as test cases for the class diagrams. Only those aspects of a model that are of
current interest need be shown on an object diagram.
Candidate
Staff
Upload
Name=staff
Password=***
Question paper
Name=Cand1
Password=***
Online exam
Admin
Monitor exam
View result
19
Answer paper
View result
In this object diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
State Diagram:
A state diagram is a type of diagram used in computer science and related fields to
describe the behavior of systems. State diagrams require that the system described is composed
of a finite number of states; sometimes, this is indeed the case, while at other times this is a
reasonable abstraction. There are many forms of state diagrams, which differ slightly and have
different semantics.
Login
Staff
Upload
question
Exam
Question
Monitor the
exam
Display
result
Candidate
Exam
registration
Write the
exam
20
In this state diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
Activity Diagram:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities
and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be
used to describe the business and operational step-by-step workflows of components in a system.
UML activity diagrams could potentially model the internal logic of a complex operation. In
many ways UML activity diagrams are the object-oriented equivalent of flow charts and data
flow diagrams(DFDs)from structural development.
The following Activity diagram shows how the optimization of work flows in this project
21
Login
Staff
Admin
Candidate
Insert question
Schedule exam
Exam details
Exam
registration
Conduct Exam
Online exam
Result
Logout
In this activity diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
22
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
Sequence diagram:
A sequence diagram in UML is a kind of interaction diagram that shows how processes
operate with one another and in what order.
It is a construct of a message sequence chart. Sequence diagrams are sometimes called
Event-trace diagrams, event scenarios, and timing diagrams.
The below diagram shows the sequence flow shows how the optimization of work flows
in this project
Login
Admin
Staff
Candidate
Exam allotment
Registration
Online exam
Result
Schedule exam
Authenticate
Register
Write exam
Authenticate
View result
Authenticate
Maintanence
Exam maintanence
view result
In this sequence diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
23
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
Collaboration Diagram:
24
1: Authenticate
Admin
5: Authenticate
Login
Staff
8: Maintanence
7: Authenticate
2: Schedule exam
Exam
allotment
3: Register
Candidat
e
Registrat
ion
9: view result
6: view result
4: Write exam
Online
exam
Result
In this collaboration diagram, the staff login to the account, schedule the exam and
upload the question paper. The candidate register to the application and then login to the
application then the candidate can write the exam and view the result. The admin monitors the
exam and can view the result.
Component Diagram:
Components are wired together by using an assembly connector to connect the
required interface of one component with the provided interface of another component. This
illustrates the service consumer - service provider relationship between the two components.
25
An assembly connector is a "connector between two components that defines that one
component provides the services that another component requires. An assembly connector is a
connector that is defined from a required interface or port to a provided interface or port."
When using a component diagram to show the internal structure of a component, the
provided and required interfaces of the encompassing component can delegate to the
corresponding interfaces of the contained components.
Login
Staff
Schedule
Admin
Candiada
te
Register.
Maintain
detail
Conduct
exam
Monitor
exam
Result
26
In this component diagram, the staff login to the account, schedule the exam and upload
the question paper. The candidate register to the application and then login to the application then
the candidate can write the exam and view the result. The admin monitors the exam and can view
the result.
LEVEL 0:
0 Admin
User
Login
Monitor exam
27
D0 Database
Here admin logs in and monitors the examination conducting process. And he updates them in
the database. Admin can view the student activities and staff activities
LEVEL 1:
1 Staff
User
D1 Database
Login
Schedule exam
Upload question
The staff can login and upload new questions on variety of topics. The staff can schedule the
exam process and update them in the database.
Level 2:
User
2 Candidate
D2 Database
Register
Login
Write exam
View result
28
In level 2, the user can login and take the test and view the results. Registered users can login
directly whereas new users can register themselves before taking up the test.
All Level:
0 Admin
Login
Monitor exam
D0 Database
1 Staff
User
D1 Database
Login
Schedule exam
Upload question
2 Candidate
D2 Database
Register
Login
Write exam
View result
29
The all level diagram sums up the whole process happening from level 0 to level 2. It shows all
the activities of admin, staff and users.
E-R Diagram:
In software engineering, an entity-relationship model (ERM) is an abstract and
conceptual representation of data. Entity-relationship modeling is a database modeling method,
used to produce a type of conceptual schema or semantic data model of a system, often
a relational database, and its requirements in a top-down fashion. Diagrams created by this
process are called entity-relationship diagrams, ER diagrams, or ERDs.
30
Admin:
Candidate details
Admin
Staff Detail
Schedule
Question
Contact Exam
Registration
Result
The admin monitors the exam and see the activities of staff and candidates. Admin
maintains and updates the data of staff and candidates.
Candidate:
31
Register NO
Question
Exam Register
Candidate
Register NO
Online Exam
Result
Exam Result
The user can login and take the test and view the results. Registered users can login
directly whereas new users can register themselves before taking up the test.
Staff:
Time
Staff
Question
Answer
Exam Name
Result
The staff can login and upload new questions on variety of topics. The staff can schedule the
exam process and update them in the database.
System Architecture:
32
This system architecture will give explanation about the entire concept about project.
When a staff login into the application then schedule the exam. Scheduling the exam involved at
what time the exam to be processed for the student and upload the question paper. The staff can
also view the result of the students who attended the exam. In the admin section after the admin
logged in the admin only have the access to delete the uploaded Question paper. We allow
candidates only to register their details Login
and write the exam and view the result. After registration
process completed the candidate can login to the application then they can write their exam.
Then the user can view their result.
Staff
Schedule Exam
Admin
Candidate
Upload Exam
Online Exam
DEVELOPMENT TOOLS
5.1. GENERAL
DATABASE
33
This chapter is about the software language and the tools used in the development of the project.
The platform used here is Dot Net. The Primary languages are C-Sharp. In this project AJAX is
chosen for implementation.
5.2.1
The CLR is described as the execution engine of .NET. It provides the environment within
which programs run. The most important features are
34
The following features of the .NET framework are also worth description:
MANAGED CODE
The code that targets .NET, and which contains certain extra Information - metadata - to
describe itself. Whilst both managed and unmanaged code can run in the runtime, only managed
code contains the information that allows the CLR to guarantee, for instance, safe execution and
interoperability.
MANAGED DATA
With Managed Code comes Managed Data. CLR provides memory allocation
and Deal location facilities, and garbage collection. Some .NET languages use Managed Data by
default, such as C#, Visual Basic.NET and JScript.NET, whereas others, namely C++, do not.
Targeting CLR can, depending on the language youre using, impose certain constraints on the
features available. As with managed and unmanaged code, one can have both managed and
unmanaged data in .NET applications - data that doesnt get garbage collected but instead is
looked after by unmanaged code.
35
common way. CTS define how types work within the runtime, which enables types in one
language to interoperate with types in another language, including cross-language exception
handling. As well as ensuring that types are only used in appropriate ways, the runtime also
ensures that code doesnt attempt to access memory that hasnt been allocated to it.
36
XML Web services. The .NET framework supports new versions of Microsofts old favorites
Visual Basic and C++ (as VB.NET and Managed C++), but there are also a number of new
additions to the family.
Visual Basic .NET has been updated to include many new and improved language
features that make it a powerful object-oriented programming language. These features include
inheritance, interfaces, and overloading, among others. Visual Basic also now supports structured
exception handling, custom attributes and also supports multi-threading.
Visual Basic .NET is also CLS compliant, which means that any CLS-compliant
language can use the classes, objects, and components you create in Visual Basic .NET.
Managed Extensions for C++ and attributed programming are just some of the
enhancements made to the C++ language. Managed Extensions simplify the task of migrating
existing C++ applications to the new .NET Framework.
C# is Microsofts new language. Its a C-style language that is essentially C++
for Rapid Application Development. Unlike other languages, its specification is just the
grammar of the language. It has no standard library of its own, and instead has been designed
with the intention of using the .NET libraries as its own.
Microsoft Visual J# .NET provides the easiest transition for Java-language
developers into the world of XML Web Services and dramatically improves the interoperability
of Java-language programs with existing software written in a variety of other programming
languages.
Active State has created Visual Perl and Visual Python, which enable .NET-aware
applications to be built in either Perl or Python. Both products can be integrated into the Visual
Studio .NET environment. Visual Perl includes support for Active States Perl Dev Kit.
FORTRAN
COBOL
37
Eiffel
ASP.NET
Windows Forms
FEATURES OF C#
1. C# is a simple, modern, object oriented language derived from C++ and Java.
2. It aims to combine the high productivity of Visual Basic and the raw power of C++.
3. It is a part of Microsoft Visual Studio7.0.
4. Visual studio supports Vb, VC++, C++, Vbscript, Jscript. All of these languages provide
access to the Microsoft .NET platform.
5. .NET includes a Common Execution engine and a rich class library.
6. Microsoft's JVM equiv. is Common language run time (CLR).
7. CLR accommodates more than one languages such as C#, VB.NET, Jscript, ASP.NET, C++.
8. Source code --->Intermediate Language code (IL) ---> (JIT Compiler) Native code.
9.The classes and data types are common to all of the .NET languages.
10. We may develop Console application, Windows application, and Web application using C#.
11. In C# Microsoft has taken care of C++ problems such as Memory management, pointers etc.
12.It supports garbage collection, automatic memory management and a lot.
38
MAIN FEATURES OF C#
SIMPLE
1. Pointers are missing in C#.
2. Unsafe operations such as direct memory manipulation are not allowed.
3. In C# there is no usage of "::" or "->" operators.
4. Since it`s on .NET, it inherits the features of automatic memory management and garbage
collection.
5. Varying ranges of the primitive types like Integer, Floats etc.
6. Integer values of 0 and 1 are no longer accepted as Boolean values. Boolean values are pure
true or false values in C# so no more errors of "="operator and "=="operator. "==" is used for
comparison operation and "=" is used for assignment operation.
MODERN
1.C# has been based according to the current trend and is very powerful and simple for building
interoperable, scalable, robust applications.
2. C# includes built in support to turn any component into a web service that can be invoked over
the Internet from any application running on any platform.
OBJECT ORIENTED
1. C# supports Data Encapsulation, inheritance, polymorphism, interfaces.
2. (int, float, double) are not objects in java but C# has introduces structures (structs) which
enable the primitive types to become objects
int i=1;
string a=i.Tostring(); //conversion (or) Boxing
39
TYPE SAFE
1. In C# we cannot perform unsafe casts like convert double to a Boolean.
2. Value types (primitive types) are initialized to zeros and reference types (objects and classes
are initialized to null by the compiler automatically.
3. Arrays are zero base indexed and are bound checked.
4. Overflow of types can be checked.
INTEROPERABILITY
1. C# includes native support for the COM and windows based applications.
2. Allowing restricted use of native pointers.
3. Users no longer have to explicitly implement the unknown and other COM interfaces, those
features are built in.
4. C# allows the users to use pointers as unsafe code blocks to manipulate your old code.
5. Components from VB NET and other managed code languages and directly be used in C#.
SCALABLE AND UPDATEABLE
1. .NET has introduced assemblies, which are self-describing by means of their manifest.
Manifest establishes the assembly identity, version, culture and digital signature etc. Assemblies
need not to be register anywhere.
2. To scale our application we delete the old files and updating them with new ones. No
registering of dynamic linking library.
3. Updating software components is an error prone task. Revisions made to the code can affect
the existing program C# support versioning in the language. Native support for interfaces and
method overriding enable complex frame works to be developed and evolved over time.
applications; Windows based applications, Web sites. It is a Common architecture for all .net
programming languages.
The Main Objectives of .NET Framework
1) Platform Independent
2) Language Independent
3) Language Interoperability
4) Security
5) Database Connectivity
6) Globalization of Application
1) Platform Independent: As dll or exe files are executable in any operating system
with the help of the CLR (common language runtime), hence .net is called as platform
independent.
CLR is platform dependent.
CLR for Windows is called CLR.
CLR for Linux is called Mono CLR.
CLR for light weight devices is called Compact CLR.
CLR is not available for DOS and Windows95.
2) Language Independent: As .net application logic can be developed in any .net framework
compatible languages, hence it is called as Language Independent.
e.g.: C#.net
VB.net
J#.net
41
Cobol.net
PHP.net
PERL.net etc.....
Specification is ASP.net
It provides set of rules to be followed while integrating with the language.
3) Language Interoperability: The code written in one language should be used from
the application developed using other language.
4) Security: The .net applications attains high level of security.
5) Database Connectivity: A new Database connectivity model to connect Database.
6) Globalization of Application: Designing the applications for supporting multiple
languages and cultures.
42
The .NET Framework is an integral Windows component that supports building and running the
next generation of applications and XML Web services. The .NET Framework is designed to
fulfill the following objectives:
To make the developer experience consistent across widely varying types of applications,
such as Windows-based applications and Web-based applications.
To build all communication on industry standards to ensure that code based on the .NET
Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and the .NET
Framework class library. The common language runtime is the foundation of the .NET
Framework. You can think of the runtime as an agent that manages code at execution time,
providing core services such as memory management, thread management, and remoting, while
also enforcing strict type safety and other forms of code accuracy that promote security and
robustness. In fact, the concept of code management is a fundamental principle of the runtime.
Code that targets the runtime is known as managed code, while code that does not target the
runtime is known as unmanaged code. The class library, the other main component of the .NET
Framework, is a comprehensive, object-oriented collection of reusable types that you can use to
develop applications ranging from traditional command-line or graphical user interface (GUI)
applications to applications based on the latest innovations provided by ASP.NET, such as Web
Forms and XML Web services.
43
The .NET Framework can be hosted by unmanaged components that load the common language
runtime into their processes and initiate the execution of managed code, thereby creating a
software environment that can exploit both managed and unmanaged features. The .NET
Framework not only provides several runtime hosts, but also supports the development of thirdparty runtime hosts.
For example, ASP.NET hosts the runtime to provide a scalable, server-side environment for
managed code. ASP.NET works directly with the runtime to enable ASP.NET applications and
XML Web services, both of which are discussed later in this topic.
Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form
of a MIME type extension). Using Internet Explorer to host the runtime enables you to embed
managed components or Windows Forms controls in HTML documents. Hosting the runtime in
this way makes managed mobile code (similar to Microsoft ActiveX controls) possible, but
with significant improvements that only managed code can offer, such as semi-trusted execution
and isolated file storage.
The following illustration shows the relationship of the common language runtime and the class
library to your applications and to the overall system. The illustration also shows how managed
code operates within a larger architecture.
.NET Framework in context
44
The following sections describe the main components and features of the .NET Framework in
greater detail.
The common language runtime manages memory, thread execution, code execution, code safety
verification, compilation, and other system services. These features are intrinsic to the managed
code that runs on the common language runtime.With regards to security, managed components
are awarded varying degrees of trust, depending on a number of factors that include their origin
(such as the Internet, enterprise network, or local computer). This means that a managed
component might or might not be able to perform file-access operations, registry-access
operations, or other sensitive functions, even if it is being used in the same active application.The
runtime enforces code access security. For example, users can trust that an executable embedded
in a Web page can play an animation on screen or sing a song, but cannot access their personal
data, file system, or network. The security features of the runtime thus enable legitimate Internetdeployed software to be exceptionally feature rich.
The runtime also enforces code robustness by implementing a strict type-and-code-verification
infrastructure called the common type system (CTS). The CTS ensures that all managed code is
45
self-describing. The various Microsoft and third-party language compilers generate managed
code that conforms to the CTS. This means that managed code can consume other managed
types and instances, while strictly enforcing type fidelity and type safety.
In addition, the managed environment of the runtime eliminates many common software issues.
For example, the runtime automatically handles object layout and manages references to objects,
releasing them when they are no longer being used. This automatic memory management
resolves the two most common application errors, memory leaks and invalid memory references.
The runtime also accelerates developer productivity. For example, programmers can write
applications in their development language of choice, yet take full advantage of the runtime, the
class library, and components written in other languages by other developers. Any compiler
vendor who chooses to target the runtime can do so. Language compilers that target the .NET
Framework make the features of the .NET Framework available to existing code written in that
language, greatly easing the migration process for existing applications.
While the runtime is designed for the software of the future, it also supports software of today
and yesterday. Interoperability between managed and unmanaged code enables developers to
continue to use necessary COM components and DLLs.
The runtime is designed to enhance performance. Although the common language runtime
provides many standard runtime services, managed code is never interpreted. A feature called
just-in-time (JIT) compiling enables all managed code to run in the native machine language of
the system on which it is executing. Meanwhile, the memory manager removes the possibilities
of fragmented memory and increases memory locality-of-reference to further increase
performance.
Finally, the runtime can be hosted by high-performance, server-side applications, such as
Microsoft SQL Server and Internet Information Services (IIS). This infrastructure enables
you to use managed code to write your business logic, while still enjoying the superior
performance of the industry's best enterprise servers that support runtime hosting.
46
The .NET Framework class library is a collection of reusable types that tightly integrate with the
common language runtime. The class library is object oriented, providing types from which your
own managed code can derive functionality. This not only makes the .NET Framework types
easy to use, but also reduces the time associated with learning new features of the .NET
Framework. In addition, third-party components can integrate seamlessly with classes in the
.NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces that you can
use to develop your own collection classes. Your collection classes will blend seamlessly with
the classes in the .NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types enable
you to accomplish a range of common programming tasks, including tasks such as string
management, data collection, database connectivity, and file access. In addition to these common
tasks, the class library includes types that support a variety of specialized development scenarios.
For example, you can use the .NET Framework to develop the following types of applications
and services:
Console applications.
ASP.NET applications.
Windows services.
For example, the Windows Forms classes are a comprehensive set of reusable types that vastly
simplify Windows GUI development. If you write an ASP.NET Web Form application, you can
use the Web Forms classes.
47
Common Language Runtime is a heart of the .net framework. It actually manages the code
during Execution. The Code that runs under the CLR is called Managed Code. The code that
is
executed
under
.net
runtime
gets
benefits
like
cross language exception handling, enhanced Security, Versioning and development support, a
simplified model for component interaction, debugging and Profiling services.
CLR Managed Code Execution Process
The
Process of
Compiling
and
executing
managed
code
is
given
below
When you compile a program written in any of language that target CLR, the compiler
translate it into Microsoft Intermediate Language (MSIL) or IntermediateLanguage (IL).
It
does
not
depend
on Language and
always
get
translated
to
IL,
This
During JIT Compilation, the code is also checked for type safety. Type Safety ensures
that object are accessed in a compatible way. Type Safety also ensures that objects are
isolated from each other and are therefore safe from any malicious corruption.
After Converted to native code, converted code is sent to .net runtime manager.
The .net runtime manager executed the code, while executed the code, a security check is
performed to ensure that the code has the appropriate permission for accessing the
available resources.
memory
management:
The
CLR
provides
the
Garbage
Collection feature for managing the life time of object. This relives a programmer from
memory management task.
Standard Type System: - The CLR Implement a formal Specification called the
Common Type System (CTS). CTS is important part of rules that ensures that objects
written in different language can interact with each other.
Language interoperability: - It is the ability of an application to interact with another
application written in a different programming language. Language interoperability helps
maximum code reuse. The CLR provides support for language interoperability by
specifying and enforcing CTS and by providing metadata.
Platform Independence: - The Compiler compiles code language, which is CPUindependent. This means that the code can be executed from any platform that supports
the .Net CLR.
Security Management: - In .net platform, Security is achieved through the code
access Security (CAS) model. In the model, CLR enforces the restriction an managed
code through the object called permissions. The CLR allows the code to perform only
that task for which it has permissions. In other words, the CAS model specifies what the
code can access instead of specifies who can access resources.
49
Type Safety: - This feature ensures that object is always accessed in compatible ways.
Therefore the CLR will prohibit a code from assign a 10-byte value to an object that
occupies 8 bytes.
Benefits of CLR
Followings are some of benefits of the CLR
Performance improvement
The ability to easily use components developed in other languages.
Extensible types provided by library.
Use of delegates rather than function pointers for increased type safety and security.
50
disadvantages, and also lists numerous other resources for additional training on this
development method.
with
client-side
scripting
language,
51
Ajax can be used for creating rich, web-based applications that look and works like a
desktop application
Ajax is easy to learn. Ajax is based on JavaScript and existing technologies like XML,
CSS, DHTML. etc. So, its very easy to learn Ajax
52
Ajax can be used to develop web applications that can update the page data continuously
without refreshing the whole page
What is Ajax?
Asynchronous JavaScript and XML or Ajax for short is new web development technique used
for the development of most interactive website. Ajax helps you in making your web application
more interactive by retrieving small amount of data from web server and then showing it on your
application. You can do all these things without refreshing your page.
Usually in all the web applications, the user enters the data into the form and then clicks on the
submit button to submit the request to the server. Server processes the request and returns the
view in new page ( by reloading the whole page). This process is inefficient, time consuming,
and a little frustrating for you user if the only the small amount of data exchange is required. For
example in an user registration form, this can be frustrating thing for the user, as whole page is
reloaded only to check the availability of the user name. Ajax will help in making your
application more interactive. With the help of Ajax you can tune your application to check the
availability of the user name without refreshing the whole page.
Understanding the technology behind Ajax
Ajax is not a single technology, but it is a combination of many technologies. These technologies
are supported by modern web browsers. Following are techniques used in the Ajax applications.
JavaScript:
JavaScript is used to make a request to the web server. Once the response is returned by
the webserver, more JavaScript can be used to update the current page. DHTML and CSS
is used to show the output to the user. JavaScript is used very heavily to provide teh
dynamic behavior to the application.
53
come back. User can do the normal work without any problem.
XML:
XML may be used to receive the data returned from the web server. JavaScript can be
used to process the XML data returned from the web server easily.
Ajax life cycle within the web browser can be divided into following stages:
User Visit to the page: User visits the URL by typing URL in browser or clicking a link
from some other page.
54
XML files are text files, which can be managed by any text editor.
XML is extensible, because it only specifies the structural rules of tags. No specification
on tags them self.
XML provides a basic syntax that can be used to share information between different
kinds of computers, different applications, and different organizations. XML data is
stored in plain text format. This software- and hardware-independent way of storing data
allows different incompatible systems to share data without needing to pass them through
many layers of conversion. This also makes it easier to expand or upgrade to new
operating systems, new applications, or new browsers, without losing any data.
With XML, your data can be available to all kinds of "reading machines" (Handheld
computers, voice machines, news feeds, etc), and make it more available for blind people,
or people with other disabilities.
It supports Unicode, allowing almost any information in any written human language to
be communicated.
It can represent common computer science data structures: records, lists and trees.
Its self-documenting format describes structure and field names as well as specific
values.
55
The strict syntax and parsing requirements make the necessary parsing algorithms
extremely simple, efficient, and consistent.
Content-based XML markup enhances searchability, making it possible for agents and
search engines to categorize data instead of wasting processing power on context-based
full-text searches.
XML is heavily used as a format for document storage and processing, both online and
offline.
It allows validation using schema languages such as XSD and Schematron, which makes
effective unit-testing, firewalls, acceptance testing, contractual specification and software
construction easier.
The hierarchical structure is suitable for most (but not all) types of documents.
Forward and backward compatibility are relatively easy to maintain despite changes in
DTD or Schema.
Its predecessor, SGML, has been in use since 1986, so there is extensive experience and
software available.
User-defined functions
56
Indexed views
Cascading RI constraints
XML support
Log shipping
The rest of this section takes a closer look at each of these new features and provides a
reference to subsequent chapters where more information about the new feature can be found.
SQL-SERVER database consist of six type of objects,
They are,
1. TABLE
2. QUERY
3. FORM
4. REPORT
5. MACRO
TABLE:
A database is a collection of data about a specific topic.
57
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
DESIGN VIEW
To build or modify the structure of a table we work in the table design view. We can
specify what kind of data will be hold.
DATASHEET VIEW
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access gathers data that answers the
question from one or more table. The data that make up the answer is either dynaset (if you edit
it) or a snapshot(it cannot be edited).Each time we run query, we get latest information in the
dynaset.Access either displays the dynaset or snapshot for us to view or perform an action on it
,such as deleting or updating.
58
SQL Server 2000 will be soon reaching its five-year mark, which in terms of software life-cycle
translates into fairly advanced maturity. While this is still far from retirement age, the name of its
successor, SQL Server 2005, suggests that it might be time for you to start looking into what the
new generation has to offer. The release of SQL Server 2005, originally introduced as Yukon, has
already been postponed, but its current Beta 2 implementation (with several incremental
Community Technical Previews expected before Beta 3 becomes available early next year)
brings promise of a timely RTM stage (planned for summer next year). In this series of articles,
we will look into functional highlights of the new incarnation of the Microsoft database
management system, focusing on those that are likely to remain unchanged in the final product.
Improvements to the database engine, the details of which are not published by Microsoft, and
the corresponding changes to the main infrastructure components are reflected by a substantial
number of new features as well as enhancements to existing ones. The most relevant ones can be
grouped into several categories, such as high availability and scalability, security, data
management, administration and maintenance, and development.
The demand for high availability is becoming increasingly common and is no longer limited to
major corporate and governmental clients. This results not only from a growing level of customer
expectations, but also from the new political climate associated with more stringent legislative
and regulatory requirements, in which disaster recovery and business continuity are more
relevant then ever. However, businesses are also, at the same time, extremely interested in
keeping their costs to a minimum. Microsoft tries to address these expectations by implementing
scalability enhancements, which ensure that SQL Server can perform equally well in
environments of any size, and by the introduction of several versions of SQL Server 2005
(geared towards more specialized needs) such as:
SQL Server Standard Edition - offering the most diverse set of features and intended for
the majority of clients.
SQL Server 2005 Express Edition - serving as the replacement for Microsoft Data Engine
(MSDE) and available for download from t. Like its predecessor, it was designed with
developers in mind, however, unlike the previous version, it also includes a Web based
management interface.
59
SQL Server 2005 Mobile Edition - as a successor to SQL Server 2000 Windows CE
Edition, it is intended for Windows mobile-based devices, such as Tablet PCs, Pocket
PCs, and Smart phones
Among the most significant changes introduced in the areas of high availability and scalability in
SQL Server 2005 are the following:
Database mirroring - allows running hot-standby system closely synchronized with the
primary source. This provides an extension of log shipping functionality, which existed in
SQL Server 2000, with a number of additional enhancements, such as low-latency,
automatic failover and fallback, and two-way synchronization.
Online restore - provides the ability to restore data without taking a database offline,
which was the case in earlier versions of SQL Server. Users are only prevented from
accessing data that is being restored.
failover clustering - even though this is not a new feature, its SQL Server 2005
implementation offers significant improvements, such as eight-node clustering (in
combination with Windows 2003 Server Enterprise Edition) and support for failover of
Notification Services, Analysis Services, and a number of SQL Server Agent related tasks
(such as replication or job management and processing).
Online indexing - indexes can now be created, dropped, and rebuilt (performed typically
in order to eliminate index fragmentation) at the same time that the underlying table data
is being queried or modified. In SQL Server 2000, rebuilding a non-clustered index
places a shared lock on the underlying table, which restricts operations on it to SELECT
statements. When rebuilding a clustered index, SQL Server 2000 places an exclusive lock
on the table, preventing access to it altogether until the operation is completed.
Support for both 32- and 64-bit Windows 2003 Server platforms, including both Intel and
AMD (Option with Direct Connect Architecture) processors.
60
Table partitioning - provides the ability to partition tables across file groups in a database,
which optimizes operation on large tables.
Database snapshot and snapshot isolation - snapshots generate a read-only view of the
underlying database, which can be used, for example, to quickly recover data after
unintentional or erroneous change. Note that a snapshot is different from a copy, since it
occupies only the space required to contain changes applied to the database after it has
been created, greatly limiting storage requirements. Snapshot isolation provides parallel
access to the last committed row in a database, which can be used to eliminate blocking
issues when dealing with users operating simultaneously on the same data set.
replication - its SQL Server 2000 implementation has been enriched by the introduction
of a new peer-to-peer topology, the ability to replicate via HTTP and HTTPS (to
accommodate secure communication over the Internet), and cross-platform replication
from Oracle databases.
fast recovery - allows connections to a database when bringing it on-line as soon as its
transaction log has been rolled forward (in previous versions of SQL Server, connections
were permitted only after incomplete transactions had been rolled back).
With the surging wave of virus threats and the rising rate of vulnerabilities, database
administrators (as well as computer professionals in other fields) have been devoting more and
more of their time and attention to the area of security. This process has been further accelerated
by increasing the number of regulatory requirements (such as Sarbanes-Oxley Act or Health
Insurance Portability and Accountability Act) enforced in various sectors of the market dealing
with large quantities of data. Microsoft's commitment in this area has greatly improved since the
61
announcement of the Secure Computing Initiative and resulted in the following security-related
changes in SQL Server 2005:
Authorization enhancements.
In the area of data management, changes are also significant, encompassing new extraction,
transform, and load (ETL) features as well as analytical and data mining processing
enhancements:
SQL Server Integration Services - is a revamped implementation of SQL Server 2000based Data Transformation Services (for more information on DTS in SQL Server 2000,
refer to our series of articles), with performance, usability, and manageability
improvements. In its new form, SQL Server Integration Services contains Business
Intelligence Workbench and SQL Server Workbench utilities, which further simplify
extracting data from various sources and distilling it for use in data-warehousing and
analytical applications.
Analysis Services - offering better performance of OLAP and data mining processing.
built-in support for both relational and XML-structured data - available through the
addition of the XML data type, allowing storing XML fragments and documents in SQL
Server databases (for more information on XML in SQL Server 2000, you can refer to
our series of articles on the Database Journal Web site). It is also worth mentioning that
SQL Server 2005 has new VARCHAR (MAX) data type - along with NVARCHAR
(MAX) and VARBINARY (MAX) - with the ability to store up to 2GB of data,
supplementing TEXT, NTEXT, and IMAGE data types.
62
A number of administrative and maintenance tasks have been eliminated or simplified, by either
automating them or introducing new\improved management utilities. Functionality in this area
has also been extended through reporting and notification services (although note that
corresponding products are available on SQL Server 2000 platform):
SQL Server Management Studio - replacing a number of SQL Server 2000 management
utilities, including SQL Server Enterprise Manager, SQL Query Analyzer (replaced by
SQL Server Management Studio Query Editor - with extra features such as statement
auto-completion or results presented in XML form), SQL Server Analysis Services,
Reporting Services, and Notification Services, as well as providing management for SQL
Server Mobile Edition databases.
Reporting Services - enhanced from its recently released, SQL Server 2000-based
version, offers the ability to create, manage, and view reports. Integrating it with SQL
Server 2005 eliminates the need for such external tools as Crystal Reports (or similar
third party products).
Notification Services - provides the ability to generate and send custom subscriptionbased notifications, (triggered by data changes or according to a pre-determined
schedule), via a variety of messaging mechanisms, such as e-mail, phone, or instant
messenger.
Last, but definitely not least, there are significant enhancements in the area of development, such
as the following:
Close integration with Visual Studio 2005, Web Services, and Common Language
Runtime (reflected by the dependency on Microsoft .NET Framework 2.0) - provides the
ability to use .NET-based stored procedures, functions, and triggers. This way, it is
possible to perform SQL development with .NET programming languages, taking
63
advantage of functionality present in the .NET framework. At the same time, this helps
consolidate application and database development tasks, making Transact-SQL, and
.NET programming languages interchangeable
1. Database mirroring
Database mirroring is a new high-availability feature in SQL Server 2005. It's similar to server
clustering in that failover is achieved by the use of a stand-by server; the difference is that the
failover is at the database level rather than the server level. The primary database continuously
sends transaction logs to the backup database on a separate SQL Server instance. A third SQL
Server instance is then used as a witness database to monitor the interaction between the primary
and the mirror databases.
2. Database snapshots
A database snapshot is essentially an instant read-only copy of a database, and it is a great
candidate for any type of reporting solution for your company. In addition to being a great
reporting tool, you can revert control from your primary database to your snapshot database in
the event of an error. The only data loss would be from the point of creation of the database
snapshot to the event of failure.
3. CLR integration
With SQL Server 2005, you now have the ability to create custom .NET objects with the
database engine. For example, stored procedures, triggers, and functions can now be created
using familiar .NET languages such as VB and C#. Exposing this functionality gives you tools
that you never had access to before such as regular expressions.
4. Service Broker
This feature gives you the ability to create asynchronous, message-based applications in the
database entirely through TSQL. The database engine guarantees message delivery, message
order consistency, and handles message grouping. In addition, Service Broker gives you the
ability to send messages between different SQL Server instances. Server Broker is also used in
several other features in SQL Server 2005. For example, you can define Event Nonfictions in the
database to send a message to a Queue in the database when someone attempts to alter a table
structure, of if there is a string of login failures.
64
5. DDL triggers
In previous articles, I outlined how you can use data definition language (DDL) triggers in SQL
Server 2005 to implement custom database and server auditing solutions for Sarbanes-Oxley
compliance. DDL triggers are defined at the server or database level and fire when DDL
statements occur. This gives you the ability to audit when new tables, stored procedures, or
logins are created.
6. Ranking functions
SQL Server 2005 provides you with the ability to rank result sets returned from the database
engine. This allows you to customize the manner in which result sets are returned, such as
creating customized paging functions for Web site data.
7. Row versioning-based isolation levels
This new database engine feature improves database read concurrency by reducing the amount of
locks being used in your database. There are two versions of this feature (both of which must be
enabled at the database level:
Read Committed Isolation Using Row Versioning is used at the individual statement
level, and guarantees that the data is consistent for the duration of the statement.
Snapshot Isolation is used at the transaction level, and guarantees that the data is
consistent for the duration of the transaction.
The database engine is able to guarantee the consistency through row versions stored in the temp
db database. When a statement or transaction is issued with their respective isolation levels, read
operations accessing the same data that is being involved in a transaction will read from the
previous version of the data that is stored in temp db. Using these techniques in the appropriate
situations can significantly decrease your database locking issues.
8. XML integration
SQL Server 2005 introduces the new XML data-type. You can store full XML documents in this
new data-type, and you can place validations on the well-formed documents in the database.
65
Additional enhancements include the ability to query the XML documents and create indexes on
the XML data-type.
9. TRY...CATCH
In a previous article, I outlined how you can use the new TRY...CATCH constructs in SQL
Server 2005 to catch and handle deadlocks when they occur in the database. This long-awaited
feature simplifies error handling in the database.
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class SNewExam : System.Web.UI.Page
{
BAL bl = new BAL();
static int qno = 1;
static int tnq = 1;
string Ename;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
qno = 1;
}
}
66
67
throw;
}
}
#endregion
}
BAL.cs
public bool CreateExamTable(string Ename)
{
try
{
dl.CreateExamTable(Ename);
return true;
}
catch(Exception)
{
return false;
}
}
public bool InsertToExamTable(string Ename, int qno, string Ques, string Opt1, string Opt2,
string Opt3, string Opt4, string Ans)
{
try
{
dl.InsertToExamTable(Ename, qno, Ques, Opt1, Opt2, Opt3, Opt4, Ans);
return true;
}
catch (Exception)
{
return false;
}
}
public bool CreateResultTable(string Ename)
{
68
try
{
dl.CreateResultTable(Ename);
return true;
}
catch (Exception)
{
return false;
}
}
DAL.cs
#region Create Exam Que table
public bool CreateExamTable(string Ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("create table " + Ename + "(qno int,ques
varchar(1000),opt1 varchar(200),opt2 varchar(200),opt3 varchar(200),opt4 varchar(200),ans
varchar(200))", con);
cmd.ExecuteNonQuery();
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
69
#endregion
#endregion
#region Create Result table
public bool CreateResultTable(string Ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("create table r" + Ename + "(RNO INT
IDENTITY(1,1),REGNO BIGINT REFERENCES CLOGIN(REGNO),CNAME VARCHAR(20),PERCENTAGE
INT,RESULT VARCHAR(20),TERMINATE VARCHAR(50))", con);
cmd.ExecuteNonQuery();
70
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
#endregion
Candidate registration:
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class CNRegister : System.Web.UI.Page
{
BAL bl = new BAL();
protected void Page_Load(object sender, EventArgs e)
{
71
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
bool status=bl.register(txt_LoginName.Text, txt_RegisterNO.Text,
txt_CandidateName.Text, txt_Password.Text, txt_ConPassword.Text, txt_MobNo.Text,
txt_City.Text, txt_Major.Text, txt_Depart.Text);
if (status == true)
{
Lblsuccess.text= "registered successfully";
}
}
}
BAL.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
public class BAL
{
DAL dl = new DAL();
public bool register(string LoginName, string RegisterNo, string CandidateName, string
Password, string ConPassword, string MobileNo, string City, string Major, string Department)
{
try
{
72
DAL.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
public class DAL
{
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["NS02Con"].ConnectionString);
public bool register(string LoginName, string RegisterNo, string CandidateName, string
Password, string ConPassword, string MobileNo, string City, string Major, string Department)
{
try
{
73
con.Open();
SqlCommand cmd = new SqlCommand("sp_Registration", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", LoginName);
cmd.Parameters.AddWithValue("@RegisterNo",RegisterNo);
cmd.Parameters.AddWithValue("@CandidateName",CandidateName);
cmd.Parameters.AddWithValue("@Password",Password);
cmd.Parameters.AddWithValue("@ConPassword", ConPassword);
cmd.Parameters.AddWithValue("@MobileNo",MobileNo);
cmd.Parameters.AddWithValue("@City", City);
cmd.Parameters.AddWithValue("@Major",Major);
cmd.Parameters.AddWithValue("@Department",Department);
cmd.ExecuteNonQuery();
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
}
Code:
using System;
74
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
public partial class CRegistration : System.Web.UI.Page
{
BAL bl = new BAL();
string Ename;
protected void Page_Load(object sender, EventArgs e)
{
if (Session["name"]== "Candidate")
{
Response.Redirect("CLogin.aspx");
}
else
{
lblUserName.Text = Session["name"].ToString();
if (!IsPostBack)
{
DataSet ds = new DataSet();
int NoOfExam;
ds = bl.viewexamList();
ddlChooseExam.DataSource = ds;
ddlChooseExam.DataTextField = "Ename";
ddlChooseExam.DataValueField = "ScheduleId";
ddlChooseExam.DataBind();
NoOfExam = ds.Tables[0].Rows.Count;
lblNoOfExam.Text = Convert.ToString(NoOfExam);
}
75
}
protected void btnGetdetails_Click(object sender, EventArgs e)
{
Panel2.Visible = true;
Ename = ddlChooseExam.SelectedItem.Text.ToString();
List<DataFetch> df = bl.viewExamDetail(Ename);
lblExamName.Text = df[0].E_Name;
lblNoQuestion.Text = df[0].Tnq.ToString();
lblDuration.Text = df[0].Tnq.ToString() + "mins";
}
76
using
using
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Web.UI;
System.Web.UI.WebControls;
System.Diagnostics;
77
}
}
protected void btnOk_Click(object sender, EventArgs e)
{
if ((CheckBox1.Checked == true) && (CheckBox2.Checked == true) &&
(CheckBox3.Checked == true))
{
string curBrows;
HttpBrowserCapabilities browser=new HttpBrowserCapabilities();
browser = Request.Browser;
curBrows = browser.Browser;
if (curBrows == "IE")
{
int count = 0;
string[] allprocess=new string[100];
Process[] prs = Process.GetProcesses();
int ie = 0, other = 0;
foreach (Process procs in prs)
{
try
{
count++;
allprocess[count] = procs.ProcessName;
switch (allprocess[count])
{
case "ssmsee":
procs.Kill();
break;
case "IEXPLORE":
ie++;
break;
case "WINWORD":
78
//word
procs.Kill();
break;
case "MSACCESS":
//access
procs.Kill();
break;
case "notepad":
procs.Kill();
//text
break;
case "EXCEL":
//excel
procs.Kill();
break;
case "POWERPNT":
//ppt
procs.Kill();
break;
case "firefox":
procs.Kill();
break;
case "AcroRd32":
//pdf
procs.Kill();
break;
case "opera":
//opera
procs.Kill();
break;
default:
other++;
break;
}
}
catch
{
}
}
if (ie > 1)
{
lblIntExp.Text = "Close the other Internet Explorer except running this application";
}
else
{
Session["other"] = other.ToString();
Response.Redirect("Exam.aspx");
}
}
else
{
lblIntExp.Text = "You have to set default browser as Internet Explorer";
}
}
79
else
{
lblCheckboxStatus.Text = "check whether all the check box are clicked";
}
}
BAL
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Data;
/// <summary>
/// Summary description for CTestBal
/// </summary>
public class CTestBal
{
CTestDal dl = new CTestDal();
public DataSet viewExamName()
{
return dl.viewExamName();
}
DAL
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
/// <summary>
/// Summary description for CTestDal
/// </summary>
public class CTestDal
{
80
81
}
}
}
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
public partial class CRegistration : System.Web.UI.Page
{
BAL bl = new BAL();
string Ename;
protected void Page_Load(object sender, EventArgs e)
{
if (Session["name"]== "Candidate")
{
Response.Redirect("CLogin.aspx");
}
else
{
lblUserName.Text = Session["name"].ToString();
if (!IsPostBack)
{
DataSet ds = new DataSet();
int NoOfExam;
ds = bl.viewexamList();
ddlChooseExam.DataSource = ds;
ddlChooseExam.DataTextField = "Ename";
ddlChooseExam.DataValueField = "ScheduleId";
82
ddlChooseExam.DataBind();
NoOfExam = ds.Tables[0].Rows.Count;
lblNoOfExam.Text = Convert.ToString(NoOfExam);
}
}
protected void btnGetdetails_Click(object sender, EventArgs e)
{
Panel2.Visible = true;
Ename = ddlChooseExam.SelectedItem.Text.ToString();
List<DataFetch> df = bl.viewExamDetail(Ename);
lblExamName.Text = df[0].E_Name;
lblNoQuestion.Text = df[0].Tnq.ToString();
lblDuration.Text = df[0].Tnq.ToString() + "mins";
}
83
}
}
catch (Exception)
{
throw;
}
using
using
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Web.UI;
System.Web.UI.WebControls;
System.Diagnostics;
84
Panel3.Visible = false;
if (!IsPostBack)
{
lblSession.Text = Session["name"].ToString();
count = MaxTPQ;
sename = Session["ename"].ToString();
RegNo = Session["reg"].ToString();
tnq = bl.scheduleDetails(sename);
lblNoOfQuestion.Text = tnq.ToString();
lblMaximumTime.Text = tnq.ToString() + "Mins";
i = 1;
tca = 0;
read(sename,i);
}
public void read(string ename,int qno)
{
string Ques, Op1, Op2, Op3, Op4, Ans;
var t1 = bl.ExamQuestion(ename, qno);
Ques = t1.Item1;
Op1 = t1.Item2;
Op2 = t1.Item3;
Op3 = t1.Item4;
Op4 = t1.Item5;
Ans = t1.Item6;
lblQno.Text = i.ToString() + "." + Ques;
if (tnq == i)
{
lblRemQuestion.Text = "No more";
}
else
{
lblRemQuestion.Text = (tnq - i).ToString();
}
RadioButton1.Text = Op1;
RadioButton2.Text = Op2;
RadioButton3.Text = Op3;
RadioButton4.Text = Op4;
qans = Ans;
}
public void check()
{
if (RadioButton1.Checked == true)
{
sans = RadioButton1.Text;
}
else if (RadioButton2.Checked == true)
{
sans = RadioButton2.Text;
}
else if (RadioButton3.Checked == true)
{
sans = RadioButton3.Text;
}
85
=
=
=
=
false;
false;
false;
false;
86
87
opera++;
proces.Kill();
Terminate("Opera");
break;
case "chrome":
chrome++;
proces.Kill();
Terminate("Chrome");
break;
default:
other++;
break;
}
}
catch(Exception)
{
throw;
}
if(OTemp!=0)
{
if (other > OTemp)
Terminate("Other Application");
OTemp=other;
}
}
if(count==0)
{
check();
i++;
if(i<=tnq)
{
read(sename,i);
}
else
{
Timer1.Enabled=false;
Panel1.Visible=false;
Panel2.Visible = false;
Panel3.Visible = true;
lblCorrectAnswer.Text=tca.ToString();
result1();
}
count=MaxTPQ;
}
public void Terminate(string AppName)
{
bl.Terminate(AppName, sename, RegNo);
Session["Status"] = " You have been Terminated from the Exam ";
Response.Redirect("CPage.aspx");
return;
}
public void result1()
{
88
int per;
string result=string.Empty;
per = (tca * 100) / tnq;
if (per >= 50)
{
result = "Pass";
}
else
{
result = "Fail";
}
bl.StoreResult(sename, per, result, RegNo);
Panel3.Visible = true;
}
protected void btnOk_Click(object sender, EventArgs e)
{
Response.Redirect("CPage.aspx");
}
BAL
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
/// <summary>
/// Summary description for ExamBAL
/// </summary>
public class ExamBAL
{
ExamDAL dl = new ExamDAL();
public ExamBAL()
{
//
// TODO: Add constructor logic here
//
}
public int scheduleDetails(string ename)
{
try
{
return dl.ScheduleDetails(ename);
}
catch
{
throw;
}
}
public Tuple<string, string, string, string, string, string> ExamQuestion(string ename, int qno)
{
try
89
}
public void Terminate(string AppName, string sename, string RegNo)
{
try
{
dl.Terminate(AppName, sename, RegNo);
}
catch
{
throw;
}
}
public void StoreResult(string ename, int per, string result, string regno)
{
try
{
dl.StoreResult(ename, per, result, regno);
}
catch
{
throw;
}
}
DAL
using
using
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Data;
System.Data.SqlClient;
System.Configuration;
/// <summary>
/// Summary description for ExamDAL
/// </summary>
public class ExamDAL
{
90
91
}
finally
{
con.Close();
}
}
public void Terminate(string AppName,string sename,string RegNo)
{
con.Open();
SqlCommand cmd = new SqlCommand("update [r" + sename + "] set
percentage=0,result='Terminate',Terminate='" + AppName + "' where RegNo=" + RegNo + "",
con);
cmd.ExecuteNonQuery();
con.Close();
}
public void StoreResult(string ename,int per,string result,string regno)
{
con.Open();
SqlCommand cmd = new SqlCommand("update [r" + ename + "] set percentage=" + per +
", result='" + result + "' where RegNo= '" + regno + "'", con);
cmd.ExecuteNonQuery();
con.Close();
}
}
using
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Web.UI;
System.Web.UI.WebControls;
if (Session["status"] == null)
{
Session["status"] = "Exam completed";
Label2.Text = Session["status"].ToString();
92
}
else
{
Session["status"] = "Exam Completed";
Label2.Text = Session["status"].ToString();
}
}
BAL
public bool deleteExam(string ename)
{
try
{
return dl.deleteExam(ename);
}
catch
{
return false;
}
}
DAL
public bool deleteExam(string ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("sp_deleteexam", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@ename", ename);
cmd.ExecuteNonQuery();
return true;
}
catch (Exception)
{
93
return false;
}
finally
{
con.Close();
}
}
Result table:
94
SNAPSHOTS
Staff New exam:
96
The above page displays the UserInterface for creating the exam table which
contains the name of the table for storing the questions and the total number of
questions in the table.
97
In this module the staff will be uploading the question paper. Before uploading the
question paper staff will be setting the question pattern.
98
Candidate:
The above page displays the User Interface for candidate login to the application
by providing username and password. If the candidate is new then they need to
register for the application to access.
99
In this user interface the candidate will be allowed to register with his basic
details.
100
101
In this module candidate will register for the application first. Then the candidate will be allowed
to see the exam details and the candidate can register for the exam.
102
Online Exam
103
104
105
106
107
108
109
110
111
112
113
114
115
Future Enhancement:
Upload question
Decrypt
Encrypt
Store in database
Secure Login:
The security question will be asked even after the login is success. This is to avoid even
the password attempt is success .We can block the hacker even if he knows the password.
Security question
If answer matches
116
Advantages:
It makes brute force and dictionary attacks ineffective even for adversaries with access
to large botnets.
Both Human and machine cannot have access to the account if they are not authorized.
Security is enhanced, due to limiting of the login attempts.
Hackers cannot hack the question paper since to access the question paper the hacker need to
login first.
Application:
Banking sector:
We can apply our technique to secure our account from the unauthorized access even if
someone tries to hack up the account it can be prevented.
117
E-Mail
Nowadays hacking up of user email-id is increased dramatically we can prevent it by
applying our technique to secure the authentication process.
Government sector
Most of the government organization websites contains highly secured data which should
be prevented from unauthorized access thus we can apply our technique and secure it.
Conclusion:
Password guessing attacks have been prolonging in this world. To put an end to this we
do this project by using PGRP.PGRP will restrict the number of attempt made by a botnet or a
machine and allowing the legitimate user to have a full secured access over their account. PGRP
appears suitable for organizations of both small and large number of user accounts. PGRP will
also restrict Brute force attack and Dictionary attack, so it enhances a securable use of their
account.
References:
118
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern 2010
119