5ENT1070 – Web ServicesUser Authentication in WCFAims• Add a new table to your MDF file to store User Info• Modify your previous WCF solution to allow for the registration of users• Modify further to enable verification of users before other database requests are made• Test it works and submit your WCF solution on StudyNet. Please include screen shots of theTest Client as further evidence!Task 1 – Add a ‘Users’ table to your database• Copy your previous WCF solution to Desktop and open with Visual Studio.o This should be the WCF solution from the lab “Databases with WCF”.• The first thing we need to do is create a new table for storing User Information.o In your Visual Studio Window, go to your Server Explorer (Usually located as a sidetab on the left hand side).o Open the connection by expanding the database (When open you will see a littlegreen connected icon).o Right click on the database and select New Query.o Write a query to CREATE a new table that contains columns for ID, User Name, UserPassword, First Name, Last Name, and Permissions.▪ CAUTION: Do not call any column password, as this is a keyword in SQL andwill cause issues.▪ Also do not put spaces in column names as this will cause an error.▪ Keywords like CREATE are not case sensitive so do not have to be upper case▪ Table and variable names ARE case sensitive, so how you write them in yourCREATE query is how they must be written anywhere afterwards.o NOTE: the use of variable type VARBINARY(64) which is a byte array of 64 bytes(Byte[64]). This is because a 512-bit SHA3 algorithm will output 64 bytes of data (8bits in a byte therefore 512/8=64).o Once executed, check the table exists by refreshing your database in the ServerExplorer to see if it appears in the Tables folder.Task 2 – Add User Registration capability to WCF• Now the next thing to do is create a new DataContract which will represent a User object.o Open your IService1.cs file and after the close bracket for your public interfaceIService1, write a [DataContract] with a class called User. This class should reflectvariables you have in your database, except for password, which is a varbinary inyour table but must be a string here, as shown below:▪ NOTE: Don’t forget to add [DataMember] to each of your variables as shownbelow!• Next we need to add an [OperationContract] to the WCF which allows you to register a user.This is done inside the public interface IService1 declaration.o This contract will be called RegisterUser and return an int, with the parameter of aUser object:o Now open your Service1.svc.cs file to write this OperationContract logic.o This is where we need to install a library package to your WCF from NuGet, whichwill give you the ability to use SHA3 to hash passwords:▪ Click on the Tools tab in Visual Studio.▪ Go to NuGet Package Manager -> Manage NuGet Packages for Solution…▪ Click on the Browse tab and search for SHA3, you should get the optionshown below (the latest stable version may be different, please use thelatest available):▪ Make sure your project is checked on the right hand side and click the Installbutton in the bottom right corner. This will download the libraries and addthem to your project.▪ Finally, in your Service1.svc.cs file declare a global declaration ofSHA3.SHA3Managed using a 512-bit size:o Now we can write our OperationContract for registerUser and implement SHA3hashing during the SQL INSERT:▪ Open your Service1.svc.cs and create a new method as shown below:▪ Don’t worry if you see an error, the method isn’t finished yet!▪ Next we need to add functionality that will allow us to connect to an SQLDatabase and run an INSERT query to代写5ENT1070作业、代做Aims留学生作业、SQL程序语言作业调试、SQL课程作业代写 帮做R语言编程|代写Pyt our Users table, with the data withinthe User object called ‘u’:▪ Notice the use of sha3Provider, which will take the string value ofu.Password, convert it into a Byte array, then hash it and put the hasheddata into the SqlCommand.▪ This registerUser method will return an int of how many rows were affectedby this query (Should be 1 if successful), otherwise -1 if an exceptionoccurred.o While this file is still open, run the solution and try adding a user with the WCF TestClient.▪ NOTE: ID value will not be used in this registerUser method, so no need toenter it in the Test Client.o Enter at least one user like this with permission of 0 (Zero), as this will be admin(remember the password!).o Verify by checking your database table via Server Explorer.o Password data now shows in the database as a hexadecimal representation ofhashed data, not a plaintext password! Using SHA3, the correct password willALWAYS produce exactly the same hash data.Task 3 – Private User Verification• Next we need to be able to verify if a user is registered.o Stop the program and open your Service1.svc.cs file.o Write a new method called vaidateUser which returns an int and uses stringusername and password, and also an OUT function with a User Object:▪ Using the out feature means we can send out objects as well as return somevalue. Here we can return a number to indicate success or not, while alsospitting out a User object.▪ Making it private means that only this class can use this method.o Inside this method you need to add another SqlConnection, as you have before. Thistime it will do a SELECT function with the Users table:▪ SELECT will look for username and password as a hash in the Users table.▪ This method will return 1 if the user exists, 0 if they do not and -1 if anexception occurs.o Next we need to add a global User object, for our OUT to update later…o We can’t test this method using the Test Client directly, because it is a privatemethod, so we need to use it in one of our OperationContracts to check it works:▪ In your Service1.svc.cs file, find your GetData method you wrote in theprevious lab and add two parameters to the method declaration, stringAdminName and string AdminPass.▪ You will also need to make this change in your IService1.cs file.o Next we need to add an if statement around ALL of the method contents, so that thelogic of this method will only run IF a valid users credentials are given:o This will only return data IF the user exists, but it will not check the userspermissions. We can modify the IF statement to check this also:o Adding this will check if the user exists (== 1), then will check if permission is zero(admin) or (||) is equal to the house id being requested.o Now we can run this and test with the Test Client.▪ NOTE: Check your Houses table to make sure you are getting data for ahouse id that exists. ▪ Also if you use a username and password for a user who is not permission 0,null will be returned IF the user permission does not match the requestedhouse id.Task 4 – Add Validation to Other Operation ContractsUse the steps from Task 3 to replicate the use of the validateUser method in other methods youhave. You are trying to prevent:• Unauthorised registration of users (If any user can register themselves as admin there is nosecurity!). This is why I asked you to register at least one admin permission before protectingthe registration function. If you forget a password, you will have to temporarily commentout your code that checks credentials, in order to register a new admin, before reinstatingthe code again.• Unauthorised update of device data (verify permission before update).转自：http://www.6daixie.com/contents/15/5039.html