1.  Module number   
2.  Module title  Programming for the Web
3.  Module leader   
4.  Tutor with responsibility for this AssessmentStudent’s first point of contact


As above. 
5.  Assessment Practical & Report. This assessment assess all learning outcomes. 
6.  Weighting   75% 
7.  Size and/or time limits for assessment


Report 1000  words max and source code 
8.  Deadline of submission

Your attention is drawn to the penalties for late submission


9.  Arrangements for submission  School Office – Your work must be submitted with the appropriate cover sheet which must confirm that the assignment is your own and has not been submitted for another assessment. You are advised to keep your own copy of the assessment
10.  Assessment RegulationsAll assessments are subject to the University Regulations.


11.  The requirements for the assessment  ASP.NET & VB.NET exercise 
12.  Special instructions  You must demonstrate your work in the lab during your normal lab time on  
13.  Return of work  Verbal feedback will be available at the demonstration and written feedback will be available from the School office 3 weeks from date of hand-in 


14.  Assessment criteria 


You should not use any third-party scripts. 


Programming for the Web

  1. Description

The Edinburgh Secretarial web site was originally developed and implemented in PHP/MySQL and is now being developed in ASP.NET 3.5 using VB.Net for the code behind programming. You are required to implement the Edinburgh Secretarial website in ASP.NET 3.5 according the functional requirements listed below. You will be supplied with an asp.net solution (cw2-tr12010.zip) which will contain most (but not all) of the necessary .aspx pages and resources including all of the images. You should not alter or edit the supplied HTML/ASP markup in any way except as directed in 4.4 below.

  1. Deliverables

a)       The original resources you were given completed as per the specification detailed below.

b)        A report detailing how you achieved it.

  1.  Using AJAX Credit will be given for the correct use of AJAX where appropriate. 
  1. Requirements

4.0 Data Storage. You will be supplied with a database called edinsec in the projects App_Data folder which will contain two tables called clients and messages. You should familiarise yourself with the table structures and decide which additional fields you want to add to the clients table. You should install the .NET membership schema into the edinsec database and not in the SQL Server data folder. Note that in the messages table you will need to edit the msgid field and make it auto increment.

User Roles. There are two Role categories of user of the Edinburgh Secretarial web application: (i) client – registered clients, (ii) administrator – the system administrator (superuser). Note that casual browsers, i.e., ordinary members of the public, are not assigned a specific role. The behaviour (functionality) of the pages, and more importantly the navigation options, will be different for each category of user. User roles should be implemented using ASP.NET Membership.

Navigation. Use the supplied .inc files to display the correct navigation options for each category of user using .NET’s membership and role manager. If you do this by simply testing for the existence of a session variable you will lose marks. If an authenticated user is a client (i.e., they are logged in), load navigationM.inc. If an authenticated user is an administrator load navigationA.inc. If the user is not authenticated load navigation.inc.

Authentication. The Edinburgh Secretarial web site uses a Master Page architecture (edinsec.Master). When the site is visited the home page displays as shown below.

The login markup is contained in the header div in the master page and authentication should be initiated here using .NET Membership. On log in the header div an all pages should display as shown – in this example the home page is displayed, for other pages the page indicator will be as appropriate: 

Register Page. The Register Page (register.aspx) currently displays as follows:

There are errors in the markup on this page which you need to fix. When fixed the register page should display correctly as follows:

Registrations should be processed as follows. With the exception of the name, organisation, and address fields, all fields should be processed using ASP.NET membership. In processing this data the client’s approved (or active) status should be set to false. You should then retrieve the encrypted UserId from the aspnet_Membership table (installed as part of the ASP.NET membership schema – see 4.0 above) and store it along with remaining fields – name, organisation, and address – in the clients table.

Note: All fields (text boxes) should be validated using an appropriate asp tag – you should not use javascript for field validation.

Contact Page. The Contact page (contactus.aspx) displays as follows:

The Contact page contains a form allowing casual browsers to send ad hoc enquiries. This data should be stored in the edinsec database in a table called messages.

Administrator Tasks. When an administrator logs in the Home page and navigation options will display as follows:

Approve. The Approve page (approve.aspx – to be implemented by you) should display all unapproved (inactive) clients in an appropriate format to be decided by you, the only caveat being that the page should retain the look and feel of all the other pages. The administrator should be able to approve a client by clicking a check box. Once approvals are confirmed the client should be assigned to the client role and the approved field set appropriately.

Enquiries (All). The Enquiries (All) page (enqall.aspx – to be implemented by you) displays all ad hoc enquiries from the messages table and should display as follows (or as close to this as you can get). The respond column should contain a link to start the default mail client.

In the example shown all client messages are displayed on the table, those that have previously been read are marked as such. An administrator can ‘unread’ a message by unchecking it. In the example shown AJAX was used to manage this and update the messages sqlserver table as appropriate. You don’t have to use AJAX but you will get extra marks if you do. If the administrator clicks on a radio button in the Messages columns the message text should be displayed in a new (popup) window.

Enquiries (Unread). The Enquiries (Unread) page (enqur.aspx – to be implemented by you) displays all unread ad hoc enquiries from the messages table and should display as follows (or as close to this as you can get):

The required functionality for this page is the same as that for the Enquiries (All) page.

Client Tasks – My Documents. When a client logs in the home page and navigation options will display as follows:

The My Documents page (mydocuments.aspx) has not yet been implemented. It is your task to do so according to the following requirements:

  • it should have the same look and feel as all the other pages
  • all of the clients jobs should be display in a similar format as the ad hoc messages
  • the information displayed in the table should be:

To achieve this you will need to create a table in the edinsec database and populate it with data. You do not have to do this programmatically but you should retrieve the data programmatically.

Password Recovery. You should implements password recovery using .NET membership.

Report. Your report should contain a brief discussion of the following:

  • how you implemented your solution
  • the benefits and drawbacks (if any) of using the .NET membership approach to authentication over the do-it-yourself approach of  earlier versions of the .NET framework
  • the advantages and disadvantages of using frameworks like .NET as opposed to using a ‘loose’ collection of technologies such as MySQL, XHTML, PHP, and JavaScript.

Marking Scheme 

New Client Registration:                    15 Marks

Authentication and Navigation:       15 Marks

Administrator Tasks:                          25 Marks

My Documents:                                   10 Marks

Password Recovery:                           05 Marks

Display Page name in header:          05 Marks

Report:                                                  15 Marks

AJAX:                                                    10 Marks

Total:                                                     100 Marks 

You will lose marks if:

  1. You can’t retrieve the encrypted UserId from the aspnet_Membership table (2 marks)
  2. Unvalidated textbox fields (1 mark per field)
  3. Using a session variable test to determine the correct .inc file to load (5 marks)

In order to access and mark your practical assignment the following conditions must be strictly observed.

  1. Your project should be zipped into a file called set11105cw2-<matric number>. For example, if your matric number is 12345678 your zip file will be called set11105cw2-12345678.zip. 
  1. You should upload your solution to webCT as per instructions.

There will be no exceptions to this – if you don’t do it your work will not be marked.

Collaboration and Plagiarism

This is an individual piece of assessment and the work submitted should be entirely your own.  You are not allowed to collaborate with other students or to copy the work of other students. Your coursework will be electronically checked against all other submissions. In the event of any doubt about authorship you will be interviewed and may be asked questions about any aspect of the work. 


You submission should be handed in to the school office

You will be required to demonstrate your work at your normal lab time and place commencing during week commencing . 

Note that your assignment & coversheet should not contain your name, only your matriculation number. Your submission should include your report and a printout of your program listings. You must submit your project in zip format via WebCT. You should keep your own copy of all work submitted.