Three - Bdu

CHAPTER NO. TITLE PAGE NO.
ABSTRACT
1. INTRODUCTION
1.1 Problem Definition
2. SYSTEM ANALYSIS
2.1 Existing System
2.2 Proposed System
2.3 System Requirements
2.3.1 Hardware Specification
2.3.2 Software Specification
2.3.3 About Software
3. PROJECT DESCRIPTION
4. SYSTEM DESIGN
5. SYSTEM IMPLEMENTATION
5.1 Sample Screens
5.2 Sample Source Code
6. CONCLUSION
7. REFERENCES
TABLE OF CONTENTS
ABSTRACT
The proposed Three Tier Security Pattern system will be designed with ASP.net as the
front end with the Asp.Net and SqlServer as backend. Authentication is the first line of
defense against compromising confidentiality and integrity. Though traditional login or
password based schemes are easy to implement, they have been subjected to several attacks.
As alternative, token and biometric based authentication systems were introduced. However,
they have not improved substantially to justify the investment. Thus, a variation to the login
or password scheme, viz. graphical scheme was introduced. But it also suffered due to
shoulder-surfing and screen dump attacks. In this project, a framework of proposed Three
Tier Security System will be introduced, which is immune to the common attacks suffered
by other authentication schemes.
The most practical way to strengthen authentication is to require a three tier after the
username or password stage. Since a password is something that a user knows, ensuring that
the user also has something thwarts attackers that steal or gain access to passwords. Many
organizations protect local and remote logins with a simple username and password. Entering
these information grants access to company databases, email accounts, and other sensitive
information. But passwords are notoriously insecure. Many users choose weak passwords
which can be easily guessed or cracked. Phishing attacks trick people daily into revealing
their passwords, and users on unsecured networks can have their passwords sniffed.
Malicious viruses and spyware can capture passwords and send them over the network to
attackers. So at next step the user will be verified for one time password and at the third step
the color code is verified as authentication.
1. INTRODUCTION
The term e-Government is defined by the Organization for Economic Cooperation and
Development (OECD) as the use of new information and communication technologies (ICTs)
by governments as applied to the full range of government functions. In particular, the
networking potential offered by the Internet and related technologies have the potential to
transform the structures and operation of government
The effective management of information security is a key factor as willingness, of
the different users (citizens and other parties), to use e-Government services will heavily
depend on the trust they have on the data security of this service.
As stated in a central challenge of e-Government service is how the new technology
can be used not only to increase efficiency for public administration, but also to strengthen
confidence in privacy measures by creating mutual transparency between public
administration and citizens.
The process approach for information security management system, ISMS, presented
in encourages its users to emphasize the importance of :understanding an organization’s
information security requirements and the need to establish policy and objectives for
information security, implementing and operating controls to manage an organization's
information security risks in the context of the organization’s overall business risks,
monitoring and reviewing the performance and effectiveness of the ISMS , continual
improvement based on objective measurement.
The successful adoption of an ISMS is important to protect information assets,
allowing an organization to achieve greater assurance that its information assets are
adequately protected against information security risks on a continual basis ,maintain a
structured and comprehensive framework for identifying and assessing information security
risks, selecting and applying applicable controls, and measuring and improving their
effectiveness , continually improve its control environment and effectively achieve legal and
regulatory compliance.
When anyone wants to access the network, for security purposes every web
application provides user authentication. From ancient day’s secret data or code is used for
hiding and giving security to information. In user authentication he process which we have to
pass through is username and password. Authentication process divided into Token based
authentication, Biometric based authentication and Knowledge based authentication. Most of
the web application provides knowledge based authentication which include alphanumeric
password as well as graphical password. In today’s changing world when we are having
number of networks and personal account some sort of easy authentication schema need to be
provided.
To help protect the concern, they must be aware of commonly used types of attacks.
With that information, they can make use of several password cracking tools to audit the
organization. So with the intention to increase the security, it is planned to introduce color
codes and OTP (ONE-TIME-PASSWORD) as an authentication tool to increase the security
level. Color-code based authentication gives lot more advantages over existing systems. In
Normal, users are requested to give their password for accessing the system and thereby
gaining privilege to use the services. In the proposed system, the user while registration is
asked to select the color pattern and OTP is generated and will be sent to the registered Email
ID and it will be inserted in the database .The user entered Key will be checked against the
one stored in the database. By giving this kind of Three – level of security the system can be
more secured and is not vulnerable to any kind of attacks.
1.1 PROBLEM DEFINITION
With cloud data services, it is common place for data to be not only stored in the cloud,
but also shared across multiple users. Unfortunately, the integrity of cloud data is subject to
skepticism due to the existence of hardware/ software failures and human errors. Several
mechanisms have been designed to allow both data owners and public verifiers to efficiently
audit cloud data integrity without retrieving the entire data from the cloud server. However,
public auditing on the integrity of shared data with these existing mechanisms will inevitably
reveal confidential information identity privacy to public verifiers. In this paper, we propose
a novel privacy-preserving mechanism that supports public auditing on shared data stored in
the cloud. In particular, we exploit ring signatures to compute verification metadata needed to
audit the correctness of shared data. With our mechanism, the identity of the signer on each
block in shared data is kept private from public verifiers, who are able to efficiently verify
shared data integrity without retrieving the entire file. In addition, our mechanism is able to
perform multiple auditing tasks simultaneously instead of verifying them one by one. Our
experimental results demonstrate the effectiveness and efficiency of our mechanism when
auditing shared data integrity.
2. SYSTEM ANALYSIS
2.1 EXISTING SYSTEM

Services provided by e-Government to citizens, enterprise, public officer, government
administration and agencies via Internet and mobile connections are vulnerable to a variety of
threats.
2.1.1 DISADVANTAGES
 The system is vulnerable to various kinds of attacks such as packet sniffer, probe,
malware, internet infrastructure attack, denial of services attack, remote to local attack
and user to root attack.
 Specific security measures like firewalls, intrusion detection software, encryption, and
secure networks have not been defined designed and implemented for government
agencies to provide appropriate levels of security.
2.2 PROPOSED SYSTEM
The proposed system is ‘THREE TIER SECURITY PATTERN FOR

E-GOVERNANCE AND APPLICATION’. Authentication plays major role in every
application. Here also it is planned to increase the level of authentication. In this system in
addition to password validation the user has been given an option of choosing color-codes
appearing in front of the screen. The color codes are then validated against the already stored
ones which makes the system highly secured one. The user has also been given the option of
changing his password/color code based on the need. Here the user will be asked to enter his
userid and asked to answer the security question. If answered right he will be given the
chance to change password or color code.
2.2.1 ADVANTAGES
 Double the level of authentication while making transactions.

 Even if the user forgets the password he will be given an option of answering some
question. If he answered correct he can change the color-combinations again that will
be updated into the database.
 Not all the time the user can change his credentials, there are some limit. If more than
three times the user changes the password/color code he needs to contact the admin
and reset the security question and color code.
`
2.3 SYSTEM REQUIREMENTS
2.3.1 SOFTWARE SPECIFICATION

Server Side Programming : .NET.
Middleware Programming : JAVASCRIPT
Operating System : Windows 7.
Web Server : Internet Information Server
Client Script : HTML, CSS and Java Script
Database : SQL-Server 2008
2.3.2 HARDWARE SPECIFICATION

Processor : Intel Pentium IV Dual Core 2.8 GHz
Hard Disk : 160 GB
Monitor : LG 17” Color Monitor
RAM : 2 GB
Keyboard : 104 Keys Multimedia Keyboard
Mouse : Logitech Optical Mouse
CD – ROM : 52X CD-ROM.
2.3.3 ABOUT SOFTWARE
NET FRAMEWORK
Microsoft® .NET Framework version 1.1 the .NET Framework is an integral
Windows component that supports building and running the next generation of applications
and XML Web services. The key components of the .NET Framework are the common
language runtime and the .NET Framework class library, which includes ADO.NET,
VB.NET, and Windows Forms. The .NET Framework provides a managed execution
environment simplified development and deployment, and integration with a wide variety of
programming languages. For a brief introduction to the architecture of the .NET Framework
The .NET Framework is a new computing platform that simplifies application
development in the highly distributed environment of the Internet. The .NET Framework is
designed to fulfill the following objectives.
 To provide a consistent object-oriented programming environment whether
object code is stored and executed locally but Internet-distributed, or executed
remotely.
 To provide a code-execution environment that minimizes software deployment
and versioning conflicts.
 To provide a code-execution environment that eliminates the performance
problems of scripted or interpreted environments.
 To make the developer experience consistent across widely varying types of
applications, such as Windows-based applications and Web-based
applications.
 To build all communication on industry standards to ensure that code based on
the .NET Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and
the .NET Framework class library. The common language runtime is the foundation of
the .NET Framework. You can think of the runtime is an agent that manages code at
execution time, providing core services such as memory management, thread management,
and remoting while also enforcing strict type safety and other forms of code accuracy that
ensure security and robustness. In fact, the concept of code management is a fundamental
principle of the runtime. Code that targets the runtime is known as managed code, while
code that does not target the runtime is known as unmanaged code. The class library, the
other main component of the .NET Framework, is a comprehensive, object-oriented
collection of reusable types that you can use to develop applications ranging from traditional
command-line or graphical use interface (GUI) applications based on the latest innovations
provided by VB.NET, such as Web Forms and XML Web Services.
The following illustration shows the relationship of the common language runtime
and the class library to your applications and to the overall system. The illustration also
shows how managed code operates within a larger architecture.
NET FRAMEWORK IN CONTEXT
.NET Framework in context
FEATURES OF THE COMMON LANGUAGE RUNTIME
The common language runtime manages memory, thread execution, code execution,
code safety verification, compilation, and other system services. These features are intrinsic
to the managed code that runs on the common language runtime.
With regards to security, managed components are awarded varying degrees of trust,
depending on a number of factors that include their origin (such as the Internet, enterprise
network, or local computer). This means that a managed component might or might not be
able to perform file-access operations, registry-access operations, or other sensitive functions,
even if it is being used in the same active application.
The runtime enforces code access security. For example, users can trust that an
executable embedded in a Web page can play an animation on screen or sing a song, but
cannot access their personal data, file system, or network. The security features of the
runtime thus enable legitimate Internet-deployed software to be exceptionally feature rich.
The runtime also enforces code robustness by implementing a strict type-and-code-

verification infrastructure called the common type system (CTS). The CTS ensures that all
managed code is self-describing. The various Microsoft and third-party language compilers
generate managed code that conforms to the CTS. This means that managed code can
consume other managed types and instances, while strictly enforcing type fidelity and type
safety.
In addition, the managed environment of the runtime eliminates many common

software issues. For example, the runtime automatically handles object layout and manages
references to objects, releasing them when they are no longer being used. This automatic
memory management resolves the two most common application errors, memory leaks and
invalid memory references.
The runtime also accelerates developer productivity. For example, programmers can
write applications in their development language of choice, yet take full advantage of the
runtime, the class library, and components written in other languages by other developers.
Any compiler vendor who chooses to target the runtime can do so. Language compilers that
target the .NET Framework make the features of the .NET Framework available to existing
code written in that language, greatly easing the migration process for existing applications.
While the runtime is designed for the software of the future, it also supports software
of today and yesterday. Interoperability between managed and unmanaged code enables
developers to continue to use necessary COM components and DLLs.
The runtime is designed to enhance performance. Although the common language

runtime provides many standard runtime services, managed code is never interpreted. A
feature called just-in-time (JIT) compiling enables all managed code to run in the native
machine language of the system on which it is executing. Meanwhile, the memory manager
removes the possibilities of fragmented memory and increases memory locality-of-reference
to further increase performance.
Finally, the runtime can be hosted by high-performance, server-side applications, such

as Microsoft® SQL Server™ and Internet Information Services (IIS). This infrastructure
enables you to use managed code to write your business logic, while still enjoying the
superior performance of the industry's best enterprise servers that support runtime hosting.
.NET FRAMEWORK CLASS LIBRARY
The .NET Framework class library is a collection of reusable types that tightly
integrate with the common language runtime. The class library is object oriented, providing
types from which your own managed code can derive functionality. This not only makes
the .NET Framework types easy to use, but also reduces the time associated with learning
new features of the .NET Framework. In addition, third-party components can integrate
seamlessly with classes in the .NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces
that you can use to develop your own collection classes. Your collection classes will blend
seamlessly with the classes in the .NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types
enable you to accomplish a range of common programming tasks, including tasks such as
string management, data collection, database connectivity, and file access. In addition to
these common tasks, the class library includes types that support a variety of specialized
development scenarios. For example, you can use the .NET Framework to develop the
following types of applications and services:
 Console applications.
 Windows GUI applications (Windows Forms).
 ASP.NET applications.
 XML Web services.
 Windows services.
For example, the Windows Forms classes are a comprehensive set of reusable types that
vastly simplify Windows GUI development. If you write an ASP.NET Web Form
application, you can use the Web Forms classes.
CLIENT APPLICATION DEVELOPMENT
Client applications are the closest to a traditional style of application in Windows-

based programming. These are the types of applications that display windows or forms on the
desktop, enabling a user to perform a task. Client applications include applications such as
word processors and spreadsheets, as well as custom business applications such as data-entry
tools, reporting tools, and so on. Client applications usually employ windows, menus,
buttons, and other GUI elements, and they likely access local resources such as the file
system and peripherals such as printers.
Another kind of client application is the traditional ActiveX control (now replaced by
the managed Windows Forms control) deployed over the Internet as a Web page. This
application is much like other client applications: it is executed natively, has access to local
resources, and includes graphical elements.
In the past, developers created such applications using C/C++ in conjunction with the
Microsoft Foundation Classes (MFC) or with a rapid application development (RAD)
environment such as Microsoft® Visual Basic®. The .NET Framework incorporates aspects
of these existing products into a single, consistent development environment that drastically
simplifies the development of client applications.
The Windows Forms classes contained in the .NET Framework are designed to be
used for GUI development. You can easily create command windows, buttons, menus,
toolbars, and other screen elements with the flexibility necessary to accommodate shifting
business needs.
SERVER APPLICATION DEVELOPMENT
Server-side applications in the managed world are implemented through runtime

hosts. Unmanaged applications host the common language runtime, which allows your
custom managed code to control the behavior of the server. This model provides you with all
the features of the common language runtime and class library while gaining the performance
and scalability of the host server.
The following illustration shows a basic network schema with managed code running
in different server environments. Servers such as IIS and SQL Server can perform standard
operations while your application logic executes through the managed code.
SERVER-SIDE MANAGED CODE
ASP.NET is the hosting environment that enables developers to use the .NET
Framework to target Web-based applications. However, ASP.NET is more than just a
runtime host; it is a complete architecture for developing Web sites and Internet-distributed
objects using managed code. Both Web Forms and XML Web services use IIS and ASP.NET
as the publishing mechanism for applications, and both have a collection of supporting
classes in the .NET Framework.
Server-side managed code
XML Web services, an important evolution in Web-based technology, are distributed,

server-side application components similar to common Web sites. However, unlike Web-
based applications, XML Web services components have no UI and are not targeted for
browsers such as Internet Explorer and Netscape Navigator. Instead, XML Web services
consist of reusable software components designed to be consumed by other applications, such
as traditional client applications, Web-based applications, or even other XML Web services.
As a result, XML Web services technology is rapidly moving application development and
deployment into the highly distributed environment of the Internet.
If you have used earlier versions of ASP technology, you will immediately notice the
improvements that ASP.NET and Web Forms offer. For example, you can develop Web
Forms pages in any language that supports the .NET Framework. In addition, your code no
longer needs to share the same file with your HTTP text (although it can continue to do so if
you prefer). Web Forms pages execute in native machine language because, like any other
managed application, they take full advantage of the runtime. In contrast, unmanaged ASP
pages are always scripted and interpreted. ASP.NET pages are faster, more functional, and
easier to develop than unmanaged ASP pages because they interact with the runtime like any
managed application.
The .NET Framework also provides a collection of classes and tools to aid in
development and consumption of XML Web services applications. XML Web services are
built on standards such as SOAP (a remote procedure-call protocol), XML (an extensible data
format), and WSDL (the Web Services Description Language). The .NET Framework is built
on these standards to promote interoperability with non-Microsoft solutions.
For example, the Web Services Description Language tool included with the .NET
Framework SDK can query an XML Web service published on the Web, parse its WSDL
description, and produce C# or Visual Basic source code that your application can use to
become a client of the XML Web service. The source code can create classes derived from
classes in the class library that handle all the underlying communication using SOAP and
XML parsing. Although you can use the class library to consume XML Web services
directly, the Web Services Description Language tool and the other tools contained in the
SDK facilitate your development efforts with the .NET Framework.
If you develop and publish your own XML Web service, the .NET Framework
provides a set of classes that conform to all the underlying communication standards, such as
SOAP, WSDL, and XML. Using those classes enables you to focus on the logic of your
service, without concerning yourself with the communications infrastructure required by
distributed software development.
Finally, like Web Forms pages in the managed environment, your XML Web service
will run with the speed of native machine language using the scalable communication of IIS.
COMMON LANGUAGE RUNTIME
Compilers and tools expose the runtime's functionality and enable you to write code
that benefits from this managed execution environment. Code that you develop with a
language compiler that targets the runtime is called managed code; it benefits from features
such as cross-language integration, cross-language exception handling, enhanced security,
versioning and deployment support, a simplified model for component interaction, and
debugging and profiling services.
To enable the runtime to provide services to managed code, language compilers must emit
metadata that describes the types, members, and references in your code. Metadata is stored
with the code; every loadable common language runtime portable executable (PE) file
contains metadata. The runtime uses metadata to locate and load classes, lay out instances in
memory, resolve method invocations, generate native code, enforce security, and set run-time
context boundaries.
The runtime automatically handles object layout and manages references to objects, releasing
them when they are no longer being used. Objects whose lifetimes are managed in this way
are called managed data. Garbage collection eliminates memory leaks as well as some other
common programming errors. If your code is managed, you can use managed data,
unmanaged data, or both managed and unmanaged data in your .NET Framework application.
Because language compilers supply their own types, such as primitive types, you might not
always know (or need to know) whether your data is being managed.
The common language runtime makes it easy to design components and applications whose
objects interact across languages. Objects written in different languages can communicate
with each other, and their behaviors can be tightly integrated. For example, you can define a
class and then use a different language to derive a class from your original class or call a
method on the original class. You can also pass an instance of a class to a method of a class
written in a different language. This cross-language integration is possible because language
compilers and tools that target the runtime use a common type system defined by the runtime,
and they follow the runtime's rules for defining new types, as well as for creating, using,
persisting, and binding to types.
As part of their metadata, all managed components carry information about the
components and resources they were built against. The runtime uses this information to
ensure that your component or application has the specified versions of everything it needs,
which makes your code less likely to break because of some unmet dependency. Registration
information and state data are no longer stored in the registry where they can be difficult to
establish and maintain. Rather, information about the types you define (and their
dependencies) is stored with the code as metadata, making the tasks of component replication
and removal much less complicated.
Language compilers and tools expose the runtime's functionality in ways that are intended
to be useful and intuitive to developers. This means that some features of the runtime might
be more noticeable in one environment than in another. How you experience the runtime
depends on which language compilers or tools you use. For example, if you are a Visual
Basic developer, you might notice that with the commonlanguage runtime, the Visual Basic
language has more object-oriented features than before. Following are some benefits of the
runtime.
 Performance improvements.
 The ability to easily use components developed in other languages.
 Extensible types provided by a class library.
 New language features such as inheritance, interfaces, and overloading for object-
oriented programming; support for explicit free threading that allows creation of
multithreaded, scalable applications; support for structured exception handling and
custom attributes.
If you use Microsoft® Visual C++® .NET, you can write managed code using the
Managed Extensions for C++, which provide the benefits of a managed execution
environment as well as access to powerful capabilities and expressive data types that you are
familiar with. Additional runtime features include:
 Cross- language integration, especially cross- language inheritance.

 Garbage collection, which manages object lifetime so that reference counting is
unnecessary.
 Self-describing objects, which make using Interface Definition Language (IDL)
unnecessary.
ADO.NET ARCHITECTURE
ADO.NET Architecture
REMOTING OR MARSHALING DATA BETWEEN TIERS AND

CLIENTS
The design of the Dataset enables you to easily transport data to clients over the Web
using XML Web services, as well as allowing you to marshal data between .NET components
using .NET Remoting services. You can also remote a strongly typed Dataset in this fashion.
For an overview of XML Web services..
An overview of remoting services can be found in the .NET Remoting Overview.

Note that Data Table objects can also be used with remoting services, but cannot be
transported via an XML Web service.
.NET FRAMEWORK DATA PROVIDERS
A .NET Framework data provider is used for connecting to a database, executing

commands, and retrieving results. Those results are either processed directly, or placed in an
ADO.NET Dataset in order to be exposed to the user in an ad-hoc manner, combined with
data from multiple sources, or remoted between tiers. The .NET Framework data provider is
designed to be lightweight, creating a minimal layer between the data source and your code,
increasing performance without sacrificing functionality.
The following table outlines the four core objects that make up a .NET Framework
data provider.
Object Description
Connection Establishes a connection to a specific data
source.
Command Executes a command against a data source.
Exposes Parameters and can execute within
the scope of a Transaction from a
Connection.
Data Reader Reads a forward-only, read-only stream of
data from a data source.
Data Adapter Populates a Dataset and resolves updates with
the data source.
The .NET Framework includes the .NET Framework Data Provider for SQL Server
(for Microsoft SQL Server version 7.0 or later), the .NET Framework Data Provider for OLE
DB, and the .NET Framework Data Provider for ODBC.
Note The .NET Framework Data Provider for ODBC is not included in the .NET
Framework version 1.0. If you require the .NET Framework Data Provider for ODBC and are
using the .NET Framework version 1.0, you can download the .NET Framework Data
Provider for ODBC at http://msdn.microsoft.com/downloads. The namespace for the
downloaded .NET Framework Data Provider for ODBC is Microsoft.Data.Odbc.
THE .NET FRAMEWORK DATA PROVIDER FOR SQL SERVER
The .NET Framework Data Provider for SQL Server uses its own protocol to
communicate with SQL Server. It is lightweight and performs well because it is optimized to
access a SQL Server directly without adding an OLE DB or Open Database Connectivity
(ODBC) layer. The following illustration contrasts the .NET Framework Data Provider for
SQL Server with the .NET Framework Data Provider for OLE DB. The .NET Framework
Data Provider for OLE DB communicates to an OLE DB data source through both the OLE
DB Service component, which provides connection pooling and transaction services, and the
OLE DB Provider for the data source.
Comparison of the .NET Framework Data Provider for SQL Server and the .NET
Framework Data Provider for OLE DB
Comparison of .NET Framework Data Provider for SQL Server and OLEDB
To use the .NET Framework Data Provider for SQL Server, you must have access to
Microsoft SQL Server 7.0 or later. .NET Framework Data Provider for SQL Server classes
are located in the System.Data.SqlClient namespace. For earlier versions of Microsoft SQL
Server, use the .NET Framework Data Provider for OLE DB with the SQL Server OLE DB
Provider (SQLOLEDB).
VISUAL C# LANGUAGE
Microsoft C# (pronounced C sharp) is a new programming language designed for

building a wide range of enterprise applications that run on the .NET Framework. An
evolution of Microsoft C and Microsoft C++, C# is simple, modern, type safe, and object
oriented. C# code is compiled as managed code, which means it benefits from the services of
the common language runtime. These services include language interoperability, garbage
collection, enhanced security, and improved versioning support.
C# is introduced as Visual C# in the Visual Studio .NET suite. Support for Visual C#

includes project templates, designers, property pages, code wizards, an object model, and
other features of the development environment. The library for Visual C# programming is the
.NET Framework.
C# (pronounced “See Sharp”) is a simple, modern, object-oriented, and type safe

programming language. C# has its roots in the C family of languages and will be
immediately familiar to C, C++, and Java programmers. C# is standardized by ECMA
International as the ECMA-334 standard and by ISO/IEC as the ISO/IEC 23270 standard.
Microsoft’s C# compiler for the .NET Framework is a conforming implementation of both of
these standards. C# aims to combine the high productivity of Visual Basic and the raw power
of C++.
Visual C#.NET is Microsoft’s C# development tool. It includes an interactive

development environment, visual designers for building Windows and Web applications, a
compiler, and a debugger. Visual C#.NET is part of suite of products, called Visual
Studio.NET, that also includes Visual Basic.NET, Visual C++.NET, and the Jscript scripting
language. All of these languages provide access to the Microsoft .NET Framework, which
includes a common execution engine and a rich class library. The .NET Framework defines a
“Common language Specification” (CLS), a sort of lingua franca that ensures seamless
interoperability between CLS compliant languages and class libraries. For C# developers,
this means that even though C# is a new language, it has complete access to the same rich
class libraries that are used by seasoned tools such as Visual Basic .NET and Visual C+
+.NET. C# itself does not include a class library.
C# is an object-oriented language, but C# further includes support for component-

oriented programming. Contemporary software design increasingly relies on software
components in the form of self-contained and self-describing packages of functionality. Key
to such components is that they present a programming model with properties, methods and
events; they have attributes that provide declarative information about the component; and
they incorporate their own documentation. C# provides language constructs to directly
support these concepts, making C# a very natural language in which to create and use
software components.
Several C# features aid in the construction of robust and durable applications:

Garbage collection automatically reclaims memory occupied by unused objects; exception
handling provides a structured and extensible approach to error detection and recovery; and
the type-safe design of the language makes it impossible to have uninitialized variables, to
index arrays beyond their bounds, or to perform unchecked type casts.
C# has a unified type system. All C# types, including primitive types such as int and
double, inherit from a single root object type, Thus, all types share a set of common
operations, and values of any type can be stored, transported, and operated upon in a
consistent manner. Furthermore, C# supports both user-defined reference types and value
types, allowing dynamic allocation of objects as well as in-line storage of lightweight
structures.
To ensure that C# programs and libraries can evolve over time in a compatible
manner, much emphasis has been placed on versioning in C#’s design. Many programming
languages pay little attention to this issue, and, as a result, programs written in those
languages break more often than necessary when newer versions of dependent libraries are
introduced. Aspects of C# ’s design that were directly influenced by versioning
considerations include the separate virtual and override modifiers, the rules for method
overload resolution, and support for explicit interface member declarations.
C# 2.0 introduces several language extensions, including Generics, Anonymous

Methods, Iterators, Partial Types, and Nullable Types.
 Generics permit classes, structs, interfaces, delegates, and methods to be

parameterized by the types of data they store and manipulate. Generics are
useful because they provide stronger compile-time type checking, require
fewer explicit conversions between data types, and reduce the need for boxing
operations and run-time type checks.
 Anonymous methods allow code blocks to be written “in-line” where delegate
values are expected. Anonymous methods are similar to lambda functions in
the Lisp programming language. C# 2.0 supports the creation of “closures”
where anonymous methods access surrounding local variables and parameters.
 Iterators are methods that incrementally compute and yield a sequence of
values. Iterators make it easy for a type to specify how for each statement will
iterate over its elements.
 Partial types allow classes, structs, and interfaces to be broken into multiple
pieces stored in different source files for easier development and maintenance.
Additionally, partial types allow separation of machine-generated and user-
written parts of types so that it is easier to augment code generated by a tool.
 Nullable types represent values that possibly are unknown. A nullable type
supports all values of its underlying type plus an additional null state. Any
value type can be the underlying type of a nullable type.
ASP.NET
The .NET framework includes tools that ease the creation of web services.
ASP.NET is the latest offering from Microsoft toward the creation of a new paradigm for
server-side scripting. The systemwill see the basics of ASP.NET, which provides a
complete framework for the development of web applications. Here the systemget
introduced into ASP.NET, the platform requirements for ASP.NET applications, and the
ASP.NET architecture. In addition, the systemget introduced to web forms of ASP.NET
applications, a new addition to ASP.NET.
ASP .NET differs in some ways from earlier versions Os ASP. ASP.NET has new
features such as better language support, a new set of controls, XML-based components, and
more secure user authentication. ASP.NET also provides increased performance by executing
ASP code.
Usually a software product undergoes many evolutionary phases. In each release
version of the software product, the software vendor fixes the bugs form previous versions
and adds new features. ASP 1.0 was released in 1996. Since then, two more versions of ASP
(2.0 AND 3.0) have been released. In various versions of ASP, new features have been
added. However, the basic methodology used for creating applications has not changed.
ASP.NET provides a unique approach toward web application development, so one

might say that ASP.NET has stared a new revolution in the world of web application
development. ASP.NET is based on the Microsoft.NET framework. The .NET framework.
The .NET framework is based on the common language runtime (CLR). There fore, it
imparts all of the CLR benefits to ASP.NET applications. These CLR benefits include
automatic memory management, support for multiple languages, secure user authentication,
and ease in configuration, and ease in deployment.
BENEFITS OF ASP.NET
Support for various programming language ASP.NET provides better programming-
language support than ASP. It uses the new ADO.NET earlier versions of ASP support only
scripting language such as VBScript and Jscript. Using this scripting language, the system
can write applications used to perform server-side processing, but this has two major
drawbacks. First, scripting language is interpreted and not complied. Therefore, the errors can
only be checked at runtime. This affects the performance of web applications. Second,
scripting language is not strongly typed. The scripting languages do not have a built –in set of
predefined data types. This requires developers to cast the existing objects of the language to
their expected data type. Thus, these objects can be validated only at runtime. This validation
leads to a low performance of web applications. ASP.NET continues to support scripting
languages, but it supports complete Visual Basic for server-side programming ASP.NET also
provides support for c# (pronounced c sharp) and C++.
CROSS – LANGUAGE DEVELOPMENT
ASP.NET provides flexibility to extend created in one language to another language. For
example, if the system has an object in C++, ASP.NET enables us to extend this object in
Visual Basic.
ASP.NET PAGE SYNTAX
DIRECTIVES
<% @ page language =”VB” […] %>
Code Declaration Blocks
<script run at=”server” […]>

[ lines of code]
</script>
CODE RENDER BLOCKS
<%
[inline code or expressions]
%>
HTML Control Syntax
<HTML element runat=”server” [attribute(s)]>
</HTML element>
CUSTOM CONTROL SYNTAX
CUSTOM SERVER CONTROLS
<ASP: Textbox id=”My Tbi” run at=”server”>
SERVER CONTROL PROPERTY
<ASP: Textbox maxlength=”80” run at=”server”>
SUB PROPERTY
<ASP: Label font-size=”14” run at=”server”>
SERVER CONTROL EVEN BINDING

<ASP: Button On Click=”My Click” run at=”server”>
DATA BINDING EXPRESSION

<asp: label
Text=’<%# data binding expression %>’
Run at =”server”/>
SERVER-SIDE OBJECTS TAGS
<object id=”id” run at=”server”

Identifier=”idName”/>
SERVER-SIDE INCLUDE DIRECTIVES
<!-#include pathtype=filename -->

SERVER-SIDE COMMENTS
%-- comment block -- %>
An application in ASP.NET consists of files, pages, modules, and executable code that reside
in one virtual directory and its subdirectories. Application state is stored in global variables
for a given ASP.NET application. For that Reason developers have to follow some
implements rules .Variables for storing application state occupy system resources.
A global variable has to be locked and unlocked to prevent problems with concurrent
access.
WEB FORMS SERVER CONTROLS
The term server controls always means Web Forms server controls, because they are
specially designed to work with Web Forms.
SERVER CONTROL FAMILIES
Web Forms provide different server control families
 HTML server controls

 ASP.NET server controls
 Validation controls
 User controls
 Mobile controls
DATA BINDING
The systemcan bind Web Forms control properties to any data in a data store. This so-
called data binding gives us nearly complete control over how data moves to the page and
back again to the data store.
PAGE CLASS
When a page is loaded, the ASP.NET runtime generates and instantiates a page class.
This object forms a collection of our separate components (like visual elements and business
logic). So all (visual and code) elements are accessible through this object.
HTML SERVER CONTROLS
The system can convert simple HTML elements to HTML server controls, let the
ASP.NET engine create an instance on the server, and now they are programmable on the
server. The conversion is done by simply adding attributes to the HTML tag. The attributes
runat=server informs the framework to create a server-side instance of the control. If the
system additionally assigns an ID, the system can reference the control in our code.
For example, the system can use the HTMLAnchor control to program against the
HTML <a> tag to dynamically generate the H Ref values, or use HtmlTable (HTML
<table>) to dynamically create tables and their content.
ASP.NET SERVER CONTROLS
ASP.NET server controls are abstract controls. There is no one-to-one mapping to

HTML server controls. But ASP.NET comes with a rich set of controls.
Another feature is the typed object model. This gives us the potential for type-safe
programming. Server controls can automatically detect what browser the system is using and
generate the proper version of HTML output.
BUTTON
This is way to enable the user to finish editing a form. A Button enforces the
submitting of the page, and the systemcan additionally raise events like the Click event.
TEXTBOX
A Textbox is an input box where the user can enter information like numbers, text, or
dates formatted as single line, multilane, or password. This control raises a Text Changed
event when the focus “leaves” the control.
VALIDATION CONTROLS
Another group of server controls are validation controls. These can be used to check
the user’s entries. Validation can be processed on the client and on the server.
Validation on the client side can be performed using a client script. In that case, the
user will be confronted with immediate feedback-without a roundtrip to the server. Server-
side validation in addition provides, for example, security against users bypassing client-side
validation.
ASP.NET PROVIDES THE FOLLOWING TYPES OF VALIDATION
Required entry- the field must be filled in by the user. Comparison to a value- the
entered value is checked against another value of another field, a database, or a constant
value by using comparison operators. Range checking – the user’s entry is checked to see
whether it resides between given boundaries. Pattern matching- a regular expression is
defined that the entered value must match. User’s defined- implement our own validation
logic. When the validation fails, an error message is generated and sent back to the client
browser. This can be done in several ways. For example, all error messages related to a
specific transaction could be collected and presented to the user in summary.
SQL SERVER INTRODUCTION

SQL stands for Structured Query Language. SQL is used to communicate with a
database. According to ANSI (American National Standards Institute), it is the standard
language for relational database management systems.
SQL statements are used to perform tasks such as update data on a database, or
retrieve data from a database. Some common relational database management systems that
the SQL are: Oracle, Sybase, Microsoft SQL Server, Access, Ingress, etc. Although most
database systems use SQL, most of them also have their own additional proprietary
extensions that are usually only used on their system.
The standard SQL commands such as “Select”, “Insert”, “Update”, ”Delete”,
”Create”, and “Drop” can be used to accomplish almost everything that one needs to do with
a database. This tutorial will provide you with the instruction on the basics of each of these
commands as well as allow you to put them to practice using the SQL Interpreter.
TABLE BASICS
A relational database system contains one of more objects called tables. The data or
information for the database is stored in these tables. Tables are uniquely identified by their
names and are comprised of columns and rows. Columns contain the column name, data
type, and any other attributes for the column. Rows contain the records or data for the
columns.
SELECTING DATA
The select statement is used to query the database and relatives selected data that
match the criteria that you specify. Here is the format of a simple select statement.
Select “column1” [,”column2”, etc] from “table name”
[Where “condition”]; [ ] =optional
The column names that follow the select keyword determine which columns will be
returned in the results. The system can select as many column names that you’d like, or you
can use a “*” to select all columns. The table name that follows the keyword from specifies
the table that will be queried to retrieve the desired results.
The where clause (optional) specifies which data values or rows will be
returned or displayed, based on the criteria described after the keyword where.
Conditional selections used in the where clause
= Equal
> Greater than
< Less than
>= Greater than or equal
<= Less than or equal
<> Not equal to
LIKE
The LIKE pattern matching operator can also be used in the conditional selection of
the where clause. Like is a very powerful operator that allows you to select only rows that are
“Like” what you specify. The percent sign “%” can be used as a wild card to match any
possible character that might appear before or after the characters specified.
For example
Select first, last, city
From empinfo
Where first LIKE ‘Er%’;
This SQL statement will match any first names that start with ‘Er’. Strings must be in
single quotes. Or the systemcan specify
Select first, last
From empinfo where last LIKE ‘%s’;
This statement will match any last names that end in‘s’.
Select * from user
Where first = ‘Erie’;
This will only select rows where the first name equals ‘Erie’ exactly.
CREATING TABLES
The create tables statement is used to create a new table. Here is the format of a
simple create table statement.
Create table “table name”

(“column1” “data type”,
“column2” “data type”,
“column3” “data type”);
FORMAT FOR CREATING TABLE BY USING OPTIONAL CONSTRAINTS
Create table “table name”

(“column1” “data type”
[Constraints],
“column2” “data type”
[Constraints],
“column3” “data type”
[Constraints],
[ ] = optional)
To create a new table, enter the keywords create table followed by the table name,
followed by an open parenthesis , followed by the first column name, followed by the data
type for that column, followed by any optional constraints, any followed by a closing
parenthesis before the beginning table and a closing parenthesis after the end of the last
column definition. Make sure you separate each column definition with a comma. All SQL
statements should end with a “;”.
The table and column names must start with a letter and can be followed by letters,
numbers, or underscore – not to exceed a total of 30 characters in length. Do not use any
SQL reserved keywords as names for tables or column names (such as “select”, “create”,
“insert”, etc).Data types specify what the types of data can be for that particular column. If a
column called “Last Name” is to be used to hold names, then that particular column should
have a “VarChar” (variable-length character) data type.
COMMON DATA TYPES
Char(size) Fixed-length character string. Size is specified in parenthesis.

Max 255 bytes.
VarChar (size) Variable-length character string. Max size is specified in
parenthesis.
Number (size) Number value with a max number of columns digits specified in
parenthesis.
Date Date value
Number(size, d) Number value with a maximum number of digits of “size” total,
with a maximum number of “d” digits to the right of the decimal
Number(size, d) Number value with a maximum number of digits of “size” total,
with a maximum number of “d” digits to the right of the decimal.
What are constraints? When tables are created, it is common for one or more
columns to have constraints associated with them. A constraint is basically a rule associated
with a column that the data entered into that column must follow. For example, a ‘unique”
constraints specifies that no two records can have the same value in a particular column. They
must all be unique.
The other two most particular constraints are “not null” which specifies that a column
can’t be left blank, and “primary key”. A “primary key” constraint defines a unique
identification of each record (or row) in a table. Constraints can be entered in this SQL
interpreter, however, they are not supported in this Intro to SQL tutorial & interpreter. They
will be covered and supported in the future release of the Advanced SQL tutorial- that is, if
“response” is good.
INSERTING INTO A TABLE
The insert statement is used to insert or add a row of data into the table. To insert
records into a table, enter the key words insert into followed by the table name, followed by
an open parenthesis, followed by a list of column names separated by commas, followed by a
closing parenthesis, followed by the keyword values, followed by the list of values enclosed
in parenthesis. The values that you enter will be held in the rows and they will match up with
the column names that you specify. Strings should be enclosed in single quotes, and numbers
should not.
Insert into “table name”
(First column...last column)
Values (first value...last value);
UPDATING RECORDS
The update statement is used to update or change records that match specified criteria.
This is accomplished by carefully constructing a where clause.
Update “table name”
Set “column name”= “new value”
[ ,”next column” = “newvalue2”...]
Where “column name” OPERATOR “value”
[and/or “column” OPERATOR “value”];
DELETING RECORDS
The delete statement is used to delete records or rows from the table.
Delete from “table name”
Where “column name”
OPERATOR “value”
[and/or “column”
OPERATOR “value”]
To delete an entire record/row from a table, enter “delete form” followed by the table
name, followed by the where clause which contains the conditions to delete. If you leave off
the where clause, all records will be deleted.
DROP A TABLE
The drop table command is used to delete a table and all rows in the table. To delete
an entire table including all of its rows, issue the drop table command followed by the table
name. Drop table is different from deleting all of the records in the table. Deleting all of the
records in the table leaves the table including column and constraint information. Dropping
the table removes the table definition as well as all of its rows.
Drop table “table name”
TABLE JOINS
All of the queries up until this point have been useful with the exception of one major
limitation- that is, you’ve been selecting from only one table are a time with your SELECT
statement. It is time to introduce you to one of the most beneficial features of SQL &
relational database system – the
Joins allow you to link data from two or more tables together into a single query result
– from one single SELECT statement. A “join” can be recognized in a SQL SELECT
statement if it has more than one table after the FROM keyword.
3. PROJECT DESCRIPTION
3.1 MODULES
 Registration
 Login
 Generation of otp
 Authenticating the user
 Change of password/colour code
 Availing services
 Generating reports
3.2 MODULES DESCRIPTION
REGISTRATION:
In this module registration of new user who wants to access the service takes
place. When a user wants to create account they can make use of this module. It involves
collection of details such as their name, address, phone number, date of birth, city and the
user is also asked to choose the color codes .On the end of the phase user will be given
userId, password and color code. All the details will be stored in to database. The user can
then use these credentials to log into the system.
LOGIN:
In this module, the user will be asked to give his user ID and password .When the user
fed password matches with one corresponding to that userid ,he will prompted to next phase
i.e. choosing color code. Either the password or the color code is not valid the user will not be
allowed to continue log into the systems. Session validations are also given. So no one can
gain access to some other page without having right credentials.
GENERATION OF OTP:
After successful login, a random OTP will be generated and is send to the registered
Emailed and it will be stored into the database for future reference. The user can use that OTP
to log into the system. The user entered OTP will be checked with the one that is stored in the
DB. This OTP can be used for that login session only. Once logged out the user again need to
give his password, color code and OTP will be generated again and is send to the mail ID.
Thus by giving three level of security the system can be less vulnerable to get attacked.
AUTHENTICATING THE USER:
Authentication is an important thing whenever the information holds high value. In
this system the user has to be authenticated as it involves transaction of money. The user
entered password, OTP and color code will be validated against the one stored in the
database. If the credentials are correct the user can able to do the transactions and generate
reports. Otherwise the user will be given ‘invalid user’ message.
CHANGE OF PASSWORD/COLOUR CODE:
The user will be given the provision of changing his/her password or color code if he
forgets the password. The user will be asked for some security questions which he has given
during registration. If he answered right some verification code will be sent to the registered
mail id. The user has to feed that verification code to the system , if correct he can change his
password /color code.
AVAILING SERVICES:
The user after giving his credentials, he can able to do use the services provided by
the E-governance system. He can exit the application by clicking exit button. Thus by
enhancing the security features, the services can be used by the valid persons and the integrity
of the system is thus maintained. The system is implemented with session validations. So no
one is given the access to move direct to the page without login
GENERATING REPORTS:
The Admin can view all the reports of the customers. The admin is having separate
Login as he holds the power of viewing all the transactions for a particular user and even for
all the users. The user can able to view reports for the usage of services by customers in
previous month and the current month. By giving date as input the user can view the reports
for that particular date.
4. SYSTEM DESIGN
4.1 SYSTEM ARCHITECTURE
4.2 UML DIAGRAMS
4.2.1 USE CASE DIAGRAMS
4.2.2 CLASS DIAGRAM

User1
OTP Generation
+userid
+pwd +userid
+colorcode +otp
+OTP +mailid
+authenticate() +sendotp()
+if forgets pwd/color code
change of pwd/colorcode System Admin Generate Reports

+userid +userid +userid
+getquestion() +pwd +currentmonthreport()
+validateans() +reportbydate()
+generatecode()
+change pwd/colorcode()
Authentication
+userid
+pwd
+otp
+colorcode
+validatepwd()
+validateotp()
+validatecolorcode()
4.2.3 COLLABORATION DIAGRAM

OTP GENERATION
3 : admin generates OTP()
SYSTEM ADMIN
2
REGISTRATION
GENERATE REPORTS
1 : registration of user() 8
7
LOGIN
GENERATION OF SECURITY QUESTION
: User
4 : user logs in to the system()
6 : requests for change of pwd/color code()
5 : system validates user() CHANGE OF PWD/COLOR CODE

AUTHENTICATION
AVAIL SERVICES
4.2.4 ACTIVITY DIAGRAM

Registration
Login
Entry of color code
Entry of OTP
Validation of pwd& color code &

& OTP
Change of pwd/color code Avail Services
Retrieval of security code for corresponding userid Generate Reports
Sending Verification code for registered mailid
update of changed pwd/color code
Avail Services
Generate Reports
4.2.5 SEQUENCE DIAGRAM

Registration Login Entry of color code Entry of OTP Authentication Avail Services Forgot password Change of pwd/color code Reports Admin
: User
1 : Registration of user()
2 : user logs into the system()
3
4 : validates password()
5 : User will enter the color code()

6
7 : validates color code()
8 : user will enter the OTP generated by the admin from mailID()
9
10 : validation of OTP()
11
12 : request for change of pwd/color code()
13 : Generation of security question()

14
15 : Generation of reports()
CASE TOOL FOR ANALYSIS

CASE Building Blocks:
CASE Tools
Integration Framework
Portability Services
Operating System
Hardware Platform
Environment Architecture
 To test the developed software
 To maintain the implemented software
 To trained the new people in software development
 To get clear idea about software engineering processes
The compilers, editors and debuggers those are available to support most
conventional programming languages. Web development tools include to the generation of
text, graphics, forms, scripts and other elements of a web page.
UML
Unified Modeling Language (UML) is a standardized visual specification

language for object modeling. UML is a general-purpose modeling language that includes a
graphical notation used to create an abstract model of a system, referred to as a UML
model.
INPUT DESIGN AND OUTPUT DESIGN
INPUT DESIGN
The input design is the link between the information system and the user. It comprises
the developing specification and procedures for data preparation and those steps are
necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur by
having people keying the data directly into the system. The design of input focuses on
controlling the amount of input required, controlling the errors, avoiding delay, avoiding
extra steps and keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design considered the
following things:’
 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error occur.
OBJECTIVES
1. Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.
2.It is achieved by creating user-friendly screens for the data entry to handle large volume of
data. The goal of designing input is to make data entry easier and to be free from errors. The
data entry screen is designed in such a way that all the data manipulates can be performed. It
also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in
maize of instant. Thus the objective of input design is to create an input layout that is easy to
follow
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to
other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and
direct source information to the user. Efficient and intelligent output design improves the
system’s relationship to help user decision-making.
1. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.
2. Select methods for presenting information.
3. Create document, report, or other formats that contain information produced by the system.
The output form of an information system should accomplish one or more of the following
objectives.
 Convey information about past activities, current status or projections of the

 Future.
 Signal important events, opportunities, problems, or warnings.
 Trigger an action.
 Confirm an action.
FEASIBILITY STUDY
Technical Feasibility
All code is written in .NET programming language. .NET has true cross platform
development features. The software requirements for the project are minimal. The
software .NET is easily available online. The hardware support too is very minimal and is
found in almost all systems today. Issues like processor and memory need not be considered
since the software requires only the basic configuration and is independent otherwise. Adding
to the previous point, the software also requires only less number of processor cycles. Hence
it can be concluded that the project is technically feasible.
Economic Feasibility
The project can be said to be economically feasible since the resources for producing
the software are minimum. The coding language is .NET, which is freely available and can be
downloaded from website. As the project doesn’t involve any hardware (pure software), the
cost of hardware doesn’t exist: hence it is economically feasible.
Operation Feasibility
Since the entire project is coded in .NET, the platform independency advantage can
be used to the fullest. It can be run on any machine irrespective of platform, hardware
configuration and other details. If the processor speed of the machine on which it is run, is as
high as the order of 2.80 GHz, faster execution rates can be achieved for even high value of
bit size.
5. SYSTEM IMPLEMENTATION
5.1 SCREEN SHOT
Home page
Registration
Send OTP
Gmail Inbox
OTP
Color Code
5.2 SOURCE CODE
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
publicpartialclassuserregistration : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
}
protectedvoid TextBox1_TextChanged(object sender, EventArgs e)
{
SqlConnection con = newSqlConnection("Data Source=admin-pc;initial
catalog=goverment;user id=sa;pwd=123");
con.Open();
SqlCommand cmd = newSqlCommand("select*from regform where
username='" + TextBox1.Text + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Label1.Text = "User Name is Already Exist";
this.Label1.ForeColor = Color.Red;
}
else
{
Label1.Text = "UserName is Available";
}
}
protectedvoid Button1_Click(object sender, EventArgs e)
{
try
{
Session["username"] = TextBox1.Text.Trim();
Session["mail"] = TextBox5.Text.Trim();
//you can use disconnected architecture also,here i have used

connected architecture.
SqlConnection con = newSqlConnection("Data Source=admin-pc;initial
catalog=goverment;user id=sa;pwd=123");
con.Open();
String str = "insert into regform values('" + TextBox1.Text + "','"
+ TextBox2.Text + "','" + TextBox4.Text + "','" + TextBox5.Text +
"','" + TextBox6.Text + "','" + TextBox7.Text + "')";
SqlCommand cmd = newSqlCommand(str, con);
cmd.ExecuteNonQuery();
Response.Redirect("typecolor.aspx");
}
catch (Exception ex)
{
string msg = ex.Message;
Response.Write(msg);
}
}
using System;
using System.Linq;
using System.Web;
using System;
using System.Web.Services;
using System.Web;
using System.Data;
publicpartialclasstypecolor : System.Web.UI.Page
{
{
}
[WebMethod]
publicstaticstring InsertMethod(string Name, string Email)
{
SqlConnection con = newSqlConnection("Data Source=.;Initial
Catalog=adt;User ID=sa;Password=123");
{
SqlCommand cmd = newSqlCommand("update mani set name='"+Name+"'
where email='"+Email+"'", con);
{
con.Open();
return"True";
}
}
}
}
protectedvoid Button1_Click(object sender, System.EventArgs e)
{
Response.Redirect("homepage.aspx");
}
using System;
using System.Linq;
using System.Web;
using System.Data;
publicpartialclassclient1login : System.Web.UI.Page
{
SqlConnection con = newSqlConnection();
SqlCommand cmd = newSqlCommand();
SqlDataAdapter da;
DataSet ds;
DataTable dt;
SqlDataReader dr;

{
Label1.Visible = false;
con.ConnectionString = "data source=admin-pc;initial
catalog=goverment;user id=sa;pwd=123";
}
protectedvoid Login1_Authenticate(object sender,
AuthenticateEventArgs e)
{
}

{
Session["user"] = TextBox1.Text.ToString();
con.Open();
cmd = newSqlCommand("select * from regform where mail='" +
TextBox1.Text + "'and password ='" + TextBox2.Text + "'", con);
dr = cmd.ExecuteReader();
if (dr.Read())
{
Response.Redirect("regform.aspx");
}
else
{
Page.RegisterStartupScript("UserMsg",
"<script>alert('Invalid User');</script>");
}
}
}
using System;
using System.Linq;
using System.Web;
using System;
using System.IO;
publicpartialclassservice : System.Web.UI.Page
{
string strCon = "Data Source=admin-pc;user id=sa;pwd=123;Initial
Catalog=threetier";
{
if (!IsPostBack)
{
BindGridviewData();
}
if (Session["s1"] == ""&& Session["s2"] == "")
{
Response.Redirect("client1login.aspx");
}
}
// Bind Gridview Data
privatevoid BindGridviewData()
{
using (SqlConnection con = newSqlConnection(strCon))
{
using (SqlCommand cmd = newSqlCommand())
{
cmd.CommandText = "select * from userfiles";
cmd.Connection = con;
con.Open();
gvDetails.DataSource = cmd.ExecuteReader();
gvDetails.DataBind();
con.Close();
}
}
}
// Save files to Folder and files path in database
protectedvoid btnUpload_Click(object sender, EventArgs e)
{
}
// This button click event is used to download files from gridview
protectedvoid lnkDownload_Click(object sender, EventArgs e)
{
LinkButton lnkbtn = sender asLinkButton;
GridViewRow gvrow = lnkbtn.NamingContainer asGridViewRow;
int fileid =
Convert.ToInt32(gvDetails.DataKeys[gvrow.RowIndex].Value.ToString())
;
string name, type;
{
{
cmd.CommandText = "select FileName, FileType,
FileData from userfiles where Id=@Id";
cmd.Parameters.AddWithValue("@id", fileid);
con.Open();
if (dr.Read())
{
Response.ContentType =
dr["FileType"].ToString();
Response.AddHeader("Content-Disposition",
"attachment;filename=\"" + dr["FileName"] + "\"");
Response.BinaryWrite((byte[])dr["FileData"]);
Response.End();
}
}
}
}
protectedvoid ImageButton1_Click(object sender, ImageClickEventArgs
e)
{
string filename = Path.GetFileName(fileUpload1.PostedFile.FileName);
Stream str = fileUpload1.PostedFile.InputStream;
BinaryReader br = newBinaryReader(str);
Byte[] size = br.ReadBytes((int)str.Length);
{
{
cmd.CommandText = "insert into
userfiles(FileName,FileType,FileData) values(@Name,@Type,@Data)";
cmd.Parameters.AddWithValue("@Name", filename);
cmd.Parameters.AddWithValue("@Type",
"application/.jpg/doc/pdf");
cmd.Parameters.AddWithValue("@Data", size);
con.Open();
con.Close();
BindGridviewData();
}
}
}
{
//Response.Redirect("homepage.aspx");
}
{
Session["s1"] = "";
Session["s2"] = "";
Response.Redirect("homepage.aspx");
}
}
using System;
using System.Linq;
using System.Web;
using System.Data;
using System.Drawing;
using System.Configuration;
publicpartialclassuserregistration : System.Web.UI.Page
{
{
}
protectedvoid TextBox1_TextChanged(object sender, EventArgs e)
{
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["three"].Connec
tionString);
con.Open();
SqlCommand cmd = new SqlCommand("select*from userdetails
where username='" + TextBox1.Text + "'", con);
if (dr.Read())
{
Label1.Text = "User Name is Already Exist";
}
else
{
Label1.Text = "UserName is Available";
}
}
{
try
{
Session["username"] = TextBox1.Text.Trim();
Session["mail"] = TextBox5.Text.Trim();
//you can use disconnected architecture also,here i have used

connected architecture.
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["three"].Connec
tionString);
con.Open();
String str = "insert into userdetails values('" +
TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox4.Text +
"','" + TextBox5.Text + "','" + TextBox6.Text + "','" +
TextBox7.Text + "')";
SqlCommand cmd = new SqlCommand(str, con);
Response.Redirect("typecolor.aspx");
}
{
string msg = ex.Message;
Response.Write(msg);
}
}
using System;
using System.Linq;
using System.Web;
using System;
using System.Web;
using System.Data;
publicpartialclassmax : System.Web.UI.Page
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["three"].Con
nectionString);
SqlCommand cmd = newSqlCommand();
SqlCommand cmd1 = newSqlCommand();
SqlDataAdapter da;
SqlDataReader dr;
DataSet ds;
{
con.Open();
SqlCommand cmd = newSqlCommand("select max(id) from outputcolor ",

con);
int lastId = (int)cmd.ExecuteScalar();
SqlCommand cmd1 = newSqlCommand("select * from outputcolor where
id=" + lastId + "", con);
da = newSqlDataAdapter(cmd1);
ds = newDataSet();
da.Fill(ds);
//ddcmpnyname.DataTextField = "CompanyName";
//ddsalrypm.DataTextField = "SalaryPM";
//ddslaryperann.DataTextField = "SalaryPA";
for (int i = 0; i < ds.Tables[0].Rows.Count; i++)
{
Label1.Text = ds.Tables[0].Rows[i][1].ToString();
Label2.Text = ds.Tables[0].Rows[i][2].ToString();
}
}
try
{
Session["s1"] = Label1.Text.ToString();
Session["s2"] = Label2.Text.ToString();
SqlCommand cmd2 = newSqlCommand("select * from inputcolor where
name='" + Label1.Text + "' and email='" + Label2.Text + "' ", con);
dr = cmd2.ExecuteReader();
if (dr.Read())
{
Response.Redirect("service.aspx");
}
else
{
Response.Redirect("error.aspx");
}
}
{
string msg;
msg = ex.ToString();
Response.Write(msg.ToString());
}
}
using System;
using System.Linq;
using System.Web;
using System;
using System.Web;
using System.Data;
publicpartialclassmani : System.Web.UI.Page
{
{
}
[WebMethod]
publicstaticstring InsertMethod(string Name, string Email)
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["three"].Con
nectionString);
con.Open();
{
SqlCommand cmd = newSqlCommand("insert into outputcolor values ('"
+ Name + "','" + Email + "')", con);
{
return"True";
{
}
}
}
}
{
Response.Redirect("max.aspx");
using System;
using System.Collections;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
publicpartialclassDefault2 : System.Web.UI.Page
SqlConnection con =
newSqlConnection(ConfigurationManager.AppSettings["ConnectionString"]);
con.Open();
SqlCommand cmd = newSqlCommand("insert into carcomp values('" + TextBox1.Text + "','"
+ TextBox2.Text + "','" + TextBox3.Text + "','" + DropDownList3.Text + "','" +
TextBox4.Text + "','" + DropDownList1.Text + "','" + TextBox5.Text + "','" + TextBox6.Text
+ "','" + DropDownList2.Text + "','" + TextBox7.Text + "')", con);
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
TextBox3.Text = "";
DropDownList3.Text = "";
TextBox4.Text = "";
//DropDownList1.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
TextBox7.Text = "";
// RegisterStartupScript("msg", "<script>alert('Registered Successfully...!')</script>");
RegisterStartupScript("msg", "<script>alert(' complain register successfully')</script>");
}
using System;
using System.Data;
using System.Linq;
using System.Web;
SqlConnection con =
{
}
con.Open();
SqlCommand cmd = newSqlCommand("insert into buscomp values('" + TextBox1.Text +
"','" + TextBox2.Text + "','" + TextBox3.Text + "','" + DropDownList3.Text + "','" +
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
TextBox3.Text = "";
TextBox4.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
TextBox7.Text = "";

}
using System;
using System.Data;
using System.Linq;
using System.Web;
SqlConnection con =

{
con.Open();
SqlCommand cmd = newSqlCommand("insert into traincomp values('" + TextBox1.Text +
"','" + TextBox2.Text + "','" + DropDownList4.Text + "','" + DropDownList3.Text + "','" +
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
TextBox4.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
TextBox7.Text = "";

using System;
using System.Linq;
using System.Web;
using System.Data;
namespace bhel.Account
{
publicpartialclassRegister : System.Web.UI.Page
{

{
if (!IsPostBack)
{
LoadUserType();
}
}
protectedvoid CreateUserButton_Click(object sender, EventArgs e)

{
string uname = "";

string password = "";
string addr = "";
string phone = "";
string email = "";
string state = "";
string city = "";
string country = "";
String strQuery = "";
DatabaseClass db = newDatabaseClass();
try
{
uname = UserName.Text;
password = Password.Text;
addr = Address.Text;
phone = Phone.Text;
email = Email.Text;
state = State.Text;
city = City.Text;
country = Country.Text;
strQuery = "INSERT INTO
UserDetails(UserTypeId,UserName,Password,Address,Phone,EmailId,State
,City,Country,UpdatedOn)" +
"values('" + ddlUserType.SelectedValue + "','" + UserName.Text +
"','" + Password.Text + "','" + Address.Text + "','"
+ Phone.Text + "','" + Email.Text + "','" +
State.Text + "','" + City.Text + "','" + Country.Text + "','" +
DateTime.Now + "')";
db.OpenDB();
db.Execute(strQuery);
db.CloseDB();
Response.Write("<script>alert('Your details has been
sucessfully Updated')</script>");
Response.Redirect("Login.aspx");
}
{
}
}
publicvoid LoadUserType()
{
DataTable dtUserType = newDataTable();
string strQuery = "";
DatabaseClass db = newDatabaseClass();
try
{
db.OpenDB();
strQuery = "select * from UserTypes where UserType
<> 'Admin' ";
dtUserType = db.OpenTable(strQuery);
db.CloseDB();
ddlUserType.Items.Clear();
if (dtUserType.Rows.Count > 0)
{
ddlUserType.Items.Add(newListItem("Select
UserType", "0"));
ddlUserType.DataSource = dtUserType;
ddlUserType.DataTextField = "UserType";
ddlUserType.DataValueField = "UserTypeId";
ddlUserType.DataBind();
}
}
{
Response.Write(ex.Message);
}
}
}
using System;
using System.Linq;
using System.Web;
namespace bhel
{
publicpartialclassProductSelection : System.Web.UI.Page
{
{

e)
{
Response.Redirect("PaymentProcess.aspx?img=1");
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}

e)
{
}
e)
{
}

e)
{
}
}
}
using System;
using System.Linq;
using System.Web;
using System.Data;
publicpartialclassPaymentProcess : System.Web.UI.Page
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].Co
nnectionString);
string selection = "";

{
con.Open();
Label7.Text = Session["a"].ToString();
TxtAddress2.Text = DateTime.Now.ToString("dd/MM/yyyy");
TxtAddress2.ReadOnly = true;
selection = Request.QueryString["img"];
if (selection == "1")
{
selectedImage.Src = "productImages/01-bb-05.jpg";
productText.Text = "Class 1500 Blow Down Valve -
Materials";
productprice.Text = "25000";
}
elseif (selection == "2")
{
selectedImage.Src = "productImages/01-bb-01 - Copy.jpg";
productText.Text = "Class 800 Blow Down Valve - Chart";
}
{
productText.Text = "Class 1500 Blow Down Valve";
}
{
productText.Text = "Class 1500 Blow Down Valve -
Dimensions";
TESTING
Software testing is a critical element of a software quality assurance and represents

the ultimate reviews of specification, design and coding. Testing presents an interesting
anomaly for the software. During earlier definition and development phases, it was attempted
to build software from an abstract concept to a tangible implementation.
The testing phase involves the testing of the developed system using various test data.
Preparation of test data plays a vital role in the system testing. After the preparing the test
data system under study was tested using those test data. While testing the system by using
test data, errors were found and corrected by using following testing steps and corrections are
also noted for future use.
Thus, a series of testing was performed for the proposed system before the system
was ready for the implementation.
Testing Objectives:
There are several rules that can server as testing objectives. They are
 Testing is a process of executing a program with the intent of finding an
error.
 A good case is one that has a high probability of finding an undiscovered
error.
 A successful test is one that uncovers an undiscovered error.
 If testing is conducted successfully according to the objectives stated
above, it will uncover errors in the software. Also testing demonstrates that
software functions appear to the working according to specifications that
performance requirements appear to have been set.
Types of Testing:
The various types of testing done on the system are:
 Unit Testing
 Integration Testing
 Validation Testing
 Output Testing
 System Testing
 Performance Testing
 User Acceptance Testing
Unit Testing:
Unit testing focuses verification effort on the smallest unit of software design the
module. This is also known as module testing. The unit testing is always white box oriented
and the step can be contacted in parallel for modules. In this testing each module is found to
be working satisfactory as regards to the expected output from the module.
Integration Testing:
Integration testing is a symmetric technique for constructing the program structure
while at the same time conducting tests to uncover errors associated with interfacing. The
objectives is to take unit tested modules and build a program structure that has been dictated
by design.
A set of errors encountered. Correction is difficult because the isolation of causes is
complicated by the vast expense of the entire program. Using integrated test plans prepare in
the design phase of the system development as guide, the integration testing was carried out.
All the errors found in the system were corrected of the next testing steps.
Validation Testing:
All the culmination of integration testing, software is completely assembled as
package, interfacing error have been uncovered and corrected and a final series of software
tests – the validation testing begins. Validation testing can be defined in many ways, but a
simple definition is that validation succeeds when the software functions in a manner that can
be reasonably expected by the user/customer. Software validation conformity is followed
with the following requirements
 The function or performance characteristics conform to specification and are
accepted.
 A deviation from specification uncovered and a deficiency list is created.
Output Testing:
The output generate or displayed by the system under consideration are tested by
asking the users about the format required by them. Here, the format is considered into two
ways. One is on the screen and the other is printed format.
The output format on the screen is found to be correct as the format was designed in
the system design phase according to the user needs. The output testing does not result any
correction in the system.
System Testing:
System testing is series of different tests whose primary purpose is to fully exercise
the computer based system. Although each test has a different purpose, all the work should
verify that all system elements have been properly integrated and perform allocated
functions.
Performance Testing:
This testing is designed to test the runtime performance of software within the context
of an integrated system. This testing occurs throughout all steps in the testing process.
User Acceptance Testing:

User acceptance of the system is the key factor for the success of any system. The
system under consideration was tested for the user acceptance by constantly keeping in touch
with the prospective system users at the time of developing and making change were ever
required. This is done in regard to the following points:
 Input screen design
 Output screen design
 On-line message to guide the user
 Menu-driven system
Format of ad-hoc report and other outputs.
6.CONCLUSION
This system “THREE TIER SECURITY SYSTEMS IN E-GOVERNANCE” has
solved all the problems existed in previous systems. Since this system has doubled the level
of authentication the percentage of cracking the system became negligible. Thus the user
feels free to use the system and he can be sure that his credentials have been protected. As the
system gives the opportunity to change his PWD/color code even if he forgets he can able to
change the credentials provided he is the valid user. The system is simple and user-friendly
and they can avail the services easily.
7. REFERENCES
[1] Message Security Using Armstrong Numbers and Authentication Using Colors-Gayatri
Kulkarni , Pranjali Gujar, Madhuri Joshi, Shilpa Jadhav.
[2] Authentication Schemes For Session Passwords Using Color And Images- M Sreelatha ,
M Shashi, M Anirudh ,Md Sultan Hamer V Manoj Kumar
[3] A Novel 2 Step Random Colored Grid Graphical Password Authentication System -
P.V.S Sriram G.Sri Swetha
[4] Secure Authentication For Online Banking Using QR Code-Sonawane Shamal,Khandave

Monika.
[5] A File Authentication System Using Hand Gesture Passcodes- Karthik, K.Varalakshmi,
Dr.S.Ravi.

Three - Bdu

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Three - Bdu

Uploaded by

Copyright:

Available Formats

CHAPTER NO. TITLE PAGE NO.

1.1 Problem Definition

2.1 Existing System

2.2 Proposed System

2.3 System Requirements

2.3.1 Hardware Specification

2.3.2 Software Specification

2.3.3 About Software

5.1 Sample Screens

5.2 Sample Source Code

2.1 EXISTING SYSTEM

2.2 PROPOSED SYSTEM

The proposed system is ‘THREE TIER SECURITY PATTERN FOR

 Double the level of authentication while making transactions.

2.3.1 SOFTWARE SPECIFICATION

2.3.2 HARDWARE SPECIFICATION

NET FRAMEWORK IN CONTEXT

.NET Framework in context

FEATURES OF THE COMMON LANGUAGE RUNTIME

The runtime also enforces code robustness by implementing a strict type-and-code-

In addition, the managed environment of the runtime eliminates many common

The runtime is designed to enhance performance. Although the common language

Finally, the runtime can be hosted by high-performance, server-side applications, such

.NET FRAMEWORK CLASS LIBRARY

CLIENT APPLICATION DEVELOPMENT

Client applications are the closest to a traditional style of application in Windows-

SERVER APPLICATION DEVELOPMENT

Server-side applications in the managed world are implemented through runtime

SERVER-SIDE MANAGED CODE

Server-side managed code

XML Web services, an important evolution in Web-based technology, are distributed,

 Cross- language integration, especially cross- language inheritance.

REMOTING OR MARSHALING DATA BETWEEN TIERS AND

An overview of remoting services can be found in the .NET Remoting Overview.

.NET FRAMEWORK DATA PROVIDERS

A .NET Framework data provider is used for connecting to a database, executing

THE .NET FRAMEWORK DATA PROVIDER FOR SQL SERVER

Microsoft C# (pronounced C sharp) is a new programming language designed for

C# is introduced as Visual C# in the Visual Studio .NET suite. Support for Visual C#

C# (pronounced “See Sharp”) is a simple, modern, object-oriented, and type safe

Visual C#.NET is Microsoft’s C# development tool. It includes an interactive

C# is an object-oriented language, but C# further includes support for component-

Several C# features aid in the construction of robust and durable applications:

C# 2.0 introduces several language extensions, including Generics, Anonymous

 Generics permit classes, structs, interfaces, delegates, and methods to be

ASP.NET provides a unique approach toward web application development, so one

CROSS – LANGUAGE DEVELOPMENT

ASP.NET PAGE SYNTAX

<% @ page language =”VB” […] %>

Code Declaration Blocks

<script run at=”server” […]>

CUSTOM CONTROL SYNTAX

CUSTOM SERVER CONTROLS

<ASP: Textbox id=”My Tbi” run at=”server”>

SERVER CONTROL PROPERTY

<ASP: Textbox maxlength=”80” run at=”server”>

<ASP: Label font-size=”14” run at=”server”>

SERVER CONTROL EVEN BINDING

DATA BINDING EXPRESSION

SERVER-SIDE OBJECTS TAGS

<object id=”id” run at=”server”

SERVER-SIDE INCLUDE DIRECTIVES

<!-#include pathtype=filename -->