The objective of this lab was to implement a Role-Based Access Control (RBAC) mechanism for the Pine Valley Furniture Company web application. This lab works further upon previous labs and improves the database schema and application logic. It support multiple user roles such as Customer, and Employee.
RBAC ensures that users can only access functionalities that are permitted based on their role.
The database schema was extended to support roles by adding a new ROLE_t table and linking it with existing tables.
ROLE_t --------------------------------- Role_Id (PK) Role_Name EMPLOYEE_t (Updated) --------------------------------- Employee_Id (PK) Employee_Name Email User_Password Role_Id (FK) CUSTOMER_t (Updated) --------------------------------- Customer_Id (PK) Customer_Name Email User_Password Role_Id (FK)
The application uses ASP.NET Web Forms with VB.NET and connects to SQL Server using ADO.NET classes such as SqlConnection, SqlCommand, and SqlDataReader.
Session variables are used to maintain login state and role information across pages. Conditional checks are implemented on each page to enforce access restrictions.