Forms Authentication in Asp.net

Syedshakeer
Posted by in ASP.NET category on for Beginner level | Views : 6417 red flag
Rating: 4 out of 5  
 2 vote(s)

Form Authentication in web.config file
In Web.Config File

 

Here we show you a basic example of what a web.config file looks like when it has be set to use form authentication. I will go in further detail and explain the tags.

<?xml version="1.0"?>

<configuration>

<system.web>

  <authentication mode="Forms">

      <forms loginUrl="login.aspx" protection="All" timeout="30">

        <credentials passwordFormat="Clear">

           <user name="admin" password="adminpwd"/>

           <user name="coder" password="coderpwd"/>

        </credentials>

      </forms>

 </authentication>

<authorization>

      <!--After checking username and password ,Allow the user 'admin'and don't allow the user 'coder'-->

   <allow users="admin"/>

   <deny users="coder"/>

 </authorization>

            <compilation debug="true"/></system.web>

     

</configuration>

 

In web.config I use <authentication> tag.

 

<authentication> tag
Here we come to our first tag for authentication, which is then called <authentication>. We see that there is one attribute for this tag and it specifies the type of authentication that will be applied to this site. The choices are Windows|Forms|Passport|None. In this Article I am going to l focuses on Forms authentication

This <authentication > is used to check the user 'username' and 'password' is valid are not.Here username and password have to mention in a tag called <user>.it takes two attributes 'name' and 'password'.One <user> tag stores only one user username and password.if your going to check more than one user then you have to wrtie another <user> tag.

 

After checking User username and password by using <authentication> it goes to <authorization>.

 

<credentials> tag
This is an optional section if you want to specify the username/password combinations in here. We will first discuss authentication with passwords in the web.config file and I will later highlight how you can store the usernames and passwords in a database or XML file. The credentials tag also has an attribute called passwordFormat. Your choices for password format are: Clear|SHA1|MD5. We still stick with clear text passwords for now and talk about encrypting the passwords further down.

<authorization> authorization is used to give access rights to a particular user or more users.and it is alos used not to give access rights to a particular user or more users.

It has two tags <allow> and <deny>.it takes 'users' atributes.here users attributes is used to set a username or to give a username

 

Eg: <authorization>

      <!--After checking username and password ,Allow the user 'admin'and don't allow the user 'coder'-->

   <allow users="admin"/>

   <deny users="coder"/>

 </authorization>

 

Giving access to all users:

<authorization>

   <!--After checking username and password ,Allow all the users-->

   <allow users="*"/>

    </authorization>

Not to Allow any users :

 

<authorization>

   <!--After checking username and password ,Not to Allow any users-->

   <deny users="*"/>

    </authorization>

 

Giving Access to all unknown users:

<authorization>

  <!--After checking username and password ,Allow  all unknown users-->

   <allow users="?"/>

    </authorization>

 

Create a Login page with with two textboes as username and password, and keep one button as login

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

    <title>Untitled Page</title>

   

 

</head>

<body>

    <form id="form1" runat="server">

    <div>

        <asp:TextBox ID="username" runat="server" style="z-index: 100; left: 374px; position: absolute; top: 109px" Width="144px"></asp:TextBox>

        <asp:TextBox ID="password" textmode=Password cssclass="text"  runat="server" style="z-index: 101; left: 375px; position: absolute; top: 145px" Width="142px"></asp:TextBox>

        <asp:Button ID="Button1" runat="server" onclick="Login_Click" text="  Login  " cssclass="button" style="z-index: 102; left: 408px; position: absolute; top: 178px" />

        <asp:Label ID="Label1" runat="server" Style="z-index: 105; left: 283px; position: absolute;

            top: 111px" Text="User Name :"></asp:Label>

        <asp:Label ID="Label2" runat="server" Style="z-index: 104; left: 292px; position: absolute;

            top: 145px" Text="Password :"></asp:Label>

    </div>

    </form>

</body>

</html>

 

In login.aspx.cs page:

 

FormsAuthentication.Authenticate(username.Text, password.Text))

 

Authenticate() takes two arguments.it is used to Validate a username and password against credentials stored in configuaration file for an application.Authenticate method is to be used with 'FormsAuthentication' Class.

 

It Reutns Bool. If the username and password is not valid then you can use else part to show 'user is Invalid'

 

if (FormsAuthentication.Authenticate(username.Text, password.Text))

   {

               

  }

else

{

 Respone.Write("Invalid Login");

 }

 

 

If the username and password is valid it Redirect to another .aspx page as follows

 

Eg:

   if (FormsAuthentication.Authenticate(username.Text, password.Text))

   {

                FormsAuthentication.RedirectFromLoginPage(username.Text, true);

 

                Response.Redirect("secondpage.aspx");

            }

 

note:

If the username and password is valid and it checks the <authorization> which user have to send a particular page or not.if all conditons is true then it sends to a another page which page you want.

 

Valid Image:

 

 

The complete code in .aspx.cs

 

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

 

public partial class _Default : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

        Label4.Visible = false;

    }

    protected void Login_Click(object sender, EventArgs e)

    {

      

            if (FormsAuthentication.Authenticate(username.Text, password.Text))

            {

                FormsAuthentication.RedirectFromLoginPage(username.Text, true);

                Response.Redirect("secondpage.aspx");

            }

            else

            {

                Label4.Visible = true;

Thanks 

Page copy protected against web site content infringement by Copyscape

About the Author

Syedshakeer
Full Name: Syed Shakeer Hussiain P
Member Level:
Member Status: Member
Member Since: 2/5/2009 3:12:18 AM
Country: India
Syed Shakeer Hussain
http://www.dotnetfunda.com
Shakeer Hussain has completed his Master of Computer Applications degree from Deccan College of engg and technology of Osmania University.He is a MVM of www.dotnetspider.com.He has good experience in the areas of ASP.NET, C#.NET, VB.NET, SQL SERVER 2000/2005 and Windows Mobile. He has worked in Windows Mobile,Web Applicatin and ERP projects.

Login to vote for this post.

Comments or Responses

Login to post response

Comment using Facebook(Author doesn't get notification)