authentication implementation in asp.net application

Ankitsrist
Posted by Ankitsrist under ASP.NET category on | Points: 40 | Views : 1288
Introduction
hello techies,
here i will explain to implement authentication in our application, it is very important authenticate the user before using your application and redirect them to the webpage for which they are authorised to and prevent them to access another confidential pages
Procedure to Implement Authentication

Firstly make database tables with name authenti_login and make four columns id, name, password, role and add sample data in this table and dont forget to give role for eg. add three rows and give them a role admin,client,director respectively..then create new website in VS, and add three folder in root directory name as follows..
1)admin
2)client
3)director
after this add 1 new webpage in each folder...
then create login.aspx page as follows
  <div>
<br />
<table>
<tr>
<td style="width: 100px">
name</td>
<td style="width: 100px">
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td style="width: 100px">
password</td>
<td style="width: 100px">
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td style="width: 100px">
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="submit" /></td>
<td style="width: 100px">
</td>
</tr>
</table>
</div>

and in login.aspx.cs page right below coding

public partial class _Default : System.Web.UI.Page
{
Class1 db = new Class1();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
db.myconnection();
SqlCommand cmd = new SqlCommand("select name, password, role from authenti_login where name=@name and password=@password", db.con);
cmd.Parameters .Add ("@name", SqlDbType.VarChar ,50).Value=TextBox1.Text ;
cmd.Parameters .Add ("@password", SqlDbType.VarChar ,50).Value=TextBox2.Text;
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.HasRows)
{
sdr.Read();
//issuing ticket
FormsAuthenticationTicket tk = new FormsAuthenticationTicket(1, TextBox1.Text, DateTime.Now, DateTime.Now.AddHours(3), false, sdr[2].ToString(), FormsAuthentication.FormsCookiePath);
//encrypting ticket
string s = FormsAuthentication.Encrypt(tk);
//adding cookie
HttpCookie cook = new HttpCookie(FormsAuthentication.FormsCookieName, s);
Response.Cookies.Add(cook);
Response.Redirect("checkuser.aspx");
}
else
{
Response.Write("not valid/unknown");
}
}
}

note:- as i have taken separate class for establish connection with the DB and accessing that class by making its object in each page,u can make changes according to ur needs

add another page checkuser.aspx as follows
and add functionality in its page load section

public partial class checkuser : System.Web.UI.Page
{
Class1 db=new Class1 ();
protected void Page_Load(object sender, EventArgs e)
{
db.myconnection();
if(User.IsInRole("admin"))
{
Response.Redirect("admin/adminpage.aspx");
}
else if(User .IsInRole("client"))
{
Response .Redirect("client/clientpage.aspx");
}
else if (User .IsInRole("director"))
{
Response .Redirect("director/directorpage.aspx");
}
else
{
Response .Redirect("login.aspx");
}
}
}

note:- this page will check the role of the logedd in user as u have given in Db table authenti_login, and redirect them according to their roles

and then add the code in web config file it plays a major role in authentication process this web.config file is of root directory but u can make separate web.config file in each folder(only one .config file in each folder is allowed)

</httpModules>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Client">
<system.web>
<authorization>
<allow roles="client"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Director">
<system.web>
<authorization>
<allow roles="director"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

now add Global.asax page actualy its reponsibility is to handle application level events which is raised by asp.net or by httpModule

<%@ Application Language="C#" %>
<%@ Import Namespace ="System.Security.Principal" %>

<script runat="server">
void Application_Start(object sender, EventArgs e)
{
}
void Application_End(object sender, EventArgs e)
{
}
void Application_Error(object sender, EventArgs e)
{
}
void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started

}
void Session_End(object sender, EventArgs e)
{
}
protected void application_authenticaterequest(object sender, EventArgs e)
{
if (HttpContext.Current.User!=null )
{
FormsIdentity fi;
fi =(FormsIdentity) (User.Identity);
FormsAuthenticationTicket tkt;
tkt = fi.Ticket;
string ud = tkt.UserData;
string[] st = ud.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, st );
}
}
</script>

Conclusion
and finaly u have done its simple and it provides security to ur application and prevent content to be disclosed to unwanted user

Comments or Responses

Login to post response