Login   |   Signup  
Exforsys

ASP.NET Training

  1. ASP.NET with C# Training Launch
  2. ASP.NET with C# Training Course Outline
  3. Introduction to ASP.NET with C#
  4. ASP.NET Web Forms Controls
  5. ASP .NET: Validating User Input with C#
  6. Using Rich Server Controls with C#
  7. Accessing Data with C#
  8. ASP.NET Using the DataList and Repeater, Datagrid Controls
  9. Managing Data with ADO.NET DataSets and C#
  10. Creating and consuming XML Web Services with C#
  11. ASP .NET Migration and Interoperability
  12. Managing State with ASP.NET and C#
  13. Caching in ASP.NET
  14. Configuring and Deploying ASP.NET Applications
  15. Securing ASP.NET Applications with C#

Career Training

Technical Training

Skill Test

Ads


Home arrow Technical Training arrow ASP.NET Training

Table of Contents

 Securing ASP.NET Applications with C#
 Securing ASP.NET Applications with C# - Page 2
 Securing ASP.NET Applications with C# - Page 3

Securing ASP.NET Applications with C#

Page 1 of 3
Author : Exforsys Inc.     Published on: 14th May 2005    |   Last Updated on: 2nd Nov 2010
Asp.net Security Overview: Security is one of the most important component of any application. Security is even more important when you are making a web application which is exposed to million of users. Asp.net provides classes and methods that ensure that the application is secure from outside attacks. In this article we will investigate the different types of authentication provided by Asp.net.

Windows Authentication

Ads

Windows Authentication mode provides the developer to authenticate a user based on Windows user accounts. This is the default authentication mode provided by Asp.net. You can easily get the Identity of the user by using User.Identity.Name. This will return the computer name along with the user name. Windows authentication also provides IsInRole method to find the role of the user and than you can give permissions to the user depending on the role.

Forms Authentication

First you need to set up the forms authentication in the web.config file. If you see in the web.config file there will be a tag like this:

< authentication mode="Windows" / >

Storing username and password in the Web.config file:

If you have very few users that needs to use the application than you can set the username and passwords in the web.config file.

If you have very few users that needs to use the application than you can set the username and passwords in the web.config file.

< authentication mode="Forms " >

< forms loginUrl="Login.aspx" >

<credentials>

< user name="Joe" password="Smith" / >

< / credentials >

forms >

< / authentication >


You will see some new tags and attributes above lets explain all of them:

The tag forms has an attribute loginUrl which is the url of the page the users will be redirected if they try to access an authorized page. In this case we have given the url as Login.aspx which means that if some user is trying to access some page and he is not signed in he will be redirected to the Login.aspx page.

Later we have the credentials tag which has attributes username and password. The username and password is simply the username and password for a particular user. All the usernames and passwords that are present in the web.config files tag will be authorized to user the pages.

You can have multiple user name and password stored in a single web.config file. As you can see in the code below I have stored 2 username and their passwords:

You will see some new tags and attributes above lets explain all of them: The tag forms has an attribute loginUrl which is the url of the page the users will be redirected if they try to access an authorized page. In this case we have given the url as Login.aspx which means that if some user is trying to access some page and he is not signed in he will be redirected to the Login.aspx page. Later we have the credentials tag which has attributes username and password. The username and password is simply the username and password for a particular user. All the usernames and passwords that are present in the web.config files tag will be authorized to user the pages. You can have multiple user name and password stored in a single web.config file. As you can see in the code below I have stored 2 username and their passwords:

< authentication mode="Forms" >

< forms loginUrl="Login.aspx" >

<credentials>

< user name="Joe" password="Smith" / >

< user name="azam" password="hello" / >

< / credentials >

< / forms>

< / authentication >

Ads

Okay so now you got the username and passwords stored in the web.config file and now you want to authenticate the user depending on the credentials present in the web.config file. Let's set one more thing up which is the authorization tags in the web.config file.

< authorization>

< deny users="?" / >

< / authorization >


The deny users = "?" means that all the other users whose name is not present in the web.config file must not be able to access the pages.

Lets make a simple login screen that lets the user enter his credentials:

Suppose you are too lazy to change your page name from WebForm1 to Login.aspx. Now if you run the page you will see an error that there is no Login.aspx page. You will be surprised that what is asp.net looking for Login.aspx page. The reason is that because you told the Asp.net that the login page will be named Login.aspx remember:

 
This tutorial is part of a ASP.NET Training tutorial series. Read it from the beginning and learn yourself.

ASP.NET Training

  1. ASP.NET with C# Training Launch
  2. ASP.NET with C# Training Course Outline
  3. Introduction to ASP.NET with C#
  4. ASP.NET Web Forms Controls
  5. ASP .NET: Validating User Input with C#
  6. Using Rich Server Controls with C#
  7. Accessing Data with C#
  8. ASP.NET Using the DataList and Repeater, Datagrid Controls
  9. Managing Data with ADO.NET DataSets and C#
  10. Creating and consuming XML Web Services with C#
  11. ASP .NET Migration and Interoperability
  12. Managing State with ASP.NET and C#
  13. Caching in ASP.NET
  14. Configuring and Deploying ASP.NET Applications
  15. Securing ASP.NET Applications with C#
 

Comments

 

Share


Connect

Related Articles

  1. Building Web Based N-Tier Applications using C#
  2. What is Concurrent Testing
  3. XBean based servicemix http Binding
  4. Oracle SOA Re-Hosting Based Modernization
  5. Report Builder 2.0 - Dataset Based on Excel File
  6. Oracle Job Scheduling - Event Based Scheduling - Part 1
  7. Oracle Job Scheduling - Event Based Scheduling - Part 2
  8. Oracle Job Scheduling - Event Based Scheduling - Part 3
  9. XML Unit Testing tools Series 1
  10. Microsoft .NET Unit testing Tools
  11. SQL Unit Testing Tools
  12. MSAS: Usage-Based Optimization
  13. Functional Testing Tools
  14. Usability Engineering - Usability Testing
  15. Oracle Apps 11i : Getting started with Oracle Applications

Exforsys e-Newsletter

Enhance Technical and Soft Skills every week, get our Job Interview Questions and Answers eBook free when you subscribe.

Subscribe and Get Free Bonus PDF Book

eBook

Subscribe

Privacy and Legal | Contact Us | DMCA | Sitemap

Copyright © 2000 - 2012 exforsys.com. All Rights Reserved