Tutorials
ASP.NET
Securing ASP.NET Applications with C#
Securing ASP.NET Applications with C# - Page 2
Securing ASP.NET Applications with C# - Page 3< forms loginUrl="Login.aspx " >
Now if you change the name of your page to Login.aspx it will work fine. You can also change the loginUrl = WebForm1.aspx to make it work but making a Login.aspx page sounds much better.
Now we need to implement the button click code:
private void Button1_Click(object sender, System.EventArgs e)
{
if(FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text))
}
else
{
Label3.Text = "you are not authorized to view the page";
}
}
We simply used the FormsAuthentication.Authenticate() method and supplied it with the username and password. These username and password will be checked against the web.config file. If the username and password are present inside the web.config file than the user will be authorized and will be taken to the originally requested Url. If the person is not authorized than a message will be printed that "You are not authorized to view the page".
You can also expire the cookies that you make in your application. Setting the time for the cookie expiration is not difficult at all. Lets see the following code and see what it does:
Lets first make a simple cookie that will hold the user's username and than set its expiration time in days:
HttpCookie myCookie = new HttpCookie("UserName");
myCookie.Value("UserName") = txtName.Text;
myCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(myCookie);
As we can see in the code sample above that making and setting the expiration time for the cookie is not difficult at all. You can also use FormsAuthentication Ticket to assign the expiration time of the cookie.
If you have a larger system you will be better off using the Database to keep the UserNames and passwords. You can use a simple SQL Stored procedure which returns 1 or 0 for success and failure depending on the username and password supplied. A simple database validation method can be written as follows:
private bool IsUserAuthenticated(string username,string password)
{
// Make database connection
// Attach the parameters, should also have output parameters to return a value
// set up the Sql Server Stored procedure
/*
*
* CREATE PROC [GetUserID]
* @PersonID int OUTPUT,
* @UserName nvarchar(50),
* @Password nvarchar(50)
*
* AS
*
* SELECT @PersonID = PersonID WHERE UserName = @UserName AND Password = @Password;
*
*/
// exeucte the command
// if(personID > 0 )
// return true;
// else
// return false;
}
| Hi all, I\'m new here. Hope to ctach up with the project work. |
| Its was very simple and really good! |
| I think this tutorial is very helpful for the begginers, and you can easily know the basic of .Net here.. Really cool |
|
i dont know how to get custom authentication coding out plz if u know than help me out |
|
i had tried to do forms authentication for number of users but how to do with this can u give me some idea thanks in advance |
|
tried to do forms authentication for number of users but how to do with this can u give me some idea |