Login   |   Signup  
Exforsys

ASP.NET Training

  1. ASP.NET with C# Training Launch
  2. ASP.NET with C# Training Course Outline
  3. Introduction to ASP.NET with C#
  4. ASP.NET Web Forms Controls
  5. ASP .NET: Validating User Input with C#
  6. Using Rich Server Controls with C#
  7. Accessing Data with C#
  8. ASP.NET Using the DataList and Repeater, Datagrid Controls
  9. Managing Data with ADO.NET DataSets and C#
  10. Creating and consuming XML Web Services with C#
  11. ASP .NET Migration and Interoperability
  12. Managing State with ASP.NET and C#
  13. Caching in ASP.NET
  14. Configuring and Deploying ASP.NET Applications
  15. Securing ASP.NET Applications with C#

Career Training

Technical Training

Skill Test

Ads


Home arrow Technical Training arrow ASP.NET Training

Table of Contents

 Securing ASP.NET Applications with C#
 Securing ASP.NET Applications with C# - Page 2
 Securing ASP.NET Applications with C# - Page 3

Securing ASP.NET Applications with C# Page - 2

Page 2 of 3
Author : Exforsys Inc.     Published on: 14th May 2005    |   Last Updated on: 2nd Nov 2010

Securing ASP.NET Applications with C#

< forms loginUrl="Login.aspx " >

Ads

Now if you change the name of your page to Login.aspx it will work fine. You can also change the loginUrl = WebForm1.aspx to make it work but making a Login.aspx page sounds much better.

Now we need to implement the button click code:

private void Button1_Click(object sender, System.EventArgs e)

{

if(FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text))

}

else

{

Label3.Text = "you are not authorized to view the page";

}

}

We simply used the FormsAuthentication.Authenticate() method and supplied it with the username and password. These username and password will be checked against the web.config file. If the username and password are present inside the web.config file than the user will be authorized and will be taken to the originally requested Url. If the person is not authorized than a message will be printed that "You are not authorized to view the page".

Cookie Expiration

You can also expire the cookies that you make in your application. Setting the time for the cookie expiration is not difficult at all. Lets see the following code and see what it does:

Lets first make a simple cookie that will hold the user's username and than set its expiration time in days:

HttpCookie myCookie = new HttpCookie("UserName");

myCookie.Value("UserName") = txtName.Text;

myCookie.Expires = DateTime.Now.AddDays(1);

Response.Cookies.Add(myCookie);

As we can see in the code sample above that making and setting the expiration time for the cookie is not difficult at all. You can also use FormsAuthentication Ticket to assign the expiration time of the cookie.

Ads


This method is good if you dont want the user to be logged on all the times. Its also safe from the security point of view cause it will expire in 1 day.

Custom Authentication:

If you have a larger system you will be better off using the Database to keep the UserNames and passwords. You can use a simple SQL Stored procedure which returns 1 or 0 for success and failure depending on the username and password supplied. A simple database validation method can be written as follows:

private bool IsUserAuthenticated(string username,string password)

{

// Make database connection

// Attach the parameters, should also have output parameters to return a value

// set up the Sql Server Stored procedure

/*

*

* CREATE PROC [GetUserID]

* @PersonID int OUTPUT,

* @UserName nvarchar(50),

* @Password nvarchar(50)

*

* AS

*

* SELECT @PersonID = PersonID WHERE UserName = @UserName AND Password = @Password;

*

*/

// exeucte the command

// if(personID > 0 )

// return true;

// else

// return false;


}

 
This tutorial is part of a ASP.NET Training tutorial series. Read it from the beginning and learn yourself.

ASP.NET Training

  1. ASP.NET with C# Training Launch
  2. ASP.NET with C# Training Course Outline
  3. Introduction to ASP.NET with C#
  4. ASP.NET Web Forms Controls
  5. ASP .NET: Validating User Input with C#
  6. Using Rich Server Controls with C#
  7. Accessing Data with C#
  8. ASP.NET Using the DataList and Repeater, Datagrid Controls
  9. Managing Data with ADO.NET DataSets and C#
  10. Creating and consuming XML Web Services with C#
  11. ASP .NET Migration and Interoperability
  12. Managing State with ASP.NET and C#
  13. Caching in ASP.NET
  14. Configuring and Deploying ASP.NET Applications
  15. Securing ASP.NET Applications with C#
 

Comments

 

Share


Connect

Related Articles

  1. Building Web Based N-Tier Applications using C#
  2. What is Concurrent Testing
  3. XBean based servicemix http Binding
  4. Oracle SOA Re-Hosting Based Modernization
  5. Report Builder 2.0 - Dataset Based on Excel File
  6. Oracle Job Scheduling - Event Based Scheduling - Part 1
  7. Oracle Job Scheduling - Event Based Scheduling - Part 2
  8. Oracle Job Scheduling - Event Based Scheduling - Part 3
  9. XML Unit Testing tools Series 1
  10. Microsoft .NET Unit testing Tools
  11. SQL Unit Testing Tools
  12. MSAS: Usage-Based Optimization
  13. Functional Testing Tools
  14. Usability Engineering - Usability Testing
  15. Oracle Apps 11i : Getting started with Oracle Applications

Exforsys e-Newsletter

Enhance Technical and Soft Skills every week, get our Job Interview Questions and Answers eBook free when you subscribe.

Subscribe and Get Free Bonus PDF Book

eBook

Subscribe

Privacy and Legal | Contact Us | DMCA | Sitemap

Copyright © 2000 - 2012 exforsys.com. All Rights Reserved