Securing ASP.NET Applications with C# Page - 3

Signing out a user Securely

You have seen the sign out button on the Internet on various websites. The website "www.codersource.net also have the feature to signout users when they are done browsing. Let's see how we can implement a simple signout method. The logic behing the sign out is to expire the user cookie.

FormsAuthentication.SignOut();

Client side Validation

Don't leave all the things for your business logic and then for the database to decide. Do all the validation before you send the data to the business layers and the database layers. For this you can always use RequiredFieldValidators to check that if the required fields are not left blank.

I hope you enjoyed the tutorial happy programming !

Response.Cookies["UserName"].Value = null;

// The date can be anything which has already passed

Response.Cookies["UserName"].Expires = new System.DateTime(1999,10,12);

Response.Redirect("Whateverpage.aspx");

As you can see the code above is pretty simple and straight forward. The FormsAuthentication class provides a signout method which can be used to signout users.

Later we assign null to the cookie and expired the cookies date by assigning it a date which has already passed. After signout the user I simply redirected the user to another page.

{

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,false);

By default it is set to the Windows authentication mode in order to change this to forms authentication you will just need to change the windows to forms as I have shown below:

< authentication mode="Forms" / >

Okay so now you have set your application to use the features of the forms authentication instead of the windows authentication.