Hello friends,Security is a major concern when we are developing web applications
Asp.net provides you three types of authentication providers,that are windows,passport and Formss based.
Windows:
This uses capabilities of ISS for authentication,and passes the identity to code,this is the default authentication provider for asp.net.
passport:
this is an authentication service provided by Microsoft that offers a single logon facility and membership services for your asp.net website.
Forms:
Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application.
When a user requests a page for the application that requires authentication,ASP.NET checks for the presence of a special session cookie.
If the cookie is present, ASP.NET assumes the user is authenticated and processes the requested page.
If the cookie isn't present, ASP.NET redirects the user to a page you have provided as login page
This post gives you a small idea on how to configure your asp.net application for forms based authentication:
First of all you need to create a login page with two text boxes and one login button:
Refer the code below:
<asp:Panel ID="Panel1" runat="server" CssClass="login_box_big" Width="400px">
<table ><tr>
<td align="left" class="side_menu"> Login</td>
</tr><tr><td align="left">
<b>UserName:</b><asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
</td></tr><tr><td align="left">
<b>Password:</b> <asp:TextBox ID="txtPassword" runat="server"
TextMode="Password"></asp:TextBox> </td></tr><tr><td>
<asp:Button ID="LoginBtn" runat="server" CssClass="button"
onclick="Button1_Click" Text="Login" /></td></tr><tr><td>
<asp:Literal ID="ltrerror" runat="server" EnableViewState="False" Text="<div style="background-color:red;width:300px;color:white" >Error: Invalid Password</div><div style="height:10px;">
</div>"
Visible="False"></asp:Literal></td></tr></table></asp:Panel>In Login Buttons click event write the following code:
protected void LoginBtn_Click(object sender, EventArgs e)
{
if (txtUserName.Text=="YourUserName" && txtPassword.Text=="YourPassword")
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,false);
}
else
{
ltrerror.Visible = true;
}
}
If you want to authenticate all pages in a folder in your application
(for exaple :Admin),put a web.config file in your folder and put the following tags inside <configuration> and <configuration/>tags
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
In the web.config file in your root of the application put the following tags inside <system.web> and </system.web> tags
<authentication mode="Forms">
<forms name="AUTH" loginUrl="~/Login.aspx" protection="All" timeout="120" path="/">
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
the timeout section controls the interval at which the authentication cookie is regenerated.
Happy coding
Post a Comment