0
Posted on 6:33 AM by prajeesh and filed under , ,

Hello friends,Security is a major concern when we are developing web applications
Asp.net provides you three types of authentication providers,that are windows,passport and Formss based.

Windows:
This uses capabilities of ISS for authentication,and passes the identity to code,this is the default authentication provider for asp.net.
passport:
this is an authentication service provided by Microsoft that offers a single logon facility and membership services for your asp.net website.
Forms:
Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application.
When a user requests a page for the application that requires authentication,ASP.NET checks for the presence of a special session cookie.
If the cookie is present, ASP.NET assumes the user is authenticated and processes the requested page.
If the cookie isn't present, ASP.NET redirects the user to a page you have provided as login page

This post gives you a small idea on how to configure your asp.net application for forms based authentication:

First of all you need to create a login page with two text boxes and one login button:

Refer the code below:


<
asp:Panel ID="Panel1" runat="server" CssClass="login_box_big" Width="400px">
<table ><tr>
<td align="left" class="side_menu">&nbsp; Login</td>
</tr><tr><td align="left">
<b>UserName:</b><asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
</td></tr><tr><td align="left">
<b>Password:</b>&nbsp;<asp:TextBox ID="txtPassword" runat="server"
TextMode="Password"></asp:TextBox>&nbsp;</td></tr><tr><td>

<asp:Button ID="LoginBtn" runat="server" CssClass="button"

onclick="Button1_Click" Text="Login" /></td></tr><tr><td>

<asp:Literal ID="ltrerror" runat="server" EnableViewState="False" Text="&lt;div style=&quot;background-color:red;width:300px;color:white&quot; &gt;Error: Invalid Password&lt;/div&gt;&lt;div style=&quot;height:10px;&quot;&gt;

&lt;/div&gt;"

Visible="False"></asp:Literal></td></tr></table></asp:Panel>

In Login Buttons click event write the following code:

protected void LoginBtn_Click(object sender, EventArgs e)

{

if (txtUserName.Text=="YourUserName" && txtPassword.Text=="YourPassword")
{

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,false);

}

else

{

ltrerror.Visible = true;

}

}

If you want to authenticate all pages in a folder in your application

(for exaple :Admin),put a web.config file in your folder and put the following tags inside <configuration> and <configuration/>tags

<system.web>

<authorization>

<deny users="?" />

</authorization>

</system.web>

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

In the web.config file in your root of the application put the following tags inside <system.web> and </system.web> tags

<authentication mode="Forms">

<forms name="AUTH" loginUrl="~/Login.aspx" protection="All" timeout="120" path="/">

</forms>

</authentication>

<authorization>

<allow users="*"/>

</authorization>

the timeout section controls the interval at which the authentication cookie is regenerated.

Happy coding



Shout it kick it on DotNetKicks.com
0
Responses to ... Implementing Forms Based Authentication in ASP.net