Implement a simple forms-based authentication

Assignment Help DOT NET Programming

Reference no: EM13974246

Exercise 1

In this exercise, you'll implement a simple Forms-based authentication.

Create a new ASP.NET application.

Configuring the application for forms authentication

If the application has a Web.config file in the application root, open it.

If the application does not already have a Web.config file in the application root folder, create one.

Add the following elements to it within <system.web> area:

<authenticationmode="Forms">

<formsloginUrl="Logon.aspx"name=".ASPXFORMSAUTH">

<credentialspasswordFormat="Clear">

<username="[email protected]"password="ceil865"/>

</credentials>

</forms>

</authentication>

<denyusers="?"/>

</authorization>

Save the Web.config file and close it.

Creating the Logon Page

When users request any page from the Web site and if they have not previously been authenticated, they are redirected to a page named Logon.aspx. You specified this file name earlier in the Web.config file.

The Logon.aspx page collects user credentials (e-mail address and password) and authenticates them. If the user is successfully authenticated, the logon page redirects the user to the page they originally requested. In the example, the valid credentials are hard-coded into the page code.

Create an ASP.NET page named Logon.aspx in your project.

Add the following web controls as shown in the picture:

Four label controls, two text box controls, one check box control, two requiredfieldvalidator controls, two button controls.

Set the text property of the label controls as shown in the picture. Name the text boxes UserMail and UserPass. Set the ControlToValidate property for validator controls respectively to UserMail and UserPass. Name the check box control Persist.

Name button controls respectively BtnLogon, BtnLogonWebConfig. Name the fourth label Message.

Here is the code behind for Logon.aspx page:

public partial class Logon : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

}

protected void BtnLogon_Click(object sender, EventArgs e)

{

if ((UserEmail.Text == "[email protected]") && (UserPass.Text =="ceil865"))

FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked);

else

Msg.Text = "Invalid credentials. Please try again.";

}

protected void BtnLogonWebConfig_Click(object sender, EventArgs e)

{

//Authenticating against values in Web.config

if( FormsAuthentication.Authenticate(UserEmail.Text, UserPass.Text) )

FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked);

else

Msg.Text = "Invalid credentials. Please try again.";

}

The page contains ASP.NET server controls that collect user information and a check box that users can click to make their login credentials persistent. The Log On button's Click handler contains code that checks the user's e-mail address and password against hard-coded values. (The password is a strong password that contains various non-alphabetic characters and is at least eight characters long.) If the user's credentials are correct, the code calls the FormsAuthentication class's RedirectFromLoginPage method, passing the user's name and a Boolean value (derived from the check box) indicating whether to persist an authentication ticket as a cookie. The method redirects the user to the page originally requested. If the user's credentials do not match, an error message is displayed. Note that the page imports the System.Web.Security namespace, which contains the FormsAuthentication class.

Creating the Default Page

Because you specified in the configuration file that all unauthenticated users are denied access to the application's ASP.NET resources (which includes .aspx files, but not static files such as HTML files or multi-media files including images, music, and so on), when a user requests the page, forms authentication will check the user's credentials and redirect the user to the logon page if necessary. The page you create will also allow users to log out, which clears their persisted authentication ticket (cookie).

If you don't have a default page, add a new web form and name it Default.aspx. Add a label control and a button control to the form as shown in the picture below:

Name the label Welcome and the button Sign_Out.

Here is the code behind the page:

public partial class _Default : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

Welcome.Text = "Hello, " + Context.User.Identity.Name;

}

protected void Sign_Out_Click(object sender, EventArgs e)

{

//removes the forms authentication cookie

FormsAuthentication.SignOut();

//Redirects the browser to the login URL. Clears the cookie

FormsAuthentication.RedirectToLoginPage();

}

The page displays the user's authenticated identity, which was set by the FormsAuthentication class and is available in an ASP.NET page as the Context.User.Identity.Name property. The Sign Out button's Click handler contains code that calls the SignOut method to clear the user identity and remove the authentication ticket (cookie). It then redirects the user to the logon page:

Reference no: EM13974246

Questions Cloud

What potential dilemmas exist among the seven people : Which groups are most likely to have the most confl ict? Explain.

Write about the five most intriguing aspects of the culture : Choose Turkey please. Go to the Executive Planet web site at www.executiveplanet.com. Read all the information about Turkey's business culture and then do the following. Write about the five most intriguing aspects of the culture

What is the economic order quantity : What should be the reorder point to have a 95 percent service level? Explain how the system will operate. What is the economic order quantity?

Different industries and in different companies : Charters used in different industries and in different companies have somewhat different elements.

Implement a simple forms-based authentication : In this exercise, you'll implement a simple Forms-based authentication. Create a new ASP.NET application. If the application does not already have a Web.config file in the application root folder, create one.

Bank annual income from the loans : A bank lent $1.2 million for the development of three new products, with one loan each at 6%, 7%, and 8%. The amount lent at 8% was equal to the sum of the amounts lent at the other two rates, and the bank's annual income from the loans was $88,00..

Trade between a large economy and a small economy : Trade between a large economy and a small economy inevitably results in the large economy capturing the majority of any gains from trade due to disparity in economic power between the two countries. After research at stating valid facts, decide if..

Identification of societal issues : Identify and discuss a social problem that you believe is significant to the profession of social work. Include a definition; identification of societal issues that contributed to the creation and maintenance of this problem; propose potential sol..

Prepare a new contribution format income statement under : Miller Company's most recent contribution format income statement is shown below: Prepare a new contribution format income statement under each of the following conditions (consider each case independently): (Do not round intermediate calculations. R..

User Account

All Pages