Forms authentication enables user and password
validation for Web applications that do not require Windows
authentication. With forms authentication, user information is stored
in an external data source. You can require that all requests to an
application contain a valid user authentication ticket by using the
authorization configuration element to deny the request of any unknown
user.
Forms authentication using ASP.NET 2.0 and VB.NET
Forms authentication enables user and password
validation for Web applications that do not require Windows
authentication. With forms authentication, user information is stored
in an external data source. You can require that all requests to an
application contain a valid user authentication ticket by using the
authorization configuration element to deny the request of any unknown
user.
This tutorial will show you how to forms authentication
using ASP.NET 2.0 and VB.NET. And we only using the default namespace.
In tutorial, the only configuration step beyond that is to add
the following code in the web.config file, inside the
<system.web> element.
<authentication mode="Forms">
<forms name=".SecurityDemo" loginUrl="LoginVerifyCsharp.aspx">
<credentials passwordFormat="Clear">
<user name="John" password="Foo"/>
<user name="Mary" password="Bar"/>
</credentials>
</forms>
</authentication>
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
<authorization>
<deny users="?"/>
</authorization>
|
We moved our web sites to Server Intellect and have found them to be incredibly professional. Their setup is very easy and we were up and running in no time.
First, Forms authentication enables user and password validation for
Web applications that do not require Windows authentication. With forms
authentication, user information is stored in an external data source.
You can require that all requests to an application contain a valid
user authentication ticket by using the authorization configuration
element to deny the request of any unknown user. In order to validates
a user name and password against credentials stored in the
configuration file for an application, we using
FormsAuthentication.Authenticate Method. And we use the
btnLoginBetter_Click to do the work. We then call the Class
FormsAuthentication to use the Properties of FormsCookiePath, Path,
Expires and the methods of Encrypt. And then the we use
FormsAuthenticationTicket class to create an object that represents the
authentication ticket that is used by forms authentication to identify
an authenticated user. The properties and values of a
forms-authentication ticket are converted to and from an encrypted
string that is stored in a cookie or in the URL. The Cookie class is
used by a client application to retrieve information about cookies
received with HTTP responses. The following cookie formats are
supported during parsing the HTTP response headers.
Partial Class LoginVerifyVB
Inherits System.Web.UI.Page
Protected Sub btnLoginBetter_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLoginBetter.Click
If FormsAuthentication.Authenticate(tbName.Text, tbPass.Text) Then
Dim
ticket As New FormsAuthenticationTicket(1, tbName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), PersistCookie.Checked, "User")
Dim cookieStr As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, cookieStr)
If PersistCookie.Checked Then
cookie.Expires = ticket.Expiration
End If
cookie.Path = FormsAuthentication.FormsCookiePath
Response.Cookies.Add(cookie)
lbUser.Text = "The UserName is " + tbName.Text
If tbName.Text = "John" Then
lbSf.Text = "The Role is " + "admin"
Else
lbSf.Text = "The Role is " + "user"
End If
FormsAuthentication.RedirectFromLoginPage(tbName.Text, false)
Else
Response.Write("<script>alert('Error!')</script>")
End If
End Sub
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
|
The front end Default.aspx page looks something like this:
<asp:label id="Label1"
runat="server">UserName:</asp:label> <asp:textbox
id="tbName" runat="server" Width="183px"></asp:textbox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="tbName"
ErrorMessage="Please Input UserName!!!"></asp:RequiredFieldValidator><br />
<br />
<asp:label id="Label2" runat="server" Width="78px">PassWord:</asp:label>
<asp:textbox id="tbPass" runat="server" Width="183px"></asp:textbox>
<br />
<br />
<asp:Label ID="Label3" runat="server" Text="Is Save Cookie:" Width="98px"></asp:Label>
<asp:checkbox id="PersistCookie" runat="server"></asp:checkbox><br />
<br />
<asp:Button ID="btnLoginBetter" runat="server" OnClick="btnLoginBetter_Click" Text="Log"
Width="99px" /><br />
<br />
<asp:Label ID="lbUser" runat="server" Width="286px"></asp:Label><br />
<br />
<asp:Label ID="lbSf" runat="server" Width="287px"></asp:Label>
|
Server Intellect assists companies of all sizes with their hosting needs by offering fully configured server solutions coupled with proactive server management services. Server
Intellect specializes in providing complete internet-ready server
solutions backed by their expert 24/365 proactive support team.
The flow for the code behind page is as follows.
Partial Class LoginVerifyVB
Inherits System.Web.UI.Page
Protected Sub btnLoginBetter_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLoginBetter.Click
If FormsAuthentication.Authenticate(tbName.Text, tbPass.Text) Then
Dim
ticket As New FormsAuthenticationTicket(1, tbName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), PersistCookie.Checked, "User")
Dim cookieStr As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, cookieStr)
If PersistCookie.Checked Then
cookie.Expires = ticket.Expiration
End If
cookie.Path = FormsAuthentication.FormsCookiePath
Response.Cookies.Add(cookie)
lbUser.Text = "The UserName is " + tbName.Text
If tbName.Text = "John" Then
lbSf.Text = "The Role is " + "admin"
Else
lbSf.Text = "The Role is " + "user"
End If
Else
Response.Write("<script>alert('Error!')</script>")
End If
End Sub
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
|
|
