Click here to Skip to main content
Click here to Skip to main content

Forms Authentication Without Password In ASP.NET

By , 9 Sep 2007
Rate this:
Please Sign up or sign in to vote.

Introduction

Password Protection And Password Management is an important issue In designing Control System Or Other Authorizing Permissins system.

  • Some Developer Using The Encryption Algoritms To Encrypt Password Before Saving In Database And Save The Encrypted Password In DataBase And Encryption Password And Decryption Made By Application Layer.
    This is Useful When We have A Complex Authorization In Access To Permissins therefore When Hacker hacked our Database It is Difficult to to befool us like change the permissions and other...
  • It is Difficult to users To record Password for several system and users like have one or two password for logining systems.

Background

In This Article we Use The Mixed Mode Authentication(Forms and Windows) For Loggining Systems This Is Use full To Managing Security In Intranet System Because the NT Security In asp.net Manage The security Of Our System and NT Security in Windows successfully In Managing Security

Using the code

Before We Use the Code We Ust Go To the ComputerManageMent Of Server(or your system)
and then go to Groups And Users And Define the ASP.Net As Member Of System Worker
or Act as part of the operating system

  1. Configure your Web application's web.config file to use Forms Authentication
    <authentication mode="Forms">
    	<!--<forms loginUrl="Login.aspx" cookieless="UseUri" slidingExpiration="true" 
    		name=".LogonUserDemo2" timeout="20" path="/" protection="All"/>-->
    </authentication>
    <authorization>
    	<allow users="*"/>
    </authorization>
    <location path="Secured Folder" >
    	<system.web>
    		<authorization>
    			<deny users="?"/>
    		</authorization>
    	</system.web>
    </location>
    
  2. Create your login page :

    Important point In Login Page Define the Api that Using The Windows Security

    const long LOGON32_LOGON_INTERACTIVE = 2;
    const long LOGON32_LOGON_NETWORK = 3;
    const long LOGON32_PROVIDER_DEFAULT = 0;
    const long LOGON32_PROVIDER_WINNT50 = 3;
    const long LOGON32_PROVIDER_WINNT40 = 2;
    const long LOGON32_PROVIDER_WINNT35 = 1;
    
    [DllImport("advapi32.dll", EntryPoint = "LogonUser")]
    private static extern bool LogonUser(
    	string lpszUsername,
    	string lpszDomain,
    	string lpszPassword,
    	int dwLogonType,
    	int dwLogonProvider,
    	ref IntPtr phToken);
    	
    private bool ValidateLogin(
    	string Username,
    	string Password,
    	string Domain)
    	{
    		IntPtr token = new IntPtr(0);
    		token = IntPtr.Zero;
    		if (LogonUser(
    			Username,
    			Domain,
    			Password,
    			(int)LOGON32_LOGON_NETWORK,
    			(int)LOGON32_PROVIDER_DEFAULT,
    			ref token))
    		{
    			return true;
    		}
    		else
    		{
    			return false;
    		}
    	}

    After checking User If Exists In Our Domain We Check User That Exising In Our Users Database and The Permissins For them.

    	string Username = UserName.Text;
    	string Password = Password1.Text;
    	string Domain = DropDownList1.SelectedValue;
    	Domain = "DomanName";
    	bool checkedVal = RememberMe.Checked;
    
    	////if(Username.Substring(0,1)=="@")
    	//// if (Password == "nasim")
    	//// {
    	//// 	FormsAuthentication.RedirectFromLoginPage(Domain + '\\' + 
    	////		Username.Substring(1,Username.Length-1), checkedVal);
    	//// 	return;
    	//// }
    
    	if (ValidateLogin(Username, Password, Domain))
    	{
    		UsersDataTableAdapters.UsersTableAdapter uta = new UsersDataTableAdapters.UsersTableAdapter();
    		UsersData.UsersDataTable udt = new UsersData.UsersDataTable();
    		udt = uta.GetDataByUserName(Domain + '\\' + Username);
    		FormsAuthentication.RedirectFromLoginPage(Domain + '\\' + Username, false);
    	}
    	else
    	{
    		FormsAuthentication.RedirectToLoginPage();
    		return;
    	}
    }
    

Points of Interest

Exactly I use The Resource About Definition of api From Internet And MSDN.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

hooshang Karami
Web Developer
Iran (Islamic Republic Of) Iran (Islamic Republic Of)
i am programmer and i am programming 10 year
I am VB Progarammer
Asp.net Webdevelpoer Intranet Site Developer
C#.net Programmer
in SqlServer DatabAse
I am Developing Accounting System And Sell Systems
In C# Or VB.net In SqlServer 2000 ,
I like Programming And I live With Programming
iran tehran
 


Comments and Discussions

 
GeneralMy vote of 1 Pinmemberbabakzawari3-Feb-10 0:42 
GeneralGrammar.. Pinmembertudor_turcu18-Sep-07 0:06 
GeneralNot sure PinmemberJan Seda10-Sep-07 5:14 
GeneralRe: Not sure Pinmemberhooshang Karami10-Sep-07 18:55 
Thanks from your comment
users force me to implementation of this approach because they dont like to use the other password for login to intranet and other problem is saving the password in database.
but if you have any idea please send me
 

GeneralRe: Not sure PinmemberJan Seda10-Sep-07 20:47 
GeneralRe: Not sure Pinmemberhooshang Karami11-Sep-07 0:25 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140415.2 | Last Updated 10 Sep 2007
Article Copyright 2007 by hooshang Karami
Everything else Copyright © CodeProject, 1999-2014
Terms of Use
Layout: fixed | fluid