Using Form Authentication in your Application
1.00/5 (14 votes)
Using Form Authentication in your Application
Introduction
This is a complete Small Application that used Form Authentication Mode. In this i use one Login page. That is used for if User is not authorized the it will go for authorization Check. Login page will be appear. Here he/she type user name and password. if the are authrized they will sent back to requested page other wise they not get the permission to open that Requested page.
First We change the authentication Mode in Web.config the systax is
<authentication mode="Forms"> <forms name=".NavinsForm" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/> </authentication>
Now we change the authorization tag
<authorization> <deny users="?"/> <allow users="*" /> </authorization>
After Perform These Changes in Web.config. We write the code for Check authorized user and send back to Requested Page. First of all we Validate user. Create Function on Login.aspx.
Function ValidateUser(ByVal userName As String, ByVal passWord As String) As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim lookupPassword As String
Session("Username") = userName & " Hello"
lookupPassword = Nothing
'CHECK FOR A INVALID USERNAME
If ((userName Is Nothing)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName Failed.")
Return False
End If
'Check for invalid password
If (passWord Is Nothing) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
Return False
End If
If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of password failde.")
Return False
End If
Try
conn = New SqlConnection("Server=svr;Database=pubs;uid=sa")
conn.Open()
cmd = New SqlCommand("Select pwd from Users where uname=@userName", conn)
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)
cmd.Parameters("@userName").Value = userName
lookupPassword = cmd.ExecuteScalar
cmd.Dispose()
conn.Dispose()
Catch ex As Exception
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception" & ex.Message)
End Try
'if no password found
If (lookupPassword Is Nothing) Then
Return False
End If
Return (String.Compare(lookupPassword, passWord, False) = 0)
End Function
This Function is Check Either User is valid or not if user is not valid he will not get back to Requested Page. For Sent back to Requested Page Write This on Login_Button Click
Private Sub cmdLogin_ServerClick(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdLogin.ServerClick
If ValidateUser(txtUserName.Value, txtUserPass.Value) Then
If Request.Params("ReturnUrl") <> "" Then
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, chkPersistCookie.Checked)
Else
FormsAuthentication.SetAuthCookie(txtUserName.Value, chkPersistCookie.Checked)
Server.Transfer("NewPage.aspx")
End If
Else
Response.Redirect("logon.aspx", True)
End If
End Sub
Here One Importeant thing is that if user directly call the login page and if he/she is authorized the he will go to the Default Page. By Default the name of Default page is Default.aspx. if this page is not in your application this will give Error. So, solution of this problem is Check the Querystring by
Request.Params("ReturnUrl")<>""
if user Directly open the login.aspx page he will goes to your Default page that you set. This is done by
FormsAuthentication.SetAuthCookie(txtUserName.Value, chkPersistCookie.Checked)
Server.Transfer("NewPage.aspx")
Here Default page is not Default.aspx but it is "NewPage.aspx". If user Request the other page of Application the he will goes to that Requested Page After Sucessfull login. This is Done By.
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, chkPersistCookie.Checked)
This is All About Form Authentication. The Database Structure is look like this
CREATE TABLE [dbo].[Users] ( [uname] [varchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , [Pwd] [varchar] (25) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , [userRole] [varchar] (25) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ) ON [PRIMARY] GO