Forms Authentication Without Password In ASP.NET

• Download SampleAuthentication.zip - 18.8 KB

Introduction

Password Protection And Password Management is an important issue In designing Control System Or Other Authorizing Permissins system.

• Some Developer Using The Encryption Algoritms To Encrypt Password Before Saving In Database And Save The Encrypted Password In DataBase And Encryption Password And Decryption Made By Application Layer.
  This is Useful When We have A Complex Authorization In Access To Permissins therefore When Hacker hacked our Database It is Difficult to to befool us like change the permissions and other...
• It is Difficult to users To record Password for several system and users like have one or two password for logining systems.

Background

In This Article we Use The Mixed Mode Authentication(Forms and Windows) For Loggining Systems This Is Use full To Managing Security In Intranet System Because the NT Security In asp.net Manage The security Of Our System and NT Security in Windows successfully In Managing Security

Using the code

Before We Use the Code We Ust Go To the ComputerManageMent Of Server(or your system)
and then go to Groups And Users And Define the ASP.Net As Member Of System Worker
or Act as part of the operating system

1. Configure your Web application's web.config file to use Forms Authentication
   
   XML

   <authentication mode="Forms">
   	<!--<forms loginUrl="Login.aspx" cookieless="UseUri" slidingExpiration="true" 
   		name=".LogonUserDemo2" timeout="20" path="/" protection="All"/>-->
   </authentication>
   <authorization>
   	<allow users="*"/>
   </authorization>
   <location path="Secured Folder" >
   	<system.web>
   		<authorization>
   			<deny users="?"/>
   		</authorization>
   	</system.web>
   </location>

2. Create your login page :

   Important point In Login Page Define the Api that Using The Windows Security

   C#

   const long LOGON32_LOGON_INTERACTIVE = 2;
   const long LOGON32_LOGON_NETWORK = 3;
   const long LOGON32_PROVIDER_DEFAULT = 0;
   const long LOGON32_PROVIDER_WINNT50 = 3;
   const long LOGON32_PROVIDER_WINNT40 = 2;
   const long LOGON32_PROVIDER_WINNT35 = 1;
   
   [DllImport("advapi32.dll", EntryPoint = "LogonUser")]
   private static extern bool LogonUser(
   	string lpszUsername,
   	string lpszDomain,
   	string lpszPassword,
   	int dwLogonType,
   	int dwLogonProvider,
   	ref IntPtr phToken);
   	
   private bool ValidateLogin(
   	string Username,
   	string Password,
   	string Domain)
   	{
   		IntPtr token = new IntPtr(0);
   		token = IntPtr.Zero;
   		if (LogonUser(
   			Username,
   			Domain,
   			Password,
   			(int)LOGON32_LOGON_NETWORK,
   			(int)LOGON32_PROVIDER_DEFAULT,
   			ref token))
   		{
   			return true;
   		}
   		else
   		{
   			return false;
   		}
   	}

   After checking User If Exists In Our Domain We Check User That Exising In Our Users Database and The Permissins For them.

   C#

   	string Username = UserName.Text;
   	string Password = Password1.Text;
   	string Domain = DropDownList1.SelectedValue;
   	Domain = "DomanName";
   	bool checkedVal = RememberMe.Checked;
   
   	////if(Username.Substring(0,1)=="@")
   	//// if (Password == "nasim")
   	//// {
   	//// 	FormsAuthentication.RedirectFromLoginPage(Domain + '\\' + 
   	////		Username.Substring(1,Username.Length-1), checkedVal);
   	//// 	return;
   	//// }
   
   	if (ValidateLogin(Username, Password, Domain))
   	{
   		UsersDataTableAdapters.UsersTableAdapter uta = new UsersDataTableAdapters.UsersTableAdapter();
   		UsersData.UsersDataTable udt = new UsersData.UsersDataTable();
   		udt = uta.GetDataByUserName(Domain + '\\' + Username);
   		FormsAuthentication.RedirectFromLoginPage(Domain + '\\' + Username, false);
   	}
   	else
   	{
   		FormsAuthentication.RedirectToLoginPage();
   		return;
   	}
   }

Points of Interest

Exactly I use The Resource About Definition of api From Internet And MSDN.