ASP.NET Tutorial/Authentication Authorization/Form Based
Содержание
Automatically Redirecting a User to the Referring Page
If you request the Login.aspx page directly, after you successfully log in, you are redirected to the Default.aspx page.
If you add the Login control to a page other than the Login.aspx page, you need to set the Login control"s DestinationPageUrl property.
When you successfully log in, you are redirected to the URL represented by this property.
If you don"t supply a value for the DestinationPageUrl property, the same page is reloaded.
Automatically Hiding the Login Control from Authenticated Users
The easiest way to add a Login control to all the pages in an application is to take advantage of Master Pages.
You can change the layout of the Login control by modifying the Login control"s Orientation property.
If you set this property to the value Horizontal, then the Username and Password text boxes are rendered in the same row.
If you include a Login control in all your pages, you should also modify the Login control"s VisibleWhenLoggedIn property.
If you set this property to the value False, then the Login control is not displayed when a user has already authenticated.
File: LoginMaster.master
<%@ Master Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>My Website</title>
</head>
<body>
<form id="form1" runat="server">
<div class="content">
<asp:Login
id="Login1"
Orientation="Horizontal"
VisibleWhenLoggedIn="false"
DisplayRememberMe="false"
TitleText=""
CssClass="login"
Runat="server" />
<hr />
<asp:contentplaceholder
id="ContentPlaceHolder1"
runat="server">
</asp:contentplaceholder>
</div>
</form>
</body>
</html>
File: LoginContent.aspx
<%@ Page Language="C#" MasterPageFile="~/LoginMaster.master" %>
<asp:Content
ID="Content1"
ContentPlaceHolderID="ContentPlaceHolder1"
Runat="Server">
<h1>Welcome to our Website!</h1>
</asp:Content>
Create a new folder in your application named SecretFiles
Add the page, File: SecretFiles\Secret.aspx
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Secret</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h1>This Page is Secret!</h1>
</div>
</form>
</body>
</html>
By default, Windows authentication is enabled.
To use the Login controls, you need enable Forms authentication
File: Web.Config
<configuration>
<system.web>
<authentication mode="Forms" />
</system.web>
</configuration>
By default, all users have access to all pages in an application.
If you want to restrict access to the pages in a folder, then you need to configure authorization for the folder.
Add the following web configuration file to the SecretFiles folder.
Then anonymous users are prevented from accessing any pages in the folder.
The single authorization rule here prevents anonymous users from accessing pages in the folder.
The ? represents anonymous users.
File: SecretFiles\Web.Config
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
If you attempt to request the Secret.aspx page, then you are redirected to a page named Login.aspx automatically.
By default, this page must be located in the root of your application.
The Login.aspx page contains a Login control.
The Login control automatically generates a login form.
File: Login.aspx
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Login</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Login
id="Login1"
CreateUserText="Register"
CreateUserUrl="~/Register.aspx"
Runat="server" />
</div>
</form>
</body>
</html>
Login control includes a CreateUserText and CreateUserUrl property.
Adding these properties to the Login control causes the control to display a link to a page that enables a new user to register for your application.
The Login control links to a page named Register.aspx.
File: Register.aspx
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Register</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:CreateUserWizard
id="CreateUserWizard1"
ContinueDestinationPageUrl="~/SecretFiles/Secret.aspx"
Runat="server" />
</div>
</form>
</body>
</html>
The Register.aspx page contains a CreateUserWizard control.
This control automatically generates a user registration form.
After you submit the form, a new user is created, and you are redirected back to the Secret.aspx page.
Customizing the Login form
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<style type="text/css">
.login
{
width:250px;
font:14px Verdana,Sans-Serif;
background-color:lightblue;
border:solid 3px black;
padding:4px;
}
.login_title
{
background-color:darkblue;
color:white;
font-weight:bold;
}
.login_instructions
{
font-size:12px;
text-align:left;
padding:10px;
}
.login_button
{
border:solid 1px black;
padding:3px;
}
</style>
<title>Show Login</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Login
id="Login1"
InstructionText="Please log in before
accessing the premium section of our Website."
TitleText="Log In"
TextLayout="TextOnTop"
LoginButtonText="Log In"
DisplayRememberMe="false"
CssClass="login"
TitleTextStyle-CssClass="login_title"
InstructionTextStyle-CssClass="login_instructions"
LoginButtonStyle-CssClass="login_button"
Runat="server" />
</div>
</form>
</body>
</html>
Form authentication with backend database
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script language="VB" runat="server">
sub Login(Sender as Object, e as EventArgs)
dim intID as integer = 0
dim Conn as new OleDbConnection("Provider=" & _
"Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=userTable.mdb")
dim objCmd as OleDbCommand = new OleDbCommand _
("SELECT UserID FROM tblUsers WHERE " & _
"Username = "" & tbUserName.Text & "" " & _
"AND Password = "" & tbPassword.Text & """, Conn)
dim objReader as OleDbDataReader
try
objCmd.Connection.Open()
objReader = objCmd.ExecuteReader()
do while objReader.Read
intId = objReader.GetInt32(0).ToString()
loop
catch ex as OleDbException
lblMessage.Text = ex.Message
finally
objReader.Close()
objCmd.Connection.Close()
end try
if intID <> 0 then
FormsAuthentication.SetAuthCookie(intID, false)
lblMessage.Text = "Success!"
else
lblMessage.Text = "Invalid username or password!"
end if
end sub
</script>
<html><body>
<form runat="server">
<asp:Label id="lblMessage" runat="server"/>
Username:
<asp:Textbox id="tbUsername" runat="server" /><br>
Password:
<asp:Textbox id="tbPassword" TextMode="password" runat="server" />
<asp:Button id="Submit" runat="server" onClick="Login" text="Submit" />
</form>
</body></html>
File: Web.Config
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>