Ok here's a quick demo of basic forms authentication.
The only real code I have coded is in the login page, and the config file.
In the web.config file I have:
This means that if the cookie DEMOAPP doesn't exist, or is invalid, then everyone gets redirected to the login.aspx page.
<forms name=".DEMOAPP" loginUrl="Login.aspx" />
<deny users="?" />
Maybe you want certain pages that anonamous users, not logging in, can view.
To do this I have added some extra lines to my config file:
This basically tells .net that anyone can view Main.aspx, logged in or not.
'other config stuff
'I have added this
<allow users="*" />
I have used the username Woof and password Growl in my exmaples to validate my login.
My login code looks like:
The following line is the one that saves the security cookie to the clients PC:
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Private Sub Login(ByVal Username As String, ByVal Password As String)
If ValidateLogin(Username, Password) Then
Private Function ValidateLogin(ByVal Username As String, ByVal Password As String) As Boolean
'here you would query your SQL DB as you would with a nomral app
'but in this case I have hard coded a username and password in.
Return (Username = "Woof") And (Password = "Growl")
The username can be got at any time using:
As I have done in my users.aspx page.
Anyways here's the code.
Unzip it and create a VD in IIS called FormsAuthenticationDemo2003 and point it at the FormsAuthenticationDemo2003 folder you just extracted.
That should be it.