Ok here's a quick demo of basic forms authentication.
The only real code I have coded is in the login page, and the config file.
In the web.config file I have:
Code:
<authentication mode="Forms">
<forms name=".DEMOAPP" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
This means that if the cookie DEMOAPP doesn't exist, or is invalid, then everyone gets redirected to the login.aspx page.
Maybe you want certain pages that anonamous users, not logging in, can view.
To do this I have added some extra lines to my config file:
Code:
'other config stuff
</system.web>
'I have added this
<location path="Main.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
This basically tells .net that anyone can view Main.aspx, logged in or not.
I have used the username Woof and password Growl in my exmaples to validate my login.
My login code looks like:
VB Code:
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Login(txtUsername.Text, txtPassword.Text)
End Sub
Private Sub Login(ByVal Username As String, ByVal Password As String)
If ValidateLogin(Username, Password) Then
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)
End If
End Sub
Private Function ValidateLogin(ByVal Username As String, ByVal Password As String) As Boolean
'here you would query your SQL DB as you would with a nomral app
'but in this case I have hard coded a username and password in.
Return (Username = "Woof") And (Password = "Growl")
End Function
The following line is the one that saves the security cookie to the clients PC:
VB Code:
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)
The username can be got at any time using:
VB Code:
Response.Write(User.Identity.Name)
As I have done in my users.aspx page.
Anyways here's the code.
Unzip it and create a VD in IIS called FormsAuthenticationDemo2003 and point it at the FormsAuthenticationDemo2003 folder you just extracted.
That should be it.
Woka