Results 1 to 8 of 8

Thread: Forms Authentication Example

  1. #1

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632

    Forms Authentication Example

    Ok here's a quick demo of basic forms authentication.
    The only real code I have coded is in the login page, and the config file.
    In the web.config file I have:
    Code:
        <authentication mode="Forms"> 
            <forms name=".DEMOAPP" loginUrl="Login.aspx" />
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    This means that if the cookie DEMOAPP doesn't exist, or is invalid, then everyone gets redirected to the login.aspx page.

    Maybe you want certain pages that anonamous users, not logging in, can view.
    To do this I have added some extra lines to my config file:
    Code:
    'other config stuff
        </system.web>
    
        'I have added this
        <location path="Main.aspx">
            <system.web>
                <authorization>
    	   <allow users="*" />
                </authorization>
            </system.web>
        </location>
    
    </configuration>
    This basically tells .net that anyone can view Main.aspx, logged in or not.

    I have used the username Woof and password Growl in my exmaples to validate my login.

    My login code looks like:
    VB Code:
    1. Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
    2.         Login(txtUsername.Text, txtPassword.Text)
    3.     End Sub
    4.  
    5.     Private Sub Login(ByVal Username As String, ByVal Password As String)
    6.         If ValidateLogin(Username, Password) Then
    7.             System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)
    8.         End If
    9.     End Sub
    10.  
    11.     Private Function ValidateLogin(ByVal Username As String, ByVal Password As String) As Boolean
    12.         'here you would query your SQL DB as you would with a nomral app
    13.         'but in this case I have hard coded a username and password in.
    14.  
    15.         Return (Username = "Woof") And (Password = "Growl")
    16.     End Function
    The following line is the one that saves the security cookie to the clients PC:
    VB Code:
    1. System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)
    The username can be got at any time using:
    VB Code:
    1. Response.Write(User.Identity.Name)
    As I have done in my users.aspx page.

    Anyways here's the code.
    Unzip it and create a VD in IIS called FormsAuthenticationDemo2003 and point it at the FormsAuthenticationDemo2003 folder you just extracted.

    That should be it.

    Woka
    Attached Files Attached Files

  2. #2
    Member
    Join Date
    Feb 2006
    Posts
    39

    Re: Forms Authentication Example

    <authorization>
    <deny users="?" />
    </authorization>
    Hi, I'm newbie in asp.net. Can I know what this "?" meant by? and the [forms name=".DEMOAPP"] can be replaced by what name? it must be a cookie?

  3. #3

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632

    Re: Forms Authentication Example

    Code:
        <authentication mode="Forms"> 
    		<forms name=".DEMOAPP" loginUrl="Login.aspx" />
        </authentication>
        <authorization>
    		<deny users="?" />
        </authorization>
    Yes, DEMOAPP is the cookie name I believe.
    The deny users = ? means deny all anonymous users access to the site, and redirect them to the login page.

    Further down in the config file you'll see:
    Code:
    	<location path="Main.aspx">
    		<system.web>
    			<authorization>
    				<allow users="*" />
    			</authorization>
    		</system.web>
    	</location>
    This overrides the deny users = ? for a given page. So here I have said allow ALL users, logged in or not, to view main.aspx

    Woof

  4. #4

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632

    Re: Forms Authentication Example

    Adding onto that, the DEMOAPP is the cookie name that stores the authentication ticket for the security. You can call this what you want. I think the default is ASPXAUTH.
    If you deploy multiple web apps on the same server then these must be unique per application.

    Woka

  5. #5
    Addicted Member
    Join Date
    Mar 2004
    Posts
    222

    Re: Forms Authentication Example

    Thanks for all but I don't understand from where did you call
    users.aspx?

  6. #6

  7. #7
    Addicted Member
    Join Date
    Mar 2004
    Posts
    222

    Re: Forms Authentication Example

    I am sorry I found it.
    the redirect is not in login form.

    but the same thing is not working in c# project

  8. #8
    Addicted Member
    Join Date
    Mar 2004
    Posts
    222

    Re: Forms Authentication Example

    I have found something strange.

    the program works fine if I use ip address insted of dnsname
    but if I use dnsname like http://isu_nnn/webapp1
    it displays fine but while pressing the login button it wont redirect to default.aspx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width