ASP.NET Login Script authenticate and role based with MS Access DB and SQL

**siraero** · Jul 21st, 2012, 10:48 AM

Now to the Default page, here i have used 3 ways to show diffrent parts to the user, depending on the role the user have, i have user User.IsInRole in 2 ways, Response.write() and then somethingid.Visible = True.
On that way i can see things only for Managers, Admins og Users.

Then i have another way to show things its with the asp:LoginView RoleGroups. here i can make maybe a link that users cant see, but Managers and Admin can see the link.

So 3 diffrent ways to show sensitiv things.

Default.asp

Code:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <input type="submit" Value="SignOut" runat="server" id="cmdSignOut">
        <br />
        <asp:Label ID="LegendInfo" runat="server" Text="Label"></asp:Label>&nbsp;</div>
        <br /><br />
        <asp:LoginView ID="LoginView1" runat="server">
        <RoleGroups>
            <asp:RoleGroup Roles="User, Admin, Manager">
                <ContentTemplate>
                You are loged in and is a Normal User: <asp:HyperLink ID="hlGroup1" NavigateUrl="#" runat="server">UserLink</asp:HyperLink> Kan ses af Manager/Admin/User<br />
                </ContentTemplate>
            </asp:RoleGroup>
        </RoleGroups>
    </asp:LoginView>
    <asp:LoginView ID="LoginView2" runat="server">
        <RoleGroups>
            <asp:RoleGroup Roles="Admin, Manager">
                <ContentTemplate>
                You are loged in and is a Admin: <asp:HyperLink ID="hlGroup1" NavigateUrl="#" runat="server">AdminLink</asp:HyperLink> Kan ses af Manager/Admin<br />
                </ContentTemplate>
            </asp:RoleGroup>
        </RoleGroups>
    </asp:LoginView>
    <asp:LoginView ID="LoginView3" runat="server">
        <RoleGroups>
            <asp:RoleGroup Roles="Manager">
                <ContentTemplate>
                You are loged in and is a Manager: <asp:HyperLink ID="hlGroup1" NavigateUrl="#" runat="server">ManagerLink</asp:HyperLink> Kan ses af Manager<br />
                </ContentTemplate>
            </asp:RoleGroup>
        </RoleGroups>
    </asp:LoginView>
    <br /><br />
    <asp:Label ID="text1" runat="server" Text="Label" Visible="false">tekst nr 1</asp:Label><br />
    <asp:Label ID="text2" runat="server" Text="Label" Visible="false">tekst nr 2</asp:Label><br />
    <asp:Label ID="text3" runat="server" Text="Label" Visible="false">tekst nr 3</asp:Label><br />
    </div>
    </form>
</body>
</html>

Default.asp.vb

Code:

Imports System.Web.Security

Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Dim htmlString As New StringBuilder()
        ' Has the request been authenticated?
        If Request.IsAuthenticated Then
            ' Display generic identity information.
            ' This is always available, regardless of the type of
            ' authentication.
            htmlString.Append("<h3>Generic User Information</h3>")
            htmlString.Append("<b>name: </b>")
            htmlString.Append(User.Identity.Name)
            htmlString.Append("<br><b>Authenticated With: </b>")
            htmlString.Append(User.Identity.AuthenticationType)
            htmlString.Append("<br><br>")
        End If
        ' Was forms authentication used?

        If TypeOf User.Identity Is FormsIdentity Then
            ' Get the ticket.
            Dim ticket As FormsAuthenticationTicket = (DirectCast(User.Identity, FormsIdentity)).Ticket
            htmlString.Append("<h3>Ticket User Information</h3>")
            htmlString.Append("<b>Name: </b>")
            htmlString.Append(ticket.Name)
            htmlString.Append("<br><b>Issued at: </b>")
            htmlString.Append(ticket.IssueDate)
            htmlString.Append("<br><b>Expires at: </b>")
            htmlString.Append(ticket.Expiration)
            htmlString.Append("<br><b>Cookie version: </b>")
            htmlString.Append(ticket.Version)

            ' Display the information.
            LegendInfo.Text = htmlString.ToString()
        End If

        'Display the sensitive material depending on role 1 way
        If User.IsInRole("Manager") Then
            ' Display sensitive material
            Response.Write("Du er Manager")
        ElseIf User.IsInRole("Admin") Then
            ' Display sensitive material
            Response.Write("Du er Admin")
        ElseIf User.IsInRole("User") Then
            ' Display sensitive material
            Response.Write("Du er Bruger")
        Else
            ' Display only bland material
        End If

        'Display the sensitive material depending on role another way
        If User.IsInRole("Manager") Then
            ' Display sensitive material
            text1.Visible = True
        ElseIf User.IsInRole("Admin") Then
            ' Display sensitive material
            text2.Visible = True
        ElseIf User.IsInRole("User") Then
            ' Display sensitive material
            text3.Visible = True
        Else
            ' Display only bland material
        End If

    End Sub

    Private Sub cmdSignOut_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSignOut.ServerClick
        FormsAuthentication.SignOut()
        FormsAuthentication.RedirectToLoginPage()
    End Sub

End Class

web.config (SQL)

Code:

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <add name="SQLConnstr" connectionString="Data Source=.\SQLExpress;Integrated Security=true; AttachDbFilename=|DataDirectory|\LogonDB.mdf;User Instance=true;"/>
  </connectionStrings>
  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
      <namespaces>
        <clear/>
        <add namespace="System"/>
        <add namespace="System.Collections"/>
        <add namespace="System.Collections.Specialized"/>
        <add namespace="System.Configuration"/>
        <add namespace="System.Text"/>
        <add namespace="System.Text.RegularExpressions"/>
        <add namespace="System.Web"/>
        <add namespace="System.Web.Caching"/>
        <add namespace="System.Web.SessionState"/>
        <add namespace="System.Web.Security"/>
        <add namespace="System.Web.Profile"/>
        <add namespace="System.Web.UI"/>
        <add namespace="System.Web.UI.WebControls"/>
        <add namespace="System.Web.UI.WebControls.WebParts"/>
        <add namespace="System.Web.UI.HtmlControls"/>
      </namespaces>
    </pages>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms name="MyCookieName" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" />
    </authentication>
    <authorization>
      <deny users ="?" />
      <allow users = "*" />
    </authorization>
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
        -->
    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
    </customErrors>
  </system.web>
</configuration>

If u need this to work with MS Access then u need to changes this
..
<connectionStrings>
<add name="SQLConnstr" connectionString="Data Source=.\SQLExpress;Integrated Security=true; AttachDbFilename=|DataDirectory|\LogonDB.mdf;User Instance=true;"/>
</connectionStrings>
..

With this
..
<connectionStrings>
<add name="AccessConnStr" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\LogonDB.mdb;Persist Security Info=True"/>
</connectionStrings>
..

Remember to add authorization for folders or pages that need to be used with the login script, here i think on CSS files in a folder like "ADD/CSS/" u will not use the folder in the header of ur login/default page if u havent added the folder to ur web.config.
<location path="FOLDER or site.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/> // deny others
</authorization>
</system.web>
</location>

Thread: ASP.NET Login Script authenticate and role based with MS Access DB and SQL

Thread Tools

Display

Threaded View

[RESOLVED] ASP.NET Login Script authenticate and role based, with MS Access DB and SQL - PART 2.

Posting Permissions