Forms Authentication Example

[Wokawidget]

Ok here's a quick demo of basic forms authentication.
The only real code I have coded is in the login page, and the config file.
In the web.config file I have:

Code:

    <authentication mode="Forms"> 
        <forms name=".DEMOAPP" loginUrl="Login.aspx" />
    </authentication>
    <authorization>
        <deny users="?" />
    </authorization>

This means that if the cookie DEMOAPP doesn't exist, or is invalid, then everyone gets redirected to the login.aspx page.

Maybe you want certain pages that anonamous users, not logging in, can view.
To do this I have added some extra lines to my config file:

Code:

'other config stuff
    </system.web>

    'I have added this
    <location path="Main.aspx">
        <system.web>
            <authorization>
	   <allow users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>

This basically tells .net that anyone can view Main.aspx, logged in or not.

I have used the username Woof and password Growl in my exmaples to validate my login.

My login code looks like:

VB Code:

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Login(txtUsername.Text, txtPassword.Text)
    End Sub
 
    Private Sub Login(ByVal Username As String, ByVal Password As String)
        If ValidateLogin(Username, Password) Then
            System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)
        End If
    End Sub
 
    Private Function ValidateLogin(ByVal Username As String, ByVal Password As String) As Boolean
        'here you would query your SQL DB as you would with a nomral app
        'but in this case I have hard coded a username and password in.
 
        Return (Username = "Woof") And (Password = "Growl")
    End Function

The following line is the one that saves the security cookie to the clients PC:

VB Code:

System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username, False)

The username can be got at any time using:

VB Code:

Response.Write(User.Identity.Name)

As I have done in my users.aspx page.

Anyways here's the code.
Unzip it and create a VD in IIS called FormsAuthenticationDemo2003 and point it at the FormsAuthenticationDemo2003 folder you just extracted.

That should be it.

Woka

[asp.net]

<authorization>
<deny users="?" />
</authorization>

Hi, I'm newbie in asp.net. Can I know what this "?" meant by? and the [forms name=".DEMOAPP"] can be replaced by what name? it must be a cookie?

[Wokawidget]

Code:

    <authentication mode="Forms"> 
		<forms name=".DEMOAPP" loginUrl="Login.aspx" />
    </authentication>
    <authorization>
		<deny users="?" />
    </authorization>

Yes, DEMOAPP is the cookie name I believe.
The deny users = ? means deny all anonymous users access to the site, and redirect them to the login page.

Further down in the config file you'll see:

Code:

	<location path="Main.aspx">
		<system.web>
			<authorization>
				<allow users="*" />
			</authorization>
		</system.web>
	</location>

This overrides the deny users = ? for a given page. So here I have said allow ALL users, logged in or not, to view main.aspx

Woof

[Wokawidget]

Adding onto that, the DEMOAPP is the cookie name that stores the authentication ticket for the security. You can call this what you want. I think the default is ASPXAUTH.
If you deploy multiple web apps on the same server then these must be unique per application.

Woka

[purusingh1]

Thanks for all but I don't understand from where did you call
users.aspx?

[Wokawidget]

Sorry, not sure I follow you...

Can you explain in a little more detail?

Woka

[purusingh1]

I am sorry I found it.
the redirect is not in login form.

but the same thing is not working in c# project

[purusingh1]

I have found something strange.

the program works fine if I use ip address insted of dnsname
but if I use dnsname like http://isu_nnn/webapp1
it displays fine but while pressing the login button it wont redirect to default.aspx