Tutorial Form Security |
How to use .NET Authentication to secure WebForms
This is a very basic example of how to use .NET Authentication to manage page securty.
Overview: .NET allows you to maintain a list of pages that require a user to login to use. The "secure" forms don't have to be any different than any other webform - you just need to list them. In this example we'll have these pages:
- default.aspx: the default startup page - no securty
- secure.aspx: the secure page - users have to login in to view it
- login.aspx: this is the page that logs the user in and performs validation
To implement this we need to first change the webconfig.xml file:
<authentication mode="Forms">
<forms name="DoesntMatterForThisExample" loginUrl="login.aspx"/>
</authentication>
Next, below the </system.web> tag add this:
<location path="secure.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Alternatively, you can do this for all pages in the section right below authentication (instead of doing it for each page).
This tells .NET that when someone goes to secure.aspx they will be redirected to login.aspx to login. If they've already logged in .NET will manage this for you.
To implement this you need to add a login in form to login.aspx (which can be anything you want to check whatever you want). In some section of login.aspx, when you've determined the user has suceeded or failed to login in you need this code:
if (boolSomeVariableTheTellsYouTheyShouldBeAllowedIn)
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("anythingForThisExample",true);
else
Response.Write("<p>Failed");
This will automatically redirect them back to whatever page they were trying to get to.
To logout you simply do:
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect("login.aspx");
Again, this is a very basic example. You can do a lot more with Authentication but this is the absolute basics. I'll try to write a tutorial that's more involved in the future.
Last Modified 1/22/05 9:41 PM