Using Forms Based Security in a Microsoft ASP.NET Web Site using Visual Basic.NET

By using the built-in forms based security mechanisms provided by the System.Web.Security namespace in ASP.NET, you can provide a custom access routine for your web site.

Forms based security is applied in two phases:

1. Configure your web.config file to support forms based security and deny anonymous users.

2. Create a login form to check user credentials, and approve access.

This example shows how to use allow access to a user who types in "admin" in a textbox named Userbox. This example assumes that you have a form named Login.aspx that has a textbox named Userbox, and a button named Button1.

In your Web.congig file, modify the authentication and authorization elements as follows:

Once your web.config file is configured as above, any users that access your site that have not logged in would be sent to the login.aspx web page. In the login.aspx web page, use this code:

If UserBox.Text = "admin" Then
Web.Security.FormsAuthentication.RedirectFromLoginPage("admin", False)
End If

This sample code only uses a user name for authentication, you will usually take this a step further by requiring a username and password, and checking these against a database.

No matter what information you check, the key item is the RedirectFromLoginPage. When this method runs, the user is considered to be logged in. The two parameters passed into this method are the UserName as string, and a Boolean value indicating whether or not to create a persistent cookie.

If a user is given a persistent cookie, then the user can leave the site, close the browser, and return without having to log in again.

Here is an example of the same login using a username and password:

This code assumes that you have a pre-defined variable named ConnectionString that holds your database connection string, and that You are connecting to a database that has a table named Users, with columns for Password and UserID. You also must have two textboxes (UserBox and PasswordBox) on your login form.

Dim User As String = UserBox.Text
Dim Pass As String = PasswordBox.Text
Dim Con As New SqlClient.SqlConnection(ConnectionString)
Con.Open()

Dim cmd As New SqlClient.SqlCommand("SELECT Password FROM Users WHERE UserID = '" & User & "'", Con)

Dim DBPassword As String = cmd.ExecuteScalar & ""
Con.Close()
If Password <> "" And DBPassword = Pass Then
Web.Security.FormsAuthentication.RedirectFromLoginPage(User, False)
End If

Study and Research resources:

Microsoft Certification Info:

See the list of .Net articles

TOGGIT IN SEARCH OF CERTIFICATION

All information on this site is copyright ToggIT.com unless otherwise specified. Material submitted or posted this site may also contain materials that are copyrights of individual contributors. It is illegal to copy, publish, reproduce, or distribute any materials from this site with the express permission of the owner of this material.

The material on this web site is not sponsored by, endorsed by or affiliated with Microsoft, Inc, CompTIA, or Cisco Systems, Inc. Microsoft, Inc.® ,Windows XP, Windows 2000, Windows 2000 Server, Windows 98, Windows NT, Visual Basic, Visual C++, Visual FoxPro, SQL server and Microsoft logos are trademarks or registered trademarks of Microsoft, Inc. in the United States and certain other countries. A+, Server+, and Network+ are all registered trademarks of CompTIA. CCNA, CCNE, and the Cisco logo are all registered trademarks of Cisco Systems. All other trademarks are trademarks of their respective owners.