Two Quick Ways to Perform ASP.NET
Authentication
Author: Anand
Narayanaswamy
Authentication is the process of validating a user based on a set of
credentials such as username, password, and e-mail address. Suppose
you own a small Web development company that uses ASP.NET, and you
want to give your users a secured area from where they can download
or view additional resources such as tutorials. You would have to
store crucial user data such as usernames and passwords (preferably
in a database such as Microsoft Access or SQL Server) and then
authenticate users based on those credentials with a help of the
relevant ASP.NET code. This process involves a huge amount of work
for developers, including such tasks as creating tables, stored
procedures, and so on.
ASP.NET offers simpler ways to validate users—with little work
required. By applying ASP.NET programming logic, you can store user
data in XML files and then validate users using those files. If you
have a limited number of users, you can store the credentials in a
Web configuration file (Web.Config) instead. This article shows you
how to apply ASP.NET user authentication using either a Web.Config
file or an XML file. If you haven't already, you'll need to install
Microsoft's ASP.NET Web Matrix, a free editor available for download
from http://www.asp.net
Authenticating Users Using a Web.Config File
Web.Config is the main configuration file that ASP.NET applications
use for storing global parameters such as connection strings for
databases, passwords, and so forth. You should save this file inside
the root directory of your ASP.NET application. To perform
authentication using the Web.Config file, you need to create a file
as shown in Listing 1.1:
The usernames and passwords should be
supplied inside the credentials tag, and the authentication mode
should be set to Forms. The contents of Listing 1.1 are case
sensitive and should be entered as shown. Further, the authorization
section denies access to all anonymous users. Hence, only users
whose credentials match those given in the Web.Config file can
access the relevant Web page. The following table shows different
kinds of tags and symbols you can use inside the authorization tag
and their meanings.
<deny users = "?"/>
Denies access to all anonymous users
<deny users = "*"/>
Denies access to both anonymous and authenticated users
<allow users = "?"/>
Allows access to all anonymous users
<allow users = "*"/>
Allows access to both anonymous and authenticated users
The next step is to create an ASP.NET page that contains the real
code for verifying a user as given in Listing 1.2
if IsValid then
if FormsAuthentication.Authenticate(txtUsername.Text,
txtPassword.Text) Then
lblStatus.Text = "Username and Passwords are correct"
else
lblStatus.Text = "Invalid Username and Passwords"
end if
end if
This code uses the Authenticate method of the FormsAuthentication
class to validate a user. The Authenticate method takes the
corresponding text fields as parameters. If the entered data is
incorrect, it executes the statement inside the else part. You can
also redirect a user to another Web site if the entered data is
correct by slightly modifying Listing 1.2 to the code shown in
Listing 1.3:
Listing 1.3
if IsValid then
if FormsAuthentication.Authenticate(txtUsername.Text,
txtPassword.Text) Then
Response.Redirect("http://www.developer.com")
else
lblStatus.Text = "Invalid Username and Passwords"
end if
end if
Authentication means validating a user based on a set of
credentials, such as e-mail, username, and password. Authorization
occurs after authentication. Authorization requires specifying
access restrictions and permissions for your users. Hence, these
terms are different but interrelated.
Authenticating Users Using an XML File
Even though you can easily authenticate users by using a Web.Config
file, it is not advisable for sites with a large number of users. It
is also very difficult to implement an automated system that
directly adds users to the Web.Config file. A Web developer should
manually add new usernames and passwords to the file for each new
user. To avoid this hassle, ASP.NET provides a facility for
authenticating users using an XML file. For this purpose, you have
to create both a Web.Config file (Listing 1.4) and an XML file
(Listing 1.5):
The next step is to create an ASP.NET page. Because it has to check
two credentials (username and password), you have to add two TextBox
controls and a Button control to the form. Double-click the button
control and add the code given in Listing 1.6:
Listing 1.6
If IsValid then
If XMLAuthentication(txtUsername.Text,txtPassword.Text) Then
Response.Redirect("http://www.developer.com")
End If
End If
Listing 1.6 passes the two control IDs as parameters to the
XMLAuthentication method. This method will contain the real code to
authenticate users from your XML file. Further, if the username and
password match with that of the XML file, the user will be
redirected to the developer.com home page. The source code for this
method is given in Listing 1.7:
Listing 1.7
Dim dstPwd as DataSet
Dim dtblPwd as DataTable
Dim users() as DataRow
dstPwd = New DataSet()
dstPwd.ReadXML(MapPath("Pwd.xml"))
if users.Length > 0 Then
if users(0)("pwd") = strPwd Then
Return True
Else
lblStatus.Text = "Invalid Password"
End If
Else
lblStatus.Text = "Username does not exist"
End If
Return False
End Function
In Listing 1.7, the XML file is loaded by using the built-in ReadXML()
method, and the XMLAuthentication method checks both the username
and password. The method displays the relevant messages in the label
control.
About the Author
Anand Narayanaswamy (Microsoft MVP) works as an independent
consultant and runs NetAns Technologies (http://www.netans.com)
which provides affordable web hosting services for the community. Anand also runs
LearnXpress.com (http://www.learnXpress.com)
and Dotnetalbum.com (http://www.dotnetalbum.com)
and regularly contributes articles, product and book reviews for
various websites.
He can be reached at
ananddotnet@yahoo.co.in
Content Right
Learnxpress.com is now listed as a featured site at
the Visual C#
developer center of MSDN
