Fun Pet Trick 8: Implementing a Login System in Only 3 Minutes

Previous page
Table of content
Next page

Fun Pet Trick #8: Implementing a Login System in Only 3 Minutes

By Scott Guthrie

ASP.NET version 2.0 includes built-in Membership Management and Role Management systems that provide automatic credential storage and role mapping support against multiple data store providers.

To access Membership Management and Role Management, you can use the Membership and RoleManager classes that are in the System.Web.Security namespace (which is imported by default for pages).

For example, you can use these classes to add new users to the application simply by calling Membership.CreateUser(username, password).

On top of these APIs, the ASP.NET team has added a suite of cool Login controls that live on the Security tab of the VS .NET toolbox. These internally call the Membership Management and Role Management APIs—and eliminate the need to write any code for common security tasks.

In the Alpha version, the following controls appear on the Toolbox:

  • Login: Login form

  • LoginView: Templated control to vary output based on logged-in state

  • PasswordRecovery: Control that enables passwords to be retrieved when forgotten

  • LoginStatus: Control that toggles a login/logout message with a link to the login page

  • LoginName: Control that outputs the login name of the current user

The ASP.NET team will add two more controls in the Beta—one for creating new users on the system, and one for changing passwords (for the Alpha version you'll need to use the Membership API and write a little bit of code to enable these scenarios).

Following is a simple example of how to use all of the preceding features to implement a security system with the Alpha version that uses Forms Authentication and stores usernames and passwords in a membership store. (By default it will use the AccessProvider—you can update the configuration file to point it at SQL without having to change any code.)

Step 1

Update web.config to enable Forms Authentication and the role provider.

 <?xml version="1.0" encoding="UTF-8" ?> <configuration>     <system.web>         <authentication mode="Forms" />         <roleManager enabled="true" />     </system.web> </configuration>

Step 2

Build a Default.aspx page that has both a LoginStatus control and a templated message for anonymous and logged-in users.

 <%@ page language="VB" %> <html> <body>     <form runat="server">         <table  cellspacing="1" cellpadding="1" border="1">             <tr>                 <td width="500">                     <h1>Put Site Logo/Banner Stuff Here</h1>                 </td>                 <td width="100" align="center">                     <asp:loginstatus  runat="server" />                 </td>             </tr>         </table>         <br />         <asp:loginview  runat="server">             <anonymoustemplate>                 <h2>Welcome to My Site</h2>             </anonymoustemplate>             <loggedintemplate>                 <h2>                     Welcome <asp:loginname  runat="server" />                 </h2>             </loggedintemplate>         </asp:loginview>     </form> </body> </html>

Step 3

Build a Login.aspx page that uses the Login control.

 <%@ page language="VB" %> <html> <body>     <form runat="server">         <asp:login  runat="server"             font-names="Verdana" font-size="10pt" borderwidth="1px"             bordercolor="#CCCC99" borderstyle="Solid" backcolor="#F7F7DE"             createusertext="Register New Account" createuserurl="CreateUser.aspx">             <titletextstyle font-bold="True" forecolor="White" backcolor="#6B696B">             </titletextstyle>         </asp:login>     </form> </body> </html>

Step 4

Build a CreateUser.aspx page that uses the Membership APIs to add new users into the application. Note that this will be made easier in the Beta version with a new CreateUser control.

 <%@ page language="VB" %> <script runat="server">     Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)         Try             Membership.CreateUser(UserName.Text, Password.Text)             FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)         Catch ex As Exception             Label1.Text = "Unable to create user - user may already exist"         End Try     End Sub </script> <html> <body>     <form runat="server">         UserName:         <asp:textbox  runat="server">         </asp:textbox>         <br />         <br />         Password:         <asp:textbox  textmode="Password" runat="server">         </asp:textbox>         <br />         <br />         <asp:button  runat="server"             text="Create User"             onclick="Button1_Click" />         <br />         <br />         <asp:label  runat="server" font-size="Large" forecolor="#FF0033">         </asp:label>     </form> </body> </html>

All in all, very little code is required (none will be needed with the Beta version). The resulting implementation is very secure (passwords are automatically hashed with salts to avoid retrieval in the event of a database hack) and very fast.

Should make building secure sites with Whidbey a breeze . . .



Previous page
Table of content
Next page
ASP. NET 2.0 Revealed
ASP.NET 2.0 Revealed
ISBN: 1590593375
EAN: 2147483647
Year: 2005
Pages: 133
Authors: Patrick Lorenz, Patrick A. Lorenz, Apress
BUY ON AMAZON
Oracle Developer Forms Techniques
Documenting Software Architectures: Views and Beyond
The Complete Cisco VPN Configuration Guide
Visual C# 2005 How to Program (2nd Edition)
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy