Using Security Controls


ASP.NET 2.0 includes many new security controls. Instead of writing a custom form to ask the user for a username and password, a ready-to-use Login control is available. The security controls and their functionality are listed in the following table.

Security Controls

Description

Login

The Login control is a composite control that includes controls to ask for username and password.

LoginStatus

The LoginStatus control includes hyperlinks to log in or logout, depending if the user is logged in or not.

LoginName

The LoginName control displays the name of the user.

LoginView

With the LoginView control, different content can be displayed depending if the user is logged in or not.

PasswordRecovery

PasswordRecovery is a composite control to reset forgotten passwords. Depending on the security configurations, the user is asked for the answer to a previously set secret question or the password is sent by e-mail.

ChangePassword

ChangePassword is a composite control that allows logged in users to change their password.

CreateUserWizard

CreateUserWizard is a wizard to create a new user and write the user information to the Membership provider.

In the following Try It Out, you add a login page to the Web application.

Try It Out – Create a Login Page

image from book

If you tried to start the Website after it has been configured to deny anonymous users, you should have received an error because a login.aspx page is missing. If a specific login page is not configured with Forms authentication, login.aspx is used by default. You will now create a login.aspx page.

  1. Add a new Web Form and name it login.aspx.

  2. Add the Login control to the form. In the design view, you will see the control shown in Figure 18-19.

    image from book
    Figure 18-19

  3. That's all that's necessary to create a login page. Now when you start the site default.aspx, you will be redirected to login.aspx, where you can enter the user credentials for the user you created earlier.

How It Works

After adding the Login control, you can see this code in the source view:

 <asp:Login  Runat="server"> </asp:Login> 

The properties for this control enable you to configure the text for the header, username, and password labels, and for the login button, too. You can make the check box Remember me next time visible by defining the DisplayRememberMe property.

If you want more control over the look and feel of the Login control, you can convert the control to a template. You can do this in the design view by clicking the smart tag and selecting Convert to Template. Next, when you click Edit Templates, you will get a view like that shown in Figure 18-20, where you can add and modify any controls.

image from book
Figure 18-20

For verifying the user credentials, when the Login In button is clicked, the method Membership. ValidateUser() is invoked by the control, and you don't have to do this yourself.

When users don't have an account to login with the EventRegistration Website, they should create their own login. This can be done very easily with the CreateUserWizard control, as you will see with the next Try It Out.

image from book

Try It Out – Using the CreateUser Wizard

image from book
  1. Add a new Web page named CreateUser.aspx in the Intro folder that was previously created. This folder is configured to be accessed from anonymous users.

  2. Add a CreateUserWizard control to this Web page.

  3. Set the property ContinueDestinationPageUrl to ~/Default.aspx.

  4. Add a LinkButton control to the Login.aspx page. Set the Text property of this control to Register User, and the PostBackUrl property of this control to the Web page Intro/ CreateUser.aspx.

  5. Now you can start the application. Clicking the link Register User on the Login.aspx page redirects to the page CreateUser.aspx where a new account will be created with the entered data.

How It Works

The CreateUserWizard control is a wizardlike control that consists of multiple wizard steps, which are defined with the element <WizardSteps>:

 <asp:CreateUserWizard  Runat="server"  ActiveStepIndex="1" ContinueDestinationPageUrl="~/Default.aspx"> <WizardSteps> <asp:CreateUserWizardStep Runat="server"  Title="Sign Up for Your New Account"> </asp:CreateUserWizardStep> <asp:CompleteWizardStep Runat="server" Title="Complete"> </asp:CompleteWizardStep> </WizardSteps> </asp:CreateUserWizard> 

These wizard steps can be configured in the designer. The smart tag of the control enables you to configure each of these steps separately. Figure 18-21 shows the configuration of step Sign Up for Your New Account, while Figure 18-22 shows the step Complete. You can also add custom steps with custom controls to add custom requirements, for example that the user should accept a contract before signing up for an account.

image from book
Figure 18-21

image from book
Figure 18-22

image from book




Beginning Visual C# 2005
Beginning Visual C#supAND#174;/sup 2005
ISBN: B000N7ETVG
EAN: N/A
Year: 2005
Pages: 278

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net