ASP.NET 2.0 includes many new security controls. Instead of writing a custom form to ask the user for a username and password, a ready-to-use Login control is available. The security controls and their functionality are listed in the following table.
Security Controls | Description |
---|---|
Login | The Login control is a composite control that includes controls to ask for username and password. |
LoginStatus | The LoginStatus control includes hyperlinks to log in or logout, depending if the user is logged in or not. |
LoginName | The LoginName control displays the name of the user. |
LoginView | With the LoginView control, different content can be displayed depending if the user is logged in or not. |
PasswordRecovery | PasswordRecovery is a composite control to reset forgotten passwords. Depending on the security configurations, the user is asked for the answer to a previously set secret question or the password is sent by e-mail. |
ChangePassword | ChangePassword is a composite control that allows logged in users to change their password. |
CreateUserWizard | CreateUserWizard is a wizard to create a new user and write the user information to the Membership provider. |
In the following Try It Out, you add a login page to the Web application.
Try It Out – Create a Login Page
If you tried to start the Website after it has been configured to deny anonymous users, you should have received an error because a login.aspx page is missing. If a specific login page is not configured with Forms authentication, login.aspx is used by default. You will now create a login.aspx page.
Add a new Web Form and name it login.aspx.
Add the Login control to the form. In the design view, you will see the control shown in Figure 18-19.
Figure 18-19
That's all that's necessary to create a login page. Now when you start the site default.aspx, you will be redirected to login.aspx, where you can enter the user credentials for the user you created earlier.
How It Works
After adding the Login control, you can see this code in the source view:
<asp:Login Runat="server"> </asp:Login>
The properties for this control enable you to configure the text for the header, username, and password labels, and for the login button, too. You can make the check box Remember me next time visible by defining the DisplayRememberMe property.
If you want more control over the look and feel of the Login control, you can convert the control to a template. You can do this in the design view by clicking the smart tag and selecting Convert to Template. Next, when you click Edit Templates, you will get a view like that shown in Figure 18-20, where you can add and modify any controls.
Figure 18-20
For verifying the user credentials, when the Login In button is clicked, the method Membership. ValidateUser() is invoked by the control, and you don't have to do this yourself.
When users don't have an account to login with the EventRegistration Website, they should create their own login. This can be done very easily with the CreateUserWizard control, as you will see with the next Try It Out.
Try It Out – Using the CreateUser Wizard
Add a new Web page named CreateUser.aspx in the Intro folder that was previously created. This folder is configured to be accessed from anonymous users.
Add a CreateUserWizard control to this Web page.
Set the property ContinueDestinationPageUrl to ~/Default.aspx.
Add a LinkButton control to the Login.aspx page. Set the Text property of this control to Register User, and the PostBackUrl property of this control to the Web page Intro/ CreateUser.aspx.
Now you can start the application. Clicking the link Register User on the Login.aspx page redirects to the page CreateUser.aspx where a new account will be created with the entered data.
How It Works
The CreateUserWizard control is a wizardlike control that consists of multiple wizard steps, which are defined with the element <WizardSteps>:
<asp:CreateUserWizard Runat="server" ActiveStepIndex="1" ContinueDestinationPageUrl="~/Default.aspx"> <WizardSteps> <asp:CreateUserWizardStep Runat="server" Title="Sign Up for Your New Account"> </asp:CreateUserWizardStep> <asp:CompleteWizardStep Runat="server" Title="Complete"> </asp:CompleteWizardStep> </WizardSteps> </asp:CreateUserWizard>
These wizard steps can be configured in the designer. The smart tag of the control enables you to configure each of these steps separately. Figure 18-21 shows the configuration of step Sign Up for Your New Account, while Figure 18-22 shows the step Complete. You can also add custom steps with custom controls to add custom requirements, for example that the user should accept a contract before signing up for an account.
Figure 18-21
Figure 18-22