The BikeBlogSecured Application
The Login Controls
In earlier versions of ASP.NET, the developer was responsible for creating the user interface for all aspects of user administration. Fortunately, ASP.NET 2.0 has several new login-related controls. Figure 7-18 shows the controls in the Login section of the Visual Studio Toolbox.
Figure 7-18: The Login controls in the Visual Studio Toolbox
In the following sections, I will provide a brief overview of each of these controls. Virtually all text used in all of these controls can be configured by using properties of the controls. The first item in Figure 7-18 is the Pointer, which merely deselects a currently selected toolbar control.
Login
The Login control presents a user interface in which the user can enter a user name and password. Users can choose to have the Web site remember who they are, so that they do not need to log in each time they visit the site. As with almost all of the login-related controls, you can use the Auto Format dialog box to apply several styles all at once, or you can apply styles individually. The appearance of the Login control can be modified in a variety of ways, and you can even convert the control to a templated version and then modify the template to more closely match the rest of your site.
LoginView
The LoginView control detects the login status of the user and displays different text based on that status. Anonymous users will see different text than users who are logged in, and different information can also be displayed to users in different roles.
PasswordRecovery
The PasswordRecovery control allows a user to retrieve his or her password if it has been lost. The PasswordRecovery control does not display the user's password on the Web page, which would be a terrible security breach. Depending on several other settings, some passwords may not be recoverable. If you are using a one-way hash (a hash that cannot be converted back to clear text), the password cannot be recovered, but it can be reset and e-mailed to the user. For example, when I reset my password, I received an e-mail with the following text:
-
Please return to the site and log in using the following information.
-
User Name: dreilly
-
Password: wAdW]+MH{!K[kG
LoginStatus
The LoginStatus control is rendered as a link that either sends the anonymous user to the specified login page (Login.aspx by default) or logs out the currently logged in user. Again, almost all text in this control can be modified.
