ASP.NET 2.0 Membership: How to authenticate a user without login control?

Discussion in 'ASP .Net' started by Max2006, Jul 13, 2007.

  1. Max2006

    Max2006 Guest

    Hi,

    I am using ASP.NET 2.0 Membership and I need to authenticate a user without
    using login control. Is there any sample code that shows me how to do that?

    Thank you,
    Max
     
    Max2006, Jul 13, 2007
    #1
    1. Advertising

  2. Max2006

    nahid Guest

    On Jul 13, 10:27 pm, "Max2006" <> wrote:
    > Hi,
    >
    > I am using ASP.NET 2.0 Membership and I need to authenticate a user without
    > using login control. Is there any sample code that shows me how to do that?
    >
    > Thank you,
    > Max


    hi,

    public void Login_OnClick(object sender, EventArgs args)
    {
    if (Membership.ValidateUser(UsernameTextbox.Text,
    PasswordTextbox.Text))
    FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text,
    NotPublicCheckBox.Checked);
    else
    Msg.Text = "Login failed. Please check your user name and
    password and try again.";
    }

    hope help

    nahid
    http://nahidulkibria.blogspot.com/
    http://www.kaz.com.bd
     
    nahid, Jul 13, 2007
    #2
    1. Advertising

  3. Hi Max,

    Nahid has given you a typical code snippet on how to programmatically do
    the membership user validation and FormsAuthentication Login operations.

    Actually, for the FormsAuthentication and User validation in ASP.NET 2.0,
    it consists of two parts:

    1. Use membership API to validate the user's username/password credentials

    2. All FormsAuthentication API to logon(generate and set authentication
    ticket/cookie).

    Here are some further articles introducing the model of ASP.NET
    formsauthentication and membership service and how they work together:

    #Explained: Forms Authentication in ASP.NET 2.0
    http://msdn2.microsoft.com/en-us/library/aa480476.aspx

    #Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 1
    http://aspnet.4guysfromrolla.com/articles/120705-1.aspx

    If you have any further specific questions on this, please feel free to
    post here.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Jul 16, 2007
    #3
  4. Hi,

    Forms Authentication allows developers to store the authentication
    information, such as username and password, in the Web.config file. The
    user’s request will go to IIS first and the user is authenticated by IIS. If
    the anonymous access is enabled in IIS or the user is successfully
    authenticated, it will hand off the request to ASP.NET application. ASP.NET
    checks to see whether a valid authentication cookie is attached to the
    request. If it is, it means the user credentials has been previously
    authenticated. ASP.NET will then perform the authorization check. If the user
    is authorized to access those resources, the access will be granted.
    Otherwise, the “access-denied†message is sent.

    If the request does not have any cookie attached, ASP.NET redirects the user
    to the login page and solicits the credentials then resubmits for
    authentication. The application code checks those credentials. If
    authenticated, ASP.NET will attach the authentication ticket in the form of
    cookie to the response. If failed, the user is redirected back to the login
    page telling the user that the username/password is invalid.

    Authenticating Users with a Database Table

    The following code verifypassword() will first check the username and
    password passed by the user. If they are valid, it creates an authentication
    cookie, attaches it to the outgoing response and redirects user to original
    requested page. The second parameter specifies whether the authentication
    should be a session cookie (false) or a persistent cookie (true). We need to
    write this statement ‘Imports System.Web.Security’ in Login.aspx to use the
    security functionalities.

    void Button_Click( object sender, EventArgs e ) {
    if (IsValid) {
    switch (VerifyPassword( txtUsername.Text, txtPassword.Text )) {
    case 0:
    FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, chkPersist.
    Checked );
    break;
    case 1:
    lblError.Text = "You did not enter a registered username";
    break;
    case 2:
    lblError.Text = "You did not enter a valid password";
    break;
    }
    }
    }

    int VerifyPassword( string strUsername, string strPassword ) {
    string strConString;
    SqlConnection conJobs;
    SqlCommand cmdVerify;
    SqlParameter parmReturn;

    strConString = ConfigurationSettings.AppSettings["constring"];
    conJobs = new SqlConnection( strConString );
    cmdVerify = new SqlCommand( "VerifyPassword", conJobs );
    cmdVerify.CommandType = CommandType.StoredProcedure;
    parmReturn = cmdVerify.Parameters.Add( "@return", SqlDbType.Int );
    parmReturn.Direction = ParameterDirection.ReturnValue;
    cmdVerify.Parameters.Add( "@username", strUsername );
    cmdVerify.Parameters.Add( "@password", strPassword );
    conJobs.Open();
    cmdVerify.ExecuteNonQuery();
    conJobs.Close();
    return (int)cmdVerify.Parameters["@return"].Value;
    }


    Benefits of Forms-Based Authentication

    1.Developer can configure Forms-based authentication for various parts of the
    website differently, because the Web.config is a hierarchical XML document.
    2.Administrator and developer can change the authentication scheme quickly
    and easily in the Web.config file
    3.Administration is centralized because all the authentication entries are in
    one place - Web.config file.

    Database programming using Visual basic 2005
    http://www.vkinfotek.com

    --
    Message posted via http://www.dotnetmonster.com
     
    timmy123 via DotNetMonster.com, Jul 16, 2007
    #4
  5. Hi Max,

    Have you got any further ideas or does the information in previous messages
    help you some? If there is anything else we can help, please feel free to
    post here.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Jul 19, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    2
    Views:
    2,667
    Joe Kaplan \(MVP - ADSI\)
    Dec 8, 2005
  2. =?Utf-8?B?RXJpY1J5YmFyY3p5aw==?=

    Problem handling Login control Authenticate event

    =?Utf-8?B?RXJpY1J5YmFyY3p5aw==?=, Feb 7, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    4,068
    =?Utf-8?B?RXJpY1J5YmFyY3p5aw==?=
    Feb 8, 2006
  3. Luqman
    Replies:
    1
    Views:
    2,945
    =?Utf-8?B?RFdT?=
    Feb 15, 2006
  4. wardemon
    Replies:
    2
    Views:
    196
    Dominick Baier
    Dec 29, 2006
  5. Mike Voissem

    Using Login Control to Authenticate???

    Mike Voissem, May 4, 2007, in forum: ASP .Net Security
    Replies:
    7
    Views:
    236
    Alexey Smirnov
    May 7, 2007
Loading...

Share This Page