A
Arpan
Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the
following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.
The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".
Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.
Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?
For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).
Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?
Thanks,
Arpan
following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.
The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".
Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.
Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?
For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).
Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?
Thanks,
Arpan