I just use a couple of text boxes, but the "forms authentication" is very cool. When they authenticate, if you need the details, create a userinfo object and stuff it in the session. You can access it from any page then.
so..
In Web.Config, something like this:
<authentication mode="Forms">
<forms name="ccso" loginUrl="~/Login.aspx" protection="All" timeout="30" path="/" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
In login.aspx:
<FORM id="Form1" method="post" runat="server">
<TABLE class="login" align="center">
<CAPTION align="bottom">
Please enter your login information</CAPTION>
<TR>
<TD class="label">
<asp:Label id="Label1" runat="server" EnableViewState="False">Login ID:</asp:Label></TD>
<TD>
<asp:TextBox id="txtLoginID" runat="server" EnableViewState="False" Width="160px"></asp:TextBox></TD>
</TR>
<TR>
<TD class="label">
<asp:Label id="Label2" Runat="server" EnableViewState="False">Password:</asp:Label></TD>
<TD>
<asp:TextBox id="password" Runat="server" EnableViewState="False" Width="160px" TextMode="Password"></asp:TextBox></TD>
</TR>
<TR>
<TD align="center" colSpan="2">
<asp:Button id="Button1" CssClass="submit" runat="server" Text="Submit"></asp:Button></TD>
</TR>
</TABLE>
In the login.aspx postback...
If Page.IsPostBack Then
Try
Dim user As User = New User(txtLoginID.Text, password.Text)
If CInt(user.Login("UserGroupID")) > UserGroup.Executive Then
Throw New LoginException("You are not authorized to access this page.")
End If
Session("User") = user
FormsAuthentication.RedirectFromLoginPage(txtLoginID.Text, False)
Catch ex As LoginException
lblMessage.Text = ex.Message
End Try
End If
Here's a user class...
(This is a quick and dirty one. You could write a more sophisticated class that had nice properties for everything. I just stuff what the stored procedure throws back into a hash table. The SP really just select *'s the user table. This way I have access to all the fields in the db without having to code a property for each.) You can use this like this:
Private _user As User = CType(Session("User"), User)
.... CStr(_user.Login("SalesRepNum"))...
Public Enum UserGroup
Administrator = 1
Executive = 2
Manager = 3
Broker = 4
End Enum
Public Class User
Private _Login As New Hashtable
#Region "GetSet"
Public ReadOnly Property Login() As Hashtable
Get
Return _Login
End Get
End Property
#End Region
Sub New(ByVal LoginName As String, ByVal pwd As String)
Dim conn As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("AuthConnectionString"))
Dim cmd As SqlCommand = New SqlCommand
Dim dr As SqlDataReader
Dim parmName As New SqlParameter("@LoginName", SqlDbType.VarChar, 50, "LoginName")
Dim parmPWD As New SqlParameter("@Password", SqlDbType.VarChar, 50, "Password")
cmd.CommandType = CommandType.StoredProcedure
cmd.CommandText = "GetUserByLogin"
cmd.Connection = conn
parmName.Value = LoginName
cmd.Parameters.Add(parmName)
parmPWD.Value = pwd
cmd.Parameters.Add(parmPWD)
conn.Open()
dr = cmd.ExecuteReader(CommandBehavior.CloseConnection)
Try
If dr.HasRows Then
dr.Read()
Dim x As Integer
For x = 0 To dr.FieldCount - 1
_Login.Add(dr.GetName(x), dr.GetValue(x))
Next
Else
Throw New LoginException("User name and password not found.")
End If
Finally
dr.Close()
End Try
End Sub
End Class