Hi,
Forms Authentication allows developers to store the authentication
information, such as username and password, in the Web.config file. The
user’s request will go to IIS first and the user is authenticated by IIS. If
the anonymous access is enabled in IIS or the user is successfully
authenticated, it will hand off the request to ASP.NET application. ASP.NET
checks to see whether a valid authentication cookie is attached to the
request. If it is, it means the user credentials has been previously
authenticated. ASP.NET will then perform the authorization check. If the user
is authorized to access those resources, the access will be granted.
Otherwise, the “access-denied†message is sent.
If the request does not have any cookie attached, ASP.NET redirects the user
to the login page and solicits the credentials then resubmits for
authentication. The application code checks those credentials. If
authenticated, ASP.NET will attach the authentication ticket in the form of
cookie to the response. If failed, the user is redirected back to the login
page telling the user that the username/password is invalid.
Authenticating Users with a Database Table
The following code verifypassword() will first check the username and
password passed by the user. If they are valid, it creates an authentication
cookie, attaches it to the outgoing response and redirects user to original
requested page. The second parameter specifies whether the authentication
should be a session cookie (false) or a persistent cookie (true). We need to
write this statement ‘Imports System.Web.Security’ in Login.aspx to use the
security functionalities.
void Button_Click( object sender, EventArgs e ) {
if (IsValid) {
switch (VerifyPassword( txtUsername.Text, txtPassword.Text )) {
case 0:
FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, chkPersist.
Checked );
break;
case 1:
lblError.Text = "You did not enter a registered username";
break;
case 2:
lblError.Text = "You did not enter a valid password";
break;
}
}
}
int VerifyPassword( string strUsername, string strPassword ) {
string strConString;
SqlConnection conJobs;
SqlCommand cmdVerify;
SqlParameter parmReturn;
strConString = ConfigurationSettings.AppSettings["constring"];
conJobs = new SqlConnection( strConString );
cmdVerify = new SqlCommand( "VerifyPassword", conJobs );
cmdVerify.CommandType = CommandType.StoredProcedure;
parmReturn = cmdVerify.Parameters.Add( "@return", SqlDbType.Int );
parmReturn.Direction = ParameterDirection.ReturnValue;
cmdVerify.Parameters.Add( "@username", strUsername );
cmdVerify.Parameters.Add( "@password", strPassword );
conJobs.Open();
cmdVerify.ExecuteNonQuery();
conJobs.Close();
return (int)cmdVerify.Parameters["@return"].Value;
}
Benefits of Forms-Based Authentication
1.Developer can configure Forms-based authentication for various parts of the
website differently, because the Web.config is a hierarchical XML document.
2.Administrator and developer can change the authentication scheme quickly
and easily in the Web.config file
3.Administration is centralized because all the authentication entries are in
one place - Web.config file.
Database programming using Visual basic 2005
http://www.vkinfotek.com