ASP.NET 2.0 Membership: How to authenticate a user without login control?

[Max2006]

Hi,

I am using ASP.NET 2.0 Membership and I need to authenticate a user without
using login control. Is there any sample code that shows me how to do that?

Thank you,
Max

 

[nahid]

Hi,

I am using ASP.NET 2.0 Membership and I need to authenticate a user without
using login control. Is there any sample code that shows me how to do that?

Thank you,
Max

hi,

public void Login_OnClick(object sender, EventArgs args)
{
if (Membership.ValidateUser(UsernameTextbox.Text,
PasswordTextbox.Text))
FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text,
NotPublicCheckBox.Checked);
else
Msg.Text = "Login failed. Please check your user name and
password and try again.";
}

hope help

nahid
http://nahidulkibria.blogspot.com/
http://www.kaz.com.bd

 

[Steven Cheng[MSFT]]

Hi Max,

Nahid has given you a typical code snippet on how to programmatically do
the membership user validation and FormsAuthentication Login operations.

Actually, for the FormsAuthentication and User validation in ASP.NET 2.0,
it consists of two parts:

1. Use membership API to validate the user's username/password credentials

2. All FormsAuthentication API to logon(generate and set authentication
ticket/cookie).

Here are some further articles introducing the model of ASP.NET
formsauthentication and membership service and how they work together:

#Explained: Forms Authentication in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/aa480476.aspx

#Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 1
http://aspnet.4guysfromrolla.com/articles/120705-1.aspx

If you have any further specific questions on this, please feel free to
post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[timmy123 via DotNetMonster.com]

Hi,

Forms Authentication allows developers to store the authentication
information, such as username and password, in the Web.config file. The
user’s request will go to IIS first and the user is authenticated by IIS. If
the anonymous access is enabled in IIS or the user is successfully
authenticated, it will hand off the request to ASP.NET application. ASP.NET
checks to see whether a valid authentication cookie is attached to the
request. If it is, it means the user credentials has been previously
authenticated. ASP.NET will then perform the authorization check. If the user
is authorized to access those resources, the access will be granted.
Otherwise, the “access-denied†message is sent.

If the request does not have any cookie attached, ASP.NET redirects the user
to the login page and solicits the credentials then resubmits for
authentication. The application code checks those credentials. If
authenticated, ASP.NET will attach the authentication ticket in the form of
cookie to the response. If failed, the user is redirected back to the login
page telling the user that the username/password is invalid.

Authenticating Users with a Database Table

The following code verifypassword() will first check the username and
password passed by the user. If they are valid, it creates an authentication
cookie, attaches it to the outgoing response and redirects user to original
requested page. The second parameter specifies whether the authentication
should be a session cookie (false) or a persistent cookie (true). We need to
write this statement ‘Imports System.Web.Security’ in Login.aspx to use the
security functionalities.

void Button_Click( object sender, EventArgs e ) {
if (IsValid) {
switch (VerifyPassword( txtUsername.Text, txtPassword.Text )) {
case 0:
FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, chkPersist.
Checked );
break;
case 1:
lblError.Text = "You did not enter a registered username";
break;
case 2:
lblError.Text = "You did not enter a valid password";
break;
}
}
}

int VerifyPassword( string strUsername, string strPassword ) {
string strConString;
SqlConnection conJobs;
SqlCommand cmdVerify;
SqlParameter parmReturn;

strConString = ConfigurationSettings.AppSettings["constring"];
conJobs = new SqlConnection( strConString );
cmdVerify = new SqlCommand( "VerifyPassword", conJobs );
cmdVerify.CommandType = CommandType.StoredProcedure;
parmReturn = cmdVerify.Parameters.Add( "@return", SqlDbType.Int );
parmReturn.Direction = ParameterDirection.ReturnValue;
cmdVerify.Parameters.Add( "@username", strUsername );
cmdVerify.Parameters.Add( "@password", strPassword );
conJobs.Open();
cmdVerify.ExecuteNonQuery();
conJobs.Close();
return (int)cmdVerify.Parameters["@return"].Value;
}


Benefits of Forms-Based Authentication

1.Developer can configure Forms-based authentication for various parts of the
website differently, because the Web.config is a hierarchical XML document.
2.Administrator and developer can change the authentication scheme quickly
and easily in the Web.config file
3.Administration is centralized because all the authentication entries are in
one place - Web.config file.

Database programming using Visual basic 2005
http://www.vkinfotek.com

 

[Steven Cheng[MSFT]]

Hi Max,

Have you got any further ideas or does the information in previous messages
help you some? If there is anything else we can help, please feel free to
post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.