Search content within the blog

Wednesday, November 19, 2008

Forms Authentication Without Role Based Security

Note:
Just copy paste the code to respective pages and try to access AuthenticatedPage.aspx page dirctly you will be re-directed to login page that is logon.aspx page

web.config settings
<system.web>
<authentication mode="Forms">
<forms name=".CookieAshwin" loginUrl="~/FormsAuthentication/logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
</system.web>




Logon.aspx Code

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="logon.aspx.cs" Inherits="FormsAuthentication_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<div>

<input id="txtUserName" type="text" runat="server" style="z-index: 103; left: 295px;
position: absolute; top: 128px" />

<asp:CheckBox ID="chkPersistCookie" runat="server" AutoPostBack="false" Style="z-index: 100;
left: 298px; position: absolute; top: 214px" />
<input id="txtUserPass" type="password" runat="server" style="z-index: 102; left: 297px;
position: absolute; top: 174px" />
<p>
</p>
<input type="submit" value="Logon" runat="server" id="cmdLogin" style="z-index: 104;
left: 382px; position: absolute; top: 254px" onserverclick="cmdLogin_ServerClick">
<asp:Label ID="lblMsg" ForeColor="Red" Font-Name="Verdana" Font-Size="10pt" runat="server"
Style="z-index: 105; left: 183px; position: absolute; top: 78px" Font-Names="Verdana"
Width="406px" />
</div>
</div>
</form>
</body>
</html>

Logon.aspx.cs code
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class FormsAuthentication_Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void cmdLogin_ServerClick(object sender, EventArgs e)
{
if (ValidateUser(txtUserName.Value, txtUserPass.Value))
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;

tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
DateTime.Now.AddMinutes(3), chkPersistCookie.Checked, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires = tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);

string strRedirect;
strRedirect = Request["ReturnUrl"];
if (strRedirect == null)
strRedirect = "AuthenticatedPage.aspx";
Response.Redirect(strRedirect, true);
}
else
Response.Redirect("logon.aspx", true);
}

private bool ValidateUser(string userName, string passWord)
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;


try
{
//change here to ur connection string
conn = new SqlConnection("Data Source=Server02;Initial Catalog=Loobi;User ID=sa;Password=sa");
conn.Open();

//change here to ur table name
cmd = new SqlCommand("Select password from loobi_login where loginname=@userName", conn);
cmd.Parameters.Add("@userName", SqlDbType.NVarChar, 65);
cmd.Parameters["@userName"].Value = txtUserName.Value;


lookupPassword = (string)cmd.ExecuteScalar();


cmd.Dispose();
conn.Dispose();
}
catch (Exception ex)
{

System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " + ex.Message);
}

// If no password found, return false.
if (null == lookupPassword)
{
// You could write failed login attempts here to event log for additional security.
return false;
}

// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return (0 == string.Compare(lookupPassword, passWord, false));


}
}



AuthenticatedPage.aspx Code
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="AuthenticatedPage.aspx.cs" Inherits="FormsAuthentication_AuthenticatedPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
Authenticated page
<asp:Button runat="server" ID="btnLogout" Text="LogOut" OnClick="btnLogout_Click" />
</div>
</form>
</body>
</html>


AuthenticatedPage.aspx.cs Code
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class FormsAuthentication_AuthenticatedPage : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void btnLogout_Click(object Sender, EventArgs e)
{
FormsAuthentication.SignOut();
Response.Redirect("logon.aspx");
}
}

No comments:

Post a Comment