pulpfiction Posted January 9, 2006 Share Posted January 9, 2006 Hi I am looking for ideas to implement security in the website, i mean to redirect the user to the login page when trying to use the URL of some intermediate page. is there a nicer way in ASP.NET to handle other than checking normal sessions etc...Thanks a lot Link to comment Share on other sites More sharing options...
aspnetguy Posted January 9, 2006 Share Posted January 9, 2006 As a matter of fact, there is!I have struggled with Session variables for a long time. They are always timing out whne they shouldn't!I came across Forms Authentication. It stores the user info in an encrypted cookie which will only expire when you say so!It took me a while to get it to work and it was a bit frustrating at first but now that it is up and running it is great.web.config <authentication mode="Forms"> <forms name=".ASPXUSERDEMO" loginUrl="/login.aspx" protection="All" timeout="60"> <credentials passwordFormat="Clear" > <user name="username" password="password"/> </credentials> </forms> </authentication> </system.web><location path="folder to protect"> <!--use / for all--> <system.web> <customErrors mode="Off"/> <authorization> <deny users="?" /> </authorization> </system.web></location> login.aspx <%@ Page Language="C#" Debug="true" %><%@ Import Namespace="System" %><%@ Import Namespace="System.Security" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head> <title>Page Title</title> <link rel="stylesheet" href="style.css" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /></head><body><script language="C#" runat="server"> //-------------------------------------- //Page Load //-------------------------------------- private void Page_Load() { if(IsPostBack) { } } //-------------------------------------- //Authenticate User //-------------------------------------- private void AuthenticateUser(string User, string Ticket) { if (FormsAuthentication.Authenticate(User, Ticket)) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, User, DateTime.Now, DateTime.Now.AddHours(3), false, "admin"); string encryptedTicket = FormsAuthentication.Encrypt(ticket); HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket); Response.Cookies.Add(authenticationCookie); Response.Redirect(FormsAuthentication.GetRedirectUrl(User, false)); FormsAuthentication.RedirectFromLoginPage(User,false); } else { Response.Write("Error"); } } //-------------------------------------- //Login Button Click //-------------------------------------- private void LoginButton_Click(object sender, System.EventArgs e) {AuthenticateUser(Username.Value, Password.Value); }</script> <form runat="server"> <div style="padding:15px;height:1px"> <table cellpadding="0" cellspacing="0"> <tr> <td>Username:</td> <td><input type="text" id="Username" runat="server" class="InputField" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" id="Password" runat="server" class="InputField" /></td> </tr> <tr> <td colspan="2"> <input type="button" value="Login" id="LoginButton" runat="server" class="InputButton" OnServerClick="LoginButton_Click" /> </td> </tr> </table> <div id="PostBack" runat="server" class="PostBack" /> </form> </div></body></html> That is a sample of my site and how I got it to work. This works for any files in the folder specified in the web.config. No more doing checks on every page manually! Link to comment Share on other sites More sharing options...
aspnetguy Posted January 9, 2006 Share Posted January 9, 2006 This should have been moved to .Net not ASP is there a nicer way in ASP.NET to handle other than ... Link to comment Share on other sites More sharing options...
pulpfiction Posted January 9, 2006 Author Share Posted January 9, 2006 Thank you that is what I was looking for, it was very helpful... Link to comment Share on other sites More sharing options...
aspnetguy Posted January 9, 2006 Share Posted January 9, 2006 Your welcome. I am glad you found what you needed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now