Authentication in Asp.Net 2.0

16 Dec 2005 5:24 PM

Miguel Dias Moura

Hello,

I am working on my first Asp.Net 2.0 web site using VS2005.
I know about the login controls on Asp.Net 2.0 but they seem really
strict.
I would prefer to create my own forms and using the new Asp.Net 2.0
classes.

On this web site I need to have authentication for users.
I also need to set an access level for 4 types of users.
And I need to have an option such as "Remember Me".

Can someone tell me how to do this?

I have my Asp.Net 1.1 authentication code but I am having a few problems
in converting it to Asp.Net 2.0.

Thank You Very Much,
Miguel

My Asp.Net 1.1 Authentication Code is:

    ' Run Validation and Login
    If Form_Validation() = True Then

      ' Forms Authentication Initialization
      FormsAuthentication.Initialize()

      ' Set Connection
      Dim connectionString As String =
System.Configuration.ConfigurationSettings.AppSettings("connectionString")
      Dim dbConnection As System.Data.IDbConnection = New
System.Data.OleDb.OleDbConnection(connectionString)

      ' Set Query
      Dim queryString As String = "SELECT [t_4web_users].[access_level]
FROM [t_4web_users] WHERE (([t_4web_users].[username] = @page) AND
([t_4web_users].[password] = @password))"

      ' Set Command
      Dim dbCommand As System.Data.IDbCommand = New
System.Data.OleDb.OleDbCommand
      dbCommand.CommandText = queryString
      dbCommand.Connection = dbConnection

      ' Add Parameters
      With dbCommand.Parameters
        .Add(New OleDbParameter("@username", tbusername.Text))
        .Add(New OleDbParameter("@password",
FormsAuthentication.HashPasswordForStoringInConfigFile(tbpassword.Text,
"md5")))
      End With

      ' Execute the Command
      dbConnection.Open()
      Dim reader As OleDbDataReader = dbCommand.ExecuteReader
      If reader.Read Then
        Dim ticket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, tbusername.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), True, reader.GetString(0),
FormsAuthentication.FormsCookiePath)
        Dim hash As String = FormsAuthentication.Encrypt(ticket)
        Dim cookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, hash)
        If ticket.IsPersistent Then
          cookie.Expires = ticket.Expiration
        End If
        Response.Cookies.Add(cookie)
        Dim returnUrl As String = Request.QueryString("ReturnUrl")
        If returnUrl Is Nothing Then
          returnUrl = "index4web.aspx"
        End If
        Login_Error_Message("none")
        Response.Redirect(returnUrl)
      Else
        Login_Error_Message("loginaccessdenied")
      End If
      reader.Close()
      dbConnection.Close()

    Else
    End If

16 Dec 2005 6:16 PM

Jeff

Really Strict? You can manage how strict or "laid back" your authentication
process is simply by managing the entries in the web.config file.

Jeff

Show quote

"Miguel Dias Moura" wrote:

> Hello,
>
> I am working on my first Asp.Net 2.0 web site using VS2005.
> I know about the login controls on Asp.Net 2.0 but they seem really
> strict.
> I would prefer to create my own forms and using the new Asp.Net 2.0
> classes.
>
> On this web site I need to have authentication for users.
> I also need to set an access level for 4 types of users.
> And I need to have an option such as "Remember Me".
>
> Can someone tell me how to do this?
>
> I have my Asp.Net 1.1 authentication code but I am having a few problems
> in converting it to Asp.Net 2.0.
>
> Thank You Very Much,
> Miguel
>
> My Asp.Net 1.1 Authentication Code is:
>
>     ' Run Validation and Login
>     If Form_Validation() = True Then
>
>       ' Forms Authentication Initialization
>       FormsAuthentication.Initialize()
>
>       ' Set Connection
>       Dim connectionString As String =
> System.Configuration.ConfigurationSettings.AppSettings("connectionString")
>       Dim dbConnection As System.Data.IDbConnection = New
> System.Data.OleDb.OleDbConnection(connectionString)
>
>       ' Set Query
>       Dim queryString As String = "SELECT [t_4web_users].[access_level]
> FROM [t_4web_users] WHERE (([t_4web_users].[username] = @page) AND
> ([t_4web_users].[password] = @password))"
>
>       ' Set Command
>       Dim dbCommand As System.Data.IDbCommand = New
> System.Data.OleDb.OleDbCommand
>       dbCommand.CommandText = queryString
>       dbCommand.Connection = dbConnection
>
>       ' Add Parameters
>       With dbCommand.Parameters
>         .Add(New OleDbParameter("@username", tbusername.Text))
>         .Add(New OleDbParameter("@password",
> FormsAuthentication.HashPasswordForStoringInConfigFile(tbpassword.Text,
> "md5")))
>       End With
>
>       ' Execute the Command
>       dbConnection.Open()
>       Dim reader As OleDbDataReader = dbCommand.ExecuteReader
>       If reader.Read Then
>         Dim ticket As FormsAuthenticationTicket = New
> FormsAuthenticationTicket(1, tbusername.Text, DateTime.Now,
> DateTime.Now.AddMinutes(30), True, reader.GetString(0),
> FormsAuthentication.FormsCookiePath)
>         Dim hash As String = FormsAuthentication.Encrypt(ticket)
>         Dim cookie As HttpCookie = New
> HttpCookie(FormsAuthentication.FormsCookieName, hash)
>         If ticket.IsPersistent Then
>           cookie.Expires = ticket.Expiration
>         End If
>         Response.Cookies.Add(cookie)
>         Dim returnUrl As String = Request.QueryString("ReturnUrl")
>         If returnUrl Is Nothing Then
>           returnUrl = "index4web.aspx"
>         End If
>         Login_Error_Message("none")
>         Response.Redirect(returnUrl)
>       Else
>         Login_Error_Message("loginaccessdenied")
>       End If
>       reader.Close()
>       dbConnection.Close()
>
>     Else
>     End If
>
>