DotNet Tutorials

Server Intellect

Navigator : Home > Tutorials > Validation Tutorials > ...

 Forms authentication using ASP.NET 2.0 and VB.NET

Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source. You can require that all requests to an application contain a valid user authentication ticket by using the authorization configuration element to deny the request of any unknown user. This tutorial will show you how to forms authentication using ASP.NET 2.0 and VB.NET. And we only using the default namespace.

In tutorial, the only configuration step beyond that is to add the following code in the web.config file, inside the <system.web> element.

<authentication mode="Forms">
<forms name=".SecurityDemo" loginUrl="LoginVerifyCsharp.aspx">
<credentials passwordFormat="Clear">
<user name="John" password="Foo"/>
<user name="Mary" password="Bar"/>
</credentials>

</forms>
</authentication>

<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
<authorization>
<deny users="?"/>
</authorization>

Try Server Intellect for Windows Server Hosting. Quality and Quantity!

First, Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source. You can require that all requests to an application contain a valid user authentication ticket by using the authorization configuration element to deny the request of any unknown user. In order to validates a user name and password against credentials stored in the configuration file for an application, we using FormsAuthentication.Authenticate Method. And we use  the btnLoginBetter_Click to do the work. We then call  the Class FormsAuthentication to use the Properties of  FormsCookiePath, Path, Expires and the methods of Encrypt.  And then the we use FormsAuthenticationTicket class to create an object that represents the authentication ticket that is used by forms authentication to identify an authenticated user. The properties and values of a forms-authentication ticket are converted to and from an encrypted string that is stored in a cookie or in the URL. The Cookie class is used by a client application to retrieve information about cookies received with HTTP responses. The following cookie formats are supported during parsing the HTTP response headers.

Partial Class LoginVerifyVB
Inherits System.Web.UI.Page

Protected Sub btnLoginBetter_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLoginBetter.Click
If FormsAuthentication.Authenticate(tbName.Text, tbPass.Text) Then
Dim ticket As New FormsAuthenticationTicket(1, tbName.Text, DateTime.Now, DateTime.Now.AddMinutes(30), PersistCookie.Checked, "User")
Dim cookieStr As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, cookieStr)
If PersistCookie.Checked Then
cookie.Expires = ticket.Expiration
End If
cookie.Path = FormsAuthentication.FormsCookiePath
Response.Cookies.Add(cookie)
lbUser.Text = "The UserName is " + tbName.Text
If tbName.Text = "John" Then
lbSf.Text = "The Role is " + "admin"
Else
lbSf.Text = "The Role is " + "user"
End If
FormsAuthentication.RedirectFromLoginPage(tbName.Text, false)
Else
Response.Write("<script>alert('Error!')</script>")
End If
End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

End Sub
End Class

The front end Default.aspx page looks something like this:

<asp:label id="Label1" runat="server">UserName:</asp:label>   <asp:textbox id="tbName" runat="server" Width="183px"></asp:textbox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="tbName"
ErrorMessage="Please Input UserName!!!"></asp:RequiredFieldValidator><br />
<br />
<asp:label id="Label2" runat="server" Width="78px">PassWord:</asp:label>
<asp:textbox id="tbPass" runat="server" Width="183px"></asp:textbox>
<br />
<br />
<asp:Label ID="Label3" runat="server" Text="Is Save Cookie:" Width="98px"></asp:Label>
<asp:checkbox id="PersistCookie" runat="server"></asp:checkbox><br />
<br />
<asp:Button ID="btnLoginBetter" runat="server" OnClick="btnLoginBetter_Click" Text="Log"
Width="99px" /><br />
<br />
<asp:Label ID="lbUser" runat="server" Width="286px"></asp:Label><br />
<br />
<asp:Label ID="lbSf" runat="server" Width="287px"></asp:Label>

The flow for the code behind page is as follows.

Partial Class LoginVerifyVB
Inherits System.Web.UI.Page

Protected Sub btnLoginBetter_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLoginBetter.Click
If FormsAuthentication.Authenticate(tbName.Text, tbPass.Text) Then
Dim ticket As New FormsAuthenticationTicket(1, tbName.Text, DateTime.Now, DateTime.Now.AddMinutes(30), PersistCookie.Checked, "User")
Dim cookieStr As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, cookieStr)
If PersistCookie.Checked Then
cookie.Expires = ticket.Expiration
End If
cookie.Path = FormsAuthentication.FormsCookiePath
Response.Cookies.Add(cookie)
lbUser.Text = "The UserName is " + tbName.Text
If tbName.Text = "John" Then
lbSf.Text = "The Role is " + "admin"
Else
lbSf.Text = "The Role is " + "user"
End If
Else
Response.Write("<script>alert('Error!')</script>")
End If
End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

End Sub
End Class

Need help with Windows Dedicated Hosting? Try Server Intellect. I'm a happy customer!
Looking for the C# 2005 Version? Click Here!

Looking for more ASP.NET Tutorials? Click Here!

Download Project Source - Enter your Email to be emailed a link to download the Full Source Project used in this Tutorial!



100% SPAM FREE! We will never sell or rent your email address!
 
123 ASP

411 ASP

Dot Net Freaks

Server Intellect