Page 1 of 1

ASP.Net - Forms Based Authentication With Textboxes Using standard Textboxes

#1 eclipsed4utoo  Icon User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1524
  • View blog
  • Posts: 5,957
  • Joined: 21-March 08

Posted 20 August 2010 - 11:21 AM

There are a number of different ways to do Forms Authentication in ASP.Net. In this tutorial, we will deal with Forms Authentication using two standard TextBoxes.

So first, we are going to create a new ASP.Net application project. You can give it whatever name you want to.

Once the project has been created, we will need to add a new WebForm to the project. This is done by right-clicking on the project --> Add --> New Item... --> WebForm

Attached Image

Next, we are going to simply add 3 Labels, 2 Textboxes, and a Button. Here is the markup...

<body>
    <form id="form1" runat="server">
    <div>
        <table>
            <tr>
                <td>
                    <asp:Label ID="label1" runat="server" Text="Username:" />
                </td>
                <td>
                    <asp:TextBox ID="txtUserName" runat="server" />
                </td>
            </tr>
            <tr>
                <td>
                    <asp:Label ID="label2" runat="server" Text="Password:" />
                </td>
                <td>
                    <asp:TextBox ID="txtPassword" runat="server" />
                </td>
            </tr>
            <tr>
                <td>
                    <asp:Button ID="btnLogin" runat="server" Text="Login" onclick="btnLogin_Click" />
                </td>
            </tr>
            <tr>
                <td>
                    <asp:Label ID="lblInformation" runat="server" />
                </td>
            </tr>
        </table>
    </div>
    </form>
</body>



Just a really simply form with a textbox for the Username and Password. The third label will be used to show an error if the login fails.

Next, we are going to have our login code...

public partial class Login : System.Web.UI.Page
{
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        bool validLogin = false;

        validLogin = IsValidUser(txtUserName.Text.Trim(), txtPassword.Text.Trim());

        if (validLogin)
            // this will redirect the user back to the page they were originally trying to visit.
            //   if the user came directly to the Login page, it will redirect to the "defaultURL" from
            //   the web.config
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Text.Trim(), false);
        else
            // not a valid login
            lblInformation.Text = "Incorrect Login Information";
    }

    private bool IsValidUser(string userName, string password)
    {
        // this is a very simple example where I am looking for this exact
        //   user name and password.  This could be any type of validation.
        if (userName == "admin" && password == "password")
            return true;
        else
            return false;
    }
}



The FormsAuthentication.RedirectFromLoginPage method will redirect users to the page they were trying to visit before they were redirected to the Login page. If they came directly to the login page, this code will redirect them to the defaultUrl from the web.config.

We now need to make some changes to the web.config file.

<system.web>
  <!-- some other attributes -->


  <authentication mode="Forms">
    <forms 
      name=".LOGIN" 
      loginUrl="Login.aspx" 
      defaultUrl="Default.aspx" />
  </authentication>

  <authorization>
    <deny users="?"/>
  </authorization>
</system.web>



Some explanation about some of the authentication attributes:

name - this can really be anything.
loginUrl - this is the page where the user will be redirect to when they are not authenticated.
defaultUrl - this is the page that the user will be redirected to after authentication IF they came directly to the login page.

There are other attributes, but these are the only necessary ones.

The <deny users="?"/> means to deny all non-authenticated users. So anybody who is not authenticated will be redirected to the login page.

Now, on our Default.aspx page, we are simply going to add a label that will display the user name that logged in.

<body>
    <form id="form1" runat="server">
    <div>
        <asp:Label ID="lblUserDisplay" runat="server" />
    </div>
    </form>
</body>



And the code for the Default.aspx page is just as simple...

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        lblUserDisplay.Text = "Hello " + User.Identity.Name;
    }
}



Now, if you set the Login.aspx page as the Startup page in Visual Studio(right-click on page --> Set As Startup Page) then start debugging, you will see the login screen come up. Put in "admin" for the user name, and "password" for the password, then hit the Login button, you will now be redirected to the defaultUrl(most likely the default.aspx page). You will also notice that you are greeted with a message.

Now, add a third WebForm to the project. This will be just a dummy form. Set it as the startup page, then run the project. You will now be redirected to the Login page, and after logging in, you will be redirected back to the dummy page.

This is only one way to do Forms Authentication in ASP.Net.

Enjoy.

Is This A Good Question/Topic? 3
  • +

Replies To: ASP.Net - Forms Based Authentication With Textboxes

#2 negligible  Icon User is offline

  • D.I.C Regular

Reputation: 62
  • View blog
  • Posts: 302
  • Joined: 02-December 10

Posted 26 October 2011 - 03:37 AM

Hiya,

You're tutorial is good but it lacks some consistency.
It starts with assuming a beginner skill level, as you explain how to create a web form in Visual Studio, but does not continue at that level so parts of the code are unclear.
Was This Post Helpful? 0
  • +
  • -

#3 eclipsed4utoo  Icon User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1524
  • View blog
  • Posts: 5,957
  • Joined: 21-March 08

Posted 26 October 2011 - 05:20 AM

User Authentication isn't a trivial task. Truthfully, I thought the code was pretty straight-forward, as it doesn't really do anything other than check if the username and password are correct and do the redirect(which I explain).

The web.config is probably the toughest part to grasp, but I thought I explained it decently.

If you have any questions, feel free to ask them and I will do my best to answer them.
Was This Post Helpful? 0
  • +
  • -

#4 trevster344  Icon User is offline

  • The Peasant
  • member icon

Reputation: 224
  • View blog
  • Posts: 1,505
  • Joined: 16-March 11

Posted 07 February 2012 - 09:31 AM

I thinking about doing a tutorial myself on forms authentication but you did a nice job, appreciate it. I recently built a asp.net application that did everything the forms authentication did, so I'm kinda bummed I didn't find out about it sooner lol.
Was This Post Helpful? 0
  • +
  • -

#5 Lost_symbol  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 15-January 13

Posted 15 January 2013 - 08:53 PM

Really very helpful tutorials,I generally used sessions from login pages .This concept is best replacement to that.Thanks..

Really very helpful tutorials,I generally used sessions from login pages .This concept is best replacement to that.Thanks..
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1