This post is continuation of post Authentication in Asp.Net. Please visit following link before reading this post.
Authentication in Asp.Net - Anonymous Authentication
Forms authentication is used for internet web applications.The advantage of forms authentication is, unlike windows authentication, users do not have to be member of a domain-based network to access the application.
Forms authentication classes are present in System.Web.Security namespace.
If you are going to use form authentication you should set authentication mode in web.config file.
<authentication mode="Forms">
If you are using form authentication, Under the authentication tag, you should tell the url of page which you are using for your login purpose.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
Within the forms tag we can set the credentials of users.Only listed users under the credential tag can access the application through login.
Within authorization tag you have to deny anonymous user.Doing this will move you to Login page if you try to move other page without login by directly typing page name on address bar.
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="user1" password="user1@123"/>
<user name="user2" password="user2@123"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Note : In actual we don't save username and password in web.config file we acheive this using database.
Forms authentication classes are present in System.Web.Security namespace.You have to import this namespace.
FormAuthentication class has static method named Authenticate, this is is used to authenticate the supplied credentials.This method return true if user is authenticated and return false if user is not valid.
protected void btnLogin_Click(object sender, EventArgs e)
{
if (FormsAuthentication.Authenticate(txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
}
else
{
lblError.Text = "Invalid Username or Password";
lblError.ForeColor = System.Drawing.Color.Red;
}
}
FormsAuthentication.Authenticate method return true if provided username and password match with saved credentials in web.config file otherwise return false.
FormsAuthentication.RedirectFromLoginPage Method redirect you on your default page after login and this default page must be set inn web.config file as follows.
<forms loginUrl="Login.aspx" defaultUrl="welcome.aspx">
There are following problems with this application.
1. It is not good practice to store username and passwords in web.config file.
2. If will click register now link without login you will again return to login page because anonymous user denied for all pages.
Solution of this problem is to add one more config file in Registration folder and provide access to anonymous user on this folder.
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Authentication in Asp.Net - Anonymous Authentication
Forms authentication is used for internet web applications.The advantage of forms authentication is, unlike windows authentication, users do not have to be member of a domain-based network to access the application.
Forms authentication classes are present in System.Web.Security namespace.
If you are going to use form authentication you should set authentication mode in web.config file.
<authentication mode="Forms">
If you are using form authentication, Under the authentication tag, you should tell the url of page which you are using for your login purpose.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
Within the forms tag we can set the credentials of users.Only listed users under the credential tag can access the application through login.
Within authorization tag you have to deny anonymous user.Doing this will move you to Login page if you try to move other page without login by directly typing page name on address bar.
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="user1" password="user1@123"/>
<user name="user2" password="user2@123"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Note : In actual we don't save username and password in web.config file we acheive this using database.
Forms authentication classes are present in System.Web.Security namespace.You have to import this namespace.
FormAuthentication class has static method named Authenticate, this is is used to authenticate the supplied credentials.This method return true if user is authenticated and return false if user is not valid.
protected void btnLogin_Click(object sender, EventArgs e)
{
if (FormsAuthentication.Authenticate(txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
}
else
{
lblError.Text = "Invalid Username or Password";
lblError.ForeColor = System.Drawing.Color.Red;
}
}
FormsAuthentication.Authenticate method return true if provided username and password match with saved credentials in web.config file otherwise return false.
FormsAuthentication.RedirectFromLoginPage Method redirect you on your default page after login and this default page must be set inn web.config file as follows.
<forms loginUrl="Login.aspx" defaultUrl="welcome.aspx">
There are following problems with this application.
1. It is not good practice to store username and passwords in web.config file.
2. If will click register now link without login you will again return to login page because anonymous user denied for all pages.
Solution of this problem is to add one more config file in Registration folder and provide access to anonymous user on this folder.
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
No comments:
Post a Comment