Originally Published: October 4, 2001
This code shows how to validate against an XML file for Forms Authentication security in ASP.NET. Please read an article on Forms Authentication for an introduction and to see the required settings in the web.config file. The code below is just a modification of a standard login.aspx page.
<%@Page Language="VB" Trace="false"%>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Xml" %>
<script language="VB" runat=server>
Sub ValidateLogin(Src as Object, E as EventArgs)
Dim sXmlPath As String = "C:\Inetpub\wwwroot\users.xml"
Dim oXmlDoc As New XmlDocument()
Try
oXmlDoc.Load(sXmlPath)
Catch oError As Exception
StatusMessage.innerHTML = "There was an error:<BR>" & oError.Message & "<BR>" _
& oError.Source & "."
Exit Sub
End Try
Dim oXmlUser As XmlNodeList
oXmlUser = oXmlDoc.GetElementsByTagname(txtUser.Value)
If Not (oXmlUser Is Nothing) Then
If txtPwd.Value = oXmlUser(0).FirstChild().Value Then
FormsAuthentication.RedirectFromLoginPage(txtUser.Value, false)
Else
StatusMessage.InnerHtml = "Invalid login"
End If
End If
End Sub
</script>
<html>
<head>
<title>Forms Authentication Against An XML File</title>
</head>
<body>
<form method="post" runat="server">
Username: <INPUT type="text" name="txtUser" id="txtUser" runat="server"/><BR>
Password: <INPUT type="password" name="txtPwd" id="txtPwd" runat="server"/><BR>
<INPUT type="submit" OnServerClick="ValidateLogin" runat="server"/>
</form>
<SPAN id="StatusMessage" runat="server"/>
</body>
</html>
Here is the XML file used to hold the usernames and passwords.
<?xml version="1.0" ?>
<users>
<!-- format is <username>password</username> -->
<user1>pass1</user1>
<user2>pass2</user2>
<user3>pass3</user3>
</users>
by Brad Kingsley, Founder and President of ORCS Web, Inc. - a company that provides managed hosting services for clients who develop and deploy their applications on Microsoft Windows platforms.
