CodeSnip: Forms Authentication Against an XML File
page 1 of 1
Published: 09 Aug 2004
Unedited - Community Contributed
Abstract
This code shows how to validate against an XML file for Forms Authentication security in ASP.NET. The code here is just a modification of a standard login.aspx page.
by Web Team at ORCS Web
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 15194/ 27

Originally Published: October 4, 2001

This code shows how to validate against an XML file for Forms Authentication security in ASP.NET. Please read an article on Forms Authentication for an introduction and to see the required settings in the web.config file. The code below is just a modification of a standard login.aspx page.

<%@Page Language="VB" Trace="false"%>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Xml" %>
<script language="VB" runat=server>
Sub ValidateLogin(Src as Object, E as EventArgs) 
Dim sXmlPath As String = "C:\Inetpub\wwwroot\users.xml" 
Dim oXmlDoc As New XmlDocument() 
Try 
  oXmlDoc.Load(sXmlPath) 
Catch oError As Exception 
  StatusMessage.innerHTML = "There was an error:<BR>" & oError.Message & "<BR>" _ 
  & oError.Source & "." 
  Exit Sub 
End Try 
Dim oXmlUser As XmlNodeList 
oXmlUser = oXmlDoc.GetElementsByTagname(txtUser.Value) 
If Not (oXmlUser Is Nothing) Then 
  If txtPwd.Value = oXmlUser(0).FirstChild().Value Then
    FormsAuthentication.RedirectFromLoginPage(txtUser.Value, false) 
  Else 
    StatusMessage.InnerHtml = "Invalid login" 
  End If 
End If 
End Sub
</script> 
<html> 
  <head> 
    <title>Forms Authentication Against An XML File</title> 
  </head> 
<body> 
<form method="post" runat="server"> 
Username: <INPUT type="text" name="txtUser" id="txtUser" runat="server"/><BR>
Password: <INPUT type="password" name="txtPwd" id="txtPwd" runat="server"/><BR> 
<INPUT type="submit" OnServerClick="ValidateLogin" runat="server"/> 
</form> 
<SPAN id="StatusMessage" runat="server"/> 
</body> 
</html> 

Here is the XML file used to hold the usernames and passwords.

 
<?xml version="1.0" ?> 
<users> 
  <!-- format is <username>password</username> --> 
  <user1>pass1</user1> 
  <user2>pass2</user2> 
  <user3>pass3</user3> 
</users> 

by Brad Kingsley, Founder and President of ORCS Web, Inc. - a company that provides managed hosting services for clients who develop and deploy their applications on Microsoft Windows platforms.



User Comments

Title: Authentication   
Name: Kevin
Date: 2004-09-13 10:16:24 PM
Comment:
Using a flat XML file isn't the best way to do this. Especially if you are going to keep the file in the wwwroot folder. At the very least it should be outside of the wwwroot folder. And the passwords should be encrypted when in a flat xml file.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2017 ASPAlliance.com  |  Page Processed at 2017-09-23 1:45:05 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search