Understanding the Web Configuration File

Print Add To Favorites Email To Friend Rate This Article
Understanding the Web Configuration File - Part 1

page 5 of 6

by Steven Swafford
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 58487/ 61

Article Contents:

Creating Login and Logout Pages

[ Download Code ]

Create a login.aspx web page.

This Web Form has three controls which are a TextBox, Button, and Label. [ view screenshot ]

The work happens in the code-behind. There are two functions and one sub routine that we will look at. First is a sub routine to handle the click event of the Login button which in turn implements two functions named ValidateUser and AssignRoles. In a real world environment you may prefer utilizing a database to store user names as well as roles. For the purpose of these examples I have hard coded the roles, username, and password.

Listing 12: btnLogin_Click VB.NET Example

Private Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _
Handles btnLogin.Click


If ValidateUser(txtUsername.Text, txtPassword.Text) Then
FormsAuthentication.Initialize()


Dim strRole As String = AssignRoles(txtUsername.Text)
'The AddMinutes determines how long the user will be logged in after leaving
'the site if he doesn't log off.


Dim formsAuthTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtUsername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30), False, strRole, _
FormsAuthentication.FormsCookiePath)


Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
FormsAuthentication.Encrypt(formsAuthTicket)))


Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, False))


Else
lblError.Visible = True
End If


End Sub

Listing 13: btnLogin_Click C# Example

private void btnLogin_Click(object sender, System.EventArgs e)
{
if (ValidateUser(txtUsername.Text, txtPassword.Text))
{
FormsAuthentication.Initialize();
String strRole = AssignRoles(txtUsername.Text);
//The AddMinutes determines how long the user will be logged in after leaving
//the site if he doesn't log off.


FormsAuthenticationTicket formsAuthTicket = new FormsAuthenticationTicket(1, 
txtUsername.Text, DateTime.Now, 
DateTime.Now.AddMinutes(30), false, strRole, 
FormsAuthentication.FormsCookiePath);


Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, 
FormsAuthentication.Encrypt(formsAuthTicket)));


Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
}
else
lblError.Visible = true;
}

Listing 14: Validate User Function VB.NET Example

Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) _
As Boolean


'Return true if the username and password is valid, false if it isn't
Return CBool(strUsername = "admin" AndAlso strPassword = "password")
End Function

Listing 15: Validate User Method C# Example

private Boolean ValidateUser(String strUsername, String strPassword)
{
//Return true if the username and password is valid, false if it isn't
return ((strUsername == "admin") && (strPassword == "password"));
}

Listing 16: Assign Roles Function VB.NET Example

Private Function AssignRoles(ByVal strUsername As String) As String
'Return a | separated list of roles this user is a member of
If txtUsername.Text = "admin" Then
Return "author|editor"
Else
Return String.Empty
End If
End Function

Listing 17: Assign Roles Method C# Example

private String AssignRoles(String strUsername)
{
//Return a | separated list of roles this user is a member of
if (txtUsername.Text == "admin")
return "author|editor";
else
return String.Empty;
}

Create a logout.aspx web page.

Since users may perform a login it only seems logical to provide a means of logging out of the application. An effective way of accomplishing such a task is to put a hyperlink to the logout page:

Listing 18: Logout HyperLink

<asp:HyperLink id="hlLogout" runat="server" NavigateUrl="logout.aspx">Logout</asp:HyperLink>

The logout.aspx page can contain any information that you may want to display. The key actions here are to kill the session and sign the user out of the application. These actions are accomplished in the code-behind of logout.aspx

Listing 19: Logout Sub Routine VB.NET Example

Imports System.Web.Security


Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
Handles MyBase.Load


Session.Abandon()
FormsAuthentication.SignOut()
End Sub

Listing 20: Logout Method C# Example

using System.Web.Security;


private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
Session.Abandon();
FormsAuthentication.SignOut();
}