[ Download Code ]
Create a login.aspx web page.
This Web Form has three controls which are a TextBox, Button, and Label. [ view screenshot ]
The work happens in the code-behind. There are two functions and one sub routine that we will look at. First is a sub routine to handle the click event of the Login button which in turn implements two functions named ValidateUser and AssignRoles. In a real world environment you may prefer utilizing a database to store user names as well as roles. For the purpose of these examples I have hard coded the roles, username, and password.
Listing 12: btnLogin_Click VB.NET Example
Private Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _
Handles btnLogin.Click
If ValidateUser(txtUsername.Text, txtPassword.Text) Then
FormsAuthentication.Initialize()
Dim strRole As String = AssignRoles(txtUsername.Text)
'The AddMinutes determines how long the user will be logged in after leaving
'the site if he doesn't log off.
Dim formsAuthTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtUsername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30), False, strRole, _
FormsAuthentication.FormsCookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
FormsAuthentication.Encrypt(formsAuthTicket)))
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, False))
Else
lblError.Visible = True
End If
End Sub
Listing 13: btnLogin_Click C# Example
private void btnLogin_Click(object sender, System.EventArgs e)
{
if (ValidateUser(txtUsername.Text, txtPassword.Text))
{
FormsAuthentication.Initialize();
String strRole = AssignRoles(txtUsername.Text);
//The AddMinutes determines how long the user will be logged in after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket formsAuthTicket = new FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), false, strRole,
FormsAuthentication.FormsCookiePath);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthTicket)));
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
}
else
lblError.Visible = true;
}
Listing 14: Validate User Function VB.NET Example
Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) _
As Boolean
'Return true if the username and password is valid, false if it isn't
Return CBool(strUsername = "admin" AndAlso strPassword = "password")
End Function
Listing 15: Validate User Method C# Example
private Boolean ValidateUser(String strUsername, String strPassword)
{
//Return true if the username and password is valid, false if it isn't
return ((strUsername == "admin") && (strPassword == "password"));
}
Listing 16: Assign Roles Function VB.NET Example
Private Function AssignRoles(ByVal strUsername As String) As String
'Return a | separated list of roles this user is a member of
If txtUsername.Text = "admin" Then
Return "author|editor"
Else
Return String.Empty
End If
End Function
Listing 17: Assign Roles Method C# Example
private String AssignRoles(String strUsername)
{
//Return a | separated list of roles this user is a member of
if (txtUsername.Text == "admin")
return "author|editor";
else
return String.Empty;
}
Create a logout.aspx web page.
Since users may perform a login it only seems logical to provide a means of logging out of the application. An effective way of accomplishing such a task is to put a hyperlink to the logout page:
Listing 18: Logout HyperLink
<asp:HyperLink id="hlLogout" runat="server" NavigateUrl="logout.aspx">Logout</asp:HyperLink>
The logout.aspx page can contain any information that you may want to display. The key actions here are to kill the session and sign the user out of the application. These actions are accomplished in the code-behind of logout.aspx
Listing 19: Logout Sub Routine VB.NET Example
Imports System.Web.Security
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
Handles MyBase.Load
Session.Abandon()
FormsAuthentication.SignOut()
End Sub
Listing 20: Logout Method C# Example
using System.Web.Security;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
Session.Abandon();
FormsAuthentication.SignOut();
}