2 replies to this topic

[hetra]

Hello all,

Can someone help me convert this PHP code:

http://forum.codecal...-forms-php.html

To ASP code. I am new to ASP and have read many of the ASP tutorials at W3Schools Online Web Tutorials. Apparently Global.asa has to be changed, but I don't know what to do with it.

For what it's worth I'm running IIS7.

Thank you.

[l@mbd@]

Uh is your googler broke at the moment?

*Sigh*

You have options here, either Windows authentication, or Forms authentication. I imagine you want forms authentication since you are converting this from PHP code.

(Disclaimer: I will give you instructions for ASP.Net, not classic ASP)

1. Set authentication mode = "Forms" in your web.config file.

2. You will need to add the Membership Provider to your Web.Config file. You can either hard-code usernames/passwords into the web.config (practical for only a small number of users), or use the SqlMembershipProvider. Most people will choose the latter, in which case you'll need to do one of the following:

a. Run the aspnet_regsql.exe tool from the Visual Studio command prompt or
b. Run the appropriate scripts in Sql Management Studio to create the Membership (and Roles if you wish) tables for the provider.

Once those things are in place, you can go ahead and concentrate on adding your Login/Logout/Register pages, and begin securing areas of your website.

3. Create the following pages at the *ROOT* directory of your website (i.e., the same level where your web.config is when you first create your project) They are: Login.aspx, Logout.aspx, and Register.aspx (they don't need to be named those exactly, but those are pretty much the standard names people use)

4. On your Login.aspx, you can drag a Login control from the toolbox onto the page. I much prefer to do my own custom thing instead (I hate the built-in styles). An example of custom mark-up for a login.aspx page might look like:

Username: <asp:TextBox id="UserName" runat="server" />

Password: <asp:TextBox id="Password" runat="server" textmode="Password" />

<asp:Button id="LoginButton" runat="server" text="Login" onclick="loginButtonClick" />

<asp:Label id="loginResponse" runat="server" />

with the following code-behind (Login.aspx.cs):

protected void loginButtonClick(object sender, EventArgs e)

{

if( Membership.ValidateUser(UserName.Text, Password.Text) )

        {

            if( Request.QueryString["ReturnUrl"] != null )

                FormsAuthentication.RedirectFromLoginPage(UserName.Text, false, FormsAuthentication.FormsCookiePath);


            else

            {

                FormsAuthentication.SetAuthCookie(UserName.Text, false);

                Response.Redirect("~/Projects/Home.aspx");

            }

        }


        else

        {

            loginResponse.ForeColor = System.Drawing.Color.Red;

            loginResponse.Text = "Invalid Username or Password. Please try again.";

        }

}

of course validators, and some css should also be applied.

Now, in order to make this actually secure a portion of your site, the easiest thing to do is create a folder of pages you wish to secure, and add a web.config to that folder. The web.config should look something like this:

<?xml version="1.0"?>

<configuration>

    <appSettings/>

    <connectionStrings/>

    <system.web>

      <authorization>

        <deny users="?"/>

      </authorization>

    </system.web>

</configuration>

the above will deny unauthenticated users to any of the pages in the folder.

Then to implement a logout page (which you can provide a link to wherever you'd like, do something like the following:

protected void Page_Load(object sender, EventArgs e)

    {

        FormsAuthentication.SignOut();

        Roles.DeleteCookie();

        Session.Clear();

        Response.Redirect("~/Default.aspx");

    }

[hetra]

Thanks.