A simple Login Application for a newbie

asp.net , db , xhtml Washington, United States
  • 10 years ago

    Hello,

       I have been trying to create a simple login application. I wanted to follow instructions on quick start but since I could not run any sample application (see another post on this issue) I am posting this to get some help.

        I am using VS2005 Visual Web Express under Vista Business and FireFox as browser.

       My application is simply a login page (using all standard ASP.NET controls) is to direct a user to different pages depending on his/her username/password. If the user is admin and authenticated display a page with CreateUserWizard control so that admin add new users to the database. If the user is somebody else and authenticated then do not show this control on this page.   This is all. This should be a pice of cake for ASP programmers. Here is the detailed explanation of the project:


        Currently in the user database (users and their memberships were created by ASP.config utility in VS2005) there are two users:

         1. Username:admin, Password: password@123

         2. UserName: user, Password: password@123 

        There are three aspx pages:

        1. Default.apsx:

           a) LoginStatus1 control

           b) LoginName1 control

           c) LoginView1 control

         2. LogingTest.aspx:

            a) Login1 control

        3. Demo.aspx: DestinationPageUrl="~/Demo.aspx"

          a)  Two radiobutton controls

          b) CreateUserWizard1 control
     

        Required functionality:


       1. If user is admin, load the page called demo and display everything on this page

       2. If the user is user (or any user) than load the page demo and do not show CreateUserWizard1 control on this page

       3. If any user clicks on any of the buttons open a different page with different functions

     

        The only  routine I think I need is the LoggedIn with a code like this in the TestLogin.apsx:

        Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn

            If (User.Identity.IsAuthenticated) Then
                Server.Transfer("Demo.aspx")
            End If

        End Sub
     

        And in the demo.aspx

         Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        
            If (Session("Check") <> Nothing) And Convert.ToBoolean(Session("Check")) Then
            
                Dim str As String = User.Identity.Name

                If User.Identity.Name = "admin" And User.Identity.IsAuthenticated = True Then
                    CreateUserWizard1.Visible = True
                Else
                
                    If optTMDemo.Checked = True Then
                        Server.Transfer("page1.aspx")
                    End If

                    If optPMDemo.Checked = True Then
                        Server.Transfer("page2.aspx")
                    End If
            
                End If
            
            End If
          
        End Sub
     

        In nowhere in the program I can get User.Identity.Name to have a value other than empty and the User.Identity.IsAuthenticated is always false! Where do these variables change? When I debug the code, the execution comes twice to LoginTest and always they are empty and false. If the user is admin, I get to default page back and LoginStatus reports that admin is logged in!

        I can send the whole code to anyone interested. Any help will be greatly appreciated.

       Thank you  very much.

    Athena
     

    Default.aspx:

    -------------------

    <%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">

    </head>
    <body>

        <form id="form1" runat="server">
        <div>
            <span style="font-size: 10pt; font-family: Verdana">Support Options<br />
                <br />
                Support functions require you to login to a secure web site<br />
            </span>
            <span style="font-size: 10pt; font-family: Verdana">&nbsp;</span>
            <br />
            <table style="width: 447px">
                <tr>
                    <td style="width: 444px">
                        <asp:LoginStatus
                ID="LoginStatus1" runat="server" Font-Names="Verdana" Font-Size="10pt" Width="34px" />
                    </td>
                </tr>
                <tr>
                    <td style="width: 444px; height: 20px">
                        <asp:LoginName ID="LoginName1" runat="server" Font-Names="Verdana" Font-Size="10pt"
                            FormatString="Hello {0}" Style="z-index: 100; left: 15px; position: absolute;
                            top: 110px" />
                    </td>
                </tr>
                <tr>
                    <td style="width: 444px; height: 77px">
            <asp:LoginView ID="LoginView1" runat="server">
                <LoggedInTemplate>
                    <span style="font-size: 10pt; font-family: Verdana">You are now &nbsp;logged in. Welcome.</span>&nbsp;<br />
                    <br />
                </LoggedInTemplate>
                <AnonymousTemplate>
                    <span style="font-size: 10pt; font-family: Verdana">You are not logged in. Click the
                        login link to sign in.</span>
                </AnonymousTemplate>
            </asp:LoginView>
                    </td>
                </tr>
            </table>
       
        </div>
        </form>
    </body>
    </html>

    ------------------------------

    Demo,aspx 

    -------------------------------

    <%@ Page Language="VB" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <script runat="server">

        Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
       
            If (Session("Check") <> Nothing) And Convert.ToBoolean(Session("Check")) Then
           
                Dim str As String = User.Identity.Name

                If User.Identity.Name = "admin" And User.Identity.IsAuthenticated = True Then
                    CreateUserWizard1.Visible = True
                Else
               
                    If optTMDemo.Checked = True Then
                        Server.Transfer("page1.aspx")
                    End If

                    If optPMDemo.Checked = True Then
                        Server.Transfer("page2.aspx")
                    End If
           
                End If
           
            End If
        
    </script>

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
        <title>Untitled Page</title>
    </head>
    <body>
        <form id="form1" runat="server" >
        <div>
            <div>
                <asp:RadioButton ID="optTMDemo" runat="server" Font-Names="Verdana" Font-Size="10pt"
                    ForeColor="#336699" Style="z-index: 100; left: 7px; position: absolute; top: 69px"
                    Text="Tumor Management System Demo" />
                <asp:RadioButton ID="optPMDemo" runat="server" Font-Names="Verdana" Font-Size="10pt"
                    ForeColor="#336699" Style="z-index: 101; left: 7px; position: absolute; top: 51px"
                    Text="Paw Management System Demo" />
                <asp:Label ID="Label1" runat="server" Font-Names="Verdana" Font-Size="10pt" ForeColor="#336699"
                    Style="z-index: 102; left: 10px; position: absolute; top: 21px" Text="Product demos"></asp:Label>
                <asp:CreateUserWizard ID="CreateUserWizard1" runat="server" BackColor="#F7F6F3" BorderColor="#E6E2D8"
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em"
                    Style="z-index: 104; left: 11px; position: absolute; top: 125px">
                    <SideBarStyle BackColor="#5D7B9D" BorderWidth="0px" Font-Size="0.9em" VerticalAlign="Top" />
                    <SideBarButtonStyle BorderWidth="0px" Font-Names="Verdana" ForeColor="White" />
                    <ContinueButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" BorderStyle="Solid"
                        BorderWidth="1px" Font-Names="Verdana" ForeColor="#284775" />
                    <NavigationButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" BorderStyle="Solid"
                        BorderWidth="1px" Font-Names="Verdana" ForeColor="#284775" />
                    <HeaderStyle BackColor="#5D7B9D" BorderStyle="Solid" Font-Bold="True" Font-Size="0.9em"
                        ForeColor="White" HorizontalAlign="Center" />
                    <CreateUserButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" BorderStyle="Solid"
                        BorderWidth="1px" Font-Names="Verdana" ForeColor="#284775" />
                    <TitleTextStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
                    <StepStyle BorderWidth="0px" />
                    <WizardSteps>
                        <asp:CreateUserWizardStep runat="server">
                        </asp:CreateUserWizardStep>
                        <asp:CompleteWizardStep runat="server">
                        </asp:CompleteWizardStep>
                    </WizardSteps>
                </asp:CreateUserWizard>
            </div>
       
        </div>
        </form>
    </body>
    </html>

    ----------------------------- 

    web.config

     -----------------------------

    <?xml version="1.0"?>

    <configuration>
        <appSettings/>
        <connectionStrings/>
        <system.web>
       
        <authentication mode="Forms">
                        loginUrl="~/LoginTest.aspx"
                        slidingExpiration="true"
                        cookieless="UseCookies"
                        protection="All"
                        timeout="30" path="/" />                   
        </authentication>

    <membership>
    <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
    connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
    enablePasswordReset="true" requiresQuestionAndAnswer="false"
    requiresUniqueEmail="true"
    passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
    minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
    passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
    </providers>
    </membership>

        
            <roleManager enabled="true" />
      <pages>
                <namespaces>
                    <clear/>
                    <add namespace="System"/>
                    <add namespace="System.Collections"/>
                    <add namespace="System.Collections.Specialized"/>
                    <add namespace="System.Configuration"/>
                    <add namespace="System.Text"/>
                    <add namespace="System.Text.RegularExpressions"/>
                    <add namespace="System.Web"/>
                    <add namespace="System.Web.Caching"/>
                    <add namespace="System.Web.SessionState"/>
                    <add namespace="System.Web.Security"/>
                    <add namespace="System.Web.Profile"/>
                    <add namespace="System.Web.UI"/>
                    <add namespace="System.Web.UI.WebControls"/>
                    <add namespace="System.Web.UI.WebControls.WebParts"/>
                    <add namespace="System.Web.UI.HtmlControls"/>
                </namespaces>
            </pages>
     
            <compilation debug="true"/></system.web>
        <system.net>
            <mailSettings>
                <smtp from="hiittite@gmail,com">
                    <network host="localhost" password="" userName=""/>
                </smtp>
            </mailSettings>
        </system.net>
    </configuration>
     

  • 10 years ago

    You might like to take a look at:

    http://www.15seconds.com/issue/020220.htm

    You can also try this: http://www.sqlmag.com/Article/ArticleID/93053/sql_server_93053.html

    Hope that helps,

    Joe 

  • 10 years ago

     Hello Joe,

     Among ~20 the answers I've got from  ASP.NET forum, this  one is the  closest to the solution I am after  But there is a simple problem. The sample code  works for two users in the web.config file only.  I used asp.config utility and created two more users but it doesn't work for them. In my application the page  I want to load a page after the user authentication displays a CreateUserWizard1 control to add more users. How can I add this functionality so that I can use it for more users? Again I am not a programmer so please be patient with me for my novice questions. Thank you again.

     

    Athena 

     

  • 10 years ago

    Hi Athena,

    Where did you get the sample code from? - can you post a link to it?

    I'm also a little at a loss as to locating the asp.config utility you speak of - was it part of the express version?

    As far as I recall, when I played around with MS's inbuilt security application, you simply run the MS application and it sets up (builds) the security database with all the usual membership, roles and user login details. Your own application then uses this sql server security database to validate users. It was pretty impressive. In order to get users added to the database you used the associated security web site (that the original MS security application already built) to do the actual maintenance of users and roles.

    Its been a while since I used forms authentication, since most of our work revolves around an integrated network security model. I haven't used the Wizard before, but there seems to be a decent article on it here: http://aspnet.4guysfromrolla.com/articles/061406-1.aspx

    Joe 

     
     

     

     

  • 10 years ago

     Hello Joe,

        The sample is from http://www.15seconds.com/issue/020220.htm. (as you posted)

        The asp.config is part of WS2005 Visual Web Express under WebSite>ASP.NET configuration. I am not sure whether you can run as standalone application. It opens a web page in IE to manage users (create, membersips etc). My idea is to use CreateUserControl wizard to populate the SQL database with users. This would be accessed when user is admin. It will be on the same page with a radiobuttonlist control where users can click to navigate other pages.  The  user create control will not be displayed users other than admin.

       When you look at the the example above could you please help me to be able to use the CreateUserControl wizard to add users to database?

      Thank you,

     

    Athena
     


     

     

  • 10 years ago

    Hi Athena,

    Some more reading for you:

     

    http://articles.techrepublic.com.com/5100-22-1052978.html

    http://articles.techrepublic.com.com/5100-22_11-1052976.html

    http://aspnet.4guysfromrolla.com/articles/120705-1.aspx

     

    Have myself been playing round with these articles today: The Sql Server membership tables that I was looking for are created by running "aspnet_regsql.exe" and I eventually figured out the "ASP.Net Configuration" web front end. Quite amazing how much you forget and where these items are located, if you don't use them for awhile. Had looked at this a loooonnnnng time ago.

    Anyways, your problem seems to reside mainly around the web config file. If you take time out to read through the aspnet article (above) you'll get a better understanding of whats actually going on.

    But quickly stated: the membership details are created in an access database under a 'hidden' folder called App_Data. The fact that you may have created the tables in a sql server one will not count for much unless the application tells it where to look, the default is for the site to create an access db.

    So, your web.config file currently has:

    <configuration>
        <appSettings/>
        <connectionStrings/>
        <system.web>
      
        <authentication mode="Forms">
                        loginUrl="~/LoginTest.aspx"
                        slidingExpiration="true"
                        cookieless="UseCookies"
                        protection="All"
                        timeout="30" path="/" />                  
        </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
         connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
         enablePasswordReset="true" requiresQuestionAndAnswer="false"
         requiresUniqueEmail="true"
         passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
         minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
         passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
      </providers>
    </membership>


    .. BUT... the "LocalSqlServer" needs to be specified. So your <connectionStrings /> should have:

      <connectionStrings>
        <add name="LocalSqlServer"
           connectionString="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=TestBed;Data Source=SqlExpress"
        />
      </connectionStrings>
     
    obviously you'll need to specify the correct connection string parameters - the ones above are an edited version of mine.

    The only other thing that I did was grant access for the local ASPNET user to be able to access the database on my machine, since I'm using integrated security.

    Once done, no problem - I ran the code and used the create wizard to create a new user in the database, which because I checked the name like you have done, does not then show the wizard when logging in.


    If you still get a little undone, send me your code and I'll try to "highlight" any anomolies that I might pick up.

    Use my username at kingsley dot co dot za.

    Joe


Post a reply

Enter your message below

Sign in or Join us (it's free).

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“The question of whether computers can think is just like the question of whether submarines can swim.” - Edsger W. Dijkstra