130 likes | 451 Views
MIS 426. Chapter 19, Using Forms-Based Authentication. Objectives. In this chapter you should Learn how to utilize forms authentication Authenticate users form The Web.Config File An XML File A Database. Working with Forms Authentication.
E N D
MIS 426 Chapter 19, Using Forms-Based Authentication
Objectives • In this chapter you should • Learn how to utilize forms authentication • Authenticate users form • The Web.Config File • An XML File • A Database
Working with Forms Authentication • Forms authentication allows you to store usernames and passwords in whatever mechanism you want. • Forms authentication relies on cookies • Non-authenticated users can be redirected to the login page automatically
Working with Forms Authentication • The .Net Classes for Forms Authentication can be found in Sustem.Web.Security • The most important are: (page 856) • FormsAuthentication • FormsAuthenticationTicket • FormsIdentity • FormsAuthenticationModule
Enabling Forms Authentication • This requires three steps: • Set up the authentication mode to forms in the Web.Config file • Deny access to anonymous users in the appropriate directories by setting the directories Web.Config file authorization • Create a login page to capture and verify usernames and passwords
Step 1 – configure the root Web.Config file • In the root of the project, modify the Web.Config file hold the following information: <configuration> <system.web> <authentication mode=“Forms”> </system.web> </configuration> • This will allow forms authentication to be used throughout the project.
Step 2 – Securing a directory • Select or create a directory you wish to secure. • In this directory create a Web.Config file with the following: <configuration> <system.web> <authorization> <deny users=“?” /> </authorization> </system.web> </configuration> • This prevents anonymous users from gaining access to any files within the directory
Step 3 – Create a login page • Create a .aspx page outside the folder you wish to secure. This must be done so the user can reach the page to log in. • View an example of the login page – Pay special attention to the Button_Click subroutine
Configuring Forms Authentication • The Authentication section of the Web.Config file can contain these optional forms elements: • loginUrl – the page for users to be redirected to if they are not authenticated (login page) • name – the cookie name that contains the Authentication Ticket • timeout – the amount of time in minutes before the cookie expires (default is 30 minutes) • path – the path used for the cookie (default is/) • protection – the way the cookie data is protected
Configuring Forms Authorization • This determines which users can access the ASP.Net pages within a directory. • Deny non authenticated users • Deny non authenticated users and selected users • Deny non authenticated users, selected users, but allow guests via a get request.
Authenticating Users with the Web.Config File • View the code
Authenticating Users with XML File • View the code
Authenticating Users with a Database Table • View the code