Two Quick Ways to Perform ASP.NET Authentication

Authentication is the process of validating a user based on a set of credentials such as username, password, and e-mail address. Suppose you own a small Web development company that uses ASP.NET, and you want to give your users a secured area from where they can download or view additional resources such as tutorials. You would have to store crucial user data such as usernames and passwords (preferably in a database such as Microsoft Access or SQL Server) and then authenticate users based on those credentials with a help of the relevant ASP.NET code. This process involves a huge amount of work for developers, including such tasks as creating tables, stored procedures, and so on.ASP.NET offers simpler ways to validate users-with little work required. By applying ASP.NET programming logic, you can store user data in XML files and then validate users using those files. If you have a limited number of users, you can store the credentials in a Web configuration file (Web.Config) instead. Th is article shows you how to apply ASP.NET user authentication using either a Web.Config file or an XML file. If you have not already, you'll need to install Microsoft's ASP.NET Web Matrix, a free editor available for download from http://www.asp.net Authenticating Users Using a Web.Config FileWeb.Config is the main configuration file that ASP.NET applications use for storing global parameters such as connection strings for databases, passwords, and so forth. You should . save this file inside the root directory of your ASP.NET application to perform authentication using the Web.Config file, you need to create a file as shown in Listing 1.1: DENIES access to all anonymous users denies access to Both anonymous and authenticated users allows access to all anonymous Users allows access to Both Anonymous and Authenticated Users the next step is to c reate an ASP.NET page that contains the real code for verifying a user as given in Listing 1.2 if IsValid thenif FormsAuthentication.Authenticate (txtUsername.Text, txtPassword.Text) ThenlblStatus.Text = "Username and Passwords are correct" elselblStatus.Text = "Invalid UserName and Passwords" end ifndiff

This code uses the Authenticate method of the FormsAuthentication class to validate a user. The Authenticate method takes the corresponding text fields as parameters. If the entered data is incorrect, it executes the statement inside the else part. You can also redirect a user to another Web site if the entered data is correct by slightly modifying Listing 1.2 to the code shown in Listing 1.3: Listing 1.3if IsValid thenif FormsAuthentication.Authenticate (txtUsername.Text, txtPassword.Text) ThenResponse.Redirect ( "http: //www.developer .com ") elselblStatus.Text =" Invalid username and Passwords "end ifend ifAuthentication means validating a user based on a set of credentials, such as e-mail, username, and password. Authorization occurs after authentication. Authorization requires specifying access restrictions and Permissions for your users. hence, these Terms Are Different But Interreventing Uses Using An Xml Fileeven Though You Can Easily Authenticate Users by Using A Web.conf ig file, it is not advisable for sites with a large number of users. It is also very difficult to implement an automated system that directly adds users to the Web.Config file. A Web developer should manually add new usernames and passwords to the file For Each New User. To Avoid This Hassle, ASP.NET Provides A Facility for Authenticating Users Using An Xml File. for this purpose, you have to create both a web.config file (listing 1.4) And an xml file (Listing 1.5) : Listing 1.4 listing 1.5 <

User> Bob 123 Mark 456 Peter 789 The next step is to create an asp.net page. Because it Has To Check Two Credentials (UserName and Password), You Have to TO add two TextBox controls and a Button control to the form Double-click the button control and add the code given in Listing 1.6:. Listing 1.6If IsValid thenIf XMLAuthentication (txtUsername.Text, txtPassword.Text) ThenResponse.Redirect ( "http: / /www.developer.com")End IfEnd IfListing 1.6 passes the two control IDs as parameters to the XMLAuthentication method. This method will contain the real code to authenticate users from your XML file. Further, if the username and password match with that of the XML file, the user will be redirected to the developer.com home page The source code for this method is given in Listing 1.7:. Listing 1.7Dim dstPwd as DataSetDim dtblPwd as DataTableDim users () as DataRowdstPwd = New DataSet () dstPwd. ReadXML ("pwd.xml")) DTBLPWD = DSTPWD.TABLES (0) Users = dtblpwd.select ("Name = '" & struserName & ") IF users.length> 0 Thenif users (0) (" pwd ") = strPwd ThenReturn TrueElselblStatus.Text =" Invalid Password "End IfElselblStatus.Text =" Username does not exist "End IfReturn FalseEnd FunctionIn Listing 1.7, the XML file is loaded by using the built-in ReadXML () method, and the Xmlauthentication Method Checks Both The Username and Password. The Method Displays The Relevant Messages in The Label Control.about The Author