[andreasberglind]

I want to add a login function for my ASP.net site. I guess I need a database for usernames and passwords, but I don´t have a clue how I should implement this. All I know is this: The pages I want to request a login for should be in a seperate folder, and I should do something in Web.config.

Could someone walk me through this process? Is there any good guides?

[Shane]

Here's some of my code.


Login.aspx (note: this is just the code, not the markup part with the html)

Code:

		private void btnSubmit_Click(object sender, System.EventArgs e)
		{
                     if(Page.IsValid) 
			{
				Users users = new Users();
				bool auth;
				auth = users.AuthenticateUser(txtUsername.Text,txtPassword.Text);

				if(auth) 
				{
	// authenticated was successful, lets create the authentication cookie and redirect them to another place (either where they were trying to go to or default.aspx)
				FormsAuthentication.RedirectFromLoginPage(txtUsername.Text,false);
				}
				else 
				{ 
					lblMessage.Text = "Account information was incorrect. Please try again!";
				
				}
			}
			else 
			{
				lblMessage.Text = "Missing some fields. Please try again.";
			}
}

My authentication method that gets called from the code above

Code:

		public bool AuthenticateUser(string username, string password) 
		{
			bool authenticated;
			SqlDataReader reader;
			SqlConnection conn = new SqlConnection(Globals.ConnectionString());
			SqlCommand cmd = new SqlCommand("AuthenticateUser",conn);

			cmd.CommandType = CommandType.StoredProcedure;
			cmd.Parameters.Add("@username",username);
			cmd.Parameters.Add("@password",password);
			conn.Open();
			reader = cmd.ExecuteReader();
			
			if(reader.Read()) 
			{
				authenticated = true;
			}
			else 
			{
				authenticated = false;
			}

			reader.Close();
			conn.Close();
			conn.Dispose();
			

			return authenticated;
		}

And finally, the web.config file. Add these lines between your system.web tags.

Code:

    <authentication mode="Forms">
		<forms name="FormsEClient" loginUrl="login.aspx" protection="All" />
	</authentication> 



    <authorization>
	
        <deny users="?" />

    </authorization>

The web.config is one of the most important parts. The first tag in it tells asp.net to use forms authentication for this application. The loginUrl parameter sets the login form that they will automatically be redirected to if they are not logged in.

The authorization tag is just saying, "asp.net, deny all users who are anonymous (the question mark means anonymous)".

What you may want to do is implement the code in the web.config first, create a login.aspx page and just test it out. If you go to a page in your application when you are not authenticated and you end up getting redirected to login.aspx, then it's working.

[Cyberbratt]

Hi there... im getting errors with Users users = new Users();

Error 1
The type or namespace name 'Users' could not be found (are you missing a using directive or an assembly reference?)

Please kindly help me...

[GurkanAlkan]

Quote:

Originally Posted by Cyberbratt

Hi there... im getting errors with Users users = new Users();

Error 1
The type or namespace name 'Users' could not be found (are you missing a using directive or an assembly reference?)

Please kindly help me...

You didnot add a reference for Users class. (To use User class, add its reference)

[Yeroon]

Or you didnt actually create the user class:

Code:

using System.Data;
using System.Data.SqlClient;

public class Users
{
    public bool AuthenticateUser(string username, string password)
    {
        bool authenticated;
        SqlConnection conn = new SqlConnection(Globals.ConnectionString());
        SqlCommand cmd = new SqlCommand("AuthenticateUser", conn);

        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Parameters.AddWithValue("@username", username);
        cmd.Parameters.AddWithValue("@password", password);
        conn.Open();
        SqlDataReader reader = cmd.ExecuteReader();

        if (reader.Read())
        {
            authenticated = true;
        }
        else
        {
            authenticated = false;
        }

        reader.Close();
        conn.Close();
        conn.Dispose();

        return authenticated;
    } 
}

I replaced Add with AddWithValue, since the Add function is obsolete now. And I joined the "SqlDataReader reader" declaration and assigment.

Other than that this has been the most simple example I have seen for authentication

[jumpingoffplace]

I have used this code and keep getting this error, "Globals does not exist in the current context." I've followed this code to the letter, could I be missing something?

Thanks so much!

~J

[Yeroon]

Make sure you have a connection string in your web.config like this

Code:

<appSettings>
  <add key="ConnectionInfo" value="server=(local);database=Northwind;Integrated Security=SSPI" />
</appSettings>

And replace the line with the Globals error with this:

Code:

SqlConnection conn = new SqlConnection(ConfigurationSettings.AppSettings["ConnectionInfo"]);