Even in the days of ASP.NET 1.0/1.1, as a developer you might have
spent a lot of time creating login / authentication modules and pages. You spent
a lot of time designing and coding pages for user management. Till the last
version you have to write and implement a login framework, authenticate users
against a database, written code to react to the currently logged-in user. But
with the Inception of ASP.NET 2.0, you will have some great tools available to
help implementing such framework. Though you still have to write some code, but
the initial pain of implementing has been eased with server-side controls
provided with ASP.NET 2.0. With the new UI server side controls you can secure
your web-site, and manage users. ASP.NET 2.0 has inbuilt site tool to configure
and manage users and roles.
In this article we will explore this great feature of ASP.NET 2.0. First we need
to create a web app. Before that make sure SQL EXPRESS is up and running
For this web app create one Master Page, one Default.aspx, CreateUser.aspx,
ChangePassword.aspx, Login.aspx. The master page design should look like Figure
1. (You can change the same but for the demo using the format as shown in Figure
1)
Figure 1 - The Master Page Design
We will start now clicking the ASP.NET Configuration button. The button is
placed at the upper right corner of the Solution Explorer (see Figure 2).
Figure 2 - Starting the ASP.NET Configuration
On clicking the button we are taken into the configuration page (see Figure
3), which is opened in the Internet Explorer.
Figure 3 - The ASP.NET 2.0 Site Configuration Page
Now click the security link. The security configuration page will appear (see
Figure 4). We need to do a couple of things as your site is enabled to support
only windows authentication.
Figure 4 - Configuring Security for the ASP.NET Application
Click Select authentication type link.
Select From Internet option and click the done button (see Figure 5). Now you
are back to the earlier page. Here click Enable Roles. As soon as you click the
link, you will see that Create or Manage Role link gets activated. Click the
link to create couple of roles. One as administrators and another as users. Now
click the back button to come to the Home Page.
Figure 5 - Configuring Application Security Access to be
from the Internet
Now let us create some users. Say one user as admin and password …anything of
your choice, and put under administrators role. Remember Password length is
minimum: 7 and one Non-alphanumeric characters required, i.e. characters like @,
$, ! etc…..special characters.
At this point you can close the site and return back to the project. Now
refresh the solution explorer. There you will find that one folder named
App_Data has been automatically created and contains one SQL DATABASE. That
database contains the user name and password that you have created and will be
creating in the future through ASP.NET Configuration tool or through your APP.
The password stored in the database are encrypted by one-way Hash algorithm. The
Site will be very much secured site and as a developer you don’t have to do
much.
Figure 6 - The Login Control
Now lets go back to our project and we will be using some special server
controls shown in the LOGIN tab of the toolbox (see Figure 6). Open the
default.aspx in the design. Drag and drop the LoginView control in the content
place holder and the crate hyperlink of Login.aspx and CreateUser.aspx by simply
drag and drop the two pages. The page should look like the Figure 7.
Figure 7 - A Page Containing the Login Control
Now click the Smart tag in the control and select LoggedIn Template. Then
write: "Welcome and drag and drop the LoginName control."
Now create a hyperlink to ChangePassword.aspx by simply dragging and dropping
the control onto the form.
Now open the login.aspx and set up a login form. Drag and drop the login
control from the toolbox. At this point you can run the app and see the outcome.
Now lets create another page named ForgotPass.aspx. This page will help the user
to retrieve the password. Now drag and drop the PasswordRecovery control from
the toolbox. Now go back to the login page and open the property of the login
control. Find the property named PasswordRecoveryText and type in “Forgot
Password” and then select the PasswordRecoveryURL property and point to the
ForgotPass.aspx. We will need to change some property and also need to go back
to the ASP.NET Configuration page to make the password recovery works later.
Now open up the ChangePassword.aspx page and drag and drop the changePassword
control form the toolbox (see Figure 8). That’s it. Your change password
component is up and running.
Figure 8 - ChangePassword Control on a Page
Now let us work on the create user page. Open it and drag and drop
CreateUserWizard Control (see Figure 9).
Figure 9 - The CreateUserWizard Control
Now run the app to see that without writing a single line of code how your
role and membership of a site is ready.
Before we conclude, there are some changes to made in the ASP.NET Configuration
page to enable password recovery system to work properly.
Open that page again and select Application Tab. There you will see configure
e-mail settings. Click that and put in your SMTP server details.
Then close the configuration page and open the Password Recovery Page. In the
property of the Password Recovery Control enter in the details as shown in
Figure 10. (Change according to your Mail Definition). Now you are up and
running.
Figure 10 - Password Recovery Control Properties Dialog Box
