DanBAtkinson
asked on
Creating a login for Asp.Net
Hi there,
I have created a login interface for asp but I need to use asp.net for the database so I am in the process of creating
My version of Asp is unfortunately 1.1 and convincing Brinkster to up it to 2.0 is not that easy as they say it's too unstable!
Anyway...
I was wondering whether somebody would be able to point me in the direction of some good code for logging in (preferably put it in the page!)
My current code:
log_in.asp (included from login.aspx)
<%response.buffer = false%>
<%
Dim Conn_CONNECTIONSTRING
Dim Conn = Server.CreateObject("ADODB .Connectio n")
Dim objRecordset1
Conn.CONNECTIONSTRING = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.Mappath("../admin.m db") & ";"
Conn.Open
If request.form("login") = "yes" then
dim sqltemp
sqltemp="select * from tblConfig where username='"
sqltemp=sqltemp & request.form("username") & "'"
sqltemp=sqltemp & "AND password='"
sqltemp=sqltemp & request.form("password") & "'"
dim rstemp=Conn.execute(SQLTem p)
If NOT rstemp.eof then
session("logged_in") = "True"
response.redirect("index.a sp")
Else
response.write("Invalid Username")
End If
end if
%>
<html>
<head>
<title>Admin Login</title>
</head>
<body bgcolor=ffffff valign="top">
<form name="form1" method="post" action="login.aspx">
<b>Username</b><br>
<input type="text" name="username"><br><br>
<b>Password<br>
<input type="password" name="password">
<input type="hidden" name="login" value="yes"><br>
<br>
<input type="submit" name="Submit2" value="Submit">
<br>
</form>
</body>
</html>
loginchecker.asp (used to authenticate users in subsequent pages)
<% Response.Buffer = True %>
<%
If session("logged_in") <> "True" Then
Response.Redirect("log_in. asp")
End If
%>
Am I maybe calling the wrong page login.aspx?
If any of this can be re-used that would be great.
Thanks in advance.
I have created a login interface for asp but I need to use asp.net for the database so I am in the process of creating
My version of Asp is unfortunately 1.1 and convincing Brinkster to up it to 2.0 is not that easy as they say it's too unstable!
Anyway...
I was wondering whether somebody would be able to point me in the direction of some good code for logging in (preferably put it in the page!)
My current code:
log_in.asp (included from login.aspx)
<%response.buffer = false%>
<%
Dim Conn_CONNECTIONSTRING
Dim Conn = Server.CreateObject("ADODB
Dim objRecordset1
Conn.CONNECTIONSTRING = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.Mappath("../admin.m
Conn.Open
If request.form("login") = "yes" then
dim sqltemp
sqltemp="select * from tblConfig where username='"
sqltemp=sqltemp & request.form("username") & "'"
sqltemp=sqltemp & "AND password='"
sqltemp=sqltemp & request.form("password") & "'"
dim rstemp=Conn.execute(SQLTem
If NOT rstemp.eof then
session("logged_in") = "True"
response.redirect("index.a
Else
response.write("Invalid Username")
End If
end if
%>
<html>
<head>
<title>Admin Login</title>
</head>
<body bgcolor=ffffff valign="top">
<form name="form1" method="post" action="login.aspx">
<b>Username</b><br>
<input type="text" name="username"><br><br>
<b>Password<br>
<input type="password" name="password">
<input type="hidden" name="login" value="yes"><br>
<br>
<input type="submit" name="Submit2" value="Submit">
<br>
</form>
</body>
</html>
loginchecker.asp (used to authenticate users in subsequent pages)
<% Response.Buffer = True %>
<%
If session("logged_in") <> "True" Then
Response.Redirect("log_in.
End If
%>
Am I maybe calling the wrong page login.aspx?
If any of this can be re-used that would be great.
Thanks in advance.
ASKER
Thanks for that link. Is there no simpler method of writing an ASP.NET login that doesn't involve all of that code?
I was hoping that it would be simple to use.
The JS link seems closer to the mark but what I'd really like to know is if my code can be modified so that it can run in ASP.NET.
I was hoping that it would be simple to use.
The JS link seems closer to the mark but what I'd really like to know is if my code can be modified so that it can run in ASP.NET.
<%@ Import Namespace="System.Data.Sql Client" %>
<%@ Import Namespace="System.Data" %>
<HTML>
<HEAD>
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern ame.Text, Password.Text)
If login>0 Then
FormsAuthentication.Redire ctFromLogi nPage(user name.Text, False)
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection( _
ConfigurationSettings.AppS ettings("c onn")), _
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp e.StoredPr ocedure
cmd.Parameters.Add("@usern ame", SqlDbType.Varchar)
cmd.Parameters("@username" ).Value=ui d
cmd.Parameters.Add("@passw ord", SqlDbType.Varchar)
cmd.Parameters("@password" ).Value=pw d
cmd.Parameters.Add("@Login ", SqlDbType.Int)
cmd.Parameters("@Login").D irection=P arameterDi rection.Ou tput
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login ").Value
con.Close()
Return rtn
End Function
</Script>
<TITLE>ASP.NET Project</TITLE>
<link href="styles.css" rel="stylesheet">
</HEAD>
<BODY>
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_ bg.gif">
<tr>
<td><img src="images/header_top.gif "></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom. gif"></td>
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
<h1>Login: </h1>
<form runat="server">
<p>Username:<br><asp:textb ox id="username" size="20" runat="server" textmode="singleline" /></p>
<p>Password:<br><asp:textb ox id="password" size="21" runat="server" textmode="password" /></p>
<br>
<p><asp:button id="btn1" text="Login" onclick="LoginUser" runat="server" /></p>
</form>
</td>
</tr>
</table>
</BODY>
</HTML>
than create table with two columns "Username" and "Password", create a stored procedure as well which will return 1 if login's good and 0 if fails
<%@ Import Namespace="System.Data" %>
<HTML>
<HEAD>
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern
If login>0 Then
FormsAuthentication.Redire
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection( _
ConfigurationSettings.AppS
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp
cmd.Parameters.Add("@usern
cmd.Parameters("@username"
cmd.Parameters.Add("@passw
cmd.Parameters("@password"
cmd.Parameters.Add("@Login
cmd.Parameters("@Login").D
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login
con.Close()
Return rtn
End Function
</Script>
<TITLE>ASP.NET Project</TITLE>
<link href="styles.css" rel="stylesheet">
</HEAD>
<BODY>
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_
<tr>
<td><img src="images/header_top.gif
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom.
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
<h1>Login: </h1>
<form runat="server">
<p>Username:<br><asp:textb
<p>Password:<br><asp:textb
<br>
<p><asp:button id="btn1" text="Login" onclick="LoginUser" runat="server" /></p>
</form>
</td>
</tr>
</table>
</BODY>
</HTML>
than create table with two columns "Username" and "Password", create a stored procedure as well which will return 1 if login's good and 0 if fails
ASKER
I'm not sure why:
Comment from fahimnxb
Date: 03/19/2005 05:52PM GMT
Comment
Dear DanBAtkinson,
Following links contain source code for ASP.NET login screen.
http://www.daniweb.com/techtalkforums/thread6028.html (this is really good and explonatory enough to understand)
If still unclear also have a look with involving Java script too...
http://authors.aspalliance.com/aspguru/aspnet.aspx?Type=Art&ArtID=927
And the last option is; if still you need some thing more customized then let me know, and I will write some idea generating code for you.
Regards,
Me
Comment from DanBAtkinson
Date: 03/19/2005 06:09PM GMT
Your Comment
Thanks for that link. Is there no simpler method of writing an ASP.NET login that doesn't involve all of that code?
I was hoping that it would be simple to use.
The JS link seems closer to the mark but what I'd really like to know is if my code can be modified so that it can run in ASP.NET.
Comment from davidlars99
Date: 03/19/2005 09:22PM GMT
Comment
<%@ Import Namespace="System.Data.Sql Client" %>
<%@ Import Namespace="System.Data" %>
<HTML>
<HEAD>
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern ame.Text, Password.Text)
If login>0 Then
FormsAuthentication.Redire ctFromLogi nPage(user name.Text, False)
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection( _
ConfigurationSettings.AppS ettings("c onn")), _
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp e.StoredPr ocedure
cmd.Parameters.Add("@usern ame", SqlDbType.Varchar)
cmd.Parameters("@username" ).Value=ui d
cmd.Parameters.Add("@passw ord", SqlDbType.Varchar)
cmd.Parameters("@password" ).Value=pw d
cmd.Parameters.Add("@Login ", SqlDbType.Int)
cmd.Parameters("@Login").D irection=P arameterDi rection.Ou tput
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login ").Value
con.Close()
Return rtn
End Function
</Script>
<TITLE>ASP.NET Project</TITLE>
<link href="styles.css" rel="stylesheet">
</HEAD>
<BODY>
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_ bg.gif">
<tr>
<td><img src="images/header_top.gif "></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom. gif"></td>
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
is needed but ok! :)
I can't see where the db is opened (there is no reference to a db file in that.
About creating a stored proc also... I'm not familiar with this. What do you mean exactly?
Comment from fahimnxb
Date: 03/19/2005 05:52PM GMT
Comment
Dear DanBAtkinson,
Following links contain source code for ASP.NET login screen.
http://www.daniweb.com/techtalkforums/thread6028.html (this is really good and explonatory enough to understand)
If still unclear also have a look with involving Java script too...
http://authors.aspalliance.com/aspguru/aspnet.aspx?Type=Art&ArtID=927
And the last option is; if still you need some thing more customized then let me know, and I will write some idea generating code for you.
Regards,
Me
Comment from DanBAtkinson
Date: 03/19/2005 06:09PM GMT
Your Comment
Thanks for that link. Is there no simpler method of writing an ASP.NET login that doesn't involve all of that code?
I was hoping that it would be simple to use.
The JS link seems closer to the mark but what I'd really like to know is if my code can be modified so that it can run in ASP.NET.
Comment from davidlars99
Date: 03/19/2005 09:22PM GMT
Comment
<%@ Import Namespace="System.Data.Sql
<%@ Import Namespace="System.Data" %>
<HTML>
<HEAD>
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern
If login>0 Then
FormsAuthentication.Redire
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection( _
ConfigurationSettings.AppS
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp
cmd.Parameters.Add("@usern
cmd.Parameters("@username"
cmd.Parameters.Add("@passw
cmd.Parameters("@password"
cmd.Parameters.Add("@Login
cmd.Parameters("@Login").D
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login
con.Close()
Return rtn
End Function
</Script>
<TITLE>ASP.NET Project</TITLE>
<link href="styles.css" rel="stylesheet">
</HEAD>
<BODY>
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_
<tr>
<td><img src="images/header_top.gif
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom.
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
is needed but ok! :)
I can't see where the db is opened (there is no reference to a db file in that.
About creating a stored proc also... I'm not familiar with this. What do you mean exactly?
ASKER
Ooops.
Wasn't sure where this comes from:
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_ bg.gif">
<tr>
<td><img src="images/header_top.gif "></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom. gif"></td>
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
I can't see where the db is opened (there is no reference to a db file in that.
About creating a stored proc also... I'm not familiar with this. What do you mean exactly?
Wasn't sure where this comes from:
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/header_
<tr>
<td><img src="images/header_top.gif
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="157"><img src="images/header_bottom.
<td></td>
</tr>
</table>
<table with="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="160">
</td>
<td valign="top">
I can't see where the db is opened (there is no reference to a db file in that.
About creating a stored proc also... I'm not familiar with this. What do you mean exactly?
this is what should be used with that
Create Table Users (
UserName varchar(25),
Password varchar(8)
)
Insert Into Users (UserName,Password) Values ('davidlars99','password')
Create Procedure Login
@userName varchar(25),
@password varchar(8),
@code int out
As
Select @code=count(*) from users
where username=@username and password=@password
GO
Create Table Users (
UserName varchar(25),
Password varchar(8)
)
Insert Into Users (UserName,Password) Values ('davidlars99','password')
Create Procedure Login
@userName varchar(25),
@password varchar(8),
@code int out
As
Select @code=count(*) from users
where username=@username and password=@password
GO
and instead of
Dim con As New SqlConnection(Configuratio nSettings. AppSetting s("conn"))
use
Dim con As New SqlConnection("data source=localhost;uid=usern ame;pwd=pa ssword;ini tial catalog=table")
or
Dim con As New SqlConnection("data source=localhost; integrated security=SSPI; initial catalog=table")
Dim con As New SqlConnection(Configuratio
use
Dim con As New SqlConnection("data source=localhost;uid=usern
or
Dim con As New SqlConnection("data source=localhost; integrated security=SSPI; initial catalog=table")
ASKER
But that's inserting data into the database isn't it?
I just want to check it.
I just want to check it.
ok let me break it down for you
[ASP.NET Login Page]
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern ame.Text, Password.Text)
If login>0 Then
FormsAuthentication.Redire ctFromLogi nPage(user name.Text, False)
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection("data source=localhost;uid=usern ame;pwd=pa ssword;ini tial catalog=table"), _
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp e.StoredPr ocedure
cmd.Parameters.Add("@usern ame", SqlDbType.Varchar)
cmd.Parameters("@username" ).Value=ui d
cmd.Parameters.Add("@passw ord", SqlDbType.Varchar)
cmd.Parameters("@password" ).Value=pw d
cmd.Parameters.Add("@Login ", SqlDbType.Int)
cmd.Parameters("@Login").D irection=P arameterDi rection.Ou tput
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login ").Value
con.Close()
Return rtn
End Function
</Script>
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
[SQL Database Table]
Create Table Users (
UserName varchar(25),
Password varchar(8)
)
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -----
[SQL Stored Precedure]
Create Procedure Login
@userName varchar(25),
@password varchar(8),
@code int out
As
Select @code=count(*) from users
where username=@username and password=@password
GO
[ASP.NET Login Page]
<Script Language="VB" Runat="Server">
Public Sub LoginUser(sender As Object, e As System.EventArgs)
Dim login As Integer=Authenticate(usern
If login>0 Then
FormsAuthentication.Redire
End If
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
Dim con As New SqlConnection("data source=localhost;uid=usern
cmd As SqlCommand, _
rdr As SqlDataReader, _
rtn As Integer
cmd=New SqlCommand("Login", con)
cmd.CommandType=CommandTyp
cmd.Parameters.Add("@usern
cmd.Parameters("@username"
cmd.Parameters.Add("@passw
cmd.Parameters("@password"
cmd.Parameters.Add("@Login
cmd.Parameters("@Login").D
con.Open()
cmd.ExecuteScalar()
rtn=cmd.Parameters("@Login
con.Close()
Return rtn
End Function
</Script>
--------------------------
[SQL Database Table]
Create Table Users (
UserName varchar(25),
Password varchar(8)
)
--------------------------
[SQL Stored Precedure]
Create Procedure Login
@userName varchar(25),
@password varchar(8),
@code int out
As
Select @code=count(*) from users
where username=@username and password=@password
GO
oh yes almost forgot, instead of "@Login" use "@code"
ASKER
Sorry. I meant that I've never ever used stored procedures before.
I've looked into that but I have a question. At no point in that above example is an Access database called (at least I can't find one).
You said you'd break it down for me I don't have an SQL table, I'm not using an SQL db, just queries.
I've looked into that but I have a question. At no point in that above example is an Access database called (at least I can't find one).
You said you'd break it down for me I don't have an SQL table, I'm not using an SQL db, just queries.
ASKER
Or rather MS SQL queries.
ASKER
Oh dear.
Please forgive me. It's Sunday morning and I'm not feeling very well.
Please forgive me. It's Sunday morning and I'm not feeling very well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
I have something along the lines of:
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Ole DB" %>
<html>
<head>
<Script Language="VB" Runat="Server">
sub Page_Load
dim dbconn
dbconn=New OleDbConnection("Provider= Microsoft. Jet.OLEDB. 4.0;data source=" & server.mappath("admin.mdb" ))
dbconn.Open()
dim sql="SELECT * FROM tblConfig"
dim Cmd As OleDbCommand = New OleDbCommand(sql,dbconn)
dim reader As OleDbDataReader
reader = Cmd.ExecuteReader()
dbconn.Close()
end sub
Public Sub LoginUser(sender As Object, e As System.EventArgs)
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
End Function
</script>
<title>Admin Login</title>
</head>
<body>
<form runat="server">
<table border="1">
<th>
Username:</b><asp:TextBox id="username" runat="server" /><br>
Password:</b><asp:TextBox id="password" TextMode="password" runat="server" /><br>
<asp:Button OnClick="LoginUser" Text="Submit" runat="server" />
</th>
</table>
</form>
</body>
</html>
Because of my currently limited knowledge of .net, I assume that by placing the dbconnections into the web.config file, you remove the possibility for hacking as the location of the database is hidden from the page itself. I may be wrong but I've only been doing Asp.net properly for a week at best.
I think Brinkster insists that the web.config file be placed in the webroot of the site which is annoying because my admin area is about 4 levels down from the root.
My main problem with the last login (which was all asp based) was that for some reason the session variable 'logged_in' was not passed on past the first page and would not work with asp.net pages.
I'd also just like to say thanks for your patience, it is appreciated.
I have something along the lines of:
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Ole
<html>
<head>
<Script Language="VB" Runat="Server">
sub Page_Load
dim dbconn
dbconn=New OleDbConnection("Provider=
dbconn.Open()
dim sql="SELECT * FROM tblConfig"
dim Cmd As OleDbCommand = New OleDbCommand(sql,dbconn)
dim reader As OleDbDataReader
reader = Cmd.ExecuteReader()
dbconn.Close()
end sub
Public Sub LoginUser(sender As Object, e As System.EventArgs)
End Sub
Function Authenticate(uid As String, pwd As String) As Integer
End Function
</script>
<title>Admin Login</title>
</head>
<body>
<form runat="server">
<table border="1">
<th>
Username:</b><asp:TextBox id="username" runat="server" /><br>
Password:</b><asp:TextBox id="password" TextMode="password" runat="server" /><br>
<asp:Button OnClick="LoginUser" Text="Submit" runat="server" />
</th>
</table>
</form>
</body>
</html>
Because of my currently limited knowledge of .net, I assume that by placing the dbconnections into the web.config file, you remove the possibility for hacking as the location of the database is hidden from the page itself. I may be wrong but I've only been doing Asp.net properly for a week at best.
I think Brinkster insists that the web.config file be placed in the webroot of the site which is annoying because my admin area is about 4 levels down from the root.
My main problem with the last login (which was all asp based) was that for some reason the session variable 'logged_in' was not passed on past the first page and would not work with asp.net pages.
I'd also just like to say thanks for your patience, it is appreciated.
ASKER
Just wondering whether you had had a chance to come back to this yet.
ok, you said you have access database right..? create table with 2 columns
Username
Password
both should be text columns
Username
Password
both should be text columns
ASKER
I've done that.
ASKER
The table is called tblConfig.
create "web.config" file and put this code in
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms name="myLoginCookie" loginUrl="login.aspx" slidingExpiration="true">
<authorization>
<deny users="?" />
</authorization>
</forms>
</authentication>
</system.web>
</configuration>
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms name="myLoginCookie" loginUrl="login.aspx" slidingExpiration="true">
<authorization>
<deny users="?" />
</authorization>
</forms>
</authentication>
</system.web>
</configuration>
ASKER
Done!
sorry use this one
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms name="myLoginCookie" loginUrl="login.aspx" slidingExpiration="true">
<credentials passwordFormat="Clear" />
</forms>
<authorization>
<deny users="?" />
</authorization>
</authentication>
</system.web>
</configuration>
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms name="myLoginCookie" loginUrl="login.aspx" slidingExpiration="true">
<credentials passwordFormat="Clear" />
</forms>
<authorization>
<deny users="?" />
</authorization>
</authentication>
</system.web>
</configuration>
ASKER
Done!
ASKER
Um... Is there anything else?
ASKER
davidlars99: is there any way you could continue this as I would like to get the asp.net admin area up and running as soon as possible.
Thanks.
Thanks.
ASKER
Is there anybody else who could possibly finish this off at all???
Thanks.
Thanks.
I'll come back to this later this afternoon until than you have to be patient, sorry it's my work schedule not me... :)
ASKER
Apologies. I thought you'd deserted me! :>
ok replace two previous blank functions named "LoginUser" and "Authenticate" with these new ones
Public Sub LoginUser(ByVal sender As Object, ByVal e As System.EventArgs)
If Authenticate(txtUserName.T ext, txtPassword.Text) > 0 Then
FormsAuthentication.Redire ctFromLogi nPage(txtU serName.Te xt, True)
End If
End Sub
Function Authenticate(ByVal userName As String, ByVal password As String) As Integer
Dim cn As OleDbConnection = New OleDbConnection("Provider= Microsoft. Jet.OLEDB. 4.0;Data Source=" & Server.MapPath("admin.mdb" ))
Dim cmd As OleDbCommand = New OleDbCommand("SELECT Count(*) FROM tblConfig WHERE Username=@username AND Password=@password", cn)
cmd.Parameters.Add("@usern ame", userName)
cmd.Parameters.Add("@passw ord", password)
cn.Open()
Dim status As Integer = cmd.ExecuteScalar()
cn.Close()
Return status
End Function
Public Sub LoginUser(ByVal sender As Object, ByVal e As System.EventArgs)
If Authenticate(txtUserName.T
FormsAuthentication.Redire
End If
End Sub
Function Authenticate(ByVal userName As String, ByVal password As String) As Integer
Dim cn As OleDbConnection = New OleDbConnection("Provider=
Dim cmd As OleDbCommand = New OleDbCommand("SELECT Count(*) FROM tblConfig WHERE Username=@username AND Password=@password", cn)
cmd.Parameters.Add("@usern
cmd.Parameters.Add("@passw
cn.Open()
Dim status As Integer = cmd.ExecuteScalar()
cn.Close()
Return status
End Function
ASKER
Ok. I've written that into it thanks.
ASKER
I'm sure that you're busy or something but was there anything else I need to add?
Say if I go to another page and the authenticity of the user needs to be verified perhaps?
Thanks.
Say if I go to another page and the authenticity of the user needs to be verified perhaps?
Thanks.
default expiration time is 30 minutes and you can visit any page during that time, after 30 minutes it will renew itself because in your web.config file you have "slidingExpiration" attribute set to "true". Also I suggest you read some materials on the web such as this one
part 1
http://www.15seconds.com/issue/020220.htm
part2
http://www.15seconds.com/issue/020305.htm
part 1
http://www.15seconds.com/issue/020220.htm
part2
http://www.15seconds.com/issue/020305.htm
ASKER
Ok. Thankyou for those sources.
I receive the following error when I run it:
It is an error to use a section registered as allowDefinition='MachineTo Applicatio n' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
I receive the following error when I run it:
It is an error to use a section registered as allowDefinition='MachineTo
ASKER
Although putting the web.config file in the webroot (as the host suggests) helps.
When I run that, I get the error:
'Unrecognized tag 'authorization' in the config file' pointing to:
<authorization>
Any ideas/suggestions please?
When I run that, I get the error:
'Unrecognized tag 'authorization' in the config file' pointing to:
<authorization>
Any ideas/suggestions please?
ASKER
Fixed that problem by closing the authentication tags before the form.
The login window now works but it (eventually) takes me to this page on the website:
www.mysite.com/login.aspx?ReturnUrl=%2fproject%2fv1%2fadmin%2fnewlog%2flogin.aspx
My login page is stored in mysite.com/project/v1/admi n/newlog/l ogin.aspx (although once the login works it will be moved to another directory.
Is there anything I can do?
The login window now works but it (eventually) takes me to this page on the website:
www.mysite.com/login.aspx?ReturnUrl=%2fproject%2fv1%2fadmin%2fnewlog%2flogin.aspx
My login page is stored in mysite.com/project/v1/admi
Is there anything I can do?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you are working with visual studio .net then you don't have to worry about these things, but if you manualy creating all the pages than you have to follow these steps
ASKER
I'm not working with VS.Net. Everything I've been doing has been solely in Notepad. I don't have IIS installed on my computer. Do I need it?
I've just been uploading the files to my webhost (Brinkster).
I've just been uploading the files to my webhost (Brinkster).
is everything what we have been doing here working...? then don't worry..! and no, you don't need IIS unless "*.aspx" are served on your local computer
ASKER
No. It doesn't appear to be working. If it was I would have accepted your code! It appears that the original login.aspx has some problems (mainly due to txtUsername and txtPassword not being declared). I changed these to the ones in the textboxes.
The login box now works but redirects to default.aspx on my webroot. Where is the redirect code for this so that I can edit the directory and page?
And what authetication code do I need when I go to another page?
The login box now works but redirects to default.aspx on my webroot. Where is the redirect code for this so that I can edit the directory and page?
And what authetication code do I need when I go to another page?
there is no redirect code, that's the way ASP.NET works when you are authenticated from "login.aspx"
ASKER
Thanks. It automatically redirects to default.aspx on the webroot no matter what? Don't get me wrong but isn't there a way to change the redirect?
ASKER
I've set up a basic response.redirect to the right directory.
The problem with authenticating users going to pages after logging in. How does the page confirm whether the user is still genuine?
I mean a login checker such as:
<%
If session("logged_in") <> "True" Then
Response.Redirect("log_in. asp")
End If
%>
The problem with authenticating users going to pages after logging in. How does the page confirm whether the user is still genuine?
I mean a login checker such as:
<%
If session("logged_in") <> "True" Then
Response.Redirect("log_in.
End If
%>
ASKER
Right. It's 10 minutes before I leave for Easter, this has been doing for 5 days now so it's time to wrap it up.
I think it's fair to say that davidlars99 has won the points. I'll open up another question on Tuesday regarding a authenticity checker (probably along the lines of:
Sub Page_Load()
If User.Identity.IsAuthentica ted Then
displayCredentials.InnerHt ml = "Current User : <b>" & User.Identity.Name & "</b><br><br>Authenticatio n Used : <b>" & User.Identity.Authenticati onType & "</b>"
Else
displayCredentials.InnerHt ml = "Sorry, you have not been authenticated."
End If
End Sub
Thanks very much for your help.
I think it's fair to say that davidlars99 has won the points. I'll open up another question on Tuesday regarding a authenticity checker (probably along the lines of:
Sub Page_Load()
If User.Identity.IsAuthentica
displayCredentials.InnerHt
Else
displayCredentials.InnerHt
End If
End Sub
Thanks very much for your help.
ASKER
I have awarded 400 points for the login.aspx code and 100 points for the web.config file. Both are to davidlars99 for his excellent contribution.
Points are also split so that people can see easily what the points were for.
Points are also split so that people can see easily what the points were for.
I'm glad you got it up and running, however I'm sorry to be so slow as I said it's my ugly schedule not me... :)
ASKER
hehe! No worries. That sub actually worked as well (except some ';' error) so it's all good!
Thanks a lot!!!
Happy Easter!
Thanks a lot!!!
Happy Easter!
same to you :)
Following links contain source code for ASP.NET login screen.
http://www.daniweb.com/techtalkforums/thread6028.html (this is really good and explonatory enough to understand)
If still unclear also have a look with involving Java script too...
http://authors.aspalliance.com/aspguru/aspnet.aspx?Type=Art&ArtID=927
And the last option is; if still you need some thing more customized then let me know, and I will write some idea generating code for you.
Regards,
Me