473,785 Members | 2,863 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Authenticate Users In Web.Config?

Suppose a web.config file (existing in C:\Inetpub\wwwr oot\ASPX) has the
following code:

<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms name="Authentic ateUser"
loginUrl="Valid ateUser.aspx">
<credentials passwordFormat= "Clear">
<user name="simon" password="nomis "/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credential s" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers. aspx".

Moreover when a user is directed to "ValidateUsers. aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credential s" element (which is what I have
done above), how do I programmaticall y validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers. aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx" , in the ASPX directory, he will be
directed to "ValidateUsers. aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.a spx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #1
1 2437
Validating dynamically from a database requiers some work. The simplest way
is adding membership through the ASP.NET web configuration tool. Add a
database and configure. If you wish to use SQL Server proper, you will have
to run the aspnet_regsql on the database and add the proper membership
section to the web.config. You can play by adding a SQL express db (the
default) and changing the conn string to point to the server (yes, really
lazy way of doing things).

You can configure what you want to require for users by changing items in
the membership provider tag in the web.config.

If you, instead, want to check against a table you have created, open a Sql
connection in Visual Studio (note, I believe this requires Pro or greater).
Add a DataSet to your project and drag the table onto your page. You can
then use the created TableAdapter to query the database. You will end up
having to add one sql statement.

You can also hand code ADO.NET and your SQL statement. Remember to
parameterize any text queries to avoid SQL injection attacks.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** *************** *************** ****
Think outside of the box!
*************** *************** *************** ****
"Arpan" <ar******@hotma il.comwrote in message
news:11******** *************@k 70g2000cwa.goog legroups.com...
Suppose a web.config file (existing in C:\Inetpub\wwwr oot\ASPX) has the
following code:

<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms name="Authentic ateUser"
loginUrl="Valid ateUser.aspx">
<credentials passwordFormat= "Clear">
<user name="simon" password="nomis "/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credential s" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers. aspx".

Moreover when a user is directed to "ValidateUsers. aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credential s" element (which is what I have
done above), how do I programmaticall y validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers. aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx" , in the ASPX directory, he will be
directed to "ValidateUsers. aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.a spx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1540
Create and authenticate user in AD
by: Renato Neves | last post by:
The following code is working fine, i can create the user in the Active Directory and "enable" it. My problem is that, when i'm trying to authenticate him, i can't get to work!! The user and pass is correct, but it can't authenticate. If i try other user created in the AD, it work just fine!!! <-------------------------------------------------------------------------------------------------------------> < ...
.NET Framework
2
3183
DB2 suddenly become unable to NIS authenticate?
by: allenj | last post by:
DB2 UDB 7.2 WSE Fixpak 9 Linux Red Hat 7.3 A very strange thing just happened w/ my DB2 server. I am on Linux and using NIS - the instance owner is in the servers /etc/passwd file. Suddenly, DB2 would not authenticate any NIS-based logins, but it *would* authenticate the local non-NIS instance owner. This was happening not only w/ local connections on the server, but also
DB2 Database
1
1131
Browser not requested to authenticate if Site is Trusted
by: Larry Page | last post by:
OK, I've searched and I'm stumped. Many of or intranet users have configured our portal as a 'trusted site' in their browsers. This keeps them from getting prompted to logon when accessing pages while at the office. The problem is, when they attempt to access the same pages remotely, they are never prompted for their domain logon. Instead, they are denied access. All of our web pages are asp.net and the ones with issues all use...
ASP.NET
2
1709
a webservice to authenticate the users against
by: J-T | last post by:
I need to create a webserivce which is able to talk to the following components: 1) Another webservice which is written by java and talks to its own backend database to authenticate the users 2) Directly talk to a sql server database containg a table to store username and passwords 3) Directoly talks to an Oracle Databse containg a table to store username and passwords 4) Can query our internal Active Directory to authenticate our
.NET Framework
1
4538
Problem handling Login control Authenticate event
by: EricRybarczyk | last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0. The existing ASP application has several types of users, each with a separate login process (separate login page, separate DB tables, etc). For one of these user types, the current application has an additional input field required for login… they have a username, password, and another “location code” field. Please don’t make me explain or justify this…...
ASP.NET
1
13270
Authenticate user against active directory
by: fomalhaut | last post by:
Hi All, I'm builing an application that requires domain admin access to run, and I'm trying to allow for the application to be run as a normal user and allow the user to provide it with a username/password that has the access. I have a method that will check if the username/password is correct, however, it will only authenticate the user running the program...
C# / C Sharp
4
2289
Authenticate against Active Directory
by: Jon | last post by:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a server outside their network, yet they want to authenticate users against their internal active directory set up (they will open the necessary ports). So, I have a simple login page with username and password, and then I will authenticate that credentials entered against their AD server. I am having a real hard time figuring this out. We can't use Windows Forms...
ASP.NET
6
2240
How authenticate user manually?
by: Cirene | last post by:
I have a subdir called "customer" that only allows authenticated users (using web.config.) In my login.aspx I allow them to pass username/password in query string. Then I go to a default page. Am I doing this right? It doesn't seem to authenticate in IE6, only IE7 and Firefox. If Membership.ValidateUser(request.querystring("User"),
ASP.NET
0
9645
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look ! Part I. Meaning of...
General
0
9480
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10329
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
10092
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8974
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6740
Couldnt get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5511
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4053
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3650
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us