Concept behind ASP.NET user LOGIN application?

omar wrote:

im migrating from asp to asp.net. im a bit confused about form
authentication in ASP.NET ...

in ASP if I wanted to create a login application I would simply query
the db for the username and password entered in a form and if a count
of 1 was returned i would set cookies and redirect and so on.

I could do this in ASP.NET, but is this what is supposed to be done?
because in my ASP.NET unleashed book I dont see any examples of a
login app except an entire chapter on form authentication and its a
little confusing.

What is the most proper concept behind creating a login in ASP.NET?

Logging in is a process that has 2 parts: authentication (who is logging
in?)
and authorization (what is this person allowed to do?).

ASP.NET can take care of the authorization part with the aid of
configuration files. The idea is to indicate in web.config who
has which rights to a certain folder. No more code is needed.
If the user is not yet logged in, he or she is redirected to a login
page automatically.

The only thing you still have to do is make the login page and do
the authentication, but there are a few useful functions in ASP.NET
that make it very easy, such as:
FormsAuthentication.RedirectFromLoginPage.

--

Jos

Omar,
What u r doing also can be implemented in .net, But not many want to do
that, What u can do is Check the DB for Login and password and set up a
session just like the classical ASP.
If u want an example let me know I have one.
Regards
Khan Imran
"omar" <om****@REMOVEoptonline.net> wrote in message
news:uN**************@TK2MSFTNGP12.phx.gbl...

thanks,
but what about when your users are stored in a database and you want to give access to certain pages not folders necessarily.

In asp we would create a session or cookie upon login and give access to a
page by seeing if the session or cookie existed. is this not really the
proper way in asp.net?

thank you
omar

Omar,
What u r doing also can be implemented in .net, But not many want to do
that, What u can do is Check the DB for Login and password and set up a
session just like the classical ASP.
If u want an example let me know I have one.
Regards
Khan Imran
"omar" <om****@REMOVEoptonline.net> wrote in message
news:uN**************@TK2MSFTNGP12.phx.gbl...

thanks,
but what about when your users are stored in a database and you want to give access to certain pages not folders necessarily.

In asp we would create a session or cookie upon login and give access to a
page by seeing if the session or cookie existed. is this not really the
proper way in asp.net?

thank you
omar

Hey Omar, I ran in to the same thing the first time I
wanted to move from a classic ASP solution to ASP.NET.
There's some really cool functionality and some decent
examples out there. Here's one I created just to show
some possible configuration settings in the web.config
file:

http://www.simpleasp.net/DesktopDefault.aspx?tabid=42

This example is using Forms based Authentication and URL
based Authorization.

Another good basic example is here:

http://www.15seconds.com/issue/020220.htm

In my simple example, I put the user name and password in
the config file. Not something I'd do in a production
app. You can use your login page to verify the user name
and password against a database like you are doing now in
ASP. Once you do this, you can use the methods exposed by
the FormsAuthentication class to set an authentication
cookie (note that ASP.NET does all the cookie work for
you. You don't have to write any code).

Good luck!

-----Original Message-----
"Khan Imran" <im*******@htmt.soft.net> wrote in message
news:uu**************@TK2MSFTNGP12.phx.gbl...

Omar,
What u r doing also can be implemented in .net, But not many want to do that, What u can do is Check the DB for Login and password and set up a session just like the classical ASP.
thanks khan, when u say "What u r doing also can be

implemented in .net, Butnot many want to do that" are you referring to doing it the classical ASPway, checking the db and setting sessions?

thank you,
omar
.

Hey Omar, I ran in to the same thing the first time I
wanted to move from a classic ASP solution to ASP.NET.
There's some really cool functionality and some decent
examples out there. Here's one I created just to show
some possible configuration settings in the web.config
file:

http://www.simpleasp.net/DesktopDefault.aspx?tabid=42

This example is using Forms based Authentication and URL
based Authorization.

Another good basic example is here:

http://www.15seconds.com/issue/020220.htm

In my simple example, I put the user name and password in
the config file. Not something I'd do in a production
app. You can use your login page to verify the user name
and password against a database like you are doing now in
ASP. Once you do this, you can use the methods exposed by
the FormsAuthentication class to set an authentication
cookie (note that ASP.NET does all the cookie work for
you. You don't have to write any code).

Good luck!

-----Original Message-----
"Khan Imran" <im*******@htmt.soft.net> wrote in message
news:uu**************@TK2MSFTNGP12.phx.gbl...

Omar,
What u r doing also can be implemented in .net, But not many want to do that, What u can do is Check the DB for Login and password and set up a session just like the classical ASP.
thanks khan, when u say "What u r doing also can be

implemented in .net, Butnot many want to do that" are you referring to doing it the classical ASPway, checking the db and setting sessions?

thank you,
omar
.