473,402 Members | 2,053 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > authenticate users in web.config?

Join Bytes to post your question to a community of 473,402 software developers and data experts.

Authenticate Users In Web.Config?

Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the
following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".

Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #1
1 2424
Validating dynamically from a database requiers some work. The simplest way
is adding membership through the ASP.NET web configuration tool. Add a
database and configure. If you wish to use SQL Server proper, you will have
to run the aspnet_regsql on the database and add the proper membership
section to the web.config. You can play by adding a SQL express db (the
default) and changing the conn string to point to the server (yes, really
lazy way of doing things).

You can configure what you want to require for users by changing items in
the membership provider tag in the web.config.

If you, instead, want to check against a table you have created, open a Sql
connection in Visual Studio (note, I believe this requires Pro or greater).
Add a DataSet to your project and drag the table onto your page. You can
then use the created TableAdapter to query the database. You will end up
having to add one sql statement.

You can also hand code ADO.NET and your SQL statement. Remember to
parameterize any text queries to avoid SQL injection attacks.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************
"Arpan" <ar******@hotmail.comwrote in message
news:11*********************@k70g2000cwa.googlegro ups.com...
Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the
following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".

Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Create and authenticate user in AD
by: Renato Neves | last post by:
The following code is working fine, i can create the user in the Active Directory and "enable" it. My problem is that, when i'm trying to authenticate him, i can't get to work!! The user and pass...
.NET Framework
2
DB2 suddenly become unable to NIS authenticate?
by: allenj | last post by:
DB2 UDB 7.2 WSE Fixpak 9 Linux Red Hat 7.3 A very strange thing just happened w/ my DB2 server. I am on Linux and using NIS - the instance owner is in the servers /etc/passwd file. Suddenly,...
DB2 Database
1
Browser not requested to authenticate if Site is Trusted
by: Larry Page | last post by:
OK, I've searched and I'm stumped. Many of or intranet users have configured our portal as a 'trusted site' in their browsers. This keeps them from getting prompted to logon when accessing pages...
ASP.NET
2
a webservice to authenticate the users against
by: J-T | last post by:
I need to create a webserivce which is able to talk to the following components: 1) Another webservice which is written by java and talks to its own backend database to authenticate the users...
.NET Framework
1
Problem handling Login control Authenticate event
by: EricRybarczyk | last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0. The existing ASP application has several types of users, each with a separate login process (separate login page,...
ASP.NET
1
Authenticate user against active directory
by: fomalhaut | last post by:
Hi All, I'm builing an application that requires domain admin access to run, and I'm trying to allow for the application to be run as a normal user and allow the user to provide it with a...
C# / C Sharp
4
Authenticate against Active Directory
by: Jon | last post by:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a server outside their network, yet they want to authenticate users against their internal active directory set up (they...
ASP.NET
6
How authenticate user manually?
by: Cirene | last post by:
I have a subdir called "customer" that only allows authenticated users (using web.config.) In my login.aspx I allow them to pass username/password in query string. Then I go to a default page. ...
ASP.NET
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!