By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,008 Members | 2,962 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,008 IT Pros & Developers. It's quick & easy.

Authenticate Users In Web.Config?

P: n/a
Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the
following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".

Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Validating dynamically from a database requiers some work. The simplest way
is adding membership through the ASP.NET web configuration tool. Add a
database and configure. If you wish to use SQL Server proper, you will have
to run the aspnet_regsql on the database and add the proper membership
section to the web.config. You can play by adding a SQL express db (the
default) and changing the conn string to point to the server (yes, really
lazy way of doing things).

You can configure what you want to require for users by changing items in
the membership provider tag in the web.config.

If you, instead, want to check against a table you have created, open a Sql
connection in Visual Studio (note, I believe this requires Pro or greater).
Add a DataSet to your project and drag the table onto your page. You can
then use the created TableAdapter to query the database. You will end up
having to add one sql statement.

You can also hand code ADO.NET and your SQL statement. Remember to
parameterize any text queries to avoid SQL injection attacks.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************
"Arpan" <ar******@hotmail.comwrote in message
news:11*********************@k70g2000cwa.googlegro ups.com...
Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the
following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
<credentials passwordFormat="Clear">
<user name="simon" password="nomis"/>
</credentials>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Note that I have hard-coded the values of the "name" & "password"
attributes of the "user" element under the "credentials" element.

The "path" attribute of the "location" element will ensure that any
ASPX pages users try to access in the folder named ASPX & within it's
sub-directories will be first told to login (using the "loginUrl"
attribute of the "forms" element) i.e. users will be redirected to
"ValidateUsers.aspx".

Moreover when a user is directed to "ValidateUsers.aspx", this page
will allow only the user whose user name is "simon" (without the
quotes) & whose password is "nomis" (again, without the quotes) to
access the ASPX pages existing in the ASPX directory & it's
sub-directories i.e. only the user named "simon" with the password
"nomis" will be authenticated successfully.

Now instead of hard-coding the "name" & "password" attributes of the
"user" element under the "credentials" element (which is what I have
done above), how do I programmatically validate usernames & passwords
that exist in a SQL Server 2005 DB table i.e. if the user name &
password entered by a user in "ValidateUsers.aspx" exists in the DB
table, that user should be authenticated successfully & hence allowed
to access any ASPX page existing in the ASPX directory & it's
sub-directories?

For e.g. a DB table named "tblUsers" has 2 columns - UserName &
Password. Assume that one of the usernames in this table is "mike"
whose corresponding password is "tyson". When this user tries to access
an ASPX page, named "Accounts.aspx", in the ASPX directory, he will be
directed to "ValidateUsers.aspx". The user enters his username as
"mike" & password as "tyson". Since the username & it's corresponding
password exist in the DB table, this user should be authenticated
successfully & hence should be allowed to access "Accounts.aspx" (or
any other ASPX page in the ASPX directory & sub-directories).

Now how do I make web.config validate such a user dynamically by
comparing the user name & password entered by a user with those
existing in a DB table instead of hard-coding the "name" & "password"
attributes of the "user" element in the web.config file as shown above?

Thanks,

Arpan

Sep 16 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.