473,320 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Securing Web Applications thru Form Authentication

A P
Hi!

I have existing web apps that was developed under ASP. I use form
authentication by querying to a database if the user is allowed to use the
application. I have read that ASP.NET is much easier to manage this kind of
security. Can you help me with this?

Me
Nov 21 '05 #1
3 926
Hi,

Here is some code for the login page. I placed 2 textboxes for
username and passsword and 2 required field validators on the form. The
code is just an example. In a real situation you should store the passwords
encypted. Hope this helps.

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load

'Put user code to initialize the page here

End Sub

Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnClear.Click

txtUser.Text = ""

txtPassword.Text = ""

End Sub

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If Page.IsValid Then

If txtUser.Text = "Mike" And txtPassword.Text = "password" Then

Response.Redirect("Default.aspx")

Else

Response.Write("Invalid User !")

End If

End If

End Sub

Changes that should be made to Web.config

<authentication mode="Forms" >

<forms name="Mypubscookie" loginUrl ="Login.aspx" protection="All"
timeout="30">

</forms>

</authentication>

Ken

----------------
"A P" <ap@textguru.ph> wrote in message
news:OR**************@TK2MSFTNGP15.phx.gbl...
Hi!

I have existing web apps that was developed under ASP. I use form
authentication by querying to a database if the user is allowed to use the
application. I have read that ASP.NET is much easier to manage this kind of
security. Can you help me with this?

Me

Nov 21 '05 #2
A P
Hi Ken,

I have test it but it has an error. The debugger is pointing on the
web.config "<forms name=..." . Is there a mistake on the code that you gave?

Me
"Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message
news:#0**************@TK2MSFTNGP12.phx.gbl...
Hi,

Here is some code for the login page. I placed 2 textboxes for
username and passsword and 2 required field validators on the form. The
code is just an example. In a real situation you should store the passwords encypted. Hope this helps.

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load

'Put user code to initialize the page here

End Sub

Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnClear.Click

txtUser.Text = ""

txtPassword.Text = ""

End Sub

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If Page.IsValid Then

If txtUser.Text = "Mike" And txtPassword.Text = "password" Then

Response.Redirect("Default.aspx")

Else

Response.Write("Invalid User !")

End If

End If

End Sub

Changes that should be made to Web.config

<authentication mode="Forms" >

<forms name="Mypubscookie" loginUrl ="Login.aspx" protection="All"
timeout="30">

</forms>

</authentication>

Ken

----------------
"A P" <ap@textguru.ph> wrote in message
news:OR**************@TK2MSFTNGP15.phx.gbl...
Hi!

I have existing web apps that was developed under ASP. I use form
authentication by querying to a database if the user is allowed to use the
application. I have read that ASP.NET is much easier to manage this kind of security. Can you help me with this?

Me

Nov 21 '05 #3
A P
Hi Ken,

I have tried again by removing other remarks on the <authorization> and it
work! Thanks for that. Btw, I have another question, I want this
authorization(login page) be shown if other user will access other webforms
under this web apps that is not yet authenticated. How can I do this?

Me
"Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message
news:#0**************@TK2MSFTNGP12.phx.gbl...
Hi,

Here is some code for the login page. I placed 2 textboxes for
username and passsword and 2 required field validators on the form. The
code is just an example. In a real situation you should store the passwords encypted. Hope this helps.

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load

'Put user code to initialize the page here

End Sub

Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnClear.Click

txtUser.Text = ""

txtPassword.Text = ""

End Sub

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If Page.IsValid Then

If txtUser.Text = "Mike" And txtPassword.Text = "password" Then

Response.Redirect("Default.aspx")

Else

Response.Write("Invalid User !")

End If

End If

End Sub

Changes that should be made to Web.config

<authentication mode="Forms" >

<forms name="Mypubscookie" loginUrl ="Login.aspx" protection="All"
timeout="30">

</forms>

</authentication>

Ken

----------------
"A P" <ap@textguru.ph> wrote in message
news:OR**************@TK2MSFTNGP15.phx.gbl...
Hi!

I have existing web apps that was developed under ASP. I use form
authentication by querying to a database if the user is allowed to use the
application. I have read that ASP.NET is much easier to manage this kind of security. Can you help me with this?

Me

Nov 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
4
by: Cowboy \(Gregory A. Beamer\) | last post by:
Background: ------------- The idea started as a single sign on type of application. Having tested it before, I knew we could institute single sign on using the same Authentication Cookie name (in...
9
by: Johan Pingree | last post by:
HOW in the world is this accomplished! I have an internet site I am prototyping and I need to be able to prevent "casual" browsing of XML documents. Using the web.config forms based authentication...
5
by: A P | last post by:
Hi! I have existing web apps that was developed under ASP. I use form authentication by querying to a database if the user is allowed to use the application. I have read that ASP.NET is much...
0
by: Nabani Silva | last post by:
Hi, hope someone could help I need to share session state (and contents) through differente web applications. I'm trying to get it done by using StateServer session state, below I paste code...
1
by: Dave | last post by:
Hi, 1.) We have a central database of shared values that is maintained by an asp.net app. Only a few admins have access to the maintenance forms for this data which is secured by a simple...
0
by: alberich | last post by:
I have a problem securing my webservice with Windows authentication. The goal is a client app transfering (large amounts of) data to a server which is blocked for anonymous requests. To do this,...
4
by: =?Utf-8?B?RmFyaWJh?= | last post by:
It know that we can use the following method http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx to form authenticate across multiple applications. I have created an asp.net application...
9
by: =?Utf-8?B?QW1tZXI=?= | last post by:
I've read many incomplete opinions about the "Best Practice" for securely accessing SQL but what I really need to find the "Best Practice" that fits my applications needs. Currently (alpha...
10
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.