Browse DevX
Sign up for e-mail newsletters from DevX


Using the New Security Controls in ASP.NET 2.0

ASP.NET 2.0 adds many security enhancements to make building Web sites that handle passwords (for example) much easier by providing encryption features in the controls right out of the box.

SP.NET 2.0 comes with several new security controls located under the Login tab in the Toolbox (see Figure 1) that greatly simplify the life of a Web developer. Using the new security controls, you can now perform tasks such as user logins, registration, password changes, and more, with no more effort than dragging and dropping controls onto your Web form. In this article, I will show you how you can use these new controls to perform user authentication.

To begin, lets explore using the LoginView, LoginStatus and LoginName controls. First, let's build a Web project using Visual Studio 2005 Beta 2, so go ahead and launch the Visual Studio IDE. From the File menu, and click New Web Site to create a new Web project. Name the project C:\SecurityControls.

In the Default.aspx Web form, drag and drop the LoginView control. The LoginView control is a container control that displays different information depending on whether the user is logged in or not.

Populate the LoginView control with the text shown in Figure 2. Also, drag and drop the Login control onto the LoginView control. The text that you have just typed will be displayed when the user is not yet authenticated (anonymous). The Login control displays a link to allow the user to be redirected to another page to log into the application.

In the Smart Tasks menu of the LoginView control, change the Views to "LoggedInTemplate" (see Figure 3).

With the view changed, enter the text shown in Figure 4 into the LoginView control. This text will be displayed once the user has been authenticated. Drag and drop the LoginName control onto the LoginView control. The LoginName control will display the name of the user that is used to log into the application.

Figure 1. Security Enhancements: The figure shows the new security controls in ASP.NET 2.0.

Figure 2. LoginView Control: The figure shows the process of populating the LoginView control.

Figure 3. Changing Views: You can change the view of the LoginView control.

Figure 4. User Authenticated: This text displays when the user is authenticated.

Using the Login Control
Let's now add a new Web form to the project (right-click on project name in Solution Explorer and select Add New Item...) and name it Login.aspx. Your application will use this form to let users log into the application.

Note that in ASP.NET 2.0, the default login page is named Login.aspx (this is the default "burned" into ASP.NET 2.0 and can be verified by looking at machine.config.comments).

However, if you do wish to use a different name for your login page, you can modify the Web.config file by adding the following lines. This will change the authentication mode from the default Login.aspx to Authenticate.aspx:

      <authentication mode="Forms">
         <forms name=".ASPXAUTH" 
            protection="Validation" timeout="999999" />

Figure 5. Applying AutoFormat: Here's one way to apply formatting to the Login control.
Figure 6. Adding a Scheme: Here's the new look of the Login control after applying the Colorful scheme.

Drag and drop the Login control onto Login.aspx. You can apply formatting to the Login control to make it look more professional. Click on the Smart Tag of the Login control and select the Auto Format...link (see Figure 5).

Select the Colorful scheme and the Login control should now look like Figure 6.

By default, ASP.NET 2.0 uses Windows authentication, which is not very flexible if you are targeting Internet users. And so you will change the default authentication mode from Windows to Forms.

Add a Web.config file to your project (right-click on project name in Solution Explorer and select Add New Item.... From the list of available choices select Web Configuration File).

In Web.config, change the authentication mode from Windows to Forms by adding the following line of code. You use forms authentication so that you can add users to your Web site without needing to create the user accounts in Windows.

   <authentication mode="Forms"/>

Thanks for your registration, follow us on our social networks to keep up-to-date