SP.NET 2.0 comes with several new security controls located under the Login tab in the Toolbox (see Figure 1
) that greatly simplify the life of a Web developer. Using the new security controls, you can now perform tasks such as user logins, registration, password changes, and more, with no more effort than dragging and dropping controls onto your Web form. In this article, I will show you how you can use these new controls to perform user authentication.
To begin, lets explore using the LoginView
controls. First, let's build a Web project using Visual Studio 2005 Beta 2, so go ahead and launch the Visual Studio IDE. From the File menu, and click New Web Site to create a new Web project. Name the project C:\SecurityControls
In the Default.aspx
Web form, drag and drop the LoginView control. The LoginView control is a container control that displays different information depending on whether the user is logged in or not.
Populate the LoginView control with the text shown in Figure 2
. Also, drag and drop the Login control onto the LoginView control. The text that you have just typed will be displayed when the user is not yet authenticated (anonymous). The Login control displays a link to allow the user to be redirected to another page to log into the application.
In the Smart Tasks menu of the LoginView control, change the Views to "LoggedInTemplate" (see Figure 3
With the view changed, enter the text shown in Figure 4
into the LoginView control. This text will be displayed once the user has been authenticated. Drag and drop the LoginName control onto the LoginView control. The LoginName control will display the name of the user that is used to log into the application.
Using the Login Control
|Figure 1. Security Enhancements: The figure shows the new security controls in ASP.NET 2.0.|
|Figure 2. LoginView Control: The figure shows the process of populating the LoginView control.|
|Figure 3. Changing Views: You can change the view of the LoginView control.|
|Figure 4. User Authenticated: This text displays when the user is authenticated.|
Let's now add a new Web form to the project (right-click on project name in Solution Explorer and select Add New Item...) and name it Login.aspx
. Your application will use this form to let users log into the application.
Note that in ASP.NET 2.0, the default login page is named Login.aspx
(this is the default "burned" into ASP.NET 2.0 and can be verified by looking at machine.config.comments
However, if you do wish to use a different name for your login page, you can modify the Web.config
file by adding the following lines. This will change the authentication mode from the default Login.aspx
protection="Validation" timeout="999999" />
|Figure 5. Applying AutoFormat: Here's one way to apply formatting to the Login control.||
|Figure 6. Adding a Scheme: Here's the new look of the Login control after applying the Colorful scheme.|
Drag and drop the Login control onto Login.aspx
. You can apply formatting to the Login control to make it look more professional. Click on the Smart Tag of the Login control and select the Auto Format...link (see Figure 5
Select the Colorful
scheme and the Login control should now look like Figure 6
By default, ASP.NET 2.0 uses Windows authentication, which is not very flexible if you are targeting Internet users. And so you will change the default authentication mode from Windows to Forms.
Add a Web.config
file to your project (right-click on project name in Solution Explorer and select Add New Item.... From the list of available choices select Web Configuration File).
, change the authentication mode from Windows to Forms by adding the following line of code. You use forms authentication so that you can add users to your Web site without needing to create the user accounts in Windows.