AddThis Social Bookmark Button

Print

Personalization in ASP.NET
Pages: 1, 2, 3

Using Forms Authentication

In the last example, I used Windows authentication for my ASP.NET web application. While this is useful for intranet applications, a better way to authenticate external users would be to use forms authentication. In this section, I will show you how to use personalization together with forms authentication.

Add a new folder to your project (right-click your project name in Solution Explorer and select New Folder) and name it "Members." Move the default.aspx page created in the previous section into the Members folder. Add a new web configuration file to the Members folder. Finally, add a new web form to your project and name it login.aspx (see Figure 7). Populate the form with the Login control.

Figure 7. The login.aspx page with the Login control
Figure 7. The login.aspx page with the Login control

Your Solution Explorer should look like Figure 8.

Figure 8. Files and folders in Solution Explorer
Figure 8. Files and folders in Solution Explorer

Change the authentication mode from Windows to Forms in web.config (1) and specify the login page for the site as login.aspx:


<authentication mode="Forms">
  <forms name=".ASPXAUTH"
         loginUrl="login.aspx"
         protection="Validation"
         timeout="999999" />
</authentication>

In web.config (2), add in the following:


<system.web>
  <authorization>
    <deny users="?" />
  </authorization>
...

Essentially, this means that all anonymous users will be denied access to the Members folder.

Let's add a new user to the web site. To do so, go to Website -> ASP.NET Configuration in Visual Studio 2005, and under the Users section, click on Create user. In Figure 9, I have entered a user name.

Figure 9. Adding a new user to the site
Figure 9. Adding a new user to the site

You are now ready to test the application.

Load the default.aspx page located in the Members folder using a web browser. Since all unauthenticated users are denied access, you will be redirected to the login.aspx page. Log in using the user name that you have just created, and you will see the default.aspx page. As usual, enter your first and last names and click on the Save button.

Let's now examine the aspnet_Profile table again (see Figure 10). This time around, you will see a second row in the table. This row belongs to the "WeiMengLee" user, which is the user name you used to log in. Contrast this to the Windows user name "WINXP\Wei-Meng Lee" used in the earlier example (using Windows authentication).

Figure 10. Examining the aspnet_Profile table
Figure 10. Examining the aspnet_Profile table

You might wonder what happens if the file default.aspx is located outside of the Members folder and a user accesses it directly without logging in. Figure 11 shows the location of default.aspx.
Figure 11. Moving Default.aspx out of the Members folder
Figure 11. Moving default.aspx out of the Members folder

If default.aspx is accessed directly when the user has not yet been authenticated, trying to set the Profile properties will result in a run time error. This is because ASP.NET requires an ID to identify the user. Personalization for a user that has not yet been authenticated is known as anonymous personalization. The next section will discuss this in more detail.

Pages: 1, 2, 3

Next Pagearrow