1 / 13

MIS 426

MIS 426. Chapter 19, Using Forms-Based Authentication. Objectives. In this chapter you should Learn how to utilize forms authentication Authenticate users form The Web.Config File An XML File A Database. Working with Forms Authentication.

Melvin
Download Presentation

MIS 426

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIS 426 Chapter 19, Using Forms-Based Authentication

  2. Objectives • In this chapter you should • Learn how to utilize forms authentication • Authenticate users form • The Web.Config File • An XML File • A Database

  3. Working with Forms Authentication • Forms authentication allows you to store usernames and passwords in whatever mechanism you want. • Forms authentication relies on cookies • Non-authenticated users can be redirected to the login page automatically

  4. Working with Forms Authentication • The .Net Classes for Forms Authentication can be found in Sustem.Web.Security • The most important are: (page 856) • FormsAuthentication • FormsAuthenticationTicket • FormsIdentity • FormsAuthenticationModule

  5. Enabling Forms Authentication • This requires three steps: • Set up the authentication mode to forms in the Web.Config file • Deny access to anonymous users in the appropriate directories by setting the directories Web.Config file authorization • Create a login page to capture and verify usernames and passwords

  6. Step 1 – configure the root Web.Config file • In the root of the project, modify the Web.Config file hold the following information: <configuration> <system.web> <authentication mode=“Forms”> </system.web> </configuration> • This will allow forms authentication to be used throughout the project.

  7. Step 2 – Securing a directory • Select or create a directory you wish to secure. • In this directory create a Web.Config file with the following: <configuration> <system.web> <authorization> <deny users=“?” /> </authorization> </system.web> </configuration> • This prevents anonymous users from gaining access to any files within the directory

  8. Step 3 – Create a login page • Create a .aspx page outside the folder you wish to secure. This must be done so the user can reach the page to log in. • View an example of the login page – Pay special attention to the Button_Click subroutine

  9. Configuring Forms Authentication • The Authentication section of the Web.Config file can contain these optional forms elements: • loginUrl – the page for users to be redirected to if they are not authenticated (login page) • name – the cookie name that contains the Authentication Ticket • timeout – the amount of time in minutes before the cookie expires (default is 30 minutes) • path – the path used for the cookie (default is/) • protection – the way the cookie data is protected

  10. Configuring Forms Authorization • This determines which users can access the ASP.Net pages within a directory. • Deny non authenticated users • Deny non authenticated users and selected users • Deny non authenticated users, selected users, but allow guests via a get request.

  11. Authenticating Users with the Web.Config File • View the code

  12. Authenticating Users with XML File • View the code

  13. Authenticating Users with a Database Table • View the code

More Related