mis 426 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
MIS 426 PowerPoint Presentation
Download Presentation
MIS 426

Loading in 2 Seconds...

play fullscreen
1 / 13

MIS 426 - PowerPoint PPT Presentation


  • 285 Views
  • Uploaded on

MIS 426. Chapter 19, Using Forms-Based Authentication. Objectives. In this chapter you should Learn how to utilize forms authentication Authenticate users form The Web.Config File An XML File A Database. Working with Forms Authentication.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'MIS 426' - Melvin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mis 426

MIS 426

Chapter 19, Using Forms-Based Authentication

objectives
Objectives
  • In this chapter you should
    • Learn how to utilize forms authentication
    • Authenticate users form
      • The Web.Config File
      • An XML File
      • A Database
working with forms authentication
Working with Forms Authentication
  • Forms authentication allows you to store usernames and passwords in whatever mechanism you want.
  • Forms authentication relies on cookies
  • Non-authenticated users can be redirected to the login page automatically
working with forms authentication4
Working with Forms Authentication
  • The .Net Classes for Forms Authentication can be found in Sustem.Web.Security
  • The most important are: (page 856)
    • FormsAuthentication
    • FormsAuthenticationTicket
    • FormsIdentity
    • FormsAuthenticationModule
enabling forms authentication
Enabling Forms Authentication
  • This requires three steps:
    • Set up the authentication mode to forms in the Web.Config file
    • Deny access to anonymous users in the appropriate directories by setting the directories Web.Config file authorization
    • Create a login page to capture and verify usernames and passwords
step 1 configure the root web config file
Step 1 – configure the root Web.Config file
  • In the root of the project, modify the Web.Config file hold the following information:

<configuration>

<system.web>

<authentication mode=“Forms”>

</system.web>

</configuration>

  • This will allow forms authentication to be used throughout the project.
step 2 securing a directory
Step 2 – Securing a directory
  • Select or create a directory you wish to secure.
  • In this directory create a Web.Config file with the following:

<configuration>

<system.web>

<authorization>

<deny users=“?” />

</authorization>

</system.web>

</configuration>

  • This prevents anonymous users from gaining access to any files within the directory
step 3 create a login page
Step 3 – Create a login page
  • Create a .aspx page outside the folder you wish to secure. This must be done so the user can reach the page to log in.
  • View an example of the login page – Pay special attention to the Button_Click subroutine
configuring forms authentication
Configuring Forms Authentication
  • The Authentication section of the Web.Config file can contain these optional forms elements:
    • loginUrl – the page for users to be redirected to if they are not authenticated (login page)
    • name – the cookie name that contains the Authentication Ticket
    • timeout – the amount of time in minutes before the cookie expires (default is 30 minutes)
    • path – the path used for the cookie (default is/)
    • protection – the way the cookie data is protected
configuring forms authorization
Configuring Forms Authorization
  • This determines which users can access the ASP.Net pages within a directory.
    • Deny non authenticated users
    • Deny non authenticated users and selected users
    • Deny non authenticated users, selected users, but allow guests via a get request.