Create a new folder in your application named SecretFiles : Form Based « Authentication Authorization « ASP.NET Tutorial






  1. ASP.NET Tutorial
  2. Authentication Authorization
  3. Form Based
Add the page, File: SecretFiles\Secret.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>Secret</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

    <h1>This Page is Secret!</h1>

    </div>
    </form>
</body>
</html>


By default, Windows authentication is enabled. 
To use the Login controls, you need enable Forms authentication
File: Web.Config

<configuration>
  <system.web>
    <authentication mode="Forms" />
  </system.web>
</configuration>


By default, all users have access to all pages in an application. 
If you want to restrict access to the pages in a folder, then you need to configure authorization for the folder.

Add the following web configuration file to the SecretFiles folder.
Then anonymous users are prevented from accessing any pages in the folder.
The single authorization rule here prevents anonymous users from accessing pages in the folder. 
The ? represents anonymous users.
File: SecretFiles\Web.Config

<configuration>
  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
</configuration>



If you attempt to request the Secret.aspx page, then you are redirected to a page named Login.aspx automatically. 
By default, this page must be located in the root of your application.
The Login.aspx page contains a Login control. 
The Login control automatically generates a login form.

File: Login.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>Login</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:Login
        id="Login1"
        CreateUserText="Register"
        CreateUserUrl="~/Register.aspx"
        Runat="server" />

    </div>
    </form>
</body>
</html>


Login control includes a CreateUserText and CreateUserUrl property. 
Adding these properties to the Login control causes the control to display a link to a page that enables a new user to register for your application. 
The Login control links to a page named Register.aspx. 

File: Register.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>Register</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

    <asp:CreateUserWizard
        id="CreateUserWizard1"
        ContinueDestinationPageUrl="~/SecretFiles/Secret.aspx"
        Runat="server" />

    </div>
    </form>
</body>
</html>


The Register.aspx page contains a CreateUserWizard control. 
This control automatically generates a user registration form. 
After you submit the form, a new user is created, and you are redirected back to the Secret.aspx page.








21.9.Form Based
21.9.1.Create a new folder in your application named SecretFiles
21.9.2.Customizing the Login form
21.9.3.Automatically Redirecting a User to the Referring Page
21.9.4.Form authentication with backend database