This article deals with the management of user login and password information for a Forms Authentication in ASP.NET.
This article deals with the management of User Login and Password information for Forms Authentication in ASP.Net. The article shows how to update existing users password and add new users when the ASP.Net application is configured to allow for passwords hashed using SHA1 format. The article can be easily modified to use the MD5 format or clear format for passwords.
As a .Net programmer, you must have definitely come across the Forms Authentication for securing ASP.Net applications as an alternative to Windows Authentication. In this sample we create a sample web site which is secured using Forms Authentication. We store our user names and passwords in the web.config file. We will create a web page for administering the user security information. We will allow access to only the Admin user to modify the user security information.Step 1 : Create the Web Application
In this article, I will describe the steps assuming use of Visual Studio.Net. Code Listings are included at the end of the article for users who prefer other code editors.
Step 2 : Modify the Web.Config File
Modify the Web.Config file to specify the authentication mode of "Forms". Replace the authentication section to include the following xml snippet: <authentication mode="Forms"><forms loginUrl="login.aspx" name=".ASPXCOOKIEAUTH" path="/"><credentials passwordFormat="SHA1"><user name="User1" password="4A60935FE851C99148EFD66122CDD0F43D5A3059" /><user name="User2" password="114B3C899D75F5A3FE3FDF83531C42E33214555B" /><user name="Admin" password="1F95EC61B6EF02B5D2B138654DA138BFDBBC7F3C" /></credentials></forms></authentication><authorization><deny users="?" /></authorization> XML Snippet: Configure our application for Forms Authentication
<
Step 3: Design the Login Form
Now we move on to design the Login.aspx form. This form is specified in our web.config file as the form which will be presented to the user, if there is no authentication in the requested form. It is a good practice to setup this form to use SSL.
The login form consists of 2 text boxes for accepting the user name and password input from the user and a Login button. Figure 1: Layout of the Login.aspx form
ASP.NET GridView Control Pocket Guide