How to use Login Control in Visual Studio 2008

Overview  Login Controls in ASP.NET 3.5

The Login control provides the user interface to log a user into a web site. The Login control uses the Membership service to authenticate the user in your membership system. The default Membership service from your configuration file will be used automatically, however you can also set the Membership provider that you would like used as a property on the control.

ASP.NET MEMBERSHIP

ASP.NET membership gives you a built-in way to validate and store user credentials. ASP.NET membership therefore helps you manage user authentication in your Web sites. You can use ASP.NET membership with ASP.NET Forms authentication or with the ASP.NET login controls to create a complete system for authenticating users.

ASP.NET membership supports facilities for:

1. Creating new users and passwords.
2. Storing membership information (user names, passwords, and supporting data) in Microsoft SQL Server, Active Directory, or an alternative data store.
3. Authenticating users who visit your site. You can authenticate users programmatically, or you can use the ASP.NET login controls to create a complete authentication system that requires little or no code.
4. Managing passwords, which includes creating, changing, and resetting them . Depending on membership options you choose, the membership system can also provide an automated password-reset system that takes a user-supplied question and response.
5. Exposing a unique identification for authenticated users that you can use in your own applications and that also integrates with the ASP.NET personalization and role-management (authorization) systems.
6. Specifying a custom membership provider, which allows you to substitute your own code to manage membership and maintain membership data in a custom data store

The Login Control consists of:

Username Label and Textbox: Collects the string used to identify the user in the membership system.

Password Label and Textbox: Collects the password for the specified user. The textbox text is always obscured.

LoginButton: The button to submit the users request for authentication.

RememberMe: Configurable to display a checkbox giving the user the option to store a persistent cookie on the user's machine.

Title and Instruction: Text to orient and guide the user through the process.

Links: Configurable links to help, password recovery and user registration information.

Validators: Required field Validators for the username and password textboxes.

Figure 1.New tab for login

Login controls in ASP.NET 3.5

There are the following login controls in ASP.NET 3.5.

• Login
• LoginView
• PasswordRecovery
• LoginStatus
• LoginName
• ChangeUserWizard
• ChangePassword 

1. Login control

Login control provides the server side functionality that is useful and does not warrant adaptation. So, the goal of the Login control's adapter is to improve the markup used in the form's presentation without touching the serverside functionality.

The Login control presents a simple HTML form for gathering user credentials. When submitted, the web server's Membership Provider determines if the credentials are valid correct and valid.

For Example:

<asp:Login ID="Login1" runat="server" BackColor="#FFE0C0" BorderColor="Red" ></asp:Login>

2. Login View

The LoginView control automatically detects a user's authentication status and role and matches that information to appropriate template of information to display to that user.

The LoginView control consists of a collection of templates that can be associated with an authentication status or one or more role groups.

It supports a collection of templates associated with different user roles. Since a user can be associated with multiple roles and a template can be associated with multiple roles it is important to understand how the template is matched to the user's role.

3. PasswordRecovery

The PasswordRecovery control provides the functionality to retrieve or reset a user's password based on their user name. The information is then emailed to the user. The control does not support displaying the password to the user in their web browser.

It may be possible for the email containing the user's password to be intercepted by hackers and thus compromise the users account.

The PasswordRecovery control uses the Membership service retrieve or reset the user's password.

For Example:

<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"    Height="149px" Width="339px"></asp:PasswordRecovery>

4. LoginStatus

If the user is logged in, the logout link is displayed. Otherwise, the login link is shown. In both cases, the link goes to the login page.

For Example:

<asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="Yellow" BorderColor="Black"

Height="64px" Width="188px" />

5. LoginName

The LoginName control displays the currently authenticated users name on the page. It uses the value returned by calling page.user.identity.

If the user is not currently logged in then the control does not render on the page and does not hold any visual space on the page.

The LoginName control supports the standard web control style properties to control its display.

For Example:

<asp:LoginName ID="LoginName1" runat="server" BackColor="Yellow" ForeColor="Black"

                Height="58px" Style="z-index: 100; left: 10px; position: absolute; top: 15px"

                Width="193px" />

6. ChangePassword

If user wants to change his password then he uses this control. To changing the password the following values need to filling.

User name = sapna

Old password = sapna

New password = (user can use anything that ha want for example abcd)

Retype new password = (type the same new password for example abcd)

<asp:ChangePassword ID="ChangePassword1" runat="server" BackColor="Yellow" BorderColor="Black" Height="268px" Width="431px" OnChangedPassword="ChangePassword1_ChangedPassword"></asp:ChangePassword>

7. CreateUserWizard

The CreateUserWizard control is a kind of CompositeControl like the other ASP.NET Membership controls.

Use the following values when filling out the CreateUserWizard form.

User Name = sapna

Password and Confirm Password = sapna

(It doesn't matter what you type for the email and the security question and answer.)

<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" BackColor="#FFFF80" BorderColor="Blue" Height="308px" Width="389px">

                <WizardSteps>

                    <asp:CreateUserWizardStep runat="server">

                    </asp:CreateUserWizardStep>

                    <asp:CompleteWizardStep runat="server">

                    </asp:CompleteWizardStep>

                </WizardSteps>

Figure 2. All the controls of Login Tab

Drag and drop the login control on the page then the control will look like a login page at design time.

 Figure 3. Login control at design time

ASPX CODE:-

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="sapna_Login_Control_Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

    <title>Login Controls</title>

</head>

<body>

    <form id="form1" runat="server">

        <div>

            <asp:Login ID="Login1" runat="server" BackColor="#FFE0C0" BorderColor="Red" Height="149px"

                CssClass="LoginControl" CreateUserText="Register" Width="339px" HelpPageText="Additional Help"

                InstructionText="Please enter your user name and password for login.">

                <TitleTextStyle BackColor="#6B696B" Font-Bold="True" ForeColor="White" />

            </asp:Login>

        </div>

    </form>

</body>

</html>

.CS CODE:-

using System;

using System.Data;

using System.Configuration;

using System.Collections;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using System.Data.SqlClient;

public partial class sapna_Login_Control_Login : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

        if (!this.IsPostBack)

            ViewState["LoginErrors"] = 0;

    }

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

    {

        if (YourValidationFunction(Login1.UserName, Login1.Password))

        {

            e.Authenticated = true;

            Login1.TitleText = "Successfully Logged In";

        }

        else

        {

            e.Authenticated = false;

        }

    }

    protected void Login1_LoginError(object sender, EventArgs e)

    {

        if (ViewState["LoginErrors"] == null)

            ViewState["LoginErrors"] = 0;

        int ErrorCount = (int)ViewState["LoginErrors"] + 1;

        ViewState["LoginErrors"] = ErrorCount;

        if ((ErrorCount > 3) && (Login1.PasswordRecoveryUrl != string.Empty))

            Response.Redirect(Login1.PasswordRecoveryUrl);

    }

    private bool YourValidationFunction(string UserName, string Password)

    {

        bool boolReturnValue = false;

        string strConnection = "server=MCN-C2B848F240D\\SQLSERVER2005;database=Data;uid=sa;pwd=wintellect;";

        SqlConnection sqlConnection = new SqlConnection(strConnection);

        String SQLQuery = "SELECT UserName, Password FROM StudentRecord";

        SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);

        SqlDataReader Dr;

        sqlConnection.Open();

        Dr = command.ExecuteReader();

        while (Dr.Read())

        {

            if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["Password"].ToString()))

            {

                boolReturnValue = true;

            }

            Dr.Close();

            return boolReturnValue;

        }

        return boolReturnValue;

    }

}

Login control is having a property called FailureText where you can write your own message.

Figure 4. Custom Error Message

Once you have passed the correct login credential then you will be redirected to the home page using the DestinationPageUrl property. DestinationPageUrl is the property of login control which is used to redirect the user to desination page after a successful login. If incorrect login credential it will show the message like "Your login attempt was not successful. Please try again". This is a custom message specified by the user through the FailureText property.

Figure 5. Login Error

About inbuilt validation:- Login control is having a inbuilt validation feature which is available as a property for programmer. When you will drag-drop the control at design time you will see that the username and password textboxes are marked with star (*) sign which means these fields are required fields.

Figure 6. Validation

If you insert correct usename, password then redirect your page whereever you want or you can show message in ErrorLabel like this:

Successfully Logged in