Authentication & authorization:-
If you are beginner in web applications, then this is right time to feed the following topic.
Suppose you are going to develop a website (in ASP.NET), where there must be a process of authentication & authorization (authentication means that the user is valid or not & authorization means how much resources an authenticated user will enjoy).
There should be 3 types of users in your website:-
1. 1. Anonymous user
2. General user
3. Administrator
When an anonymous user requests for home page, following page will come(Login.aspx)
They can only view the website’s limited resources.
If he/she provide user name & password, then they will be authenticated users & the following page will be displayed(Default.aspx)
There will be Sign out option as they are logged in.
Again if they click in Sign out option, they get following page again (Login.aspx)
If anyone access website with Admin password, then following page (Default.aspx) will come with Sign out option & various more options exclusively unique for Administrator
The codes are very simple, try to understand the underlying technology.
You think in this way, that users are requesting for the home page (Default.aspx). If page is not authenticated then users get the Login.aspx page & users will see Login.aspx page as home page.
Codes under Default.aspx ,
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.User.Identity.IsAuthenticated)
{
Server.Transfer("login.aspx");
}
else
{
lblStatus.Text = User.Identity.Name;
if (Page.User.IsInRole("adminrole"))
{
btnAdmin.Visible = true;
btnUpload_books.Visible = true;
btnUpload_papers.Visible = true;
btnCk_payments.Visible = true;
}
}
}
Codes under Login.aspx ,
using System.Data;
using System.Data.SqlClient;
string s1;
SqlConnection sqlCon;
SqlCommand command;
SqlDataReader reader;
protected void Page_Load(object sender, EventArgs e)
{
s1 = System.Configuration.ConfigurationManager.AppSettings.Get("con1");
sqlCon = new SqlConnection();
sqlCon.ConnectionString = s1;
}
protected void btnLogin_Click(object sender, EventArgs e)
{
if (sqlCon.State == ConnectionState.Open)
sqlCon.Close();
sqlCon.Open();
command = new SqlCommand();
command.Connection = sqlCon;
command.CommandType = System.Data.CommandType.StoredProcedure;
command.CommandText = "user_select";
command.Parameters.Add("@uid", System.Data.SqlDbType.VarChar, 20);
command.Parameters["@uid"].Value = txtUname.Text.ToString();
reader = command.ExecuteReader();
if (reader.Read())
{
if (reader["upasswd"].ToString() == txtUpasswd.Text.ToString())
{
FormsAuthentication.RedirectFromLoginPage(txtUname.Text, false);
}
else
{
lblWarn.Text = "Invalid Credentials; Please Try again";
}
}
}
Codes under web.config ,
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All" timeout="30" />
authentication>
<authorization>
<allow users="admin"/>
<allow roles="adminrole"/>
<deny users="?"/>
authorization>
<anonymousIdentification enabled="true"/>
<roleManager enabled="true"/>
N.B. :- Here I have used name of Administrator ‘Admin’, if you like to give other name then write your own given name in
Thank You…………….
Mail me at : partho.neo@gmail.com / partho.neo@indiatimes.com
1 comment:
picture not showed. i think those are from ur local machine plz fix it.
btw 1 question how to post a article here. i think i need a peromission of authore here..... right?
Post a Comment