Authentication
Create User
MembershipCreateStatus createStatus;
MembershipUser mUser = Membership.CreateUser("TestMe1", "wwwwww!", "jey1@jey.com", "Que?", "Ans", true, out createStatus);
switch (createStatus)
{
case MembershipCreateStatus.Success:
CreateAccountResults.Text = "The user account was successfully created!";
break;
case MembershipCreateStatus.DuplicateUserName:
CreateAccountResults.Text = "There already exists a user with this username.";
break;
case MembershipCreateStatus.DuplicateEmail:
CreateAccountResults.Text = "There already exists a user with this email address.";
break;
case MembershipCreateStatus.InvalidEmail:
CreateAccountResults.Text = "There email address you provided in invalid.";
break;
case MembershipCreateStatus.InvalidAnswer:
CreateAccountResults.Text = "There security answer was invalid.";
break;
case MembershipCreateStatus.InvalidPassword:
CreateAccountResults.Text = "The password you provided is invalid. It must be seven characters long and have at least one non-alphanumeric character.";
break;
default:
CreateAccountResults.Text = "There was an unknown error; the user account was NOT created.";
break;
Redirect to Admin
Response.Redirect("~/Admin/AdminView1.aspx");
Create Role
if (Roles.RoleExists("Administrator") == false)
{
Roles.CreateRole("Administrator");
}
if (Roles.RoleExists("Gusest") == false)
{
Roles.CreateRole("Gusest");
}
Assign Role
if (Roles.IsUserInRole("TestMe1", "Gusest") == false)
{
Roles.AddUserToRole("TestMe1", "Gusest");
}
if (Roles.IsUserInRole("TestMe", "Administrator") == false)
{
Roles.AddUserToRole("TestMe", "Administrator");
}
Login
if (Membership.ValidateUser(TextBox1.Text, TextBox2.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(TextBox1.Text, true);
}
}
else
{
Response.Write("Invalid UserID and Password");
}
Installing ASP.NET Membership services database in SQL Server Express 2008
1. Run aspnet_regsql.exe utility from C:\windows\Microsoft.NET\Framework\v2.0.50727 folder on your machine. Selecting or double clicking the aspnet_regsql.exe
2. Select configure SQL Server for application services radio button to install new database and select Next button.
3. Enter your SQL Express server name as <your Machine name \SQL Express> as shown below. Note that you can change the application services database name to your desired name (aspnetdb by default).
4. Select Next button and confirm that your settings are correct to go further with installation and select Next button.
<connectionStrings>
<add name="TestConnString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=AuthTest;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms name="MyNewTest" cookieless="UseDeviceProfile" defaultUrl="Default.aspx" loginUrl="Login.aspx"
path="/" slidingExpiration="true" timeout="30" protection="All">
<credentials passwordFormat="MD5">
</credentials>
</forms>
</authentication>
<!--Configures algorithms and keys to use for encryption, decryption, and validation of forms-authentication
data and view-state data, and for out-of-process session state identification.-->
<machineKey decryption="AES" validation="SHA1" decryptionKey="1513F567EE75F7FB5AC0AC4D79E1D9F25430E3E2F1BCDD3370BCFC4EFC97A541" validationKey="32CBA563F26041EE5B5FE9581076C40618DCC1218F5F447634EDE8624508A129"/>
<membership defaultProvider="AuthMembershipProvider">
<providers>
<!-- Add a customized SqlMembershipProvider -->
<add name="AuthMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="TestConnString" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="Auth" requiresUniqueEmail="true"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<authorization>
<deny users="?"/>
<allow roles="Administrator,Gusest"/>
</authorization>
<roleManager enabled="true" cookieName="CookieTest" defaultProvider="RoleTestProvicer" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All">
<providers>
<add name="RoleTestProvicer" type="System.Web.Security.SqlRoleProvider" applicationName="Auth" connectionStringName="TestConnString"/>
</providers>
</roleManager>
Forms in Folder ~ Individual web.config for each folder
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow roles ="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
<!-- Allow all users to visit some PageName.aspx -->
<location path="PageName.aspx">
<system.web>