How many times have you written a page or control to authenticate a user? You know
you have to put a couple of textboxes in for username and password, a submit button,
maybe a call to a sql server or wherever to authenticate the user. ASP.NET 2.0 has
a ton of new control to simply user authentication. The cool thing is that it has
controls to handle login, logout, displaying different content to authenticated
users (or users in different roles), and even controls to create new users.
As I have said before ASP.NET 2.0 is provider based. This means that the implementation
of Profile, Personalization, and Membership is not coded into the controls but into
a provider. You can then build your own custom providers to do whatever you want.
ASP.NET has some built in membership providers out of the box. This is typically
configured in the web.config and would look something like this.
<membership defaultProvider="QuickStartMembershipSqlProvider"
userIsOnlineTimeWindow="15">
<providers> <add name="QuickStartMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ASPNETDB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="SecurityQuickStart"
requiresUniqueEmail="true"
passwordFormat="Hashed"/>
</providers>
</membership>
Once you have a provider set up, creating a login page is as simple as dropping
a login control onto a page.
<asp:Login id="LoginControl" runat="server" DestinationPageUrl="/index.aspx" />
That is all that is required to authenticate a user. The control supportsseveral
parameters to specify styles, etc. In the future, I will talk about some of the
additional controls available to handle login as well.
Read the complete post at http://www.dotnettipoftheday.com/blog.aspx?id=68