Tutorial

This article will describe how to add forms authentication web site. Although there are several tutorials out there, I struggle to get all the info that I need in one place. And since I seem to need this more and more, I'll blog it here and then I'll own the technique.

Be warned that I'll not be using the 'aspnet' tables for authentication, I like creating my own tables, it give me more control.

 

Related Articles

... and you 'll find more on the NET Development Menu

1. Create a table to use for user authentication. At a minimum you'll need a 'username' and 'password' field. I often have quite a bit more, though.

2. Create data access code for that table.

3. Add this code to the web.config inside of the system.web node:

<authentication mode="Forms">
  <forms name=".SuperChruch" loginUrl="login.aspx"
  protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
 

 

This code is used to deny access to unauthenticated users... but I don't always use it. Sometimes I do it manually so I can allow in the search engines.

 

<authorization>
   <deny users ="?" />
   <allow users = "*" />
</authorization>
        

 

4. Add a login.aspx page, add this code to the front side:

(note that we use the Telerik controls, but regular asp.net controls can be substituted.)

 

<table>
    <tr>
        <td>User Name:</td>
        <td>
            <telerik:RadTextBox runat="server" ID="txtUserName" MaxLength="20"></telerik:RadTextBox></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td>
            <telerik:RadTextBox runat="server" ID="txtPassword" TextMode="Password" MaxLength="20"></telerik:RadTextBox></td>
    </tr>
    <tr>
        <td>Persistent Cookie:</td>
        <td>
            <asp:CheckBox ID="chkPersistCookie" runat="server" AutoPostBack="false" /></td>
        <td></td>
    </tr>
</table>
<telerik:RadButton ID="btnSubmit" runat="server" Text="Login"></telerik:RadButton>

 

 

And add this code to the back side:

 

Private Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
    Try
        If Me.txtPassword.Text = "" Then Exit Sub
        If Me.txtUserName.Text = "" Then Exit Sub
 
        'data access code to see if the user is valid
        Dim oDT As DataTable = SPs.dd_AccountUser_SEL_Login(Me.txtUserName.Text, Me.txtPassword.Text).getTable
        'if there is data...
        If oDT.Rows.Count > 0 Then
            'record the users account id (a field in the user table)
            App.AccountID = oDT.Rows(0)("AccountID")
            'this does the magic of logging us in. The page that it redirects to is in the web.config file
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkPersistCookie.Checked)
        Else
            Response.Redirect("login.aspx", True)
        End If
    Catch ex As Exception
        Throw ex
    End Try
End Sub

 

 5. Add this code to your master page:

 

<asp:LoginView ID="LoginView1" runat="server">
    <AnonymousTemplate>
        You are not logged in...
    </AnonymousTemplate>
    <LoggedInTemplate>
        Welcome <asp:LoginName runat="server" ID="LoginName1" />!
    </LoggedInTemplate>
</asp:LoginView>
<asp:LoginStatus runat="server" ID="LogInStatus1" />

 

 The LoginStatus control has events that I use to adjust 'state', but the logging out happens natively

Private Sub LogInStatus1_LoggingOut(sender As Object, e As LoginCancelEventArgs) Handles LogInStatus1.LoggingOut
    App.AccountID = 0
End Sub

 

 Userful code snippits:

Determine if a user is logged in:

User.Identity.IsAuthenticated
 

 

 

 

 

 

 

 

 

 

RealWorldCode gives developers practical, real‑world solutions with clean, working code — no fluff, no theory, just answers.
Links
Home
Knowledge Areas
Sitemap
Contact
Et cetera
Privacy Policy
Terms and Conditions
Cookie Preferences