Dec
20
2005
A simple login mechanism instead of built-in Forms Authentication
Posted by admin under
ASP.NET articles
While ASP.NET certainly do give us developers a pretty nice security/login model sometimes I feel a little frustrated when wanting to implement it. I mean in theory it's as simple as:
1. Define a few lines in web.config
2. Create a login.aspx page
But at least for me, I seem to never be able to memorize WHAT lines should be in web.config and WHERE and it ends up with me searching for another project where I used it and then copying the lines and login.aspx files.
Now as for this alternative solution I want to point out - I really do recommend you to use the built-in model for most solutions, however there are times when you just need something simple and fast just to protect a single page or so:
1. In the ASP-file you want to protect, create two Panels. One containing your actual content and the other one contains a login form:
<?xml:namespace prefix = asp /><asp:panel id=pnlLogin runat="server" visible="True">
<TABLE width="100%">
<TBODY>
<TR vAlign=center>
<TD align=middle>
<TABLE>
<TBODY>
<TR>
<TD><asp:label id=Label1 runat="server" cssclass="Grid_Item">Username:</asp:label></TD>
<TD><asp:textbox id=TextBox1 runat="server" cssclass="textbox"></asp:textbox></TD></TR>
<TR>
<TD><asp:label id=Label2 runat="server" cssclass="Grid_Item">Password</asp:label></TD>
<TD><asp:textbox id=TextBox2 runat="server" cssclass="textbox"></asp:textbox></TD></TR>
<TR>
<TD align=middle colSpan=2><asp:button id=Button1 runat="server" cssclass="button" text="Logon"></asp:button></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></asp:panel><asp:panel id=Panel1 runat="server" visible="True">Here goes your secure content etc </asp:panel>
2. In Page_Load show the right panel depending if we are logged on or not
private void Page_Load(object sender, System.EventArgs e)
{
if ( Session["IsAdmin"] != null && Session["IsAdmin"].ToString() == "A" )
{
Panel1.Visible = true;
pnlLogin.Visible = false;
}
else
{
Panel1.Visible = false;
pnlLogin.Visible = true;
}
}
3. Handle click on the Logon-button
private void Button1_Click(object sender, System.EventArgs e)
{
if ( TextBox1.Text == "secretlogin" && TextBox2.Text == "secretpassword" )
{
Session["IsAdmin"] = "A";
Response.Redirect(Request.Url.ToString(), true);
}
else
Session["IsAdmin"] = "";
}
So here goes the flow:
Page_Load. As long as we are not logged in (i.e Session["IsAdmin"] is not set) then Panel1 is not visible and instead the loginform (pnlLogin) is visible. Then we enter loginname and password and clicks on the Login button. There we compare it to hardcoded values - you could of course do whatever test you want here, against a file/database etc. If the correct information is entered we set the Session-variable and redirects to the same page again. Now this time we are logged in (i.e Session["IsAdmin"] is set) and therefore the pnlLogin is hidden and Panel1 with the secure content is shown.
Now, before hammering on your keyboard here in the comments section below I am aware that this solution is not the best, however I do think that it is's sometimes good enough.
I myself have my own template system where all calls goes to a single ASPX-file and from within it I load different ASCX-files depending on what page is requested and in that scenario the above solution works pretty well.