ASP.NET 2.0 Moves User Authentication One Step Forward

Authentication is a critical aspect of Web development. Developers are always on the lookout for easier ways to implement an effective authentication system on their Web pages. With ASP.NET 1.1, developers have to write lengthy code to authenticate users from a database. They also can validate user credentials using an XML file, but that is not a secure solution. Moreover, Visual Studio .NET 2003 doesn't provide any built-in controls for performing authentication functionalities.

ASP.NET 2.0 moves authentication one step forward. It provides new classes, methods, and controls for implementing authentication in an easy manner. This article demonstrates how to apply the functionalities of the Membership class into ASP.NET applications. This class provides several methods that you can use to create, delete, and validate users. Moreover, you can combine its methods with the built-in ASP.NET security controls that ship with Visual Studio 2005 (aka Whidbey). This article briefly examines these controls as well.

Create New Users

You can create new users easily by using the CreateUser() method (See Table 1).

Syntax Description
CreateUser(Username, Password) Creates a new user with the specified username and password.
CreateUser(Username, Password, Email) Creates a new user with the specified username, password, and e-mail.

Table 1. Creating a New User with the CreateUser() Method

When you create a new user in an ASP.NET project using Visual Studio 2005, it creates an MS Access database called ASPNETDB.mdb by default and stores the relevant user data (username, password, and e-mail address) in it. Listing 1 shows how to create a new user using the Membership class. (Before working with the code, you should place two textboxes, one button, and the required label controls on the form.)

Listing 1. Create a new user using the Membership class

Try
   Membership.CreateUser(txtUsername.Text, txtPassword.Text)
   lblStatus.Text = "User " & txtUsername.Text &
                    "  Successfully Created"
Catch ex As MembershipCreateUserException
   lblStatus.Text = ex.ToString()
End Try

If you attempt to add the same user again, ASP.NET automatically throws an exception and displays the relevant message on the label control. In older versions of ASP.NET, you have to write lengthy code to do this task.

Authenticate Users

You easily can verify the status of a user by using the ValidateUser() method of the Membership class. After you have verified the user, you can redirect him or her to another Web page or elsewhere, depending upon your requirements. Listing 2 shows the code for authenticating users using Visual Studio 2005.

Listing 2. Authenticating users using Visual Studio 2005

If (Membership.ValidateUser(txtUsername.Text, txtPassword.Text)) Then
   lblMessage.Text = "You are now authorized by the system"
Else
   lblMessage.Text = "You are not an authorized user"
End If

As you can see, you need only a minimal amount of code to achieve various authentication tasks in Visual Studio 2005. You can also modify the above code to redirect users to some other Web page upon successful authorization.

Display Current User

You also can display a stamp on the top of every page with the name of the logged user after every successful login. You can easily achieve this functionality by using the GetUser() method (See Listing 3).

Listing 3. Display stamp of logged user's name on every page

Dim usrUser As MembershipUser
usrUser = Membership.GetUser(True)
lblUserstatus.Text = usrUser.Username

Display All Users

With ASP.NET 2.0, you can produce a list of all registered users for your internal use on the fly. Just use the GetAllUsers() method of the Membership class (See Listing 4 and Figure 1).

Listing 4. Produce list of all registered users

'Users is the ID for the GridView control
Users.DataSource = Membership.GetAllUsers()
Users.DataBind()

Figure 1. List of all users in GridView

Delete Users

You can delete a user from the database by using the DeleteUser() method of the Membership class. First, you should verify whether that particular user exists on the database (See Listing 5).

Listing 5. Verify whether user exists

If (Membership.DeleteUser(txtDelete.Text)) Then
   lblStatus.Text = "Username " & txtDelete.Text &
                    " successfully deleted from the database"
Else
   lblStatus.Text = "Username does not exist or wrong username"
End If

ASP.NET 2.0 Moves User Authentication One Step Forward

Update the Password

Registered users can modify their passwords easily by using the ChangePassword() method of the Membership class. This method accepts two parameters, such as old password and new password (See Listing 6).

Listing 6. Users can modify their passwords

Dim users as Membership User
users = Membership.GetUser()
users.ChangePassword(txtOldPass.Text, txtNewPass.Text)
Membership.UpdateUser()

Each time you update a password, you must call the UpdateUser() method. You also can modify the password's question and answer by using the ChangePasswordQuestionAndAnswer() method.

Whidbey's Built-in ASP.NET Security Controls

Visual Studio 2005 ships with built-in server controls such as Login, Login Status, and so forth. These controls automatically perform all the important functionalities associated with authentication using minimal code. You easily can implement and customize them (see Figures 2 and 3) by selecting the appropriate options from the Properties window. For instance, the Login control calls the ValidateUser() method of the Membership class. If the user's credentials are correct, it calls the FormsAuthentication.RedirectFromLoginPage method, issues a cookie, and redirects the user to the original page from where they came.

[Figure_2.jpg]

Figure 2. Login Control, Before Customization

[Figure_3.jpg]

Figure 3. Login Control, After Customization

A complete discussion of all security server controls is outside the scope of this article. Check out MSDN's documentation for additional information regarding these controls.



About the Author

Anand Narayanaswamy

Anand Narayanaswamy (Microsoft MVP) is a freelance writer for Developer.com and Codeguru.com. He works as an independent consultant and runs NetAns Technologies (http://www.netans.com)which provides affordable web hosting services. He is the author of Community Server Quickly (http://www.packtpub.com/community-server/book). Anand also runs LearnXpress.com (http://www.learnXpress.com) and Dotnetalbum.com (http://www.dotnetalbum.com) and regularly contributes product and book reviews for various websites. He can be reached at ananddotnet@yahoo.co.in

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: December 18, 2014 The Internet of Things (IoT) incorporates physical devices into business processes using predictive analytics. While it relies heavily on existing Internet technologies, it differs by including physical devices, specialized protocols, physical analytics, and a unique partner network. To capture the real business value of IoT, the industry must move beyond customized projects to general patterns and platforms. Check out this webcast and join industry experts as …

  • Today's agile organizations pose operations teams with a tremendous challenge: to deploy new releases to production immediately after development and testing is completed. To ensure that applications are deployed successfully, an automatic and transparent process is required. We refer to this process as Zero Touch Deployment™. This white paper reviews two approaches to Zero Touch Deployment--a script-based solution and a release automation platform. The article discusses how each can solve the key …

Most Popular Programming Stories

More for Developers

RSS Feeds