Hello. Can anyone please point me in the right direction:

I want to learn to create a website in asp.net that has a login page, and therefore has users (retrieved from a SQL database). also the content must be provided to the users according to their rights - eg if they have rights to view an .aspx page then they should see it, if others dont have, they should not see it. also i need to create programatically some methods / functions to create and manage users. so i kindof have the big picture in my mind about what it needs to be done, but i thought i should ask expert advice before beginning.
Here is what I need:

A colleague of mine at work said I should approach the task by researching into this:
Webparts - custom membership provider.
http://msdn2.microsoft.com/en-us/library/aa479037.aspx

Someone else said I should check out other msdn docs for membership here:
http://msdn2.microsoft.com/en-us/library/yh26yfzy.aspx

The fact is I need to learn to do this whole website login by myself but I dont know where to start. Also I tried reading about Webparts but I did not understood much. Which approach you think is better for someone new to it? Also if there are other stuff to research into doing this project please let me know.

Thank you in advance.

Regards,

Your post contains at least three different issues:

1) Authentication
2) Authorization
3) WebParts

Any problem (especially when being approached by an admitted novice) should be broken down into the basic parts. Only when the individual parts are understood should they be combined to form the final solution.

First you need to Authenticate the person. This means simply determining their identity, and is a function of the login page. ASP.Net has various mechanisms for doing this.

Once you have accurately and securely determined the identity, then you determine the rights (Authorization). Your stated requirements are that they either can see a page or can not.

You also mention WebParts. These are typically (but not always) used when it is required that the user can dynamically configure the page. If you have used SharePoint you will be familiar with this. Major "portal" sites (like Yahoo) also use this type of technology so users can customize their homepage with the specific items they want to see.

So, checkout the sites you collegue recommended, step through the samples (dont just read them). You should be able to get some basic understanding, and come back here with specific questions.

Good Luck. :wave:





ps: The following is a good starting link...
http://msdn2.microsoft.com/en-us/library/aa291347(VS.71).aspx

Very nice. I also found out pretty soon that splitting projects into smaller subtasks is the only way to complete them.

Thank you very much.

Ok, I have a question regarding the FormsAuthentication.
I've made the web application so far, made a page that can be used to insert new admin users into sql database, and made a login page. Also I did not use a login control, but preferred to make my own controls, just to learn the process better (user and pass textboxes, login button and so on).

After doing all the methods that validate username, checking password hashes, and all that stuff, I reached the case where the login is correct (username, password). Here i got lost, and after reading msdn for a while, I only wrote this line:


//user and pass are correct
FormsAuthentication.RedirectFromLoginPage(username, true);


Is this all that is required to login my user? It should also be noted i guess, that the only other place I use FormsAuthentication is:


protected void btnLogin_Click(object sender, EventArgs e)
{
FormsAuthentication.Initialize();
//the rest is just code to validate input
}


Is there anything else required, that I should do on the authentication part?

Thank you in advance.

For a novice (or anyone not a security expert) it is a VERY BAD idea to try to write your own login process. I can virtually guarantee it can be hacked in seconds. USE THE CONTROLS PROVIDED BY ASP.NET (or a reputable third party).