ASP.NET 2.0 Moves User Authentication One Step Forward

Authentication is a critical aspect of Web development. Developers are always on the lookout for easier ways to implement an effective authentication system on their Web pages. With ASP.NET 1.1, developers have to write lengthy code to authenticate users from a database. They also can validate user credentials using an XML file, but that is not a secure solution. Moreover, Visual Studio .NET 2003 doesn’t provide any built-in controls for performing authentication functionalities.

ASP.NET 2.0 moves authentication one step forward. It provides new classes, methods, and controls for implementing authentication in an easy manner. This article demonstrates how to apply the functionalities of the Membership class into ASP.NET applications. This class provides several methods that you can use to create, delete, and validate users. Moreover, you can combine its methods with the built-in ASP.NET security controls that ship with Visual Studio 2005 (aka Whidbey). This article briefly examines these controls as well.

Create New Users

You can create new users easily by using the CreateUser() method (See Table 1).

Syntax Description
CreateUser(Username, Password) Creates a new user with the specified username and password.
CreateUser(Username, Password, Email) Creates a new user with the specified username, password, and e-mail.

Table 1. Creating a New User with the CreateUser() Method

When you create a new user in an ASP.NET project using Visual Studio 2005, it creates an MS Access database called ASPNETDB.mdb by default and stores the relevant user data (username, password, and e-mail address) in it. Listing 1 shows how to create a new user using the Membership class. (Before working with the code, you should place two textboxes, one button, and the required label controls on the form.)

Listing 1. Create a new user using the Membership class

   Membership.CreateUser(txtUsername.Text, txtPassword.Text)
   lblStatus.Text = "User " & txtUsername.Text &
                    "  Successfully Created"
Catch ex As MembershipCreateUserException
   lblStatus.Text = ex.ToString()
End Try

If you attempt to add the same user again, ASP.NET automatically throws an exception and displays the relevant message on the label control. In older versions of ASP.NET, you have to write lengthy code to do this task.

Authenticate Users

You easily can verify the status of a user by using the ValidateUser() method of the Membership class. After you have verified the user, you can redirect him or her to another Web page or elsewhere, depending upon your requirements. Listing 2 shows the code for authenticating users using Visual Studio 2005.

Listing 2. Authenticating users using Visual Studio 2005

If (Membership.ValidateUser(txtUsername.Text, txtPassword.Text)) Then
   lblMessage.Text = "You are now authorized by the system"
   lblMessage.Text = "You are not an authorized user"
End If

As you can see, you need only a minimal amount of code to achieve various authentication tasks in Visual Studio 2005. You can also modify the above code to redirect users to some other Web page upon successful authorization.

Display Current User

You also can display a stamp on the top of every page with the name of the logged user after every successful login. You can easily achieve this functionality by using the GetUser() method (See Listing 3).

Listing 3. Display stamp of logged user’s name on every page

Dim usrUser As MembershipUser
usrUser = Membership.GetUser(True)
lblUserstatus.Text = usrUser.Username

Display All Users

With ASP.NET 2.0, you can produce a list of all registered users for your internal use on the fly. Just use the GetAllUsers() method of the Membership class (See Listing 4 and Figure 1).

Listing 4. Produce list of all registered users

'Users is the ID for the GridView control
Users.DataSource = Membership.GetAllUsers()

Figure 1. List of all users in GridView

Delete Users

You can delete a user from the database by using the DeleteUser() method of the Membership class. First, you should verify whether that particular user exists on the database (See Listing 5).

Listing 5. Verify whether user exists

If (Membership.DeleteUser(txtDelete.Text)) Then
   lblStatus.Text = "Username " & txtDelete.Text &
                    " successfully deleted from the database"
   lblStatus.Text = "Username does not exist or wrong username"
End If

More by Author

Must Read