Pages

Authetication for pages and validate pages

  1. Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.
  2. The following code reduces huge checks for session and validation of pages.
  3. step1 :
  4. web.config: <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="LoginUser.aspx" timeout="60"/> </authentication> <authorization> <deny users="?"/> </authorization> </system.web> <!-- I have commented this becauze before i dont need to dispaly any pages. If you want to display any pages before login, then write those page names here. as I mentioned here registraion page is required before login so write this page in this section after close tag of system.web <location path="registrationpage.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> -->
  5. step2 :
  6. create a class name named basepage or you can specify any name using System.Resources; using System.Web.SessionState; public class BasePage : System.Web.UI.Page { // Resource Manager for localization protected ResourceManager LocalizationResourceManager; public string ContentAlignment; public static string GetConfigValue(string Name) { return ((string)( ConfigurationManager.AppSettings["ConnStr"])); } protected override void Render(System.Web.UI.HtmlTextWriter writer) { writer.RenderBeginTag(HtmlTextWriterTag.Html); base.Render(writer); writer.RenderEndTag(); } protected override void OnInit(System.EventArgs e) { string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if (!(authCookie == null)) { if ((Session["UserID"] == null)) { FormsAuthentication.SignOut(); Response.Redirect(Request.RawUrl); } else if ((((int)(Session["UserID"])) == 0)) { FormsAuthentication.SignOut(); Response.Redirect(Request.RawUrl); } } } protected override void OnLoad(System.EventArgs e) { } }
  7. step3 :
  8. each form has to be inherited with this page. login page before redirecting append this code using System.Security.Principal; public partial class LoginUser : BasePage string lstrRoles = "Logged"; FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, this.txtlogin.Text, DateTime.Now, DateTime.Now.AddMinutes(60), false, lstrRoles); string encTicket = FormsAuthentication.Encrypt(authTicket); // Create the cookie. Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); FormsIdentity id = new FormsIdentity(authTicket); string[] roles = authTicket.UserData.Split(((char)('|'))); GenericPrincipal principal = new GenericPrincipal(id, roles); Context.User = principal; response.redirect("inbox.aspx");
  9. step4 :
  10. very important All pages has to be inherited with this class page should be replaced with this method protected override void OnLoad(EventArgs e) { //all pageload code comes here }
Reference : 1)http://msdn.microsoft.com/en-us/library/eeyk640h.aspx 2)My friend suhail ahmed