Contents

Configure forms authentication

Install the membership database Configure the SqlMembershipProvider

Configure the SqlRoleProvider

Create users Authenticate users Demonstration

Configure forms authentication

Section 1
<authentication mode="Forms"> <forms name="AppNameCookie" loginUrl="Login.aspx" timeout="129600" cookieless="UseCookies"/> </authentication>

Section 2
<authorization> <deny users=?" /> </authorization>

Install the membership database

Execute Command

aspnet_regsql.exe -E -S server -d dbname -A mr

Configure the SqlMembershipProvider

Web.Config
<connectionStrings> <clear/> <add name="LocalSqlServer" connectionString="Data Source=MOORDEV2\SQL08;Initial Catalog=LuxonPM;Integrated Security=True"/> </connectionStrings> <system.web> <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed"/> </providers> </membership> </system.web>

Configure the SqlRoleProvider

Web.Config
<system.web> <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
<providers> <clear/> <add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> </providers>

</roleManager> </system.web>

Create users
Use the Web Site Administration Tool, which provides a wizard-

like interface for creating new users. To start this tool, click ASP.NET Configuration on the Website menu in Visual Studio 2005. Create an ASP.NET page that contains a CreateUserWizard control. This control uses the configured membership provider to encapsulate the logic of creating a new user. Create an ASP.NET Web page that contains the TextBox controls used to collect the user name and password (and, optionally, the user's e-mail address), and then use the Membership.CreateUser API to create a new user in the membership system. The following code shows how to call Membership CreateUser.
Membership.CreateUser("Username", "P@ssw0rd", "userName@emailAddress");

Authenticate users
To authenticate users, you must provide a login form. This could be a separate page or a special area on your application's home page.
You can create the login form in the following ways: Use the ASP.NET 2.0 login controls. The ASP.NET login controls encapsulate nearly all of the logic required to obtain credentials from users and to validate them against a user store. They use the configured membership provider. You do not need to write any additional code. After the user is validated, the login controls automatically save information about the user; for example, by using an encrypted cookie if the user's browser accepts cookies. Create a custom login form by using ASP.NET TextBox controls. If you create a custom login form with simple TextBox controls, you can prompt the user for a user name and password, and then call the ValidateUser method of the Membership class to perform the validation.

Demonstration