27 February 2014

Store Username And Password In Web.Config File

How to create user in web.config file and authenticate and authorise them


Web.config file,is a configuration file used in Asp .net web application. An Asp .net application has at least one web.config file which keeps the configurations required for the application. Web.config file is a XML file with specific tags having specific meanings.

What is stored in Web.config file

There are number of settings that can be stored in the Web.config file. Following are the most used configurations, stored in Web.config file..
1.Database connections
2.Security 
3.Session States 
4.Error Handling 

The most important thing of any application is the security.In this post I will tell about how we can use web.config for security in asp.net application

I am showing a simple application of how to create user/ Store username and password in web.config file and authenticate and authorise them.

How to Create user in web.config file

Find the following line in your web.config file

<authentication mode="Windows" />

Modify it as below

<authentication mode="Forms">
<forms>
<credentials passwordFormat="Clear">
<user name="admin" password="admin"/>
<user name="admin1" password="admin1"/>
<user name="admin2" password="admin2"/>
</credentials>
</forms> 
</authentication>

Now drag and drop two TextBox and a Button control in your desing page (login.aspx)
Or
Copy paste following code in your .aspx page

UserName<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
Password<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox><br />
<br />
              
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Login" />

Now double click on your button and write following code in it’s button click event

if(FormsAuthentication.Authenticate(TextBox1.Text,TextBox2.Text))
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
else
Response.Write("Wrong user");
That’s it with creating and authenticating user in Web.config file

Now I am showing how to authorize user using web.config file

First add four web pages in your application named default.aspx, default2.aspx, default3.aspx and default4.aspx

On default2.aspx write a message for user admin (welcome admin)
On default3.aspx write a message for user admin1 (welcome admin1)
On default4.aspx write a message for user admin2 (welcome admin2)


Find the following tag (closing of system.web tag)in your web.config file

</system.web> 

Now write the following code in below </system.web> tag


<location path ="default2.aspx">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path ="default3.aspx">
<system.web>
<authorization>
<allow users="admin1"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="default4.aspx">
<system.web>
<authorization>
<allow users="admin2"/>
<deny users ="*"/>
</authorization>
</system.web>
</location>

Now come to your page named default.aspx

Write the followin code in .aspx page 

<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label><br />
<br />

<asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="~/Default2.aspx">Default2</asp:HyperLink>
<asp:HyperLink ID="HyperLink2" runat="server" NavigateUrl="~/Default3.aspx">Default3</asp:HyperLink>
<asp:HyperLink ID="HyperLink3" runat="server" NavigateUrl="~/Default4.aspx">Default4</asp:HyperLink>
Write following code in page_load event of default.aspx page

if (User.Identity.IsAuthenticated)
Label1.Text = "Welcome:" + User.Identity.Name;
else
FormsAuthentication.RedirectToLoginPage();
Set the login.aspx page to start page and run the application

(open solution explorer,right click on login.aspx page and click option set as start page)
Now run the application

Login with username admin and password admin
You will be redirected to default.aspx page
Click on link default2. you will be redirected and will see a message
Now go back to default.aspx page by clicking back button on your browser
Now click on default3 link. You will be redirected to login page mean you don not have permission to go on defult3.aspx page.

No comments:

Post a Comment