Prompting the user for login authentication

Question

ASP.NET: I have created a website with login authentication. Before the user can visit any of the pages in it he needs to login first. How do I prompt the user to login first before he can view any of the contents of the website?

have you checked http://support.microsoft.com/kb/301240? – rt2800 May 08 '12 at 06:47 — rt2800, May 08 '12 at 06:47

score 2 · Answer 1 · edited May 23 '17 at 12:27

The Examining ASP.NET's Membership, Roles, and Profile series is a good starting point. It covers all the security part of ASP.NET and your required stuff, Login before visiting the page via LoginUrl as your login page. starting doing this How To: Use Forms Authentication with SQL Server in ASP.NET 2.0

Some setting to be made in web.config and then handle of these things on code behind.

<forms name=".ASPXAUTH" loginUrl="login.aspx" 
       defaultUrl="default.aspx" protection="All" timeout="30" path="/" 
       requireSSL="false" slidingExpiration="true"
       cookieless="UseDeviceProfile" domain="" 
       enableCrossAppRedirects="false">
    <credentials passwordFormat="SHA1" />
</forms>

Add the following element under the element in the Web.config file. This allows all authenticated users to access your Web site.

<authorization> 
    <deny users="?" />
    <allow users="*" />
</authorization>`

code behind

if (Membership.ValidateUser(username, password))
{
    // User has supplied valid credentials

    // In the following method call, the second Boolean parameter 
    // determines whether a persistent authentication cookie
    // is created.

    FormsAuthentication.RedirectFromLoginPage(username, rememberMeIsChecked);
}

Reference:

Starting ASP.NET Forms Authentication
ASP.NET Authentication Explained: Forms Authentication in ASP.NET 2.0

thanks @FilBurt for editing.. i was facing problem in formatting it without editor. — Niranjan Singh, May 08 '12 at 07:13

score 1 · Answer 2 · answered May 08 '12 at 06:48

Try to do this in your web.config

If we want to deny access to anonymous users, configure the Authorization section in the following manner,

<configuration>
    <system.web>
        <authentication mode="Forms"/>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

For more info look here

score 1 · Answer 3 · answered May 08 '12 at 07:13

This is huge subject to cover on posting code example here so I would recommend following steps.

Use asp.net mvc3, learn how membership provider work, customize it if to fit your needs, user role provider to assign users to specific groups which you will use to protect specific area of site.

Create roles and assign them to user and after that you can secure pages using decorated [Authorize] attributes or secure for selected users like this

 [Authorize(Roles = "Admin, Super User")]

Use your web.config in configuration system.web section to indicate what membership and role provider is used in app.

This is short info, but I hope that you have concise mental picture now.

Prompting the user for login authentication

3 Answers3