Sunday, December 22, 2024

Using ASP.NET to Make a Secure Site and Move Login Processing Out of the Page

Share

A lot of us are tasked everyday to come up with ways of making our site, and other sites secure. Well if you’re anything like me you don’t want to have to rewrite login code 20 times a day. I’m going to show you how to make a secure site and have the login processing in a separate class. Let’s get started.

In .NET to make a site secure is very simple, open up Web.Config file and look for the line that says . Delete that line and put in the following:

-==-

This now changes the way your web application will authenticate, it will no longer use NT security. Anybody trying to hit a page without authenticating first will be bounced back to the loginUrl that is specified.

Now I know a lot of you are thinking, but I have pages that aren’t secure that I want the user to see. Well that is easy. After the tag in your Web.Config file has ended put the following:

-==-

This will allow any user, authenticated or not, to access that page only, if you have a whole directory you want anyone to access just put the directory name in the path, and I mean just the name no slashes or wildcards.

Now that we have a secure site we need to make the login page that we specified in the loginUrl.

Just a quick note, I am going to be using C# in this example with a SQL database and I will supply a code sample.

Start off by creating a webform and put your form fields in there. Use web controls for your fields not HTML controls.

-==-

Now in the code behind page create a click event for the login button.

-==-

and put the function in.

-==-

In this example I am actually returning a specified redirect, but if you would like to redirect them to the page that they came from you can always use: FormsAuthentication.RedirectFromLoginPage()

Here is the CCommonDB class that I use to authenticate users.

CCommonDB.cs
-==-

I have two classes here, a base class for the common sql functions that most of use normally do and then a class that inherits from that class to separate the code.

When you look at the code you may ask why do you pass the session variable and response variable into the function, well if you have ever tried to access the Session or Response variable from a separate cs class you always get an error saying that you need reference to the object, and in this case you can just pass the objects in and out easily and quickly without having to try to create your own instance of the Session or Response.

If you have questions please feel free to write me at ruts@datausa.com and I’ll answer them the best I can.

Article first appeared at ASP101

I’m currently lead developer at DATA, Inc. (www.datausa.com) a digital
visualization company specializing in 3D-computer animation and high end web
application development. I have worked in several different languages
including VC++, VisualBasic, ASP.NET, C#. In my spare time I write articles
about my experiences hoping they will help someone else out.

Table of contents

Read more

Local News