Forum Moderators: open
i was just wondering what people thoughts are on this topic..
many thanks
nat
<%
if Session("pw")="" AND Session("uid")="" then
response.redirect "login.asp"
end if
%>
If the person has not logged in, they'll be redirected to login.asp, so they can do so.
You can also place the asp code above in another file (loginverification.asp) and call it like:
<!-- #include file="loginverification.asp" -->
this is a snippit from one of my cofig files
<authentication mode="Forms">
<forms name="FMMWebAdmin" loginUrl="login.aspx" protection="All" path="/" />
</authentication>
you then handle the user login in the following way.
if (Page.IsValid == true)
{
//'u' is my users object
//Log user in
if(u.Login(u))
{
FormsAuthentication.RedirectFromLoginPage(u.UserName,false);
}
else
{
lblError.Visible=true;
lblError.Text="Username/Password incorrect please try again";
}
}
then you can decide what folders you want to protect for example: if you require a user to authenticate when accessing the admin folder. Simply add another web.config file with the following line to the admin folder.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
This will mean that a user is shown the login screen when they try to access this folder.
Forms authentication in .NET is a little more complicated than Red_Eye indicated if you want to validate against info stored in a database. He showed the start, but once you get to the login page, you need to authenticate the user, then assign them a forms authentication ticket, which is stored in a cookie. You need to modify the global.asax to authenticate the user when they hit another page on the site. And you should provide a way to log out. See the links here [google.com].
