Using the Security Controls in ASP.NET Whidbey
Pages: 1, 2, 3
Adding a New User
Before you test your application, you need to add a user to your application so that you can test out the authentication process. For this, we will use the ASP.NET Configuration tool (found in the Website->ASP.NET Configuration menu item) (see Figure 9):
Figure 9. Launching the ASP.NET configuration tool
To create a new user, click on the Security tab (see Figure 10):
Figure 10. The ASP.NET configuration tool
Choose the Security Management option and click Next (see Figure 11).
Figure 11. Choosing the security management method
Under the Users heading, click on Create User to create a new user account (see Figure 12):
Figure 12. Creating a new user
Enter the required information. You can leave out the non-essential information (those text fields without asterisks) (see Figure 13). Click Done to complete the account's creation.
Figure 13. Entering information for a new user
Testing the Application
You are now finally ready to test drive your application. In Solution Explorer, select main.aspx and press Ctrl-F5 (start without debugging). You should see the following (see Figure 14):
Figure 14. The opening page: not logged in yet
Click on the Login link to go to the login.aspx page. Enter the account details of the account just created and click Log In (see Figure 15):
Figure 15. Logging in
If the account is authenticated, you should see the following (see Figure 16):
Figure 16. User authenticated
Restricting Access to Pages
The last section showed you how to use the Login control for getting a user's
credentials. In this section, I will show how you can restrict access to certain
pages based on the user's credentials. In the current web site, create a new
folder named Private. Add a new page to this folder and name it privatepage1.aspx.
Add a web.config file and insert the following:
<authorization>
<deny users="?" />
</authorization>
The <deny> element specifies to which users to deny access to the current folder (Private, in this case). You can also use the <allow> element to specifically state which users have access to the current folder. The ? means anonymous users, or non-authenticated users, while * means all users.
Your Solution Explorer should now look like this (see Figure 17):
Figure 17. The Solution Explorer
If you now try to access the privatepage1.aspx page using the URL http://localhost:40967/Membership/Private/privatepage1.aspx, you will be redirected to the login.aspx page. Only when a user is authenticated will this page be accessible.
