Menu

• Home
• IP-Phone Pages
• ASP.Net Pages
  
  • Part 1
  • Login Control w/SQL
  • ASP/SQL Setup
  • ASP.Net 'web.config'
  • ASP.Net 'roles'
  • Building Login Control Pages
  • Administering the Site
  • Testing the Control
  • Recap
  • Part 2
  • Part 2 Overview
  • Master Page(s)
  • The Login Control
  • Create a User
  • Retrieve Password
  • Find Username
  • Part 2 Zip files
• MS SQL Pages
• Linux Pages
• Javascript Tips
• Jtech's Misc. Tips
• Robert
• Test Captcha
• ViewState

Hopefully we should be okay to start testing.

Note: As said before, with the exception of 'web.config' and 'Login.aspx', you do not have to use the same folders & file names we used. - But if you do change them, you'll have to change the links in pages that call up these.

Let's get started.

I've created a 'home' page called 'Default.aspx'. It is a very simple page with one link that will call up the 'sample.aspx' page. - Bring up 'Default.aspx' in your browser and click on the link.

You'll see two links taking you to our 'Public Page' and back to our 'Home Page', plus another link where you can 'Login' to the private area. - Actually, this 'sample.aspx' page has a few more items than what you see in your browser at this point.

To understand what I mean, look at 'sample.aspx' in VWD in 'Design view'.

Each of the 'Private Menu' and 'Admin Menu' are contained inside an 'asp:Label' that is invisible unless the user is logged in -or- logged in -AND- logged in as 'admin'. - To see how we make these areas visible or not, look in the VB code for each of the pages.

Click on the 'Login' link at the bottom. - You'll see our 'Login.aspx' page.

Login in with a 'User Name' of 'pvt_user' and a password of 'asp_password

You'll now see that you're logged as 'pvt_user' and the 'Login' link will change to a 'Logout' link.

You'll now see the 'Private Menu' and it's link. - You can look at pages in both the public and private areas and the Login Control will 'remember' that you are logged in. - So ,until you log out, whenever you come back to 'sample.aspx' you'll see the same thing as you do now.

Now click 'Logout' and notice that you're taken back to our 'Home Page. - This is done on purpose to ensure the browser returns to a non-private area.

Click on the one link you see in the 'Home Page' then log back in. - But this time use User Name: 'admin' and password 'asp_password

You'll now see you have a link for the 'Admin Page' you didn't see when you logged as 'pvt_user.

For the curious. - If you click on the link for 'Admin Page', the page will load and run a 'VB' program that will show you the SQL tables and their contents for the 'jpnol' table. - Kind of interesting.

Let's talk about a few items and how we set them up to govern the behaviour of the Login itms.

How does the server know to load 'default.aspx' on logging out?

If you look at the 'asp:LoginStatus' section, you'll see I've added two lines:

LogoutAction="redirect"
LogoutPageUrl="~/Default.aspx"

This tells the server that when a user logs out to take them to the 'Default.aspx' page.

For the next items, we need to look in 'web.config':

We've discussed the 'connectionString' before. - This is what is needed to log into SQL so the 'membership' section can validate a user. - It is also used when you 'administer' your website to add users, roles, etc.

<authentication mode="Forms" />
This is a must else users cannot log in.

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
You can use whatever you want for defaultProvider but it must match the 'name' item you define below.

'userIsOnLineTimeWindow' is actually optional. - If a user logs in and doesn't do anything within the time specified (in minutes) they are logged off. - If you omit this setting, it defaults to 15 minutes.

<clear/> This clears out any providers you may have defined in the 'membership' section. - Optional but a very good idea.

Next is where we add a provider:

name="SqlProvider"
Must match your 'defaultProvider' you have defined above.

type="System.Web.Security.SqlMembershipPvovider"
Defines the 'type' of provider. - Make it the same as you see here.

connectionStringName="jpnol_connstring"
Must match a connection string name you've defined above.

applicationName"Membership_Provider"
Can be anything you want. - But if you use a 'roleManager' (below), make sure the two names are not the same.

enablePasswordRetrieval="true"
enablePasswordReset="true"
Can be either 'true' or 'false'. - But right now they don't mean too much to us since we don't have these working (yet).

requiresQuestionAndAnswer="false"
This comes into play when a user retrieves a password. - If set to 'true', you must define a question and answer for the user when setting them with the website admin utility.

requiresUniqueEmail="true"
If 'true', no two users can have the same e-mail address. - Also if 'true', you cannot repeat e-mail addresses in the admin utility.

passwordFormat="Clear"
Passwords will be stored in plain-text. - You might want to tighten this up later for security purposes.

minRequiredPasswordLength="6" Passwords must be at least 6 characters long.

minRequiredNonalphanumericCharacters="0"
The minimum number of non alpha-numeric characters (i.e. punctuation) in the password. - This number must not be greater than the 'minRequiredPasswordLength'.

passwordStrengthRegularExpression="" This can be used to enforce users to use strong passwords. - It can be tricky. - If you don't know what you're doing, leave it blank.

Let's briefly look at the 'roleManager':

<roleManager enabled="true">
The 'roleManager' is optional. Enable it if you want to use it. - If it's 'false' you cannot set up roles in the website admin utility.

The connection string name must match with one you've defined. - The 'name' can be anything you want. - Same as with the 'applicationName' just as long as it doesn't match the 'applicationName' you used for your 'membership provider'. - Finally, leave the 'type' the same as you see here.

Okay - I guess we've beaten this section up enought. - Let's move on to a short 'recap' and we'll list items we want to cover in the next series.