![]() The Proper Way to Create a Login Screen for your ASP. NET Website. In this article I am going to show you how to create a secure login screen for your ASP. NET website – the proper way. I have come across many examples which do not show the correct way of implementing this, so I decided to create my own example and clarify the facts a little. The Web Pages. Let’s start off by creating our web pages. We need three for this example: A Home Page (Home. A Login Page (Log. In. aspx)A Members- Only Page (Member. So create an ASP. In this article I am going to show you how to create a secure login screen for your ASP.NET website – the proper way. I have come across many examples whic. In this article, we will study three different techniques that allow you to visually display progress to users while performing partial-page updates using the. Your support portal session has expired due to inactivityand the requested action has not been completed. To restart your support portal session and discard any. Microsoft Sync Framework is a comprehensive synchronization platform for enabling collaboration and offline scenarios for applications, services and devices. NET Web Application Project and add Home. Log. In. aspx to the project. ![]() Now in your project tree create a new folder and call it Members. Then create Member. Members folder. Also under the Members folder, add a new Web Configuration File. Your project tree should now look like this: The Home Page. Now let’s go to the Home. For the purpose of this example I’m going to keep it simple. Let’s just add a title, a welcome message and a link to the Log. In. aspx page. But first let’s add a Login control to the page, and as before we’ll also add a title and a small message. This is where we will validate the user’s credentials. Flight1.com and Flight One Software develop, publish, and resell flight simulation and aviation software, as well as provide E-Commerce services. The trick to reloading the page is to force the browser to not look into the cache, but rather to again make a connection to the Web and bring up the document from. JavaScript Page Refresh - Learn Javascript in simple and easy steps. A beginner's tutorial containing complete knowledge of Javascript Syntax Objects Embedding with. Are you one of those people that will keep refreshing a webpage in order to be the first to buy something during Black Friday? I know I am! It's not very o. For this example we will validate the credentials using a database (the proper way : )). I am going to use SQL Express since that can be automatically installed with Visual Studio. You might also want the SQL Server Management Studio Express so that you can edit database schemas and set user permissions, etc. Then create a table called Users with the following schema: Obviously for a real- world application the Users table will contain much more fields/columns, but for this example the above table is enough. Next we must implement the code which will authenticate the website users with the Users table. Below is the event handler of the Login control. The purpose of this method is to redirect the authenticated user to the members’ only page. It accepts one parameter and returns true or false depending on whether the text passed is alphanumeric. The second method is the Validate. Credentials method which accepts the user name and password and parameters. Many login pages are targeted by hackers who want to gain access to your website or maybe even bring it down, so that is why I added that first if statement to this method. Before trying to authenticate the user against the database we are making sure that the user name and the password do not exceed 5. SQL query. Obviously, a password should allow for special characters for it to be secure, so we cannot run the password through the Is. Alpha. Numeric method. Next we are building an SQL statement which will count the number of users which have the passed username and password. If none exist the user is not in the system, and if one exists you can authenticate the user. If more than one exists you probably have a problem, but I’m not going to get into how you assign usernames and passwords to new users. Let’s have a closer look at the SQL query. This is because with SQL Parameters, there are no quotes around string values in an SQL statement. The quotes will be added internally so thay cannot be manipulated by anyone. Next we are creating a new SQL Connection, and again, we are doing this the proper way. Instead of hard- coding the connection string, we are getting it from the application’s web. Sql. Connection(Configuration. Manager. Connection. Strings. Add the following XML to the connection. Strings section of your app. Data Source, the ID, and Password with your values. Note the code we are using when adding the password parameter. Sql. Parameter pass = new Sql. Parameter(). pass. Parameter. Name = . If you are a regular reader of this blog you would have recognised this class from my previous article – How to create your own C# Hashing Class Library. All the Hash. String method does is return the hash of the string passed to it. But still, why are we hashing the password? Well, because we’re doing it the proper way : ). It is never advisable to store passwords as free text in the database. You should either encrypt them or hash them. The advantage of hashing is that a hash is irreversible. So if a hacker gets his hands on your database, with all the user passwords inside, he cannot do anything with it. If he tries to login with one of the passwords, our system will just re- hash the hash, and obviously it won’t find a match in the database. For the hacker to log in he must know the user’s password, and since we’re not storing it anywhere, he cannot get it from us. Then according to the result returned we return true or false. The Member Page. Similar to the other two pages we created, let’s add a title and a message, but this time also a Logout link. The system stored the user’s name automatically when he logged in, and we are using the Login. Name control to display it on the page. There is no code involved to show the name, just place the control on your web form and the user name will automatically appear. We are also using the Login. Status control which is a hyperlink which either logs a user in or logs him out. The link text displayed depends on whether the user is logged in or not. It is all automatic, and you do not need to add any code, unless obviously you want to customise some stuff. This page can only be accessed by authenticated users. If the user is unauthenticated and he tries to access the URL for this page directly, ASP. NET will automatically redirect him to the home page. But, I hear you ask, how does ASP. NET know which page is my home page and which page is my member’s only page, and how does it know that unauthenticated users must be redirected to the home page? Good question. This means that all anonymous users are denied access to any files under the Members folder. Therefore if you are unauthenticated and try to access files under the Members folder, you will be redirected. The Application web. Our final task is to let ASP. NET know where to redirect users when they log in and when they are unauthenticated. To do this we must replace the default line < authentication mode=. I have shown you the proper way to create a login page and authenticate your users. I hope you enjoyed this article and found it useful. Please feel free to leave your comments below. You can download the source code for this ASP. NET application at the end of the article but remember it requires Microsoft Visual Studio 2. Visual Studio. Stay tuned for more articles soon. Dave. Download Login Screen source – 1. Reloading The Page.. People wrote asking how the stock sites got their pages to reload all by themselves. The answer is pretty easy so I usually just wrote and answered in the email. While going through my notebook of possible topics, this one came up as one that is asked about a fair amount so I thought I'd write up a quick tutorial. The trick to reloading the page is to force the browser to not look into the cache, but rather to again make a connection to the Web and bring up the document from the server. Most people know it can be done by hand by holding the shift key and clicking the . If you didn't know.. That's a proven method but it's not exactly very pretty to have text asking the user to hold and click. You want your site to do the trick either by itself, or by offering a method whereas the user simply clicks and the browser does it for them. Below I have two methods. One will reload every so many second all on its own and the other will reload when the user asks for it. Reload All By Itself. This one's nice and easy. I'll give you the code. Copy and paste it into the document you wish to reload. Once in there, change the number of seconds you wish the page to wait before starting the reloading process. This code goes in between the HEADtags.< META HTTP- EQUIV=. I checked a couple of online sites and they were all set about the same. I found the sites displaying stock information were set to around five minutes or 3. I don't have a refresh on this page because the darn thing would just keep refreshing and there's nothing on this page that will update. Reload From A User's Click. I've seen this done a number of ways, but this is my favorite because it, again, forces the browser to load from the server. It is true that pages can become cached if they are reloaded a great many times, but I have had pretty good success with this. Try it: Click to refresh the page. Here's the code: < A HREF=. The zero is the current page since in Java. Script, lists (arrays) are numbered starting with zero. Here's the same effect in a button: And the code: < FORM> < INPUT TYPE=. A Webmaster friend told me that if you simply set up a link to the current page but use the entire URL, the page would always reload from the server because the request starts at the domain. For example, the full URL of this page is: http: //www. If you use that full URL in each of the elements above, you'll lessen the chance the page will cache. Thus, the Meta Refresh would become: < META HTTP- EQUIV=. In fact, you could lose the Java. Script altogether and just make a simple A HREF link right to the current page. The trick is to use the full URL address so that the process starts at the very beginning. Again, the effect is the same as you'll get with the code above. It just lowers the chance of the page getting stuck in cache. That's That. Short, sweet and simple. The effect is useful if done correctly. Two methods of using the effect incorrectly are refreshing so that a counter increases and refreshing so that a new banner ad displays. You don't want to refresh your page unless there's a very good reason. There are programs out there that update banners without refreshing the entire page. The use of the refresh to display new counter numbers is just silly. And yes, I have seen both usages or I wouldn't have thought to bring them up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |