C# - Forms Authentication Code-Behind w Custom Role and Membership Providers
Question
Unfortunately, all the examples for Forms Authentication Code Behind w/ Custom Role and Membership Providers I find online are written with a VB.NET code behind and I need a C# code behind. Please help!!!!
I need a codebehind that will do the following:
- authenticate user upon login button click
- if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
- if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\\zipsearch.aspx
- if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\\zipsearch.aspx
Default.aspx Code:
<asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
<LayoutTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification"
ValidationGroup="LoginUserValidationGroup"/>
<div class="accountInfo">
<fieldset class="login">
<legend>Account Information</legend>
<p>
<asp:Label ID="usernameLabel" runat="server" AssociatedControlID="username">Username:</asp:Label>
<asp:TextBox ID="username" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="username"
CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="passwordLabel" runat="server" AssociatedControlID="password">Password:</asp:Label>
<asp:TextBox ID="password" runat="server" CssClass="passwordEntry" TextMode="password"></asp:TextBox>
<asp:RequiredFieldValidator ID="passwordRequired" runat="server" ControlToValidate="password"
CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:CheckBox ID="RememberMe" runat="server"/>
<asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
</p>
</fieldset>
<p class="submitButton">
<asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
</p>
</div>
</LayoutTemplate>
</asp:Login>
Web.config file:
<authentication mode="Forms">
<forms loginUrl="~/default.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="OleConnectionStringSource"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
Default.aspx.cs code behind:
namespace ACAWebApplication
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
// authenticate user
// if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
// if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\zipsearch.aspx
// if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\zipsearch.aspx
}
}
}
Thanks a lot in advance! :)
1 answers
solution1
10 ACCPTED 2011-03-08 16:15:04
to make a start here you go with the login method:
protected void LoginButton_Click(object sender, EventArgs e)
{
// Validate the user against the Membership framework user store
if (Membership.ValidateUser(UserName.Text, Password.Text))
{
// Log the user into the site
FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
}
// If we reach here, the user's credentials were invalid
InvalidCredentialsMessage.Visible = true;
}
you can check the user credentials within the authenticate method:
protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
// Get the email address entered
TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
string email = EmailTextBox.Text.Trim();
// Verify that the username/password pair is valid
if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
{
// Username/password are valid, check email
MembershipUser usrInfo = Membership.GetUser(myLogin.UserName);
if (usrInfo != null && string.Compare(usrInfo.Email, email, true) == 0)
{
// Email matches, the credentials are valid
e.Authenticated = true;
}
else
{
// Email address is invalid...
e.Authenticated = false;
}
}
else
{
// Username/password are not valid...
e.Authenticated = false;
}
}
For redirection depending on a specific role use this code:
protected void Login1_LoggedIn(object sender, EventArgs e)
{
if (Roles.IsUserInRole(Login1.UserName, "Admin"))
{
Response.Redirect("~/Admin/Default.aspx");
}
else if (Roles.IsUserInRole(Login1.UserName, "User"))
{
Response.Redirect("~/User/Default.aspx");
}
else if (Roles.IsUserInRole(Login1.UserName, "Viewer"))
{
Response.Redirect("~/Viewer/Default.aspx");
}
else
{
Response.Redirect("~/Login.aspx");
}
}
EDIT:
Here is the solution which should work for you not the best code but still ok.
So first of all you make configure your login control with the DestinationPageUrl tag like this:
<asp:Login
ID="Login1"
runat="server"
DestinationPageUrl="~/admin_pages/zipsearch.aspx">
</asp:Login>
Then in your LoginButton_Click method:
protected void LoginButton_Click(object sender, EventArgs e)
{
// Validate the user against the Membership framework user store
if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
{
// Username/password are valid, check email
MembershipUser currentUser = Membership.GetUser(myLogin.UserName);
if (currentUser != null)
{
if (admin_flag == true)
{
FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
}
else
{
// If we reach here, the user's credentials were invalid -> your access is denied message
InvalidCredentialsMessage.Visible = true;
}
}
}
//if code goes here validation of user failed
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Custom Color from xaml equivalent in C# code-behind
Datatemplate in c# code-behind
XAML or C# code-behind
Get CName in Code-Behind C#
Rendering a button in C# code-behind
How to use inline XAML in C# to easily make custom objects in code-behind
How to implement custom paging in gridview in ASP.NET using C# with data modified in code-behind
enable session in custom role and membership providers
C# SignalR : Issues updating data from code-behind
Access XAML controls from C# code-behind
Related Tags