1

I've tried searching how to accomplish this, but everything I can find seems too complicated and comprehensive that I can't really grasp how it works. The following is my situation:

I've got a simple MySQL table called users with three attributes: user_id, username and password.

In ASP.NET page I've got two textboxes and a login-button.

I've read that I could use FormsAuthentication, but I haven't been able to figure out how it works. Do I have to use "Membership"? Or can I use FormsAuthentication without that? I would prefer just to have it as simple as possible.

So far, I simply make a select like this:

        String query = "SELECT * FROM users WHERE username = @UserName
           AND password = @Password;";
        cmd = new MySqlCommand(query, conn);
        cmd.Parameters.AddWithValue("@UserName", userName);
        cmd.Parameters.AddWithValue("@Password", password);

In my code-behind I have this:

        String username = txtUsername.Text;
        String password = txtPassword.Text;

        User user = database.LogIn(username, password);

And finally in my web.config file I have this:

      <authentication mode="Forms">
        <forms name="MyCookieName"
               loginUrl="~/Default.aspx"
               timeout="10"
               protection="All"
               path="/">
        </forms>
      </authentication>
      <authorization>
        <deny users="?"/>
      </authorization>

So far I can validate whether or not the user has entered valid input, but I don't understand how I can apply the FormsAuthentication. Any help is appreciated.

Improve this question

3 Answers 3

Reset to default
1

Forms Authentication is not the same as Membership. Explanation

You have everything set up correctly. Web.config is where you enable the Forms Auth, which is essentially an HTTP Module that checks for ASPXAUTH cookie. In order to initially set the cookie in your code after validating the password use:

FormsAuthentication.RedirectFromLoginPage(userName, createPersistentCookie);

I think this is in System.Web.dll, System.Web.Security namespace.

Your subsequent requests will have userName you specify.

Keep in mind that storing passwords in plain text is a bad idea. Use hashing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
string username,password;
if(username=="mohammadreza"&password=="12345")
{
    messageox.show("welcome");
    form1.activeform.enable=true;
}
Improve this answer

Comments

0

See this link

Ignore what they say about stored procedures. Then checkout this code

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
    MySqlConnection conn;

    if(Request.IsAuthenticated)
    {
        try 
        {
            conn = new MySqlConnection("server=Cheese;user id=george; password=blah; database=mysql; pooling=false");
            MySqlCommand cmd = new MySqlCommand();
            cmd.Connection = conn;
            cmd.CommandText = 
               "SELECT G.Name  FROM Roles R INNER JOIN Groups G ON R.GroupID = G.GroupID INNER JOIN Users U ON  R.UserID = U.UserID AND U.Username = ?";
            cmd.Parameters.Add("UserName",User.Identity.Name);
            conn.Open()
            MySqlDataReader r = cmd.ExecuteReader();
            ArrayList groups = new ArrayList();

            while(r.Read())
                {
                    groups.Add(r.GetString(0));
            }

            HttpContext.Current.User = new GenericPrincipal(User.Identity, groups.ToArray(typeof(System.String)));
        }
        finally
        {
            conn.Close();
        }
    }
}

Let me know if any query remains.

Cheers

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.