Making login page for the application

Making login page for the application

login page

Image credit:upload.wikimedia.org

In this article about making login page for the application, we are addressing the security mechanism because every project has it by default and proper security constraints should be given first preference.Before we start something, we should have some storage mechanism. Visual Studio has made the life simpler for the developer with Configuration Management tool. This is the most important configurction for your seurity.
In order to get very well in visual studio programming, you need some knowledge.

AspNetDB with command prompt

1. After opening the visual studio command prompt enter the statement aspnet_regsql an enter

2. We will get Asp.Net Server Wizard

3.In the Choose Data Source dialog, select Microsoft SQL Server and select Continue.

4.In the Add Connection dialog, either enter “.\SQLEXPRESS”, the given name to the whole database server . For instance like that .SQLEXPRESS\MyDB enter the value as it is

the best and easy tutorials with pictures are written here

Making login page for the application

Making login page for an application, makes it protected from the unauthorized access. Hence, making the application more secure because we are connecting it with web which is very prone to attackers or hackers. So, the security has to be given full importance. The more secure we made our application , more it becomes protected from an un authorized access.

We are implementing it using Website Administration Tool

The Web Site Administration Tool shipped in Visual Studio is a tool which helps in the configuration of many security related aspects of the application.this facility wasn’t available before Visual Studio 2005.

To access the Web Site Administration Tool, on the Website menu, click ASP.Net Configuration.Saving Your Settings then

“Most changes to configuration settings that you make in the Web Site Administration Tool take effect immediately. For settings for which the Web Site Administration Tool interface has a dedicated Save button, leaving the Web Site Administration Tool idle or allowing the Web Site Administration Tool to time out before you click Save will cause your configuration settings changes to be lost.
Time Out

As a security measure, the Web Site Administration Tool times out after a period of inactivity. Any settings that did not take effect immediately and were not saved will be lost. If the Web Site Administration Tool has timed out, close your browser, and then reopen the Web Site Administration Tool in a new window.

The Web Site Administration Tool manages only some of the configuration settings that are available to the Web site. Many other settings require direct modification of configuration files either manually, by using the MMC Snap-In for ASP.NET, or programmatically, by using the ASP.NET Configuration API”.

reference:http://msdn.microsoft.com/en-us/library/vstudio/yy40ytx0%28v=vs.100%29.aspx
We can see what our web admin tool has to offer easily in our web.config file.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
      <authorization>
                <allow roles="Admin"/>
              </authorization>
    </system.web>
</configuration>

Step 1 Designing the login page

Drag and drop the Login Control on the page.Mention the Url in Login control to which the authenticated users can have access.
Let me show you the simplest markup for Login.aspx page

<asp:Login 
  ID="Login1" 
  runat="server" 
  DestinationPageUrl="~/Register.aspx">
</asp:Login>

This is our Default.aspx page which contains information about logged in users

2. The login status control

The login status control gives protection from hackers as it clearly shows that we have been signed out.
Here is an excerpt from MSDN

“The LoginStatus control displays a login link for users who are not authenticated and a logout link for users who are authenticated. The login link takes the user to a login page. The logout link resets the current user’s identity to be an anonymous user.
To add a LoginStatus control to a page
Drag the LoginStatus control from the Toolbox task pane to your page.
You can customize the appearance of the LoginStatus control by setting the LoginText and LoginImageUrl properties. To set these and other properties that determine the appearance of the LoginStatus control, use the Tag Properties task pane”.

<asp:LoginStatus
    AccessKey="string"
    BackColor="color name|#dddddd"
    BorderColor="color name|#dddddd"
    BorderStyle="NotSet|None|Dotted|Dashed|Solid|Double|Groove|Ridge|
                 Inset|Outset"
    BorderWidth="size"
    CssClass="string"
    Enabled="True|False"
    EnableTheming="True|False"
    EnableViewState="True|False"
    Font-Bold="True|False"
    Font-Italic="True|False"
    Font-Names="string"
    Font-Overline="True|False"
    Font-Size="string|Smaller|Larger|XX-Small|X-Small|Small|Medium|
               Large|X-Large|XX-Large"
    Font-Strikeout="True|False"
    Font-Underline="True|False"
    ForeColor="color name|#dddddd"
    Height="size"
    ID="string"
    LoginImageUrl="uri"
    LoginText="string"
    LogoutAction="Refresh|Redirect|RedirectToLoginPage"
    LogoutImageUrl="uri"
    LogoutPageUrl="uri"
    LogoutText="string"
    OnDataBinding="DataBinding event handler"
    OnDisposed="Disposed event handler"
    OnInit="Init event handler"
    OnLoad="Load event handler"
    OnLoggedOut="LoggedOut event handler"
    OnLoggingOut="LoggingOut event handler"
    OnPreRender="PreRender event handler"
    OnUnload="Unload event handler"
    runat="server"
    SkinID="string"
    Style="string"
    TabIndex="integer"
    ToolTip="string"
    Visible="True|False"
    Width="size"
/>

User registration

Register user; if we want role based security. What is role based security? This security allows some users to allow some functions and other functions to other users
Let’s show registration page:

Registration form

reg

<%@ Page Title=”Log In” Language=”C#” MasterPageFile=”~/Site.master” AutoEventWireup=”true”
CodeFile=”Login.aspx.cs” Inherits=”Account_Login” %>

<asp:Content ID=”HeaderContent” runat=”server” ContentPlaceHolderID=”HeadContent”>
</asp:Content>
<asp:Content ID=”BodyContent” runat=”server” ContentPlaceHolderID=”MainContent”>
<h2>
Log In
</h2>
<p>
Please enter your username and password.
<asp:HyperLink ID=”RegisterHyperLink” runat=”server” EnableViewState=”false”>Register</asp:HyperLink> if you don’t have an account.
</p>
<asp:Login ID=”LoginUser” runat=”server” EnableViewState=”false” RenderOuterTable=”false”>
<LayoutTemplate>
<span class=”failureNotification”>
<asp:Literal ID=”FailureText” runat=”server”></asp:Literal>
</span>
<asp:ValidationSummary ID=”LoginUserValidationSummary” runat=”server” CssClass=”failureNotification”
ValidationGroup=”LoginUserValidationGroup”/>
<div class=”accountInfo”>
<fieldset class=”login”>
<legend>Account Information</legend>
<p>
<asp:Label ID=”UserNameLabel” runat=”server” AssociatedControlID=”UserName”>Username:</asp:Label>
<asp:TextBox ID=”UserName” runat=”server” CssClass=”textEntry”></asp:TextBox>
<asp:RequiredFieldValidator ID=”UserNameRequired” runat=”server” ControlToValidate=”UserName”
CssClass=”failureNotification” ErrorMessage=”User Name is required.” ToolTip=”User Name is required.”
ValidationGroup=”LoginUserValidationGroup”>*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID=”PasswordLabel” runat=”server” AssociatedControlID=”Password”>Password:</asp:Label>
<asp:TextBox ID=”Password” runat=”server” CssClass=”passwordEntry” TextMode=”Password”></asp:TextBox>
<asp:RequiredFieldValidator ID=”PasswordRequired” runat=”server” ControlToValidate=”Password”
CssClass=”failureNotification” ErrorMessage=”Password is required.” ToolTip=”Password is required.”
ValidationGroup=”LoginUserValidationGroup”>*</asp:RequiredFieldValidator>
</p>
<p>
<asp:CheckBox ID=”RememberMe” runat=”server”/>
<asp:Label ID=”RememberMeLabel” runat=”server” AssociatedControlID=”RememberMe” CssClass=”inline”>Keep me logged in</asp:Label>
</p>
</fieldset>
<p class=”submitButton”>

Syed Adeel Ahmed
Analyst, Programmer, Educationist and Blogger at Technofranchise
Computer Systems Engineer from Sir Syed University Of Engineering & Technology.I am passionate about all types of programming.
Syed Adeel Ahmed on FacebookSyed Adeel Ahmed on GoogleSyed Adeel Ahmed on InstagramSyed Adeel Ahmed on Twitter

Published by

Syed Adeel Ahmed

Computer Systems Engineer from Sir Syed University Of Engineering & Technology.I am passionate about all types of programming.