Friday, October 21, 2011

Creating a Login in ASP.NET using a MySQL table


Today we will see how to create a simple login page for your ASP.NET website. Add a new WebForm to your Website. For readabilty, name this as login.aspx
Drag a Login control from the toolbox (Yes, ASP.NET comes with a built-in Login control)
This Login control is really smart and is able to do the validations itself (i.e. checking if username and password are not entered etc..)
What needs to be configured for this control is the manner in which the user authentication will occur.
We will authenticate a user using the data stored in a MySQL database in the ‘login’ table which holds the username and password (We created this table and so should you before trying this out).
Write the following code for the ‘Login1_Authenticate’ method. Double click on the Login control to goto the code window.

view plaincopy to clipboardprint?
  1. ' Import the ODBC namespace for MySQL Connection  
  2. Imports System.Data.Odbc  
  3. Partial Class login  
  4.     Inherits System.Web.UI.Page  
  5.   
  6.     Protected Sub Login1_Authenticate(ByVal sender As ObjectByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate  
  7.         Dim cn As New OdbcConnection("Driver={MySQL ODBC 3.51 Driver};Server=localhost;Database=mydb; User=root;Password=;")  
  8.         cn.Open()  
  9.         Dim cmd As New OdbcCommand("Select * from login where username=? and password=?", cn)  
  10.   
  11.         'Add parameters to get the username and password  
  12.   
  13.         cmd.Parameters.Add("@username", OdbcType.VarChar)  
  14.         cmd.Parameters("@username").Value = Me.Login1.UserName  
  15.   
  16.         cmd.Parameters.Add("@password", OdbcType.VarChar)  
  17.         cmd.Parameters("@password").Value = Me.Login1.Password  
  18.   
  19.         Dim dr As OdbcDataReader  
  20.         ' Initialise a reader to read the rows from the login table.  
  21.         ' If row exists, the login is successful  
  22.   
  23.         dr = cmd.ExecuteReader  
  24.   
  25.         If dr.HasRows Then  
  26.             e.Authenticated = True  
  27.             ' Event Authenticate is true  
  28.         End If  
  29.   
  30.     End Sub  
  31. End Class  
Now suppose that you have other webpages in your websites and you wish to grant access to these only if a user has authenticated himself. This essentially means that the login page should appear to any anonymous users trying to access the webpage. To do this, we need to change the web.config XML file associated with the website (It is a configuration file which is added by default to all ASP.NET websites). This file can be found from the Solution Explorer (Keyboard Shortcut - Ctrl+Alt+L).
Make the following changes to the authentication tag that already exists in the file to make it look like the following-
view plaincopy to clipboardprint?
  1. <authentication mode="Forms">  
  2. <forms name="AspxAuth" loginurl="login.aspx">  
  3.         </forms></authentication>  
  4.           
Add a authorization tag just after the authentication to make sure anonymous users are denied access to your webpages (Anonymous users are identified by the question mark)
view plaincopy to clipboardprint?
  1. <authorization>  
  2.   
  3. </deny></authorization>  
  4. <!-- Deny Anonymous Users Access to your pages -->  
Now when you try to request any page in your website, it shows thelogin.aspx to authenticate you before allowing you to view its contents.