Concept behind ASP.NET user LOGIN application?

[omar]

im migrating from asp to asp.net. im a bit confused about form
authentication in ASP.NET ...

in ASP if I wanted to create a login application I would simply query the db
for the username and password entered in a form and if a count of 1 was
returned i would set cookies and redirect and so on.

I could do this in ASP.NET, but is this what is supposed to be done? because
in my ASP.NET unleashed book I dont see any examples of a login app except
an entire chapter on form authentication and its a little confusing.

What is the most proper concept behind creating a login in ASP.NET?

thanks
omar

[Jos]

omar wrote:

> im migrating from asp to asp.net. im a bit confused about form
> authentication in ASP.NET ...
>
> in ASP if I wanted to create a login application I would simply query
> the db for the username and password entered in a form and if a count
> of 1 was returned i would set cookies and redirect and so on.
>
> I could do this in ASP.NET, but is this what is supposed to be done?
> because in my ASP.NET unleashed book I dont see any examples of a
> login app except an entire chapter on form authentication and its a
> little confusing.
>
> What is the most proper concept behind creating a login in ASP.NET?

Logging in is a process that has 2 parts: authentication (who is logging
in?)
and authorization (what is this person allowed to do?).

ASP.NET can take care of the authorization part with the aid of
configuration files. The idea is to indicate in web.config who
has which rights to a certain folder. No more code is needed.
If the user is not yet logged in, he or she is redirected to a login
page automatically.

The only thing you still have to do is make the login page and do
the authentication, but there are a few useful functions in ASP.NET
that make it very easy, such as:
FormsAuthentication.RedirectFromLoginPage.

--

Jos

[Khan Imran]

Omar,
What u r doing also can be implemented in .net, But not many want to do
that, What u can do is Check the DB for Login and password and set up a
session just like the classical ASP.
If u want an example let me know I have one.
Regards
Khan Imran
"omar" <omar23@REMOVEoptonline.net> wrote in message
news:uNc51uKSDHA.1572@TK2MSFTNGP12.phx.gbl...

> thanks,
> but what about when your users are stored in a database and you want to

give

> access to certain pages not folders necessarily.
>
> In asp we would create a session or cookie upon login and give access to a
> page by seeing if the session or cookie existed. is this not really the
> proper way in asp.net?
>
> thank you
> omar
>
>

[Jim Barrett]

Hey Omar, I ran in to the same thing the first time I
wanted to move from a classic ASP solution to ASP.NET.
There's some really cool functionality and some decent
examples out there. Here's one I created just to show
some possible configuration settings in the web.config
file:

[url]http://www.simpleasp.net/DesktopDefault.aspx?tabid=42[/url]

This example is using Forms based Authentication and URL
based Authorization.

Another good basic example is here:

[url]http://www.15seconds.com/issue/020220.htm[/url]

In my simple example, I put the user name and password in
the config file. Not something I'd do in a production
app. You can use your login page to verify the user name
and password against a database like you are doing now in
ASP. Once you do this, you can use the methods exposed by
the FormsAuthentication class to set an authentication
cookie (note that ASP.NET does all the cookie work for
you. You don't have to write any code).

Good luck!

>-----Original Message-----
>"Khan Imran" <imran1604@htmt.soft.net> wrote in message
>news:uuyg3uOSDHA.2132@TK2MSFTNGP12.phx.gbl...

>> Omar,
>> What u r doing also can be implemented in .net, But

not many want to do

>> that, What u can do is Check the DB for Login and

password and set up a

>> session just like the classical ASP.

>
>thanks khan, when u say "What u r doing also can be

implemented in .net, But

>not many want to do that" are you referring to doing it

the classical ASP

>way, checking the db and setting sessions?
>
>thank you,
>omar
>
>
>.
>