oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Using the Security Controls in ASP.NET Whidbey
Pages: 1, 2, 3

Adding a New User

Before you test your application, you need to add a user to your application so that you can test out the authentication process. For this, we will use the ASP.NET Configuration tool (found in the Website->ASP.NET Configuration menu item) (see Figure 9):

Figure 9. Launching the ASP.NET configuration tool

To create a new user, click on the Security tab (see Figure 10):

Figure 10. The ASP.NET configuration tool

Choose the Security Management option and click Next (see Figure 11).

Figure 11. Choosing the security management method

Under the Users heading, click on Create User to create a new user account (see Figure 12):

Figure 12. Creating a new user

Enter the required information. You can leave out the non-essential information (those text fields without asterisks) (see Figure 13). Click Done to complete the account's creation.

Figure 13. Entering information for a new user

Testing the Application

You are now finally ready to test drive your application. In Solution Explorer, select main.aspx and press Ctrl-F5 (start without debugging). You should see the following (see Figure 14):

Figure 14. The opening page: not logged in yet

Click on the Login link to go to the login.aspx page. Enter the account details of the account just created and click Log In (see Figure 15):

Figure 15. Logging in

If the account is authenticated, you should see the following (see Figure 16):

Figure 16. User authenticated

Restricting Access to Pages

The last section showed you how to use the Login control for getting a user's credentials. In this section, I will show how you can restrict access to certain pages based on the user's credentials. In the current web site, create a new folder named Private. Add a new page to this folder and name it privatepage1.aspx. Add a web.config file and insert the following:

	 <deny users="?" />

The <deny> element specifies to which users to deny access to the current folder (Private, in this case). You can also use the <allow> element to specifically state which users have access to the current folder. The ? means anonymous users, or non-authenticated users, while * means all users.

Your Solution Explorer should now look like this (see Figure 17):

Figure 17. The Solution Explorer

If you now try to access the privatepage1.aspx page using the URL http://localhost:40967/Membership/Private/privatepage1.aspx, you will be redirected to the login.aspx page. Only when a user is authenticated will this page be accessible.

Pages: 1, 2, 3

Next Pagearrow