How we can make a secure Website in which unauthorized or unauthenticated user can not access the pages of site. Mean if any user wants to visit the any page by passing the URL of that page without Login then he/she should not be allowed to do this.
Security is to protect the pages of the any application to access by the unauthorized or unauthenticated user.
Types of Security
- Window Based Security
- Form Based Security
- Encrypting Data over the Network
- Passport Security
Window Based Security
It's the default security. It uses the window authentication mode.
Form Based Security
In this we secure the individual pages for the unauthorized access. In which we use authorization and authentication mode.
Encrypted Data over the Network
In this we can store our important data in the form of the encrypted data over the network.
Here in this article I am going to explain Form Based Security
Form based security realized on the Browser cookie. Any user can't be access the page of root directory unless he/she has the proper authentication ticket/token store in the cookie.
In form based security we can store the user name and password in a Database table, in Web.config file or in XML file.
Adding a Default.aspx
Add a Default.aspx into the root directory. This is the page on which the user will be redirected after entering the valid Userid and password.
Making the application
Now there are two pages in my application one page Default.aspx and second page Webpage.aspx. When I will run the application then this Webpage.aspx will come because in web.config file in LoginUrl I gave the name of this Webpage. After successfully login from here it will redirect to Default.aspx. If any user wants to access the directly this Default.aspx by passing the URL of this Default.aspx then he/she will redirect to Login page. For this I used authentication and authorization in web.config file.
The Web.config file will be like as:
<authentication mode="Forms">
<forms loginUrl="Webpage.aspx"
cookiepath="/"
timeout="20"
Protection="All">
</forms>
</authentication>
<authorization>
<allow users="?"/>
</authorization>
Code for Webpage.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="WebForm1.aspx.cs" Inherits="_Default" %>
<! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns=" http://www.w3.org/1999/xhtml" >
< head runat="server">
<title>Login Page</title >
</ head>
< body>
<form id="form1" runat ="server">
<div>
<table cellpadding="0" cellspacing ="0" border="4" width="40%" align="center">
<tr><td bordercolor ="white"> </td></tr >
<tr><td align ="center" bordercolor="white">
<asp:Label ID="lblUserId" runat="server" Text="Enter User ID" Width="150px">
</asp:Label>
<asp:TextBox ID ="txtuid" runat="server" >
</asp:TextBox>
</td></tr>
<tr><td bordercolor ="white"> </td></tr >
<tr><td align ="center" bordercolor="white">
<asp:Label ID ="lblpassword" runat="server" Text="Enter Password" Width="150px">
</asp:Label>
<asp:TextBox ID ="txtpass" runat="server">
</asp:TextBox>
</td></tr>
<tr><td bordercolor ="white"> </td></tr >
<tr><td align ="center" height="40px">
<asp:Button ID ="btnsubmit" runat="server" Text="Login" Width="130px" OnClick="Login_Click" />
</td></tr>
</table>
</div>
</form>
</ body>
</ html>
The screen will become after running :
Figure 1.
Code for Webpage.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class _Default : System.Web.UI.Page
{
protected void Login_Click(object sender, EventArgs e)
{
if (txtuid.Text == "Rahul" && txtpass.Text == "Delhi")
{
FormsAuthentication.RedirectFromLoginPage(txtuid.Text, false);
// If we pass here True the here it will be persistent cookie