The ASP.NET version 2.0 membership feature provides secure credential storage for application users.
We Will Use The Following:
- Web Page Named Login.aspx and another Web Page Named CreateUser.aspx
- Login Control
- Create User Wizard Control
Steps:
1- Configure Forms Authenticationin Web.config File
To configure forms authentication, set the <authentication> element's mode attribute to "Forms" and then configure your application's Web.config file as shown in the following example.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="30" name="AppNameCookie" path="/FormsAuth" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false"/></authentication>
Where:
- loginUrl points to the login page. You should place this in a folder that requires Secure Sockets Layer (SSL) for access.
- protection is set to "All" to specify privacy and integrity for the forms authentication ticket.
- timeout is used to specify a limited session lifetime.
- name and path are set to unique values for the current application.
- requireSSL is set to "false". This configuration means that authentication cookie can be transmitted over channels that are not SSL-protected. If you are concerned about session hijacking, you should consider setting this to "true".
- slidingExpiration is set to "true" to enforce a sliding session lifetime. This means that the timeout is reset after each request to your application.
- defaultUrl is set to the Default.aspx page for the application.
- cookieless is set to "UseCookies" to specify that the application uses cookies to send the authentication ticket to the client.
- enableCrossAppRedirects is set to "false" to indicate that the application cannot redirect requests outside the application scope.
Add the following <authorization> element after the <authentication> element. This permits only authenticated users to access the application. The previously established loginUrl attribute of the <authentication> element will redirect unauthenticated requests to the Login.aspx page.
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
Configure the ActiveDirectoryMembershipProvider in Web.config File
Configure the ActiveDirectoryMembershipProvider in your application's Web.config file as shown in the following example.
There is An Important Point in this Case How I Can Get My Active Directory Connection String
Please Visit:
<connectionStrings>
<add name="ADConnectionString"
connectionString=
"LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com" />
</connectionStrings>
<system.web>
...
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="<domainName>\administrator"
connectionPassword="password"/>
</providers>
</membership>
...
</system.web>
The Last Step:- Drag and drop Login Control into the Login page.
- Drag and drop Create User Wizard Control into the CreateUser page.
Now Your Web Application or your Website Secured.
No comments:
Post a Comment