ASP.Net membership provider

Question

User761356933 posted

Hi guys, can you point me in the right direction please.

My basic requirements are :

1 - login page that all users first go to

2 - if user is admin then it takes the user to the admin dashboard otherwise it goes to the dashboard for that particular user.

3 - if its the first time the user has logged in they must change their password

so I have all my pages and sql server setup remotely, with a user table - i have coded my web form to query the table to log the user in but now I dont know how to check if user is authenticated. I was reading about the asp.net membership provider but I dont know how to implement this.

I have ran the setup file in the .net folder which creates the asp.netdb and associated tables, this is on my local sql server. So would it just be a case of migrating this local db to the online remote sql?

How would i then implement membership or should i be using asp.net identity  ?

I have done a lot of reading on this but there is so much conflicting info and I just want to know the correct way to do this.

thank you 

Answer 1

User475983607 posted

1 - login page that all users first go to

This is pretty standard stuff.  Start by creating a project using the the Individual Account template.

https://docs.microsoft.com/en-us/aspnet/web-forms/overview/getting-started/getting-started-with-aspnet-45-web-forms/introduction-and-overview

https://docs.microsoft.com/en-us/aspnet/web-forms/overview/security/create-a-secure-aspnet-web-forms-app-with-user-registration-email-confirmation-and-password-reset

2 - if user is admin then it takes the user to the admin dashboard otherwise it goes to the dashboard for that particular user.

If you decide on ASP Identity the syntax is...

if(UserManager.IsInRole(theUser, "role"))
{
   Response.Redirect("theAdminPage.aspx");
}

3 - if its the first time the user has logged in they must change their password

Identity does not have a first time login field.  You'll need to design a solution for this requirement. I assume you are providing a temp password?   If that's the case and you're providing a temp password, the logic is similar to the above.  Just check if the login password matched the temp password.

The second link above shows how to handle password resets which is similar to what you're trying to do.

How would i then implement membership or should i be using asp.net identity  ?

I would use ASP Identity as ASP Membership is pretty old now.  If you are new to programming then look into ASP Core Razor pages.

I have done a lot of reading on this but there is so much conflicting info and I just want to know the correct way to do this.

What conflicting info?