Asked by:
The web form login with Windows Authentication ?

Question
-
User-663551687 posted
//I define x = if (FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text))
authentication when logging in to asp.net, the command x must be used with the Web.config file, I have not found the command x running with sql server or the command x running with microsoft access. I want to find an example of the command x running with sql server or the command x running with microsoft acess, maybe the command x is difficult to apply to sql server or microsoft access ?
Tuesday, May 28, 2019 7:07 AM
All replies
-
User2101710649 posted
Hi,
my understanding based on your information, you want to take login details from web form then dynamically build the connection string to connect SQL server or Microsoft Access. Below example may help you.
Tuesday, May 28, 2019 7:55 AM -
User283571144 posted
Hi dongtrien,
authentication when logging in to asp.net, the command x must be used with the Web.config file, I have not found the command x running with sql server or the command x running with microsoft access. I want to find an example of the command x running with sql server or the command x running with microsoft acess, maybe the command x is difficult to apply to sql server or microsoft access ?According to the MSFT article, you could find the FormsAuthentication.Authenticate is used to validate a user name and password against credentials stored in the configuration file.
It doesn't supprot directly validate the user from database.
Normally, if we want to use FormsAuthentication to authenticate the user according to database record, I suggest you could write custom validate method. Like below:
bool ValidateUser(string user, string pass) { string connStr = ConfigurationManager.ConnectionStrings["Main"].ConnectionString; using (SqlConnection conn = new SqlConnection(connStr)) { conn.Open(); string sql = "select email from users where email = @email and password = @password"; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.AddWithValue("@email", user); cmd.Parameters.AddWithValue("@password", Sha1(Salt(pass))); return cmd.ExecuteScalar() is string; } }
If validated the user is successed, then you could use
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
to let the user pass the form authentication.More details, you could refer to this article:
https://www.splinter.com.au/aspnet-forms-authentication-to-your-own-datab/
Best Regards,
Brando
Tuesday, May 28, 2019 9:04 AM -
User-663551687 posted
I have seen your article https://www.splinter.com.au/aspnet-forms-authentication-to-your-own-datab/ but there are 2 codes that I don't understand, where will I copy this code ?
Make sure you change the salt values above, just to make it your own. Now, in your master page you probably want somewhere on your page to show the current logged in name, and provide a logout link. For me, it looks like this:
<% if (Context.User.Identity.IsAuthenticated) { %> <%= Context.User.Identity.Name%> Log out <% } %>
Ok we're done with it! But now you'll need to create at least one user in your database, and probably more. To create the hashed password, i used the following ruby script (make sure your salts are the same as what is in your login.aspx).
a="zu5QnKrH4NJfOgV2WWqV5Oc1l" b="1DMuByokGSDyFPQ0DbXd9rAgW" c=a + "my new password here" + b require 'digest/sha1' Digest::SHA1.hexdigest c => "e7f0df4d064a7d2cdc653447e752cf4d736e114b"
This is my example: https://1drv.ms/u/s!AjyNqMx8JcCKbsad7Q2sX45UgsU
Thursday, May 30, 2019 3:09 AM -
User283571144 posted
Hi dongtrien,
As far as I know, the last part of the article is use sha1 with slat generate the encrypted passwrod.
If you don't want to encrypt the password firstly, then store it into the database, there is no need to copy the last part codes.
You could modify the validate codes as below:
bool ValidateUser(string user, string pass) { string connStr = ConfigurationManager.ConnectionStrings["Main"].ConnectionString; using (SqlConnection conn = new SqlConnection(connStr)) { conn.Open(); string sql = "select email from users where email = @email and password = @password"; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.AddWithValue("@email", user); cmd.Parameters.AddWithValue("@password", pass); return cmd.ExecuteScalar() is string; } }
Best Regards,
Brando
Friday, May 31, 2019 3:04 AM -
User-663551687 posted
I have removed the encryption, but when I run the error, I don't know how to fix it. See the attached photo http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/file
Friday, May 31, 2019 8:49 AM -
User283571144 posted
Hi dongtrien,
I have removed the encryption, but when I run the error, I don't know how to fix it. See the attached photo <a href="http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/file">http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/fileAs far as I know, the image shows a 404 erorr. 404 error means the page couldn't be found.
I suggest you could check your application root folder to make sure you have the login.aspx page inside the loginSQL folder.
Best Regards,
Brando
Monday, June 3, 2019 9:37 AM -
User-663551687 posted
I have already checked as I have not found the error, I follow your instructions to send me, you can see my faulty example sent https://www.mediafire.com/file/l6oeffmhlik9710/authentication.rar/file
Thursday, June 6, 2019 4:58 AM -
User283571144 posted
Hi dongtrien,
The link you have provided is related with the loginsql.aspx not login.aspx.
I guess you don't have the login.aspx in the application, please create a login.aspx page in your project to avoid 404 error.
Best Regards,
Brando
Wednesday, June 12, 2019 7:32 AM