The web form login with Windows Authentication ?

Question

User-663551687 posted

//I define
x = if (FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text))

authentication when logging in to asp.net, the command x must be used with the Web.config file, I have not found the command x running with sql server or the command x running with microsoft access. I want to find an example of the command x running with sql server or the command x running with microsoft acess, maybe the command x is difficult to apply to sql server or microsoft access ?

Answer 1

User2101710649 posted

 Hi,

     my understanding based on your information, you want to take login details from web form then dynamically build the connection string to connect SQL server or Microsoft Access. Below example may help you.

link

Answer 2

User283571144 posted

Hi dongtrien,

authentication when logging in to asp.net, the command x must be used with the Web.config file, I have not found the command x running with sql server or the command x running with microsoft access. I want to find an example of the command x running with sql server or the command x running with microsoft acess, maybe the command x is difficult to apply to sql server or microsoft access ?

According to the MSFT article, you could find the FormsAuthentication.Authenticate is used to validate a user name and password against credentials stored in the configuration file.

It doesn't supprot directly validate the user from database.

Normally, if we want to use  FormsAuthentication to authenticate the user according to database record, I suggest you could write custom validate method.  Like below:

 bool ValidateUser(string user, string pass)
  {
    string connStr = ConfigurationManager.ConnectionStrings["Main"].ConnectionString;
    using (SqlConnection conn = new SqlConnection(connStr))
    {
      conn.Open();
      string sql = "select email from users where email = @email and password = @password";
      SqlCommand cmd = new SqlCommand(sql, conn);
      cmd.Parameters.AddWithValue("@email", user);
      cmd.Parameters.AddWithValue("@password", Sha1(Salt(pass)));
      return cmd.ExecuteScalar() is string;
    }
  }

If validated the user is successed, then you could use  FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true); to let the user pass the form authentication.

More details, you could refer to this article:

https://www.splinter.com.au/aspnet-forms-authentication-to-your-own-datab/ 

Best Regards,

Brando

Answer 3

User-663551687 posted

I have seen your article https://www.splinter.com.au/aspnet-forms-authentication-to-your-own-datab/ but there are 2 codes that I don't understand, where will I copy this code ? 

Make sure you change the salt values above, just to make it your own. Now, in your master page you probably want somewhere on your page to show the current logged in name, and provide a logout link. For me, it looks like this:

<% if (Context.User.Identity.IsAuthenticated) { %>
  <%= Context.User.Identity.Name%>
  Log out
<% } %>

Ok we're done with it! But now you'll need to create at least one user in your database, and probably more. To create the hashed password, i used the following ruby script (make sure your salts are the same as what is in your login.aspx).

a="zu5QnKrH4NJfOgV2WWqV5Oc1l"
b="1DMuByokGSDyFPQ0DbXd9rAgW"
c=a + "my new password here" + b
require 'digest/sha1'
Digest::SHA1.hexdigest c
=> "e7f0df4d064a7d2cdc653447e752cf4d736e114b"

This is my example: https://1drv.ms/u/s!AjyNqMx8JcCKbsad7Q2sX45UgsU

Answer 4

User283571144 posted

Hi dongtrien,

As far as I know, the last part of the article is use sha1 with slat  generate the encrypted passwrod. 

If you don't want to encrypt the password firstly, then store it into the database, there is no need to copy the last part codes.

You could modify the validate codes as below:

  bool ValidateUser(string user, string pass)
  {
    string connStr = ConfigurationManager.ConnectionStrings["Main"].ConnectionString;
    using (SqlConnection conn = new SqlConnection(connStr))
    {
      conn.Open();
      string sql = "select email from users where email = @email and password = @password";
      SqlCommand cmd = new SqlCommand(sql, conn);
      cmd.Parameters.AddWithValue("@email", user);
      cmd.Parameters.AddWithValue("@password",  pass);
      return cmd.ExecuteScalar() is string;
    }
  }

Best Regards,

Brando

Answer 5

User-663551687 posted

I have removed the encryption, but when I run the error, I don't know how to fix it. See the attached photo http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/file

Answer 6

User283571144 posted

Hi dongtrien,

I have removed the encryption, but when I run the error, I don't know how to fix it. See the attached photo <a href="http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/file

">http://www.mediafire.com/view/x32axxpcs6qjbrn/LoginErr.jpg/file

As far as I know, the image shows a 404 erorr.  404 error means the page couldn't be found.

I suggest you could check your application root folder to make sure you have the login.aspx page inside the loginSQL folder.

Best Regards,

Brando

Answer 7

User-663551687 posted

I have already checked as I have not found the error, I follow your instructions to send me, you can see my faulty example sent https://www.mediafire.com/file/l6oeffmhlik9710/authentication.rar/file

Answer 8

User283571144 posted

Hi dongtrien,

The link you have provided is related with the loginsql.aspx not login.aspx.

I guess you don't have the login.aspx in the application, please create a login.aspx page in your project to avoid 404 error.

Best Regards,

Brando