Home » Asp.netRSS

login pages without using Membership provider

Hi,

I want to create a website that a user can logon and view their data. They should also be able to logout. I'm wondering how to achieve this WITHOUT using the Membership provider api provided by Microsoft. This is what I think should happen , please advise me if I'm incorrect.

1. user enters name and password and clicks button.

2.If username and password are correct the user is redirected to a webpage with their details.

3.A session is created.

4.The user logouts and the session is deleted.


Is this the way to go about it? If anyone has some similar code that I could reference that would be great

 

10 Answers Found

 

Answer 1

I love the Forms Authentication API for this. You do not need the Membership providers at all, just make a nice database that you approve of. I would probably encrypt the password data  if I were you maybe using MD5 hashing?

All you need to do is in your database for your DataType make the password  field type of NVARCHAR and a fairly large size to hash large passwords if you want.

In your code  behind make a hashing function like so:

using System.Web.Security;
using System.Text;
using System.Security.Cryptography;

private String hashPassword(string password)
{
    byte[] p = Encoding.UTF8.GetBytes(password);
    MD5 hasher = new MD5CryptoServiceProvider();
    
    return Encoding.UTF8.GetString(hasher.ComputeHash(p));
}

Note to add the using statements at the top of your file if your using CSharp.

Then after you authenticate against the database however you want, just simply do...

FormsAuthentication.SetAuthCookie(UserNameHere, true); // true if you want a persistent cookie "remember me functionality"


That does all the work for you, and you can STILL use the if (User.Identity.IsAuthenticated) etc...


 

 

 

Answer 2

Thanks. I'm a bit confused about the code. I don't see any code  that checks the database. Are you using the login  control or just a textbox etc.. ?

 

Answer 3

I didn't provide any code  for authenticating the user. That is up to you based on your authentication criteria. All I showed you was how to create  the cookie necessary for ASP.NET authentication AFTER you have authetnicated the user  against your own database, and I gave you a function on how to hash a password  in plain text into an MD5 hash.

If you want help writing queries against the database for authentication then I'd need to know more about your user tables and if you are using raw SQL or if you are using LINQ etc.. 

 

Answer 4

That's fine. I'm good with the sql. thanks

 

Answer 5

Cool stuff, then just remember, the Login Control usin the standard membership  providers all it does is call the FormsAuthentication on its own anyway, so you can use the same thing, but with your own code. 

 

Answer 6

ACtually I'm not all good with the sql. What sql do I write to check it a username  and password  are correct? Pseudo sql if fine. thanks.

I guess I could use something like:

select username from table where username = textbox1.text

select password from table where password = textbox2.text

If username = textbox1.text and password = textbox2.text then authenticated ?

 

Answer 7

How are you connecting ot the database? Are you using LINQ or are you doing old fashiond ado.net? Or are you even using something cool like the SQL data  Source? 

 

Answer 8

Oh and some psudo sql code...

SELECT * FROM Users WHERE UserName = 'Username' AND password  = 'password' 

 

Answer 9

this is what I use when the user  clicks on my login  button



 Using MyConnection As New SqlConnection("Data Source=sxxxxx;Initial Catalog=xxxx ;Persist Security Info=True;User ID=xxx;Password=xxx")
            Dim MyCommand As New SqlCommand("select username,password from table where username  = @input", MyConnection)
            MyCommand.Parameters.Add("@location", SqlDbType.NVarChar).Value = e.PostBackValue
            MyConnection.Open()
            Dim r As SqlDataReader = MyCommand.ExecuteReader()
            GridView1.DataSource = r
            GridView1.DataBind()
            MyConnection.Close()
            Label2.Visible = True
            lblCounty.Text = e.PostBackValue
            lblCounty.Visible = True
            Label1.Visible = True
            lblresults.Visible = True
            Label1.Text = GridView1.Rows.Count
        End Using



 

Answer 10

ok so yeah just add on to your command "select username, password, from table where username = @input and password = @passInput

then just feed it your parameters from your textbox. 

 
 
 

<< Previous      Next >>


Microsoft   |   Windows   |   Visual Studio   |   Follow us on Twitter