Two Quick Ways to Perform ASP.NET Authentication, Page 2
Authenticating Users Using an XML File
Even though you can easily authenticate users by using a Web.Config file, it is not advisable for sites with a large number of users. It is also very difficult to implement an automated system that directly adds users to the Web.Config file. A Web developer should manually add new usernames and passwords to the file for each new user. To avoid this hassle, ASP.NET provides a facility for authenticating users using an XML file. For this purpose, you have to create both a Web.Config file (Listing 1.4) and an XML file (Listing 1.5):
Listing 1.4 Web.Config
<configuration> <system.web> <authentication mode = "Forms"> <authorization> <deny users = "?"/> </authorization> </system.web> </configuration>
Listing 1.5 pwd.xml
<passwordlist> <user> <name>bob</name> <pwd>123</pwd> </user> <user> <name>mark</name> <pwd>456</pwd> </user> <user> <name>peter</name> <pwd>789</pwd> </user> </passwordlist>
|XML is a case-sensitive language.|
The next step is to create an ASP.NET page. Because it has to check two credentials (username and password), you have to add two TextBox controls and a Button control to the form. Double-click the button control and add the code given in Listing 1.6:
If IsValid then If XMLAuthentication(txtUsername.Text,txtPassword.Text) Then Response.Redirect("http://www.developer.com") End If End If
Listing 1.6 passes the two control IDs as parameters to the XMLAuthentication method. This method will contain the real code to authenticate users from your XML file. Further, if the username and password match with that of the XML file, the user will be redirected to the developer.com home page. The source code for this method is given in Listing 1.7:
Dim dstPwd as DataSet Dim dtblPwd as DataTable Dim users() as DataRow dstPwd = New DataSet() dstPwd.ReadXML(MapPath("Pwd.xml")) dtblPwd = dstPwd.Tables(0) users = dtblPwd.Select("name = '"& strUsername & "' ") if users.Length > 0 Then if users(0)("pwd") = strPwd Then Return True Else lblStatus.Text = "Invalid Password" End If Else lblStatus.Text = "Username does not exist" End If Return False End Function
In Listing 1.7, the XML file is loaded by using the built-in ReadXML() method, and the XMLAuthentication method checks both the username and password. The method displays the relevant messages in the label control.
Download Source Code
You can download the complete ASP.NET application by clicking here.
About the Author
Anand Narayanaswamy (Microsoft MVP) is a freelance writer for Developer.com and Codeguru.com. He works as an independent consultant and runs NetAns Technologies (http://www.netans.com), which provides low-cost domain registration and Web hosting services. He can be reached at firstname.lastname@example.org.