Updated April 11, 2023
Introduction to Authentication in ASP.NET
In todays world, web security is one of the key requirements for any application. Digital crime is right now too increasing, and every time developer or company define security teamwork to stop any kind of hacking activity normally happening in the world, like a lot of other programming languages ASP.NET also come with some security mechanism with the web application, which is mainly integrated with a define authentication mechanism. Authorization process with specific roles, assign confidentiality or implementing different integration for fixing multiple security required for any kind of web application.
Syntax of Authentication in ASP.NET
ASP.NET mainly followed two key features of security integration. One is Authentication and another one is Authorization.
- Authentication: It mainly ensures users identify for that specific application. It has taken some data input from the users and check their identity for the respective user model data maintained on that specific application.
- Authorization: This one ensures users are fully authenticated to use that specific application, their roles and activity are fully maintained in the entire application based on this authorization process.
Each application followed multiple authentications process, some application that process logic implemented by the application developer, but some of the applications using some third-party tool for securing their application common authentication security process.
User maintenance for one specific application can be done by two approaches:
- IIS Server: Some cases users and specific roles configured entirely in the IIS server. So, the server decides the entire authentication process of that specific application or the applications deployed on that specific IIS server.
- Application Own Logic: Some of the applications maintained entire user authentication in the application itself. Logic and handling the process is defined or handling entirely inside the application.
Example of Authentication in ASP.NET
Given below is one of the very common example:
Create a new ASP.NET project in visual studio:
Choose the proper .net framework:
Configuring ASP.NET web page for login:
AcountLogin.aspx:
Code:
<h2>
Log In Page
</h2>
<p>
<asp:HyperLink ID="RegisterHyperLink1" runat="server" EnableViewState="false">Not Have Account</asp:HyperLink>
<asp:LoginStatus ID="LoginStatus12" runat="server"
onloggingout="LoginStatus12_LoggingOut1" />
</p>
<asp:Login ID="LoginUser1" runat="server" EnableViewState="false" RenderOuterTable="false">
<LayoutTemplate>
<span class="failureNotification1">
<asp:Literal ID="FailureText1" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="LoginUserValidationSummary1" runat="server" CssClass="failureNotification1"
ValidationGroup="LoginUserValidationGroup1"/>
<div class="accountInfo1">
<fieldset class="login1">
<legend>Information of the Account</legend>
<p>
<asp:Label ID="UserNameLabel1" runat="server" AssociatedControlID="UserName1">User Name:</asp:Label>
<asp:TextBox ID="UserName1" runat="server" CssClass="textEntry1"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired11" runat="server" ControlToValidate="UserName1"
CssClass="failureNotification1" ErrorMessage="Required." ToolTip="Required."
ValidationGroup="LoginUserValidationGroup1">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="PasswordLabel11" runat="server" AssociatedControlID="Password1">Pass::</asp:Label>
<asp:TextBox ID="Password1" runat="server" CssClass="passwordEntry1" TextMode="Password1"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired1" runat="server" ControlToValidate="Password11"
CssClass="failureNotification1" ErrorMessage="Required." ToolTip="Required."
ValidationGroup="LoginUserValidationGroup1">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:CheckBox ID="RememberMe1" runat="server"/>
<asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe1" CssClass="inline">…</asp:Label>
</p>
</fieldset>
<p class="submitButton1">
<asp:Button ID="LoginButton1" runat="server" CommandName="Login1" Text="Login1" ValidationGroup="LoginUserValidationGroup1" OnClick="OnLogin1"/>
</p>
</div>
</LayoutTemplate>
</asp:Login>
</asp:Content>
Log In screen:
Login.aspx.cs:
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class Account_Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
}
protected bool authenticate(String uname1, String pass1)
{
if (uname1 == "Tom")
{
if (pass1 == "tom123")
return true;
}
if (uname1 == "Dick")
{
if (pass1 == "dick123")
return true;
}
if (uname1 == "Harry")
{
if (pass1 == "har123")
return true;
}
return false;
}
public void OnLogin(Object src, EventArgs e)
{
if (authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
}
else
{
Response.Write("Invalid user name or password");
}
}
}
AccountLogin.asps.cs implementation:
Web config file for running the web application:
Code:
<?xml version="1.0"?>
<configuration>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms loginUrl ="Login.aspx"/>
</authentication>
<authentication mode="Forms">
<forms loginUrl ="Register.aspx" defaultUrl = "../Default.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Output:
ChangePassword.aspx:
Code:
<%@ Page Title="Change Password" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
CodeFile="ChangePassword.aspx.cs" Inherits="Account_ChangePassword" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
<h2>
Change Password
</h2>
<p>
Use the form below to change your password.
</p>
<p>
New passwords are required to be a minimum of <%= Membership.MinRequiredPasswordLength %> characters in length.
</p>
<asp:ChangePassword ID="ChangeUserPassword" runat="server" CancelDestinationPageUrl="~/" EnableViewState="false" RenderOuterTable="false"
SuccessPageUrl="ChangePasswordSuccess.aspx">
<ChangePasswordTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="ChangeUserPasswordValidationSummary" runat="server" CssClass="failureNotification"
ValidationGroup="ChangeUserPasswordValidationGroup"/>
<div class="accountInfo">
<fieldset class="changePassword">
<legend>Account Information</legend>
<p>
<asp:Label ID="CurrentPasswordLabel" runat="server" AssociatedControlID="CurrentPassword">User Old Password:</asp:Label>
<asp:TextBox ID="CurrentPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="CurrentPasswordRequired" runat="server" ControlToValidate="CurrentPassword"
CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Old Password is required."
ValidationGroup="ChangeUserPasswordValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="NewPasswordLabel" runat="server" AssociatedControlID="NewPassword">User New Password:</asp:Label>
<asp:TextBox ID="NewPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server" ControlToValidate="NewPassword"
CssClass="failureNotification" ErrorMessage="New Password is required." ToolTip="New Password is required."
ValidationGroup="ChangeUserPasswordValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="ConfirmNewPasswordLabel" runat="server" AssociatedControlID="ConfirmNewPassword">Please Confirm New Password:</asp:Label>
<asp:TextBox ID="ConfirmNewPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="ConfirmNewPasswordRequired" runat="server" ControlToValidate="ConfirmNewPassword"
CssClass="failureNotification" Display="Dynamic" ErrorMessage="Confirm New Password is required."
ToolTip="Confirm New Password is required." ValidationGroup="ChangeUserPasswordValidationGroup">*</asp:RequiredFieldValidator>
<asp:CompareValidator ID="NewPasswordCompare" runat="server" ControlToCompare="NewPassword" ControlToValidate="ConfirmNewPassword"
CssClass="failureNotification" Display="Dynamic" ErrorMessage="The Confirm New Password must match the New Password entry."
ValidationGroup="ChangeUserPasswordValidationGroup">*</asp:CompareValidator>
</p>
</fieldset>
<p class="submitButton">
<asp:Button ID="CancelPushButton" runat="server" CausesValidation="False" CommandName="Cancel" Text="Cancel"/>
<asp:Button ID="ChangePasswordPushButton" runat="server" CommandName="ChangePassword" Text="Change Password"
ValidationGroup="ChangeUserPasswordValidationGroup"/>
</p>
</div>
</ChangePasswordTemplate>
</asp:ChangePassword>
</asp:Content>
Output:
The main page should be looks like below:
Register.aspx code:
Code:
<%@ Page Title="Register" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
CodeFile="Register.aspx.cs" Inherits="Account_Register" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
<asp:CreateUserWizard ID="RegisterUser" runat="server" EnableViewState="false" OnCreatedUser="RegisterUser_CreatedUser">
<LayoutTemplate>
<asp:PlaceHolder ID="wizardStepPlaceholder" runat="server"></asp:PlaceHolder>
<asp:PlaceHolder ID="navigationPlaceholder" runat="server"></asp:PlaceHolder>
</LayoutTemplate>
<WizardSteps>
<asp:CreateUserWizardStep ID="RegisterUserWizardStep" runat="server">
<ContentTemplate>
<h2>
Create a New Account
</h2>
<p>
Use the form below to create a new account.
</p>
<p>
Passwords are required to be a minimum of <%= Membership.MinRequiredPasswordLength %> characters in length.
</p>
<span class="failureNotification">
<asp:Literal ID="ErrorMessage" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="RegisterUserValidationSummary" runat="server" CssClass="failureNotification"
ValidationGroup="RegisterUserValidationGroup"/>
<div class="accountInfo">
<fieldset class="register">
<legend>Account Information</legend>
<p>
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>
<asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
ValidationGroup="RegisterUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="EmailLabel" runat="server" AssociatedControlID="Email">E-mail:</asp:Label>
<asp:TextBox ID="Email" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="EmailRequired" runat="server" ControlToValidate="Email"
CssClass="failureNotification" ErrorMessage="E-mail is required." ToolTip="E-mail is required."
ValidationGroup="RegisterUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
<asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
ValidationGroup="RegisterUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="ConfirmPasswordLabel" runat="server" AssociatedControlID="ConfirmPassword">Confirm Password:</asp:Label>
<asp:TextBox ID="ConfirmPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ControlToValidate="ConfirmPassword" CssClass="failureNotification" Display="Dynamic"
ErrorMessage="Confirm Password is required." ID="ConfirmPasswordRequired" runat="server"
ToolTip="Confirm Password is required." ValidationGroup="RegisterUserValidationGroup">*</asp:RequiredFieldValidator>
<asp:CompareValidator ID="PasswordCompare" runat="server" ControlToCompare="Password" ControlToValidate="ConfirmPassword"
CssClass="failureNotification" Display="Dynamic" ErrorMessage="The Password and Confirmation Password must match."
ValidationGroup="RegisterUserValidationGroup">*</asp:CompareValidator>
</p>
</fieldset>
<p class="submitButton">
<asp:Button ID="CreateUserButton" runat="server" CommandName="MoveNext" Text="Create User"
ValidationGroup="RegisterUserValidationGroup"/>
</p>
</div>
</ContentTemplate>
<CustomNavigationTemplate>
</CustomNavigationTemplate>
</asp:CreateUserWizardStep>
</WizardSteps>
</asp:CreateUserWizard>
</asp:Content>
AccountRegister.aspx page:
Output:
Click on log in – Click on the login button:
Click on register:
Create a new user:
Conclusion
ASP.NET web security is must require implementation in the current scenario. In this digital crime industry, every client needs their application fully secure without any hacking chance. Some of the organizations recruit some specific apps scan security experts who ensure checking security of the application before any specific implementation. ASP.NET authentication ensuring fully secure login into the web application without break security leakage.
Recommended Articles
We hope that this EDUCBA information on “Authentication in ASP.NET” was beneficial to you. You can view EDUCBA’s recommended articles for more information.