HomeASP.NET ASP.NET 3.5: Creating Role Based Security ...
ASP.NET 3.5: Creating Role Based Security with User Login Pages
Creating user login controls helps to maintain the security of your website. This article will show you how to create them using ASP.NET. It is part of a series on securing your ASP.NET-based website by using role-based security.
Contributed by Codex-M Rating: / 32 August 23, 2010
This is the third part of a series on ASP.NET 3.5 role-based security and user authentication web development. In the second part, you created important ASP.NET pages that are vital part of the website functionality.
In this part, we'll start dealing with ASP.NET login controls.
Creation of CreateNewUser.aspx
The path of this page is this: /aspnetloginexercise/CreateNewUser.aspx. Its main purpose is to serve as the registration page for new workers. Way back in the first part, we included only three registered workers, namely Peter, John and Mary.
To add more workers for the company, you need a registration page, which is CreateNewUser.aspx. To do this, follow the steps below:
Step 1. Launch the aspnetloginexercise in Visual Web Developer.
Step 2. Create a new ASP.NET page at the root of your website and name it CreateNewUser.aspx.
Step 3. Go to File -> Save All.
CreateNewUser.aspx should be located like this in your Solution Explorer:
Step 4. Now you need to add a CreateUserWizard web control to the CreateNewUser.aspx. Go to the source code of CreateNewUser.aspx, and then click and drag CreateUserWizard (Toolbox -> Login -> CreateUserWizard) to between <form><div> and </div></form> tags.
Step 5. Go to the Design View. Let's add some relevant text. Press enter at the top of the CreateUserWizard web control to enter this text (no quotes):
"Instructions for new workers: Enter as completely as possible when signing up as new worker"
Step 6. Go to File -Save all.
The CreateNewUser.aspx should then look like the screen shot below in the Design View:
You can, if you wish, create a thank you page (also called a success URL) that appears after registration. Although this is not part of the original design, it can be important as part of the new worker registration process. Seeing this page informs them that the administrator will still need to review their application before it is marked active. To create ThankYou.aspx:
Step 1. Add a new page at the root of your website (with the same path as the CreateNewUser.aspx page) and named it ThankYou.aspx.
Step 2. Go to the source code view of ThankYou.aspx. Let's add some relevant text to it. Place this text somewhere between the <form><div> and </div></form> tags. This is the text (without quotes):
"Thank you for registering as new worker of this company. Your application is still inactive, so the administrator will still review your application. If it is OK, it will be marked active, and then you can start logging in to this website."
Step 3. Assign a title tag to ThankYou.aspx (at the source code view):
<title>Thank you for registering as new worker</title>
Step 4. Go to File -> Save All. Go to the Design view of ThankYou.aspx. It should look like this:
Go to the Design View of CreateNewUser.aspx. Click the CreateUserWizard web control to see the CreateuserWizard1 properties at the bottom left of Design View.
Follow the rest of the configuration steps:
1. Under Properties, go to "Behavior" and then click "ContinueDestinationPageUrl."
2. Click the Ellipsis (...).
3. Under "Select URL" dialog, select "ThankYou.aspx" under "Contents of folder."
4. Click OK.
5. Go to File -> Save All.
It should look like the screen shot below:
To configure newly registered workers as "inactive" by default:
1. In the Design view of CreateNewuser.aspx, click the CreateUserWizard web control to view the Properties window in the bottom right.
2. Go to Behavior and find DisableCreatedUser. The default setting is "False." This means that the newly registered workers are active by default and can immediately log in to the website.
3. To make newly registered workers "inactive" by default, change the value of DisableCreatedUser from "False" to "True."
A website requires a consistent and clear navigation menu. Let's add a navigation menu to all of the pages of the website, so that at any point, visitors can turn back or visit the pages they need to see.
The following pages should be included in your navigation menu:
Home page - /aspnetloginexercise/Default.aspx
Register New workers - /aspnetloginexercise/CreateNewUser.aspx
The purpose of that is to present a login link when the user is not logged in; otherwise, a "logout" link will be presented. When a user clicks the login link, he or she will be directed to login.aspx.
In addition, the "thank you" page (ThankYou.aspx) is not included in the hyperlink code because it is not an important page. However, navigation is placed on ThankYou.aspx pointing to other pages of the website, because after successful user registration, they might click a link back to the home page or other website pages.
So how do we add the above navigation menu source code?
Step 1. Go to the source code view of each of these ASP.NET pages in Visual Web Developer:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> Hi <asp:LoginName ID="LoginName1" runat="server" />, welcome to Codex Online Corporation. If you are logged in to the website, you will see the logout link below, otherwise a login link will be shown. If you are worker of this corporation, you need to login in order to view your tasks. Take note that you will not be able to view some of the administrative pages of this website as they are viewable only by your supervisor or administrator.<br /><br /> If you are a new worker, it is encourage you will register to this website to view the tasks assigned to you. Also bear in mind that you will not be able to login right away as the administrator still needs to mark your account active. Thank you for visiting this website!<br /> <br /> </div>
Screen shots of Completed ASP.NET pages in Design View
All of the required ASP.NET pages has been completed. Refer to the screen shots linked below to make sure your output in the Visual Web Developer Design view is similar to the ones provided:
ASP.NET 
Implement Gzip and Deflate Compression in ASP.Net
