ASP.NET version of "Login & Password (Database-Driven)"
When I went to write an ASP.NET version of
our Classic ASP Auto-Navigation Database-Driven Login Sample,
I realized that I hadn't yet published a plain database-driven login and password sample for ASP.NET.
So... in an effort to keep the horse in front of the cart, here it is (I mean the sample... not a horse or a cart).
There is one slight issue with the running version. Our samples folder is set up as it's own application
and I'm having a hard time finding out how to (or if you even can) configure two different forms authentication
login pages within one application. So... if you try and access the protected page without being
logged in, you'll get sent to the login page for our plain vanilla (not database-driven)
login and password sample. It's a little weird, but it shouldn't affect
anyone unless you try and implement both scripts in the same folder, which I can't see why anyone but us would
The zip file contains the login form (login_db.aspx), a sample protected page (login_db-protected.aspx), the
config file that sets up the authentication for the application (web.config), and the database containing the
login and password information (login.mdb). The sample database is an Access database which you'll need to
secure so that users can't download the whole database file if you are going to continue to use Access.
I only used Access so that I could easily distribute the sample database, but the concept is the same
regardless of the database platform you use.
Warning: If you are going to implement this for an existing application, do not overwrite
your existing web.config file or you will lose whatever settings you may have in it.
Simply copy the applicable parts from our sample web.config into your application's existing web.config file.
The way it is currently implemented, each destination page is secured so
that only the specified authorized users can access it (as opposed to it being accessible by
any authenticated user). Implementing a system where all the destination pages are
accessible by any authenticated user (and the user is simply directed to their particular page
by default -- even though they really have permission to access any of them) is somewhat simpler
since it wouldn't require any changes to web.config for each new user.
That being said, it seemed better to illustrate this method (more complex and tighter security)
and let you choose to make it less secure if you want, as opposed to doing things the other way around.
You can download a zip file containing the script and sample database from here:
login_db_nav_aspx.zip (11 KB)