ASP.NET version of "Login & Password (Database-Driven)"

When I went to write an ASP.NET version of our Classic ASP Auto-Navigation Database-Driven Login Sample, I realized that I hadn't yet published a plain database-driven login and password sample for ASP.NET. So... in an effort to keep the horse in front of the cart, here it is (I mean the sample... not a horse or a cart).

There is one slight issue with the running version. Our samples folder is set up as it's own application and I'm having a hard time finding out how to (or if you even can) configure two different forms authentication login pages within one application. So... if you try and access the protected page without being logged in, you'll get sent to the login page for our plain vanilla (not database-driven) login and password sample. It's a little weird, but it shouldn't affect anyone unless you try and implement both scripts in the same folder, which I can't see why anyone but us would even try.

The zip file contains the login form (login_db.aspx), a sample protected page (login_db-protected.aspx), the config file that sets up the authentication for the application (web.config), and the database containing the login and password information (login.mdb). The sample database is an Access database which you'll need to secure so that users can't download the whole database file if you are going to continue to use Access. I only used Access so that I could easily distribute the sample database, but the concept is the same regardless of the database platform you use.

Warning: If you are going to implement this for an existing application, do not overwrite your existing web.config file or you will lose whatever settings you may have in it. Simply copy the applicable parts from our sample web.config into your application's existing web.config file.

Here's a zip file of the code (12.6 KB).

Play with the running version.

View the live source code.

Database-Driven Auto-Navigation Version

This version is based on the above database driven login and password system, but adds the capability to have users automatically directed to a user-specific login page upon authentication.

For a full description of what the sample does, you might want to read the write-up of the classic ASP version: Database-Connected Auto-Navigation Login & Password Sample

The way it is currently implemented, each destination page is secured so that only the specified authorized users can access it (as opposed to it being accessible by any authenticated user). Implementing a system where all the destination pages are accessible by any authenticated user (and the user is simply directed to their particular page by default -- even though they really have permission to access any of them) is somewhat simpler since it wouldn't require any changes to web.config for each new user. That being said, it seemed better to illustrate this method (more complex and tighter security) and let you choose to make it less secure if you want, as opposed to doing things the other way around.

You can download a zip file containing the script and sample database from here: login_db_nav_aspx.zip (11 KB)

Back to the "Classic ASP Login" sample