Chapter No.

6 Security & Configuration

 Using the CreateUserWizard control
 Using the LoginStatus control
 Using the Login control
 Using the LoginView control

Introduction: Implementing security in a site has the following aspects:

 Authentication : It is the process of ensuring the user's identity and authenticity.
ASP.NET allows four types of authentications:
o Windows Authentication
o Forms Authentication
o Passport Authentication
o Custom Authentication
 Authorization : It is the process of defining and allotting specific roles to specific users.
 Confidentiality : It involves encrypting the channel between the client browser and the
web server.
 Integrity : It involves maintaining the integrity of data. For example, implementing
digital signature.
Using the CreateUserWizard control:
The CreateUserWizard control collects information from potential users. By default, the
CreateUserWizard control adds the new user to the ASP.NET membership system.
The CreateUserWizard control gathers the following user information:
 User name
 Password
 Confirmation of password
 E-mail address
 Security question
 Security answer
This information is used to authenticate users and recover user passwords, if necessary.
To add a CreateUserWizard control to a page
 Drag the CreateUserWizard control from the Toolbox task pane to your page.
 The CreateUserWizard control provides the user interface for the MembershipProvider
object that communicates with your Web site's user data store to create new user accounts in the
data store.
You can customize the contents of the CreateUserWizard control using the
CreateUserWizardStep. By specifying the contents, you can specify custom user interface (UI)
that includes controls that the CreateUserWizard control uses to gather information about the
new user.
Using the LoginStatus control:
The Login Status control displays a login link for users who are not authenticated and a
logout link for users who are authenticated. The login link takes the user to a login page. The
logout link resets the current user's identity to be an anonymous user.
You can customize the appearance of the Login Status control by setting the Login Text
and Login Image Url properties.
To add a LoginStatus control to a page
1. Drag the LoginStatus control from the Toolbox task pane to your page.
2. You can customize the appearance of the LoginStatus control by setting the LoginText
and LoginImageUrl properties. To set these and other properties that determine the
appearance of the LoginStatus control, use the Tag Properties task pane.
Login Status control properties:
 Login Text The text displayed if the user is not signed in.
 Login Image Url A URL for an image displayed as an icon for the login link.
 Logout Text The text displayed if the user is authenticated.
 Logout Image Url A URL for an image displayed as an icon for the logout link.
 Logout Action Configures the action the control performs if the user clicks the logout
link that is displayed when the user is authenticated.
 Logout Page Url A page to redirect to if the user clicks the logout link and the Logout
Action is set to Redirect.
Using the Login control:
The Login control displays a user interface for user authentication. It provide a robust
login solution for Web applications without requiring programming.
  It provides you with a ready-to-use user interface that queries the user name and
password from the user and offers a Log In button for login.
 The Login control displays a user interface for user authentication. The Login
control contains text boxes for the user name and password and a check box that allows users
to indicate whether they want the server to store their identity using ASP.NET membership
and automatically be authenticated the next time they visit the site.
 The Login control has properties for customized display, for customized
messages, and for links to other pages where users can change their password or recover a
forgotten password.
 The Login control can be used as a standalone control on a main or home page.

Steps for creating Login controls are:

Step 1 :- First open your visual studio -->File -->New -->Select ASP.NET Empty website -->
OK -->Open Solution Explorer -->Add a New web form (login.aspx) -->Now drag and Drop
Login control and and LoginView control on the page from toolbox --> Add a Hyperlink control
in LoginView 's blank space as shown below:-

Step 2 :- Now open Solution Explorer --> Add a New web Form (Registrationpage.aspx) -->
Drag and drop CreateUserWizard and LoginView controls on the page --> Put a Hyperlink
control inside blank space in LoginView control as shown below:-

 Now select Complete from createUserWizard Tasks as shown above --> Now double
click on Continue button and write the following c# codes for Navigation as given
below:-
Step 3 :- Now Add a New Web Form (welcomwpage.aspx) --> drag and drop
LoginName,LoginStatus and LoginView Controls on the page from toolbox as shown below:-

Step 4 :- Now Add again a New Web Form (changepassword.aspx)-->drag and drop
ChangePassword control on the page from toolbox as shown below:-

Step 5 :- Now Add a New web form (PasswordRecovery.aspx) -->drag and drop
Passwordrecovery control from toolbox as shown below:-
Step 6 :- Now open web.config file and write the following codes as given below:-

Step 7 :- Now Run the Application (Press F5) --> Now create a account first for access the
website --> Press Create User button --> After that Press Continue button as shown below:-

Step 8 :- After step 7, login.aspx page will be opened --> Now put login credentials such as
username and password --> Press login button --> You will see the following output as shown
below:-
 Using the LoginView control:
The LoginView control allows you to display different information to anonymous and
logged-in users. The control displays one of two templates: the AnonymousTemplate or the
LoggedInTemplate. In the templates, you can add markup and controls that display information
appropriate for anonymous users and authenticated users, respectively.
The LoginView control also includes events for ViewChanging and ViewChanged,
which allow you to write handlers for when the user logs in and changes status.
To add a LoginView control to a page
1. Drag the LoginView control from the Toolbox task pane to your page.
2. By default, the LoginView control includes two templated views that are displayed to the
user. The first is the AnonymousTemplate, which is displayed to the user when the user is
not logged in. The second template is the LoggedInTemplate, which defines the user
interface that is displayed when a user is logged in. But you can also create templates for
the members of particular logged-in role groups.

*****