In this article I will explain how to configure CreateUserWizard and Login control using ASP.NET Membership
In this article we will configure CreateUserWizard/Registration and Login control using SQLMembershipProvider. So, first we need to configure SQLMembershipProvider for our database. Go through this article to configure SQLMembershipProvider. This will create required tables and procedures in the database to store user’s information.
Create a new ASP.NET Web Site and write following in the Web.config file (as discussed in the above referred article):
<connectionStrings> <add name="ConString" connectionString="Data Source=deepakSQLEXPRESS;User Id=sa;Password=******;Initial Catalog=Employee;"/> </connectionStrings> <system.web> <authentication mode="Forms"/> <membership defaultProvider="MyMembershipProvider"> <providers> <add name="MyMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ConString"/> </providers> </membership> </system.web>
Add a new WebForm “Register.aspx” and drag a CreateUserWizard control on the page. You can format it using predefined style using CreateUserWizard task Auto Format feature.
Set ContinueDestinationPageUrl property of CreateUserWizard control to “~/Default.aspx” so that when a user account is created successfully, he/she will be redirected to the “Default.aspx” page. Step 3:
Add a new WebForm “Login.aspx” and drag a Login control on the page. You can format Login control too like CreateUserWizard Auto Format feature. Put a link “Register.aspx” page below the Login control.
Now we have configured CreateUserWizard to add a new user and Login control to authenticate a user. To check these pages lets add a new page that will be accessed by only authenticated users.
Add a new folder “Secure” and add a WebForm inside it named “SecurePage.aspx”.
Add a Web.config file in the folder and add following code in it:
<configuration> <appSettings/> <connectionStrings/> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </configuration>
This configuration ensures that only authenticated users will access the pages of this folder and its sub-folders. Authorization is used to authorize or restrict access to some resources to a user. Here, authorization tag is used to restrict all unauthenticated users to access pages of this folder. “?” indicates all anonymous or unauthenticated users.
Above method will restrict access to all the pages in the “Secure” folder and its sub-folders for anonymous users. But if you want to restrict access to only “SecurePage.aspx” page, you can use “location” tag in the root “Web.config” as following:
<location path="Secure/SecurePage.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location>
Now we are ready to test Register.aspx and Login.aspx pages. Before that add a link to “SecurePage.aspx” in the “Default.aspx” page and run the application.
When you click on this link, it will redirect to the Login.aspx page as we have denied all anonymous users from this page.
Click on the “Register” to register yourself. By default in password field, CreateUserWizard takes at least 7 characters and a combination of characters, numbers, and special characters like “deepak@123”.
After successful registration you will be redirected to the “Default.aspx” page. Now when you click on the “SecurePage” link you will be redirected to the “SecurePage.aspx” page because after successful registration user gets logged in automatically. You can use “LoginStatus” control to show login/logout status of the user.