Designing Secure ASP.NET Applications Forms Authentication Using an XML Users File
When the Login page cannot find the e-mail name in the Users XML file, it redirects the request to the Add User page. If the user clicks the Add User button, the user name and password are added to the file.
- Import the necessary namespaces.
<%@ Page LANGUAGE = "c#" %>
<%@ Import Namespace = "System.Data" %>
<%@ Import Namespace = "System.Data.SqlClient" %>
<%@ Import Namespace = "System.Web.Security " %>
<%@ Import Namespace = "System.IO" %>
<html>
<head>
<title>Forms Authentication</title>
- Create a script section tag.
<script runat=server>
- Implement a Page_Load function.
private void Page_Load ( Object sender, EventArgs e )
{
- Get the UserEmail and UserPassword strings from the request.
String email = Request.QueryString [ "UserEmail" ];
String password = Request.QueryString [ "UserPassword" ];
- If they are not null, set up the UserEmail and UserPassword values.
if ( null != email )
UserEmail.Value = email;
if ( null != password )
UserPass.Value = password;
}
- Implement the AddUser_Click function.
private void AddUser_Click ( Object sender, EventArgs E )
{
- If the page is not valid, tell the user.
if ( !Page.IsValid ) {
Msg.Text = "Some required fields are missing";
return;
}
- Instantiate a new DataSet named
ds .
DataSet ds = new DataSet ( );
- Initialize a string named
userFile with the path to the Users.xml file.
String userFile = "../users.xml";
- Read in the XML file to the
ds DataSet instantiated in step b.
FileStream fs = new FileStream ( Server.MapPath ( userFile ),
FileMode.Open,FileAccess.Read );
StreamReader reader = new StreamReader ( fs );
ds.ReadXml ( reader );
fs.Close ( );
- Add the new name and password to the
ds DataSet.
DataRow newUser = ds.Tables [ 0 ] .NewRow ( );
newUser [ "UserEmail" ] = UserEmail.Value;
newUser [ "UserPassword" ] = UserPass.Value;
ds.Tables [ 0 ] .Rows.Add ( newUser );
ds.AcceptChanges ( );
- Write the new DataSet with the new name and password to the XML file.
fs = new FileStream ( Server.MapPath ( userFile ), FileMode.Create,
FileAccess.Write|FileAccess.Read );
StreamWriter writer = new StreamWriter ( fs );
ds.WriteXml ( writer );
writer.Close ( );
fs.Close ( );
- Redirect the request back to the originally requested resource ( Default.aspx ).
FormsAuthentication.RedirectFromLoginPage ( UserEmail.Value,
PersistForms.Checked );
}
</script>
<body>
<form runat=server>
<div style = "background:#ccccff"><h3>Add New User</h3></div>
- With the exception of the button name, the following form is identical to the one described for the Login.aspx file.
<table>
<tr>
<td>Name:</td>
<td><input id = "UserEmail" type = "text" runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate = "UserEmail"
Display = "Static"
ErrorMessage = "*"
runat=server/>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input id = "UserPass" type=password runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate = "UserPass"
Display = "Static"
ErrorMessage = "*"
runat=server/>
</td>
</tr>
<tr>
<td>Persistent Forms:</td>
<td><ASP:CheckBox id=PersistForms runat = "server"
autopostback = "true" />
</td>
<td></td>
</tr>
</table>
<input type = "submit" onServerClick = "AddUser_Click" Value = "Add User"
runat = "server" /><p>
<asp:Label id = "Msg" ForeColor = "red" Font-Name = "Verdana"
Font-Size = "10" runat=server />
</form>
</body>
</html>
Forms Authentication Using an XML Users File
|