asp.net.ph

Skip Navigation Links

Adduser.aspx File

Designing Secure ASP.NET Applications   Forms Authentication Using an XML Users File


When the Login page cannot find the e-mail name in the Users XML file, it redirects the request to the Add User page. If the user clicks the Add User button, the user name and password are added to the file.

To implement the Add User page [ C# ]

  1. Import the necessary namespaces.
    <%@ Page LANGUAGE = "c#" %>
    <%@ Import Namespace = "System.Data" %>
    <%@ Import Namespace = "System.Data.SqlClient" %>
    <%@ Import Namespace = "System.Web.Security " %>
    <%@ Import Namespace = "System.IO" %>
    <html>
    <head>
    <title>Forms Authentication</title>
  2. Create a script section tag.
    <script runat=server>
  3. Implement a Page_Load function.
    private void Page_Load ( Object sender, EventArgs e )
    {
    1. Get the UserEmail and UserPassword strings from the request.
      String email = Request.QueryString [ "UserEmail" ];
      String password = Request.QueryString [ "UserPassword" ];
    2. If they are not null, set up the UserEmail and UserPassword values.
      if ( null != email )
          UserEmail.Value = email;
      if ( null != password )
          UserPass.Value = password;
      }
  4. Implement the AddUser_Click function.
    private void AddUser_Click ( Object sender, EventArgs E )
    {
    1. If the page is not valid, tell the user.
      if ( !Page.IsValid ) {
          Msg.Text = "Some required fields are missing";
          return; 
      }
    2. Instantiate a new DataSet named ds.
      DataSet ds = new DataSet ( );
    3. Initialize a string named userFile with the path to the Users.xml file.
      String userFile = "../users.xml";
    4. Read in the XML file to the ds DataSet instantiated in step b.
      FileStream fs = new FileStream ( Server.MapPath ( userFile ), 
         FileMode.Open,FileAccess.Read );
      StreamReader reader = new StreamReader ( fs );
      ds.ReadXml ( reader );
      fs.Close ( );
    5. Add the new name and password to the ds DataSet.
      DataRow newUser = ds.Tables [ 0 ] .NewRow ( );
      newUser [ "UserEmail" ] = UserEmail.Value;
      newUser [ "UserPassword" ] = UserPass.Value;
      ds.Tables [ 0 ] .Rows.Add ( newUser );
      ds.AcceptChanges ( );
    6. Write the new DataSet with the new name and password to the XML file.
      fs = new FileStream ( Server.MapPath ( userFile ), FileMode.Create, 
         FileAccess.Write|FileAccess.Read );
      StreamWriter writer = new StreamWriter ( fs );
      ds.WriteXml ( writer );
      writer.Close ( );
      fs.Close ( );
    7. Redirect the request back to the originally requested resource ( Default.aspx ).
      FormsAuthentication.RedirectFromLoginPage ( UserEmail.Value, 
         PersistForms.Checked );
      }
      </script>
      <body>
      <form runat=server>
         <div style = "background:#ccccff"><h3>Add New User</h3></div>
  5. With the exception of the button name, the following form is identical to the one described for the Login.aspx file.
        <table>
            <tr>
                <td>Name:</td>
                <td><input id = "UserEmail" type = "text" runat=server/></td>
                <td><ASP:RequiredFieldValidator 
                    ControlToValidate = "UserEmail" 
                    Display = "Static"
                    ErrorMessage = "*"
                    runat=server/>
                </td>
    
            </tr>
            <tr> 
                <td>Password:</td>
                <td><input id = "UserPass" type=password runat=server/></td>
                <td><ASP:RequiredFieldValidator 
                    ControlToValidate = "UserPass" 
                    Display = "Static"
                    ErrorMessage = "*"
                    runat=server/>
                </td>
            </tr>
            <tr>
                <td>Persistent Forms:</td>
                <td><ASP:CheckBox id=PersistForms runat = "server"
                    autopostback = "true" />
                </td>
                <td></td>
            </tr>
    
     
        </table>
        <input type = "submit" onServerClick = "AddUser_Click" Value = "Add User"
             runat = "server" /><p>
       <asp:Label id = "Msg" ForeColor = "red" Font-Name = "Verdana" 
             Font-Size = "10" runat=server />
    </form>
    </body>
    </html>
See Also

Forms Authentication Using an XML Users File



© 2025 Reynald Nuñez and asp.net.ph. All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note