asp.net.ph

Skip Navigation LinksHome > ASP.NET Applications > ASP.NET Web Application Security > Designing Secure ASP.NET Applications > Forms Authentication Using An XML Users File

Forms Authentication Using An XML Users File

ASP.NET Web Application Security   Designing Secure ASP.NET Applications


In this scenario, the client requests a protected resource, Default.aspx. There are two directories ( Formsauth and Adduser ) and six files used in this application example. They are arranged as follows:

          \Formsauth ( Web.config, Default.aspx, Login.aspx, Users.xml )

                    \Adduser ( Web.config, Adduser.aspx )

The Formsauth directory is the application root.

In the security section of the Web.config file located in the Formsauth directory, the authorization is set so that only authenticated users can access this directory. Also, the authentication mode is set to Forms, so ASP.NET tries to find a form that is attached to the request. If it finds none, it redirects the request to a logon page ( Login.aspx ). There, the client user enters the required credentials ( e-mail name and password ). The page compares the entered credentials to a list of credentials in an XML file ( Users.xml ). If a match is found, the request is considered authenticated and the client is redirected to the originally requested resource ( Default.aspx ). If no match is found, the request is redirected to the Add User page ( Adduser.aspx ). The Web.config file located in this Adduser directory has authorization set to allow everyone access. There, the just-entered credentials are encoded and added to the XML file ( Users.xml ).

As mentioned earlier, there are six files associated with this example:

  • Three .aspx files ( Default.aspx, Login.aspx, and Adduser.aspx )
  • Two configuration files ( both named Web.config, but one is located in the application root directory and the other is located in the Adduser directory )
  • One XML file ( Users.xml ) that contains user credentials

In This Section


Content
User Credentials File ( Users.xml )
Describes how to use the User Credentials file.
Application Root Directory Configuration File ( Web.config )
Describes how to add a security section to the application configuration file.
Adduser Directory Configuration File ( Web.config )
Describes how to add a security section to the AddUser configuration file.
Default.aspx File
Describes how to add a security section to the default configuration file.
Login.aspx File
Describes how to create a logon file to authenticate a user.
Adduser.aspx File
Describes how to create a file to add new users.

See Also

The Forms Authentication Provider



© 2025 Reynald Nuñez and asp.net.ph. All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note