Export (0) Print
Expand All
9 out of 35 rated this helpful - Rate this topic

Forms Authentication Using An XML Users File

.NET Framework 1.1

In this scenario, the client requests a protected resource, Default.aspx. There are two directories (FormsAuth and AddUser) and six files used in this application example. They are arranged as follows.

\FormsAuth (Web.config, Default.aspx, Logon.aspx, Users.xml)
\AddUser (Web.config, AddUser.aspx)

The FormsAuth directory is the application root.

In the security section of the Web.config file located in the FormsAuth directory, the authorization is set so that only authenticated users can access this directory. Also, the authentication mode is set to Forms, so ASP.NET tries to find a cookie that is attached to the request. If it finds none, it redirects the request to a logon page (Logon.aspx). There, the client user enters the required credentials (e-mail name and password). The page compares the entered credentials to a list of credentials in an XML file (Users.xml). If a match is found, the request is considered authenticated and the client is redirected to the originally requested resource (Default.aspx). If no match is found, the request is redirected to the Add User page (AddUser.aspx). The Web.config file located in this AddUser directory has authorization set to allow everyone access. There, the newly entered credentials are encoded and added to the XML file (Users.xml).

The following six files associated with this example:

  • Three .aspx files (Default.aspx, Logon.aspx, and AddUser.aspx).
  • Two configuration files (both are named Web.config, but one is located in the application root directory and the other is located in the AddUser directory).
  • One XML file (Users.xml) that contains user credentials.

In This Section

User Credentials File (Users.xml)
Describes how to use the User Credentials file.
Application Root Directory Configuration File (Web.config)
Describes how to add a security section to the application configuration file.
AddUser Directory Configuration File (Web.config)
Describes how to add a security section to the AddUser configuration file.
Default.aspx File
Describes how to add a security section to the default configuration file.
Logon.aspx File
Describes how to create a logon file to authenticate a user.
AddUser.aspx File
Describes how to create a data input file to add new users to the Users.xml file.

Related Sections

Designing Secure ASP.NET Applications

Show:
© 2014 Microsoft. All rights reserved.