Tuesday, February 11, 2014

Autonticatin page codes


Login Page


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using A = System.Web.Security;
using BL;

namespace PerfectWeb.Account
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated) {

                Response.Redirect(A.FormsAuthentication.DefaultUrl);
            }

         
        }

        BL.UserEntity objEnt = new UserEntity();
        BL.User objUser = new User();

        protected void btnLogin_Click(object sender, EventArgs e)
        {
          
            if (Page.IsValid)
            {
                bool isOK = false;
                try
                {
                    objEnt.UserName = txtUserName.Text;
                    objEnt.Password = txtPassword.Text;
                    isOK = objUser.ValidateUser(objEnt);
                }
                catch (EntityEx ex)
                {

                    lblMessage.Text = ex.Message;
                    return;
                }
                catch(Exception ex) {

                    lblMessage.Text = ex.Message;
                    if (Trace.IsEnabled)
                    {
                        Trace.Warn(ex.Message);
                    }
                }

                if (isOK)
                {

                    Session["User"] = objEnt.UserName;
                    A.FormsAuthentication.SetAuthCookie(objEnt.UserName, ChkIsLog.Checked);
                   // Roles.AddUserToRole(objEnt.UserName, "Admin");
                    A.FormsAuthentication.RedirectFromLoginPage(objEnt.UserName, ChkIsLog.Checked);
                }
                else {

                    lblMessage.Text = "invalied";
                }

            }
           
        }

    }
}

////////////////////

Logout Page


   protected void HeadLoginStatus_LoggingOut(object sender, LoginCancelEventArgs e)
        {
            A.FormsAuthentication.SignOut();

            Response.Redirect(A.FormsAuthentication.LoginUrl);
        }


Authontication

<?xml version="1.0"?>
 <configuration>

  <location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

  <location path="FUCK.aspx">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
 
  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
 
  </configuration>

/////////////////////////
Session["User"] = objEnt.UserName;
                    FormsAuthentication.SetAuthCookie(objEnt.UserName, ChkIsLog.Checked);
                    FormsAuthentication.RedirectFromLoginPage(objEnt.UserName, ChkIsLog.Checked);

/////////////////////////
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" defaultUrl="~/Profiler/UpdateInfo.aspx" />
    </authentication>


//////////////////////////
    <customErrors mode="On" defaultRedirect="Views/Shared/Error.aspx">
      <error statusCode="404" redirect="Views/Shared/NotFound.htm"/>
    </customErrors>
    <machineKey validationKey="AutoGenerate " decryptionKey="AutoGenerate" validation="SHA1"/>
    <trace enabled="true" pageOutput="false"/>

/////////////////////////////////






Sql server row level policy