Introduction about security of your web page in asp.net programming
You have been familiarized with the process of creating websites of your choice. However , only creating a website is not enough, one have to secure from unauthorized users. Such users can access and steal vital information of other users or about secret info of website such as credit card numbers and email-ids.Considering these factors, it is necessary to secure the websites from malicious users. To implement security, we must be able to track the user who visit the website and allow only authorized users to access the website resources. For tracking users, we need to collect some required information (such as name, email id, and contact no.) including username and password.
Users are required to furnish username and password to authenticate them as valid/registered users.To fulfill these tasks, we need to create a user interface for authenticating the user, and displaying the desired page based on the roles or rights given to the user. However, creating such forms or user interface with the help of standard ASP.NET Programming server controls is quite tedious and time consuming.
There is a fix login control in Visual Studio 2013 ASP programming, but it is attached with the in-built database. That's why we are designing custom login control for security of the web page, because through custom login control, programmer can check credentials from its own database.
Follow some steps to make custom login control in asp.net programming
Step-1 : Design view of the asp program. We are designing something like the image shown.
Step-2: ASPX Code part in asp.net programming
<p>
<h2>Login for security</h2></p>
<asp:ValidationSummary ID="ValidationSummary1" runat="server" BackColor="#CCCC00" BorderColor="Black" BorderStyle="Solid" BorderWidth="4px" />
<p>
Enter member username :
<asp:TextBox ID="usrtxt" runat="server" Width="182px"></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="usrtxt" ErrorMessage="Enter Username" ForeColor="Maroon">*</asp:RequiredFieldValidator>
</p>
<p>
Enter member password : <asp:TextBox ID="pwd" runat="server" TextMode="Password" Width="182px"></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="usrtxt" ErrorMessage="Enter password" ForeColor="Maroon">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Button ID="Button1" runat="server" Text="Member Login" OnClick="Button1_Click" />
</p>
<p>
<asp:Label ID="Label1" runat="server"></asp:Label>
C# Code part<h2>Login for security</h2></p>
<asp:ValidationSummary ID="ValidationSummary1" runat="server" BackColor="#CCCC00" BorderColor="Black" BorderStyle="Solid" BorderWidth="4px" />
<p>
Enter member username :
<asp:TextBox ID="usrtxt" runat="server" Width="182px"></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="usrtxt" ErrorMessage="Enter Username" ForeColor="Maroon">*</asp:RequiredFieldValidator>
</p>
<p>
Enter member password : <asp:TextBox ID="pwd" runat="server" TextMode="Password" Width="182px"></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="usrtxt" ErrorMessage="Enter password" ForeColor="Maroon">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Button ID="Button1" runat="server" Text="Member Login" OnClick="Button1_Click" />
</p>
<p>
<asp:Label ID="Label1" runat="server"></asp:Label>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
public partial class welcome : System.Web.UI.Page
{
SqlDataReader rd;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
bool flag=true ;
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString =ConfigurationManager .ConnectionStrings ["ConnectionString"].ToString ();
con.Open ();
using (SqlCommand cmd=new SqlCommand ())
{
cmd.CommandText ="select * from [Table]";
cmd.Connection =con;
rd=cmd.ExecuteReader (CommandBehavior .CloseConnection);
while (rd.Read ())
{
if (rd["username"].ToString ().Equals(usrtxt .Text) && rd["password"].ToString ().Equals (pwd .Text))
{
flag =false ;
Session ["username"]=rd["username"].ToString ();
break ;
}
}
if (flag ==true)
Label1 .Text ="No record found";
else
Response .Redirect ("~/admin/securepage.aspx");
}
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
public partial class welcome : System.Web.UI.Page
{
SqlDataReader rd;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
bool flag=true ;
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString =ConfigurationManager .ConnectionStrings ["ConnectionString"].ToString ();
con.Open ();
using (SqlCommand cmd=new SqlCommand ())
{
cmd.CommandText ="select * from [Table]";
cmd.Connection =con;
rd=cmd.ExecuteReader (CommandBehavior .CloseConnection);
while (rd.Read ())
{
if (rd["username"].ToString ().Equals(usrtxt .Text) && rd["password"].ToString ().Equals (pwd .Text))
{
flag =false ;
Session ["username"]=rd["username"].ToString ();
break ;
}
}
if (flag ==true)
Label1 .Text ="No record found";
else
Response .Redirect ("~/admin/securepage.aspx");
}
}
}
}
Tidak ada komentar:
Posting Komentar