If
This is the code where the actual authentication occurs. If the user cannot be authenticated in the system, then we display and error message and prevent the user from proceeding in the site.
If the user is authenticated successfully, the user is directed to the requested page.
Add the following line of code to the top of the mobile web page.
Imports System.Web.Security.
Step 3: Create the other pages in the web site.
We can now create the rest of the web site. Since this example is used to demonstrate forms authentication, our site will only contain two mobile web pages. Open the default web form that was created in the project "MobileWebForm1.aspx" and add a label control, a link control and a Command control. Change the properties of the control as shown in the table below.
| Control |
Property |
Value |
| Label1 |
Text |
Home Page |
| Link |
Text |
Go To Mobile Web Page 2 |
|
NavigateURL |
MobileWebForm2.aspx |
| Command |
Text |
Logout |
|
Id |
cmdLogout |
| Form |
|
|
Rename the mobile web page "default.aspx"
Add the following code to the OnClick event handler of the Command control.
MobileFormsAuthentication.SignOut()
RedirectToMobilePage("login.aspx", True)
Now add another Mobile Web Page in the project. Add a label and a link control on the mobile web form on this web page and set the following properties :
| Control |
Property |
Value |
| Label |
Text |
Mobile Web Page 2. |
| Link |
Text |
Back To HomePage. |
|
NavigateURL |
defaul.aspx. |
Step 4: Modify the configuration Settings.
This is the main part where we specify that we opt for Forms Authentication.
Add the following changes to the web.config file included in the project:
Delete the section for authentication in the existing file and add the following instead:
<
authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".COOKIEDEMO" timeout="60" path="/" >
<credentials passwordFormat="SHA1">
<user name="user1"
password=" 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
<user name="user2"
password=" 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
This section specifies the use of forms authentication and provides the passwords for the users using format "SHA1". In this example the password for both the users is set to "password". The trick in deriving the encoded value of password is making use of the function:
FormsAuthentication.HashPasswordForStoringInConfigFile.
We have also indicated in the <authorization> section that anonymous users must be denied access to all files in this application.
Replace the existing section for the SessionState with the following.
<
sessionState cookieless="true"/>
Step 5: Build and Run the program and see the results.
When you initially request for the mobile web page belonging to this application, you are not authenticated and hence, directed to the login page.
Figure 2: In the initial request, the user is not authenticated and therefore, directed to the Login Web page.
Enter the following credentials:
Login: user1
Password: password
Note that the password text is not displayed to the user.
Click on the Login button and you will be sent to the requested web site if the correct credentials are entered.
Figure 3: User is authenticated successfully and redirected to the requested page.
After this the user will have access to the other web pages in the web site and won't be prompted for login unless the Logout button is clicked or the validity of the login expires.
If the user clicks on the Logout button, he/she is logged out and redirected to the login page.
Figure 4: Incorrect Credentials-Note the error message.
Conclusion:
Security is a major concern for all applications, especially for Mobile Web Applications. We saw the use of FormsAuthentication in this example. Forms Authentication does not depend on IIS. You can build on this simple example and fortify your web site against invalid access.