|
|
|
|
|
Home
»
VB.NET
»
Form Authentication for Mobile Applications
|
|
|
Author Rank:
|
|
Total page views :
8878
|
|
Total downloads :
165
|
|
|
|
|
Download
Files:
|
|
|
|
|
|
|
|
|
|
|
|
|
Similar ArticlesMost ReadTop RatedLatest
|
|
|
|
|
|
|
|
|
|
Introduction.
In this example we will authenticate mobile web users for our application using Forms Authentication.
Other forms of authentication for mobile web applications are
- Windows Authentication.
- Passport Authentication.
Technique.
When the user requests for a mobile web page from the application and if the user is not authenticated, the user is directed to the login page specified in the configuration settings. The user is prompted to enter the login and password. After the user is authenticated and authorized to access the page, the user is sent to the requested page (or the default page of the web site, if none is specifically requested). The user is now free to access the web site and navigate through the web site without being re-prompted for the login information.
When the user is done with the processing, he/she can Signout from the Application.
You can also specify a time-out period for the duration of time after which the validity of the login expires.
Since mobile pages may or may not support cookies, we enable cookieless operation.
Program Details.
Step 1: Create the project:
Create a Visual VB Mobile Web Application in Visual Studio.Net.
Step 2: Create the login Mobile Web Page.
Add a new Mobile Web Form to the project and name the page Login.aspx
Add the controls as shown in figure 1 below.
Figure 1: Login.aspx.
Change the following properties for controls added on the mobile web page:
| Control |
Property |
Value |
| Label |
Text |
Login: |
| TextBox |
Id |
txtLogin |
| Label |
Text |
Password |
| Textbox |
Id |
txtPwd |
|
Password |
True |
| Command |
Id |
Login |
|
Id |
cmdLogin |
| Label |
Id |
lblError |
Double click on the Command Control to start adding code to event handler for the onClick Event.
Add the following code to the OnClick event handler of the Command control.
If FormsAuthentication.Authenticate(txtLogin.Text, txtPwd.Text) Then
FormsAuthentication.SetAuthCookie(txtLogin.Text, False)
MobileFormsAuthentication.RedirectFromLoginPage(txtLogin.Text, True)
Else
lblError.Text = "Please check your credentials"
End If
This is the code where the actual authentication occurs. If the user cannot be authenticated in the system, then we display and error message and prevent the user from proceeding in the site.
If the user is authenticated successfully, the user is directed to the requested page.
Add the following line of code to the top of the mobile web page.
Imports System.Web.Security.
Step 3: Create the other pages in the web site.
We can now create the rest of the web site. Since this example is used to demonstrate forms authentication, our site will only contain two mobile web pages. Open the default web form that was created in the project "MobileWebForm1.aspx" and add a label control, a link control and a Command control. Change the properties of the control as shown in the table below.
| Control |
Property |
Value |
| Label1 |
Text |
Home Page |
| Link |
Text |
Go To Mobile Web Page 2 |
|
NavigateURL |
MobileWebForm2.aspx |
| Command |
Text |
Logout |
|
Id |
cmdLogout |
| Form |
|
|
Rename the mobile web page "default.aspx"
Add the following code to the OnClick event handler of the Command control.
MobileFormsAuthentication.SignOut()
RedirectToMobilePage("login.aspx", True)
Now add another Mobile Web Page in the project. Add a label and a link control on the mobile web form on this web page and set the following properties :
| Control |
Property |
Value |
| Label |
Text |
Mobile Web Page 2. |
| Link |
Text |
Back To HomePage. |
|
NavigateURL |
defaul.aspx. |
Step 4: Modify the configuration Settings.
This is the main part where we specify that we opt for Forms Authentication.
Add the following changes to the web.config file included in the project:
Delete the section for authentication in the existing file and add the following instead:
< authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".COOKIEDEMO" timeout="60" path="/" >
<credentials passwordFormat="SHA1">
<user name="user1"
password=" 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
<user name="user2"
password=" 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
This section specifies the use of forms authentication and provides the passwords for the users using format "SHA1". In this example the password for both the users is set to "password". The trick in deriving the encoded value of password is making use of the function:
FormsAuthentication.HashPasswordForStoringInConfigFile.
We have also indicated in the <authorization> section that anonymous users must be denied access to all files in this application.
Replace the existing section for the SessionState with the following.
< sessionState cookieless="true"/>
Step 5: Build and Run the program and see the results.
When you initially request for the mobile web page belonging to this application, you are not authenticated and hence, directed to the login page.
Figure 2: In the initial request, the user is not authenticated and therefore, directed to the Login Web page.
Enter the following credentials:
Login: user1
Password: password
Note that the password text is not displayed to the user.
Click on the Login button and you will be sent to the requested web site if the correct credentials are entered.
Figure 3: User is authenticated successfully and redirected to the requested page.
After this the user will have access to the other web pages in the web site and won't be prompted for login unless the Logout button is clicked or the validity of the login expires.
If the user clicks on the Logout button, he/she is logged out and redirected to the login page.
Figure 4: Incorrect Credentials-Note the error message.
Conclusion:
Security is a major concern for all applications, especially for Mobile Web Applications. We saw the use of FormsAuthentication in this example. Forms Authentication does not depend on IIS. You can build on this simple example and fortify your web site against invalid access.
|
|
|
Login
to add your contents and source code to this article
|
|
|
|
|
|
|
|
Dipal Choksi
Dipal Choksi has over 10 years of industry experience in team-effort projects and also as an individual contributor. She has been working on the .Net platform since the beta releases of .Net 1.0.
|
|
|
|
|
|
|
|
|
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional
consulting company, our consultants are well-known experts in .NET and many of them
are MVPs, authors, and trainers. We specialize in Microsoft .NET development and
utilize Agile Development and Extreme Programming practices to provide fast pace
quick turnaround results. Our software development model is a mix of Agile Development,
traditional SDLC, and Waterfall models.
|
|
Click here to learn more about C# Consulting. |
|
|
|
|
|
|
|
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon.
Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees.
As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
|
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
|
Go.NET
Build custom interactive diagrams, network, workflow editors, flowcharts, or software design tools. Includes many predefined kinds of nodes, links, and basic shapes. Supports layers, scrolling, zooming, selection, drag-and-drop, clipboard, in-place editing, tooltips, grids, printing, overview window, palette. 100% implemented in C# as a managed .NET Control. Document/View/Tool architecture with many properties&events. Optional automatic layout.
|
Dundas Software
Dundas Chart for .NET is the most advanced .NET charting package available today. With an extremely complete feature set, elegant architecture and easy implementation, Dundas Chart can quickly add advanced Charting functionality to enhance and transform ASP.NET and Windows Forms applications. Whether you are implementing charting into internal projects, or building applications for clients, Dundas Chart offers advanced technology and advanced results to get the most out of data.
|
60 FREE UI Controls from DevExpress
Register for your FREE copy on over 60 free presentation controls from
DevExpress - Absolutely Free-of-Charge without any royalties or distribution
costs. Visit Devexpress.com/60 today. Free controls include advanced lists box, dropdown calendar, rich text edit, spin
edit, tab control and so much more!
DevExpress engineers feature rich presentation controls and reporting tools for WinForms, ASP.NET, WPF, and Silverlight. Our technologies help you build your best, see complex software with greater clarity and deliver compelling business solutions for Windows and the web in the shortest possible time.
|
Clickatell's SMS Gateway
Clickatell's Developer Solutions allow you to SMS enable any website or
application via a range of API's. Learn More about our API connections.
|
Microsoft Visual Studio 2010
Visualize your workspace with new multiple monitor support, powerful Web development, new SharePoint support with tons of templates and Web parts, and more accurate targeting of any version of the .NET Framework. Get set to unleash your creativity.
|
Nevron Chart for .NET 2010.1 Now Available
The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.
|
Developer-Ready ASP.NET 2.0 Web Hosting with 3 MONTHS FREE
Now supporting .NET 3.0 Framework with Windows Workflow Foundation, Windows Communication Foundation (WCF), Windows Presentation Foundation (WPF), windows CardSpace (WCS)! Providing more flexibility for Developers with Web Services Support and a User/Permission Manger. Also supporting MS SQL 2005/2000 with Real-Time Backups, FREE Automated Attach .MDF Tool, FREE SQL Restore and Shrink SQL DB Tools, and SQL
|
|
|
|
|
|
|
|
|
|
|
|
|