How to Configure CreateUserWizard and Login Control Using ASP.NET Membership

In this article I will explain how to configure the CreateUserWizard and Login control using an ASP.NET Membership.

Introduction

In this article we will configure the CreateUserWizard/Registration and Login controls using SQLMembershipProvider. So, first we need to configure the SQLMembershipProvider for our database. Go through this article to configure SQLMembershipProvider. This will create the required tables and procedures in the database to store user's information.

Step 1

Create a new ASP.NET Web Site and write the following in the Web.config file (as discussed in the above referred article):

<connectionStrings>

      <add name="ConString"

connectionString="Data Source=deepak\SQLEXPRESS;User Id=sa;Password=******;Initial Catalog=Employee;"/>

</connectionStrings>

<system.web>

      <authentication mode="Forms"/>

      <membership defaultProvider="MyMembershipProvider">

            <providers>

                  <add name="MyMembershipProvider"

           type="System.Web.Security.SqlMembershipProvider"

           connectionStringName="ConString"/>

            </providers>

      </membership>

</system.web>

Step 2

Add a new WebForm "Register.aspx" and drag a CreateUserWizard control on the page. You can format it using predefined style using CreateUserWizard task Auto Format feature.

Set the ContinueDestinationPageUrl property of the CreateUserWizard control to "~/Default.aspx" so that when a user account is created successfully, he/she will be redirected to the "Default.aspx" page.

LgnASP1.jpg

Step 3

Add a new WebForm "Login.aspx" and drag a Login control on the page. You can format the Login control too like CreateUserWizard Auto Format feature. Put a link "Register.aspx" page below the Login control.

LgnASP2.jpg

Step 4

Now we have configured the CreateUserWizard to add a new user and Login control to authenticate a user. To check these pages let's add a new page that will be accessed by only authenticated users.

Add a new folder "Secure" and add a WebForm inside it named "SecurePage.aspx".

Add a Web.config file in the folder and add the following code in it:
 

<configuration>

    <appSettings/>

    <connectionStrings/>

    <system.web>

      <authorization>

        <deny users="?"/>

      </authorization>

    </system.web>

</configuration>

This configuration ensures that only authenticated users will access the pages of this folder and its sub-folders. Authorization is used to authorize or restrict access to some resources to a user. Here, the authorization tag is used to restrict all unauthenticated users to access pages of this folder. "?" indicates all anonymous or unauthenticated users.

The above method will restrict access to all the pages in the "Secure" folder and its sub-folders for anonymous users. But if you want to restrict access to only the "SecurePage.aspx" page, you can use the "location" tag in the root "Web.config" as follows:
 

<location path="Secure/SecurePage.aspx">

  <system.web>

    <authorization>

      <deny users="?"/>

    </authorization>

  </system.web>

</location>


Step 5

Now we are ready to test the Regester.aspx and Login.aspx pages. Before that add a link to "SecurePage.aspx" in the "Default.aspx" page and run the application.

When you click on this link, it will redirect to the Login.aspx page as we have denied all anonymous users from this page.

Click on the "Register" to register yourself. By default in the password field, CreateUserWizard takes at least 7 characters and a combination of characters, numbers, and special characters like "deepak@123".

After successful registration you will be redirected to the "Default.aspx" page. Now when you click on the "SecurePage" link you will be redirected to the "SecurePage.aspx" page because after successful registration the user gets logged in automatically. You can use the "LoginStatus" control to show the login/logout status of the user.