/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsAt the recently concluded SME Quest, which happened across six cities, we talked about e-enabling your business and one of the things that we talked about in it was to communicate with customers and clients through a website. For example, a manufacturing company can put up status of the orders that it had received on a web page, which the customer can check at his own convenience rather than picking up the phone and asking for that information. But to put up important information on a website calls for some form of authentication, to prevent unauthorized access. In this article we will show you how to build a basic web page that requests the users to enter a username and password, before giving them the information they need. The
page will be built using ASP.Net.
Let's continue with our example of a manufacturing company wanting to provide order status to its clients through its website, securely. Assume that the company already has its website. Put up a link on any page of the website, say 'Clients' page' as shown below.
|
Clicking on this link will take the user to a login page (which we will show how to build) where he will be required to enter a valid username and password and after he has entered that correctly he will be taken to the page that displays the status of his order. If a user enters invalid username and/or password, he will not be able to see the order status.
Creating the login page
Create a new ASP.Net file in any editor, notepad, Web Matrix, Visual Studio.Net or any other, and save it as 'login.aspx' in the directory where your website is stored. The link on your first page should point to this 'login.aspx' file.
Now add the following code to this file. We have used VB.Net as the language to code our page, but you can use C# or any other language also to build the same page. Moreover, the HTML part of the page will remain same, irrespective of the programming language used to write the code logic.
<%@ Page Language="VB" %>
First in the HTML part of the page, we will create the necessary input elements for the user to enter information. These are the Web Server Controls of the Web Forms framework in
ASP.Net.
The most important elements are the Username and Password input text boxes, which have their 'id' as 'tbUsername' and 'tbPassword' respectively. Notice the Password textbox has the 'TextMode' property set to "password". This makes sure that the password does not show on the webpage as the user types it. Instead, the password appears as asterisks (******), while typing. Next is the 'Submit' button, clicking on which calls the 'Submit' procedure, where the username and password are verified.
The 'Submit' procedure checks whether the information entered by the user in the username and password textboxes is valid. Since we are not using any database for password verification, we will hardcode the username and password values, which are "pcquest" and "pcq" respectively. Next month we will show you how to make web pages authenticate users by using username and password information from a database.
If the user enters valid information, the username is saved in a 'session' variable called 'name' and the user is directed to the 'status.aspx' page, which contains the status of the order and the code for it is given below. Session variables are used to store user specific information on the web server as long as he visiting the website. The session variable 'name' is used as a security mechanism as well as to show a custom welcome message to the user on the 'status.aspx' page. If the user enters incorrect information, then he will not proceed to the status page and will be displayed a message saying that he had entered invalid username or password.
The status page
This is the page where the user will see information regarding his order. Create a new ASP.Net file
and save it as 'status.aspx' in the directory where your website is stored. Now add the following lines to
this file.
<%@ Page Language="VB" %>
Firstly, when the page loads, the 'Page_Load' procedure checks whether the session variable 'name' contains any information. If it doesn't, it means the user has accessed the page without verifying his username and password through the 'login.aspx' page. If this is the case he is taken back to the login page, without the status page displaying any important information to him.
If however, the user has come to the page after authenticating himself through the login page, he is greeted with a welcome message along with his username.
Next the page shows the status of the order, 'production' in this case. Lastly, there is a 'Logoff' button, which abandons the user session and takes him back to the first web page.
Anoop Mangla