Aut.upt.ro
http://msdn.microsoft.com/en-us/library/879kf95c(VS.80).aspx
Walkthrough: Creating a Web Site with Membership
and User Login (Visual Studio)
Creating the Web Site
If you have already created a Web site in Microsoft Visual Studio (for example, by working with the topic ), you can use that Web site and skip to "Configuring Membership" later in this walkthrough. Otherwise, create a new Web site and page by following these steps.
To create a local IIS Web site
1. Open Visual Studio.
2. On the
File menu, click
New Web Site.
The
New Web Site dialog box appears.
3. Under
Visual Studio installed templates, select
ASP.NET Web Site.
4. In the
Location list box, select
HTTP. Click
Browse.
The
Choose Location dialog box appears.
5. Select
Local IIS.
6. Open
Local Web Servers. 7. Select
Default Web Site.
8. Click the
Create New Web Application icon (
) above the list of Web sites and then name the
new Web site
membership.
9. Click
Open.
The
Choose Location dialog box closes.
10. In the
Languages box, click the programming language you prefer to work in.
The programming language you choose will be the default for your Web site, but you can set the programming languages for each page individually.
11. Click
OK in the
New Web Site dialog box.
Visual Web Developer creates the Web site and a new page named Default.aspx.
Configuring Membership
Later in this walkthrough you will put pages into a subdirectory that is protected. You must create the subdirectory now so that you can configure security for it later in the walkthrough.
To add a new folder to the Web site
1. In
Solution Explorer, right-click the name of your Web site and click
New Folder.
2. Name the folder
MemberPages.
Before you work with ASP.NET membership, you must configure your application to enable membership and to set up users. You can use the Web Site Administration tool, which provides a wizard-like interface for making configuration settings.
For this walkthrough, you will define a single user.
To create a membership user
1. On the
Website menu, click
ASP.NET Configuration.
2. Select the
Security tab, click the link to
Use the security Setup Wizard to configure security
step by step, and then click
Next.
3. Proceed to Step 2 of the wizard and select the
From the Internet option.
The wizard displays a page where you can select the authentication method that your Web site will use. This option specifies that your application will use Forms authentication, where users will log in to the application using a login page that you will create later in this walkthrough.
4. Click
Next.
The wizard displays a message stating that user information will be stored using
Advanced
provider settings. By default, membership information is stored in a Microsoft SQL Server Express
database file in the
App_Data folder of your Web site.
5. Click
Next.
The wizard displays an option to create roles. You will perform this step separately later in the
walkthrough. Therefore, do not select the
Enable roles for this web site check box.
6. Click
Next.
The wizard displays a page where you can create new users.
7. Enter information that defines a user of your application. Use the following values as guidelines
(you can use any values that you like, but be sure to note your entries for later in the walkthrough):
•
User Name Your name (with no spaces), or a sample name.
•
Password A password. A strong password is required (one that includes uppercase and
lowercase letters, punctuation, and that is at least eight characters long).
•
E-mail Your personal e-mail address. Later in the walkthrough you will send yourself an e-
mail message, so you need a legitimate e-mail address.
•
Security Question and
Security Answer Type a question and answer that can be used later
8. Click
Create User.
The wizard displays a confirmation page.
Leave the Web Site Administration tool open.
Earlier in the walkthrough you created a folder named
MemberPages. In this part of the walkthrough, you
will create a rule that makes sure that only logged-in users can access pages in that folder.
To set up access rules for the MemberPages subdirectory
1. In the wizard, click
Next.
The wizard displays a page that allows you to create access rules.
2. In the
Add New Access Rule box, expand the node for your Web site.
3. Select
MemberPages, the folder you created earlier.
4. Under
Rule applies to, select
Anonymous users.
5. Under
Permission, select
Deny.
The rule you are creating denies access to anonymous users — that is, users who have not logged in.
6. Click
Add This Rule.
The new rule is displayed in the grid below. When users request a page from the
MemberPages subdirectory, the rules are checked to determine whether the user is allowed access to the page.
7. Click
Finish.
You are now done with the wizard. The wizard closes and you are returned to the
Security tab of
the Web Site Administration tool.
Configuring the Application for E-Mail
For part of this walkthrough, the application needs to be able to send e-mail messages. To send messages, your application must have access to a Simple Mail Transport Protocol (SMTP) server, which forwards e-mail messages from your application to an e-mail recipient.
IIS includes the Default SMTP virtual server as an optional component, which is suitable for this walkthrough. For more information about configuring this server, see . If you are working on a local area network, check with your network administrator for information about access to an e-mail server.
After you have set up or determined how to access an SMTP server, you must configure your application to route e-mail messages to that server. You can do so by making an entry in your Web site's Web.config file, which contains a series of settings that determine how your application runs.
To configure the application to use a specific SMTP server
1. In the Web Site Administration tool, click the
Application tab.
2. Under SMTP Settings, click
Configure SMTP e-mail settings.
The tool displays a page where you can configure e-mail.
3. If you are using the SMTP virtual server that is on your computer, enter
localhost as the
Server
Name; otherwise, enter the appropriate server name.
Include information for the port number and for authentication according to the requirements of your SMTP server. See your administrator for more information on how to configure these settings.
4. In the
From box, type a valid e-mail address.
5. Click
Save, and in the confirmation page, click
OK.
The Web Site Administration tool creates a Web.config file (if one did not already exist) with the settings you have made.
Note
The Web.config file will not appear in Solution Explorer until you refresh the view.
6. Close the Web Site Administration tool.
Logging the User In
As part of your application, you need to establish the user's identity so that the application can perform actions — such as showing or hiding information — based on who the user is. To get the user's identity, you have the user log in.
In this walkthrough, you will add a link on the home page that takes users to a login page, and then you will create the login page.
To create a home page with a login button
1. Open or switch to the
Default.aspx page of your site. (If you do not have a Default.aspx page, you
2. Switch to
Design view.
3. Type static text such as
Welcome to our site and, in the
Formatting toolbar, use the
Block
Format drop-down list to format the text as Heading 1.
4. From the
Login group of the
Toolbox, control onto the page.
By default, the
LoginStatus control is rendered as a link. When users click it, the application displays a login
page. You can now create the login page.
To create a login page
1. In
Solution Explorer, right-click your Web application and select
Add New Item. Add a
Web
Form named
Login.aspx to your site.
Note
For this walkthrough, the page must be named
Login.aspx. By default, forms authentication is configured
to work with a page with this name. Although you will not do so in this walkthrough, you can change the
default login page — the page to which users are redirected — in the Web.config file.
2. In the Login.aspx page, switch to
Design view.
3. From the
Login group of the
Toolbox, control onto the page.
The
Login control is a single control that will prompt the user for credentials and validate them.
Displaying Login Errors
The
Login control includes validation to help users enter correct information. For example, if a user skips
the password, a validator control displays an asterisk (*) next to the
Password box. You can provide more
complete information for login errors by adding a trol to the page.
To display detailed login errors
1. From the
Validation group of the
Toolbox, drag a
ValidationSummary control onto the page.
2. In the
Properties window for the
ValidationSummary control, set the property to
Login1, which is the default ID of the
Login control you added previously.
Displaying Information for Logged-In Users
You will now modify the home page to customize the display depending on whether the user is logged in. Anonymous users will see a generic message inviting them to log in. Logged-in users will see a message that welcomes them by their logged-in name.
To customize the display for logged-in users
1. Switch to or open the Default.aspx page.
2. From the
Login group of the
Toolbox, control onto the page.
The
LoginView control is displayed with its
AnonymousTemplate template open. This template
allows you to define the content that users will see before they have logged in.
3. Click the edit area of the
LoginView control to activate editing.
4. In the edit area of the
LoginView control's
AnonymousTemplate template, type
You are not
logged in. Click the Login link to sign in.
5. On the
LoginView Tasks panel, in the
Views list, click
LoggedInTemplate. If you do not see the
LoginView Tasks panel, right-click the heading of the
LoginView control and select
Show Smart
Tag.
You are now defining the content that will be displayed to users who have already logged in.
6. Click the edit area of the
LoginView control to activate editing, and then type
You are logged in.
Welcome,.
7. From the
Login group of the
Toolbox, control into the template after the text.
Testing Login
You can now test the login capability of your application.
To test login
1. In
Solution Explorer, right-click
Default.aspx and click
Set As Start Page.
This configures the Web site so that when you run the site, the Default.aspx page appears first.
The home page (Default.aspx) appears in the browser, showing the
Login link and the generic
message.
3. Click the
Login link.
The login page you created is displayed.
4. Type the login name of the user you created earlier in the walkthrough, and then click
Log In. (Do
An asterisk (*) is displayed next to the
Password box, and an error message is displayed in the
ValidationSummary control.
5. Type both a user name and password and then click
Log In.
If you entered correct credentials, you are returned to the home page. The page now displays a
Logout link, your user name, and the welcome message that you defined for the logged-in user.
Limiting Access for Members-Only Pages
A typical task in many Web sites is to configure pages so that only logged-in users can view the pages.
Earlier in the walkthrough, you created the
MemberPages subdirectory and created a rule that limits access
to pages in the subdirectory. In this section of the walkthrough, you will add a page to the protected
subdirectory and test the access rule.
To create the members-only page
1. In
Solution Explorer, right-click the
MemberPages folder, click
Add New Item, and add a new
Web Form named
Members.aspx.
Note
Be sure to create the page in the
MemberPages folder.
2. In
Design view, add text to the page, such as
Welcome, members! The exact text does not matter,
as long as you will be able to recognize this page when you see it in the browser.
You can now add a link to the members-only page from the home page. In a real application, you would
probably put the members-only page link in the logged-in template of the
LoginView control. That way,
visitors to your site would not see the link until they were logged in. For this walkthrough, however, you will
make the link available to all users so that you can see the effect of trying to view a members-only page
without first logging in.
To add a link to the members-only page
1. Switch to or open the Default.aspx page.
2. From the
Standard group of the
Toolbox, drag a control onto the page.
3. In the
Properties window for the
HyperLink control, set the property to
Members page and
th to
~/MemberPages/Members.aspx to point to the page that you
created previously.
Testing the Members-Only Page
You can test the members-only page by accessing it both as an anonymous user and a logged-in user.
To test the members-only page
1. Press CTRL+F5 to run the Web site.
2. When the Default.aspx page appears in the browser, do not log in. Instead, click the
Members
page link.
You are redirected to the Login.aspx page because access to the members page is denied for anonymous users.
3. In the login page, type the user name and password that you used earlier in the walkthrough to log
You are redirected to the Members.aspx page because the user name you are logged in as has been authorized to access the page.
Creating New Users
In the first part of the walkthrough, you created a user with the Web Site Administration tool. That strategy is useful if you are working with a small, defined list of users; for example, if you are creating users for a small team. In many Web sites, however, users are allowed to register themselves. ASP.NET includes the control that performs the same task you performed earlier using the Web Site Administration tool.
In this part of the walkthrough, you will add a facility that allows users to register on your Web site. To start, you will create a registration page.
To create a registration page
1. In
Solution Explorer, right-click the name of your Web site, click
Add New Item, and add a new
Web Form named
Register.aspx.
Note
Be sure to create the page in the root of the Web site, not in the
MemberPages folder.
2. In the Register.aspx page, switch to
Design view and type static text such as
Register into the
page. In the
Formatting toolbar, use the
Block Format drop-down list to format the text as
Heading 1.
3. From the
Login group of the
Toolbox, drag a
CreateUserWizard control onto the page.
4. In the
Properties window for the
CreateUserWizard control, set the
property to
~/Default.aspx.
This configures the control so that when users click
Continue after creating a user, the control
returns to the home page.
5. From the
Standard group of the
Toolbox, drag a
HyperLink control onto the page. In the
Properties window for the
HyperLink control, set the
Text property to
Home and the
NavigateUrl property to
~/Default.aspx.
You can now add a link to the home page that displays the registration page. For this walkthrough, assume that you want to display the registration link only to users who are not logged in.
To create a registration link on the home page
1. Switch to or open the Default.aspx page.
2. Right-click the
LoginView control added previously, and select
Show Smart Tag. In the
LoginView Tasks panel, select
AnonymousTemplate from the
Views list box to activate editing in
the anonymous template.
3. From the
Standard group of the
Toolbox, drag a
HyperLink control into the anonymous
template. In the
Properties window for the
HyperLink control, set the
Text property to
Register and the
NavigateUrl property to
Register.aspx. The
Register link will be displayed only to users
who are not logged in.
You can now test the registration process.
To test registration
1. Press CTRL+F5 to run the Web site and display the Default.aspx page.
Because you are not logged in, the page containing the
Register link is displayed.
2. Click the
Register link.
3. In the text boxes, enter a new user name, a strong password, an e-mail address, and a security
question and answer. (All five pieces of information are required.)
4. Click
Create User.
5. Click the
Continue button.
You are returned to the home page as a logged-in user. Note that the
Login link has changed to
Logout and that the information displayed in the
Login control is from property, not from th
6. Click the
Logout link.
The page changes to display the information for anonymous users.
7. Click the
Login link.
8. Enter the credentials for the user you just created.
Changing Passwords
Users sometimes might want to change their passwords, and it is often impractical to perform this task by hand. You can therefore use another ASP.NET control to allow users to change passwords on their own. To change a password, users must know their existing password.
In this walkthrough, you will add a page where logged-in users can change their password.
To create a password-change page
1. In
Solution Explorer, right-click the
MemberPages folder, click
Add New Item, and add a new
Web Form named
ChangePassword.aspx.
Note
Be sure to create the page in the
MemberPages folder.
2. You are putting the page in the members-only folder because only logged-in users can change
3. In the ChangePassword.aspx page, switch to
Design view and type static text such as
Change
Password. In the
Formatting toolbar, use the
Block Format drop-down list to format the text as
Heading 1.
4. From the
Login group of the
Toolbox, control onto the page.
5. In the
Properties window for the
ChangePassword control, set
property to
~/Default.aspx.
6. This configures the control so that when users click
Continue after changing a password, the
You can now add a link to the home page that displays the password-change page. You will make the link available only to users who are logged in.
To create a password-change link on the home page
1. Switch to or open the Default.aspx page.
2. Right-click the
LoginView control and then click
Show Smart Tag. In the
LoginView Tasks menu,
in the
Views list, click
LoggedInTemplate.
This switches the
LoginView control to edit mode for the content that will appear to users who are
logged in.
3. From the
Standard group of the
Toolbox, drag a
HyperLink control into the editing region. In the
Properties window for the
HyperLink control, set the
Text property to
Change password and the
NavigateUrl property to
~/MemberPages/ChangePassword.aspx.
The
Change password link will be displayed only to users who are logged in, which is the opposite
of the
Register link you created earlier.
You can now test the password-change process.
To test password change
1. Press CTRL+F5 to run the Web site.
2. In the Default.aspx, page, click the
Login link and log in as one of the users you have created.
When you are finished, you are returned to the home page as a logged-in user.
3. Click the
Change password link.
4. In the password-change page, enter the old password and a new password, and then click
Change
Password.
5. Click
Continue.
6. On the home page, click
Logout.
7. Click the
Login link.
8. Enter the new password.
You are logged in with the new password.
Recovering a Password
Users will occasionally forget their passwords. You can add a password recovery page to your Web site so that they can once again log in to your site. Password recovery can take two forms:
• You can send users the password they selected (or that you created for them when you set up the site).
This option requires that the site store the password using reversible encryption.
• You can send users a new password, which they can change using the Change Password page you
created earlier. This option is useful if the Web site stores passwords using a non-reversible encryption scheme such as hashing.
Note
Returning a password in clear text using e-mail is not recommended for sites that require a high level of
security. For high-security sites, it is recommended that you return passwords using encryption, such as
Secure Sockets Layer (SSL).
By default, the ASP.NET membership system secures passwords by hashing them, meaning that the passwords cannot be recovered. Therefore, for this part of the walkthrough, your Web site will send users a new password.
Note
Password recovery requires that your Web site can send e-mail messages. If you are not able to configure
your Web site to send e-mail (as explained under "Configuring the Application for E-Mail" earlier in this
walkthrough), you will not be able to add password recovery to your site.
To add password recovery
1. In
Solution Explorer, right-click the name of your Web site, click
Add New Item, and add a new
Web Form named
RecoverPassword.aspx.
Note
Be sure to create the page in the root of the Web site, not in the
MemberPages folder.
2. In the RecoverPassword.aspx page, switch to
Design view and type static text such as
Reset my
password to a new value. In the
Formatting toolbar, use the
Block Format drop-down list to
format the text as Heading 1.
3. From the
Login group of the
Toolbox,trol onto the page.
4. From the
Standard group of the
Toolbox, drag a
HyperLink control onto the page. In the
Properties window for the
HyperLink control, set the
Text property to
Home and the
NavigateUrl property to
~/Default.aspx.
5. Switch to the Default.aspx page.
6. Right-click the
LoginView control and then click
Show Smart Tag. In the
LoginView Tasks menu,
in the
Views list, click
AnonymousTemplate.
This switches the
LoginView control to edit mode for the content that will appear to users who are
not logged in.
7. From the
Standard group of the
Toolbox, drag a
HyperLink control into the template. In the
Properties window for the
HyperLink control, set the
Text property to
Forgot your password? and the
NavigateUrl property to
~/RecoverPassword.aspx.
To test password recovery
1. Press CTRL+F5 to run the Web site.
2. By default, you are not logged in, so you see the anonymous template of the
LoginView control.
3. Click the
Forgot your password? link.
4. Type your user name and click
Submit.
The security question is displayed and you are prompted to type the security answer.
5. Type the answer and click
Submit.
If you entered a correct answer, the Web site resets your password and sends you an e-mail message with the new password.
Source: http://www.aut.upt.ro/~adrianaa/teaching/TI/TI_08_Completare.pdf
Allegra Vorsorge AG Firmenportrait 1 Das Unternehmen 1.1 Gründung, Domizil, Büroräumlichkeiten Die Allegra Vorsorge AG wurde am 9. Mai 2007 gegründet. Die Büroräumlichkeiten befinden sich in unmittelbarer Nähe zum Bahnhof, an der Baden-erstrasse 9 in 5200 Brugg. 1.2 Finanzierung Das Aktienkapital der Gesellschaft beträgt CHF 100'000. Es ist voll liberiert. 1.3
Studies of Nipent(R) in Combination Cancer Therapies for Treatment of Chronic Lymphocytic Leukemia and Graft-versus Host Disease (GVHD) Presented at American Society of Hematology Annual Meeting DUBLIN, Calif., Dec. 9 /PRNewswire-FirstCall/ -- SuperGen, Inc. (Nasdaq: SUPG) announced that abstracts from five studies of its anticancer drug Nipent® (pentostatin for injection) will be presented