Chapter 8
The ValidateUser method returns a Boolean value of True if the user credentials pass the test and False if they do not. From the code snippet in Listing 8-11, you can see that end users whose credentials are verified as correct are redirected from the login page using the RedirectFromLoginPage method. This method takes the username and a Boolean value that specifies whether the credentials are persisted through a cookie setting.
Working with authenticated users
After users are authenticated, ASP.NET 2.0 provides a number of different server controls and methods that you can use to work with the user details. Included in this collection of tools are the LoginStatus and the LoginName controls.
The LoginStatus server control
The LoginStatus server control enables users to click a link to log in or log out of a site. For a good example of this control, remove the <deny> element from the web.config file so that the pages of your site are accessible to unauthenticated users. Then code your Default.aspx page so that it is similar to the code shown in Listing 8-12.
Listing 8-12: Login and logout features of the LoginStatus control
<%@ Page Language=”VB” %>
<html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”>
<title>Login or Logout</title> </head>
<body>
<form id=”form1” runat=”server”>
<asp:LoginStatus ID=”LoginStatus1” Runat=”server” /> </form>
</body>
</html>
Running this page gives you a simple page that has only a hyperlink titled Login, as shown in Figure 8-7.
240 |
Figure 8-7 |
Membership and Role Management
Clicking the Login hyperlink forwards you to the Login.aspx page where you provide your credentials. After the credentials are provided, you are redirected to the Default.aspx page — although now the page includes a hyperlink titled Logout (see Figure 8-8). The LinkStatus control displays one link when the user is unauthenticated and another link when the user is authenticated. Clicking the Logout hyperlink logs out the user and redraws the Default.aspx page — but with the Login hyperlink in place.
Figure 8-8
The LoginName server control
The LoginName server control enables you to display the username of the authenticated user. This is a common practice today. For an example of this, change the Default.aspx page so that it now includes the authenticated user’s login name when that user is logged in, as illustrated in Listing 8-13.
Listing 8-13: Displaying the username of the authenticated user
<%@ Page Language=”VB” %>
<html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”>
<title>Login or Logout</title> </head>
<body>
<form id=”form1” runat=”server”>
<asp:LoginStatus ID=”LoginStatus1” Runat=”server” /> <p><asp:LoginName ID=”LoginName1” Runat=”server”
Font-Bold=”True” Font-Size=”XX-Large” /></p>
</form>
</body>
</html>
When the user logs in to the application and is returned to the Default.aspx page, he sees his username displayed, as well as the hyperlink generated by the LoginStatus control (see Figure 8-9).
241
Chapter 8
Figure 8-9
Showing the number of users online
One cool feature of the membership service is that you can display how many users are online at a given moment. This is an especially popular option for a portal or a forum that wishes to impress visitors to the site with its popularity.
To show the number of users online, you use the GetNumberOfUsersOnline method provided by the Membership class. You can add to the Default.aspx page shown in Figure 8-9 with the code illustrated in Listing 8-14.
Listing 8-14: Displaying the number of users online
VB
<%@ Page Language=”VB” %>
<script runat=”server”>
Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Label1.Text = Membership.GetNumberOfUsersOnline.ToString()
End Sub </script>
<html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”>
<title>Login or Logout</title> </head>
<body>
<form id=”form1” runat=”server”>
<asp:LoginStatus ID=”LoginStatus1” Runat=”server” /> <p><asp:LoginName ID=”LoginName1” Runat=”server”
Font-Bold=”True” Font-Size=”XX-Large” /></p>
242
Membership and Role Management
<p>There are <asp:Label ID=”Label1” Runat=”server” Text=”0” />
users online.</p>
</form>
</body>
</html>
C#
<%@ Page Language=”C#” %>
<script runat=”server”>
void Page_Load(object sender, EventArgs e)
{
Label1.Text = Membership.GetNumberOfUsersOnline.ToString();
}
</script>
When the page is generated, it displays the number of users who have logged on in the last 15 minutes. An example of what is generated is shown in Figure 8-10.
Figure 8-10
You can see that two users have logged on in the last 15 minutes. This 15-minute period is determined in the machine.config file from within the <membership> element:
<membership defaultProvider=”AspNetAccessProvider” userIsOnlineTimeWindow=”15” > </membership>
By default, the userIsOnlineTimeWindow is set to 15. The number is specified here in minutes. To increase the time window, you simply increase this number. In addition to specifying this number from within the machine.config file, you can also set this number in the web.config file.
243