Subtitles of the Movie

Here we go with Form Authentication Part 3. I know it's taken three videos and the first time you go through this it feels a bit funky, especially out there in that Web.Config file but trust me. Once you do this a couple of times it gets really, really easy to set up a very simple protected page scenario. If I run the default website, this one is not protected and it will come up no problem. I actually run this thing and take a look. When I run this, the default pops up; welcome to the website. So how do I get to the sensitive data? Well, let's do a little link here to have fun if this is fun. I'm going to drag a hyperlink on and then I will go look at the properties of the hyperlink. Let me pin this up and the text needs to say Sensitive Data. Oh, hang on. I didn't tell it where to go. Where do I want this to go? I can browse and I can see Sensitive Data up there in my Web page and I hit OK so it's going to take me to that page when I click on that and I'm just going to get next to it here and say Sensitive Data is Available at this Link. Here's what we're going to do. Let's run this. Now, I come up on the default page and you can see here I am, everything's OK but I want to go see the sensitive data. Well, I go to it and it sees, wait a minute, this clown has asked for a page that he has not authenticated himself and I don't know if he should see it so maybe give him a chance to see this. So I'm going to type in Jeff and then I'm going hand type the super secret password Test, T-e-s-t. Actually, I'm going to put two Ts on the end and you will notice that when we click that it checks it and then it comes back and it says wait a minute. Login failed, please try again so I will do it again, T-e-s-t and get it right this time and now when I log in, notice it redirects me and there is my sensitive data page. So that's protected by the login. This particular browser is OK for as long as I stay in here. So let me get back to the default page and if I click this again, you're going to notice I go straight to it. It doesn't look like that I got checked but it's seen the cookie that's in my browser and it says dude has been authenticated. Dude is a southern technical term for user and he's been logged in, he's OK, we'll let him see the page. Let me do a quick little recap here. I'm going to close the browser. Keep in mind that what we had to do for forms authentication. First of all we had to set up our pages; the Web page, the default that they start out on our website, the pages that we wanted to protect and then the login page and let me show you one more thing here. If I double click on the login, we use forms authentication because we stored our data, we used this particular class and this method right here because we stored our authentication information for our users in the Web.Config file. I could have gone out and created a SQL server database and set up a table for users and I could have stored user names and passwords and whatever I wanted out there and right here I could have written some ADO.NET code to go query based on what the user passed in in those text boxes. You should have seen the basic ASP.NET security video by now but we need to put that in to store procedure and we need to check that input and watch for SQL injection. But we can right here write code and check our logins and passwords however we would like. SQL database is a great way to go. You have a lot of different options that you can do here. Again, this shows you a very simple method of making this happen. You can get this going, you can add more pages, you can add more users and so forth. Again, you can jump out to SQL database but this is not an ADO.NET class and I'm going to get into that about connecting to the SQL database and so forth. Again, let me remind you that they've added some more functionalities in the ASP 3 Net Version than Visual Studio and you actually have some login controls and so forth out here and this gets a little more involved. It's really more of an advanced usage of this technology and so I didn't want to go that deep here. Once you understand this and get this, then you can go out and implement that very easily by looking at all the various information out there on Google and in some of the third-party books and on Microsoft's website. So this is a really good introduction into forms authentication to show you how to protect certain pages and put them behind logins so that you can control who sees that data.