Articles - ORCS Web, Inc. Managed Complex Hosting Solutions

Professional Windows hosting from ORCS Web

An Unrivaled Windows Hosting Experience
1-888-313-9421  | webteam@orcsweb.com

Site Navigation

Home

From Our Clients:

"Oh yes, one more thing. You’re doing a great job, you’re the best hosting service I know. It’s always a pleasure interacting with people like you."

Join our community of clients at: 1-888-313-9421

Forms Authentication Against An XML File
By Brad Kingsley
October 4, 2001

This code shows how to validate against an XML file for Forms Authentication security in ASP.Net. Please read one of the earlier articles on Forms Authentication for an introduction and to see the required settings in the web.config file. The code below is just a modification of the login.aspx page.

<%@Page Language="VB" Trace="false"%>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Xml" %>

<script language="VB" runat=server>
  Sub ValidateLogin(Src as Object, E as EventArgs)
    Dim sXmlPath As String = "C:\Inetpub\wwwroot\users.xml"
    Dim oXmlDoc As New XmlDocument()

    Try
      oXmlDoc.Load(sXmlPath)
    Catch oError As Exception
      StatusMessage.innerHTML = "There was an error:<BR>"  _
  & oError.Message & "<BR>" & oError.Source & "."
      Exit Sub
    End Try

    Dim oXmlUser As XmlNodeList
    oXmlUser = oXmlDoc.GetElementsByTagname(txtUser.Value)

    If Not (oXmlUser Is Nothing) Then
      If txtPwd.Value = oXmlUser(0).FirstChild().Value Then
        FormsAuthentication.RedirectFromLoginPage(txtUser.Value, false)
      Else
       StatusMessage.InnerHtml = "Invalid login"
      End If
    End If
  End Sub
</script>
<html>
<head>
  <title>Forms Authentication Against An XML File</title>
</head>
<body>
<form method="post" runat="server">
  Username: <INPUT type="text" name="txtUser" id="txtUser"
runat="server"/><BR>
  Password: <INPUT type="password" name="txtPwd" id="txtPwd"
runat="server"/><BR>
<INPUT type="submit" OnServerClick="ValidateLogin" runat="server"/>
</form>
<SPAN id="StatusMessage" runat="server"/>
</body>
</html>

Here is the XML file used to hold the usernames and passwords.

<?xml version="1.0" ?>
<users>
  <!-- format is <username>password</username> -->
  <user1>pass1</user1>
  <user2>pass2</user2>
  <user3>pass3</user3>
</users>

~Brad

Brad Kingsley is founder and president of ORCS Web, Inc. - a company that provides managed hosting solutions for clients who develop and deploy their applications on Microsoft Windows platforms. Services include shared hosting, dedicated hosting, and webfarm hosting, with specialty in .Net, SQL Server, and architecting highly scalable solutions.