Question

I am trying to run a simple password validator. I have already written it in JSP, and it works. I am a beginner in C# and ASP.NET, and wish to practice/learn by writing it in C#. As a beginner, I am running into some problems and was hoping for some help.

What I had originally worked well. It's a workaround which is bad practice - but good for learning Java and JSP. It's just using a POP server as a workaround to do user authentication - silly, but good to learn!

What I have at the moment is this class, which I believe should work, stored in a .aspx file which my form uses as the "action".

class POPServer
{
    static Boolean hasLogin(string username, string password)
    {
        const bool isValid;
        using (var client = new TcpClient("host.hosty.com", 110))
        using (var stream = client.GetStream())
        using (var reader = new StreamReader(stream))
        using (var writer = new StreamWriter(stream))
        {
            writer.WriteLine("USER " + username );
            writer.WriteLine("PASS " + password );
            const string response = reader.ReadLine();
            isValid = response[ 0 ] == '+';
            writer.WriteLine("quit\n");
        }
        return isValid;
    }
}

So I connect to the host storing the username and password and verify against this form :

<form action="POPServer.aspx" method="post">
  <fieldset>
    <legend>Login Form</legend>
    <label for="teachername">Username:
      <input type="text" name="teachername" id="teachername" value="" />
    </label>
    <label for="teacherpass">Password:
      <input type="password" name="teacherpass" id="teacherpass" value="" />
    </label>
    <label for="teacherremember">
      <input class="checkbox" type="checkbox" name="teacherremember" id="teacherremember" checked="checked" />
      Remember me</label>
    <p>
      <input type="submit" name="teacherlogin" id="teacherlogin" value="Login" />
      &nbsp;
      <input type="reset" name="teacherreset" id="teacherreset" value="Reset" />
    </p>
  </fieldset>
</form>

What I am wondering is :

Is the "form" of my code correct - is it correct to store my C# in an ASPX file and run it as required when the user attempts to log in? I can't find any information about this and I am assuming I need a structure like JSP where you would run :

if ( request.hasParameter( "Submit" ) )
{
    if ( POPServer.hasLogin( request.getParameter( "username" ), request.getParameter( "username" ) ) ) {
        response.location( "loginPage.aspx" );
    }
}

How do you store session data so after the user is authenticated, the "login page" is displayed and the user is permanently logged in rather than just brought to a link and then forgotten?

Was it helpful?

Solution

There are two diifferent approaches to coding ASP.NET, Web Forms and MVC. With ASP.NET Web Forms, which is what you're using, you can do code in the .aspx, however, usually code is placed in a code-behind named for the language being used, i.e. .aspx.cs or .aspx.vb.

The code-behind contains a class associated with the page. This class contains events that correspond to the page loading, button clicks, etc. ASP.NET supports a number of built-in controls that are specified using an asp: prefix, i.e. <asp:Label runat="server" ID="MyLabel" Text="My label text"/>. Labels and other elements can then be referred to by their IDs in the code-behind, i.e. MyLabel.Text = "My different label text";.

ASP.NET suports a collection called Session in which you can store information that persists for the duration of the user's session.

I should point out though that ASP.NET has a security model based on providers and login controls that is integrated and provides a good deal more control over security behavior than the approach you're taking here. You should see the Walkthrough: Creating an ASP.NET Web Site with Basic User Login on MSDN.

I'd also highly recommend getting Visual Studio if you don't have it already. There are time-limited trial editions of the full product available. There are also free versions with a lesser feature set called Express editions.

Good luck and I hope you enjoy learning this.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top