I want to make a loginpage for my website, but im confused in what to use and where to put the functions that would validate the authentication, and keep how can it keep track of sessions.
Should I do it in the controller, and use xlst?
I want to make a loginpage for my website, but im confused in what to use and where to put the functions that would validate the authentication, and keep how can it keep track of sessions.
Should I do it in the controller, and use xlst?
If you are just interested in creating a registration page/ login page, I would recommend reading this article.
The following code snippet comes from that article, which shows you the Login usercontrol:
public partial class Login : System.Web.UI.UserControl
{
protected void Page_Load(object sender, EventArgs e)
{
/*--- Set the navigation url for the Register hyperlink ---*/
var registerHyperLink = (HyperLink)uxLogin.FindControl("RegisterHyperLink");
registerHyperLink.NavigateUrl = "~/Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
uxLogin.RememberMeSet = false;
if (!IsPostBack)
{
/*--- Restore remembered username(?) ---*/
var c = Request.Cookies["username"];
if (c == null)
{
uxUsernameTextBox.Text = "";
}
else
{
uxUsernameTextBox.Text = c.Value;
uxLogin.RememberMeSet = true;
}
}
}
protected TextBox uxUsernameTextBox { get { return uxLogin.FindControl("UserName") as TextBox; } }
protected void uxLogin_LoggedIn(object sender, EventArgs e)
{
/*--- Inits ---*/
var url = Request.QueryString["url"];
/*--- Remember/Forget Username ---*/
if (uxLogin.RememberMeSet)
Response.SetCookie("username", uxUsernameTextBox.Text, 365);
else
Response.DeleteCookie("username", Request);
/*--- Redirect (?) ---*/
if (url == null)
{
Response.Redirect("~/"); // Main page for authenticated users
}
else
{
var url2 = Server.UrlDecode(url);
Response.Redirect(url2);
}
}
/* This field and the LoggingIn and LoginError event procedures place the user
in the correct domain for the current site. This way the user doesn't have
to specify the domain, logging in (for example) as "johndoe" instead of
"domain\johndoe". */
private string _usernameEntered = string.Empty;
protected void uxLogin_LoggingIn(object sender, LoginCancelEventArgs e)
{
var domainUser = Sitecore.Context.Domain.GetFullName(uxLogin.UserName);
if (System.Web.Security.Membership.GetUser(domainUser) != null)
{
_usernameEntered = uxLogin.UserName;
uxLogin.UserName = domainUser;
}
}
protected void uxLogin_LoginError(object sender, EventArgs e)
{
uxLogin.UserName = _usernameEntered;
}
}
In general: Sitecore keeps track of the logged in user for you, all you need to do is have the secure pages deny read rights for the Anonymous
user. You can then allow read rights for all users with a specific role assigned to them. For more information on this, check this StackOverflow question (and it's answer, of course).