Creating a Web Site with Membership and User Login (Visual Studio) A common requirement for Web sites is to allow only some members or other authenticated users to see certain pages. In that case, the application must prompt the user for a name and password. The application must also include a way to hide information from anonymous users (users who are not logged in). This walkthrough shows you how to use ASP.NET controls and ASP.NET membership services to create an application that performs all these tasks. For more information, see <MSHelp:link tabIndex=0 keywords="79184D17-F4C7-4C9F-A073-CEC4F5543980">Introduction to Membership</MSHelp:link>. Tasks illustrated in this walkthrough include: Configuring an application to include ASP.NET membership services, and how to define users. Using login controls to get user credentials and to display information to logged-in users. Protecting one or more pages in your application so that only logged-in users can view them. Allowing new users to register at your site. Allowing members to change and reset their passwords. </IMG>Prerequisites In order to complete this walkthrough, you will need: Microsoft Visual Web Developer. Microsoft Internet Information Services (IIS) installed locally on your computer. Microsoft Data Access Components (MDAC) version 2.7 or later. If you are using Microsoft Windows XP or Windows Server 2003, you already have MDAC 2.7. However, if you are using Microsoft Windows 2000, you might to need to upgrade the MDAC already installed on your computer. For more information, see the article "Microsoft Data Access Components (MDAC) Installation" in the <LINKTEXT xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">MSDN library</LINKTEXT>. Access to an e-mail server that can forward e-mail messages. (The server does not have to be able to receive messages.) IIS includes the Default SMTP virtual server, a mail server that is suitable for this walkthrough. For more information about configuring this server, see <MSHelp:link tabIndex=0 keywords="ED204B58-24AF-47D0-9687-60E5DF5F17F8">How to: Install and Configure SMTP Virtual Servers in IIS</MSHelp:link>. If you are working on a local area network, check with your network administrator for information about access to an e-mail server. </IMG>Creating the Web Site If you have already created a Web site in Microsoft Visual Studio (for example, by working with the topic Walkthrough: Creating a Basic Web Page in Visual Web Developer ), you can use that Web site and skip to "Configuring Membership" later in this walkthrough. Otherwise, create a new Web site and page by following these steps. To create a local IIS Web site Open Visual Studio. On the File menu, click New Web Site. The New Web Site dialog box appears. Under Visual Studio installed templates, select ASP.NET Web Site. In the Location list box, select HTTP. Click Browse. The Choose Location dialog box appears. Select Local IIS. Open Local Web Servers. Select Default Web Site. Click the Create New Web Application icon (</IMG>) above the list of Web sites and then name the new Web site membership. Click Open. The Choose Location dialog box closes. In the Languages box, click the programming language you prefer to work in. The programming language you choose will be the default for your Web site, but you can set the programming languages for each page individually. Click OK in the New Web Site dialog box. Visual Web Developer creates the Web site and a new page named Default.aspx. </IMG>Configuring Membership Later in this walkthrough you will put pages into a subdirectory that is protected. You must create the subdirectory now so that you can configure security for it later in the walkthrough. To add a new folder to the Web site In Solution Explorer, right-click the name of your Web site and click New Folder. Name the folder MemberPages. Before you work with ASP.NET membership, you must configure your application to enable membership and to set up users. You can use the Web Site Administration tool, which provides a wizard-like interface for making configuration settings. For this walkthrough, you will define a single user. To create a membership user On the Website menu, click ASP.NET Configuration. Select the Security tab, click the link to Use the security Setup Wizard to configure security step by step, and then click Next. Proceed to Step 2 of the wizard and select the From the Internet option. The wizard displays a page where you can select the authentication method that your Web site will use. This option specifies that your application will use Forms authentication, where users will log in to the application using a login page that you will create later in this walkthrough. Click Next. The wizard displays a message stating that user information will be stored using Advanced provider settings. By default, membership information is stored in a Microsoft SQL Server Express database file in the App_Data folder of your Web site. Click Next. The wizard displays an option to create roles. You will perform this step separately later in the walkthrough. Therefore, do not select the Enable roles for this web site check box. Click Next. The wizard displays a page where you can create new users. Enter information that defines a user of your application. Use the following values as guidelines (you can use any values that you like, but be sure to note your entries for later in the walkthrough): User NameYour name (with no spaces), or a sample name. PasswordA password. A strong password is required (one that includes uppercase and lowercase letters, punctuation, and that is at least eight characters long). E-mailYour personal e-mail address. Later in the walkthrough you will send yourself an e-mail message, so you need a legitimate e-mail address. Security Question and Security AnswerType a question and answer that can be used later if you need to recover your password. Click Create User. The wizard displays a confirmation page. </IMG>Note Leave the Web Site Administration tool open. Earlier in the walkthrough you created a folder named MemberPages. In this part of the walkthrough, you will create a rule that makes sure that only logged-in users can access pages in that folder. To set up access rules for the MemberPages subdirectory In the wizard, click Next. The wizard displays a page that allows you to create access rules. In the Add New Access Rule box, expand the node for your Web site. Select MemberPages, the folder you created earlier. Under Rule applies to, select Anonymous users. Under Permission, select Deny. The rule you are creating denies access to anonymous users ? that is, users who have not logged in. Click Add This Rule. The new rule is displayed in the grid below. When users request a page from the MemberPages subdirectory, the rules are checked to determine whether the user is allowed access to the page. Click Finish. You are now done with the wizard. The wizard closes and you are returned to the Security tab of the Web Site Administration tool.
