Hier mal eine Copy’n’Paste-Vorlage: Auf alle Inhalte eines Verzeichnisses „CMS“ kann nur bei erfolgreicher Anmeldung zugegriffen werden. Benutzername und MD5-kodiertes Passwort werden in der web.config hinterlegt.
root/web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="username" value="admin" />
<add key="password" value="A13EE062EFF9D72..." />
</appSettings>
<connectionStrings />
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms cookieless="UseUri" defaultUrl="~/CMS/Default.aspx"
loginUrl="~/Login.aspx">
</forms>
</authentication>
</system.web>
<location path="CMS">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
root/Login.aspx
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="Login.aspx.cs" Inherits="Login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Login</title>
</head>
<body>
<form id="form1" runat="server">
Username:
<asp:Textbox id="TextboxUsername" runat="server" /><br />
Password:
<asp:Textbox id="TextboxPassword" runat="server"
TextMode="Password" /><br />
<asp:Button id="ButtonLogin" Text="Login"
OnClick="ButtonLogin_OnClick" runat="server" /><br />
<asp:Label id="LabelInfo" ForeColor="red" runat="server" />
</form>
</body>
</html>
root/Login.aspx.cs
using System;
using System.Configuration;
using System.Web.Security;
using System.Text;
using System.Security.Cryptography;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e) { }
// Login
protected void ButtonLogin_OnClick(object sender, EventArgs e)
{
// Username und Passwort von der web.config holen
string username = ConfigurationManager.AppSettings["username"];
string password = ConfigurationManager.AppSettings["password"];
// Logincheck
if ((TextboxUsername.Text.Trim() == username) &&
(GetMd5Hash(TextboxPassword.Text.Trim()) == password))
{
FormsAuthentication.RedirectFromLoginPage(TextboxUsername.Text.Trim(), false);
}
else
{
LabelInfo.Text = "Ungültige Anmeldung.";
}
}
// MD5-Hash erzeugen zum Vergleich mit dem codierten Passwort
private static string GetMd5Hash(string input)
{
MD5 md5Hasher = MD5.Create();
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
sBuilder.Append(data[i].ToString("x2"));
return sBuilder.ToString().ToUpper();
}
}
root/CMS/Default.aspx
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="Default.aspx.cs" Inherits="CMS_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Geschützte Seite</title>
</head>
<body>
<form id="form1" runat="server">
<asp:LoginName ID="LoginName1" runat="server" FormatString ="Hallo {0}" />
<asp:Button ID="Button1" runat="server"
Text="Logout" OnClick="Button1_Click" />
</form>
</body>
</html>
root/CMS/Default.aspx.cs
using System;
using System.Web.Security;
public partial class CMS_Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e) { }
// Logout protected void Button1_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login.aspx");
}
}
Quellen:
.Net-Snippets.de: Erstellt einen md5-Hash aus einem string