Hier mal eine Copy’n’Paste-Vorlage: Auf alle Inhalte eines Verzeichnisses „CMS“ kann nur bei erfolgreicher Anmeldung zugegriffen werden. Benutzername und MD5-kodiertes Passwort werden in der web.config hinterlegt.
root/web.config
<?xml version="1.0" encoding="utf-8"?> <configuration> <appSettings> <add key="username" value="admin" /> <add key="password" value="A13EE062EFF9D72..." /> </appSettings> <connectionStrings /> <system.web> <compilation debug="true" /> <authentication mode="Forms"> <forms cookieless="UseUri" defaultUrl="~/CMS/Default.aspx" loginUrl="~/Login.aspx"> </forms> </authentication> </system.web> <location path="CMS"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration>
root/Login.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Login</title> </head> <body> <form id="form1" runat="server"> Username: <asp:Textbox id="TextboxUsername" runat="server" /><br /> Password: <asp:Textbox id="TextboxPassword" runat="server" TextMode="Password" /><br /> <asp:Button id="ButtonLogin" Text="Login" OnClick="ButtonLogin_OnClick" runat="server" /><br /> <asp:Label id="LabelInfo" ForeColor="red" runat="server" /> </form> </body> </html>
root/Login.aspx.cs
using System; using System.Configuration; using System.Web.Security; using System.Text; using System.Security.Cryptography; public partial class Login : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } // Login protected void ButtonLogin_OnClick(object sender, EventArgs e) { // Username und Passwort von der web.config holen string username = ConfigurationManager.AppSettings["username"]; string password = ConfigurationManager.AppSettings["password"]; // Logincheck if ((TextboxUsername.Text.Trim() == username) && (GetMd5Hash(TextboxPassword.Text.Trim()) == password)) { FormsAuthentication.RedirectFromLoginPage(TextboxUsername.Text.Trim(), false); } else { LabelInfo.Text = "Ungültige Anmeldung."; } } // MD5-Hash erzeugen zum Vergleich mit dem codierten Passwort private static string GetMd5Hash(string input) { MD5 md5Hasher = MD5.Create(); byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input)); StringBuilder sBuilder = new StringBuilder(); for (int i = 0; i < data.Length; i++) sBuilder.Append(data[i].ToString("x2")); return sBuilder.ToString().ToUpper(); } }
root/CMS/Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="CMS_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Geschützte Seite</title> </head> <body> <form id="form1" runat="server"> <asp:LoginName ID="LoginName1" runat="server" FormatString ="Hallo {0}" /> <asp:Button ID="Button1" runat="server" Text="Logout" OnClick="Button1_Click" /> </form> </body> </html>
root/CMS/Default.aspx.cs
using System; using System.Web.Security; public partial class CMS_Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } // Logout protected void Button1_Click(object sender, EventArgs e) { FormsAuthentication.SignOut(); Response.Redirect("~/Login.aspx"); } }
Quellen:
.Net-Snippets.de: Erstellt einen md5-Hash aus einem string