{"id":174,"date":"2008-11-06T17:09:00","date_gmt":"2008-11-06T16:09:00","guid":{"rendered":"http:\/\/unckel.com\/blog\/?p=174"},"modified":"2019-12-07T22:29:51","modified_gmt":"2019-12-07T21:29:51","slug":"verzeichnisschutz-mit-asp-net-formsauthentication","status":"publish","type":"post","link":"https:\/\/unckel.de\/blog\/verzeichnisschutz-mit-asp-net-formsauthentication\/","title":{"rendered":"Verzeichnisschutz mit ASP.NET FormsAuthentication"},"content":{"rendered":"<p>Hier mal eine Copy&#8217;n&#8217;Paste-Vorlage: Auf alle Inhalte eines Verzeichnisses &#8222;CMS&#8220; kann nur bei erfolgreicher Anmeldung zugegriffen werden. Benutzername und MD5-kodiertes Passwort werden in der web.config hinterlegt.<\/p>\n<p><strong>root\/web.config<\/strong><\/p>\n<pre>&lt;?xml version=\"1.0\" encoding=\"utf-8\"?&gt;\n&lt;configuration&gt;\n  &lt;appSettings&gt;\n    &lt;add key=\"username\" value=\"admin\" \/&gt;\n    &lt;add key=\"password\" value=\"A13EE062EFF9D72...\" \/&gt;\n  &lt;\/appSettings&gt;\n  &lt;connectionStrings \/&gt;\n  &lt;system.web&gt;\n    &lt;compilation debug=\"true\" \/&gt;\n    &lt;authentication mode=\"Forms\"&gt;\n      &lt;forms cookieless=\"UseUri\" defaultUrl=\"~\/CMS\/Default.aspx\"\n        loginUrl=\"~\/Login.aspx\"&gt;\n      &lt;\/forms&gt;\n    &lt;\/authentication&gt;\n  &lt;\/system.web&gt;\n  &lt;location path=\"CMS\"&gt;\n    &lt;system.web&gt;\n      &lt;authorization&gt;\n        &lt;deny users=\"?\" \/&gt;\n      &lt;\/authorization&gt;\n    &lt;\/system.web&gt;\n  &lt;\/location&gt;\n&lt;\/configuration&gt;<\/pre>\n<p><strong>root\/Login.aspx<\/strong><\/p>\n<pre>&lt;%@ Page Language=\"C#\" AutoEventWireup=\"true\" \n  CodeFile=\"Login.aspx.cs\" Inherits=\"Login\" %&gt;\n\n&lt;!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \n  \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\"&gt;\n\n&lt;html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\"&gt;\n&lt;head runat=\"server\"&gt;\n  &lt;title&gt;Login&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n  &lt;form id=\"form1\" runat=\"server\"&gt;\n    Username:\n      &lt;asp:Textbox id=\"TextboxUsername\" runat=\"server\" \/&gt;&lt;br \/&gt;\n    Password: \n      &lt;asp:Textbox id=\"TextboxPassword\" runat=\"server\" \n      TextMode=\"Password\" \/&gt;&lt;br \/&gt;\n    &lt;asp:Button id=\"ButtonLogin\" Text=\"Login\" \n      OnClick=\"ButtonLogin_OnClick\" runat=\"server\" \/&gt;&lt;br \/&gt;\n    &lt;asp:Label id=\"LabelInfo\"  ForeColor=\"red\" runat=\"server\" \/&gt;\n  &lt;\/form&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/pre>\n<p><strong>root\/Login.aspx.cs<\/strong><\/p>\n<pre>using System;\nusing System.Configuration;\nusing System.Web.Security;\nusing System.Text;\nusing System.Security.Cryptography;\n\npublic partial class Login : System.Web.UI.Page\n{ \n  protected void Page_Load(object sender, EventArgs e) { } \n  \n  \/\/ Login \n  protected void ButtonLogin_OnClick(object sender, EventArgs e)\n  {\n    \/\/ Username und Passwort von der web.config holen\n    string username = ConfigurationManager.AppSettings[\"username\"];\n    string password = ConfigurationManager.AppSettings[\"password\"];\n\n    \/\/ Logincheck\n    if ((TextboxUsername.Text.Trim() == username) &amp;&amp;\n        (GetMd5Hash(TextboxPassword.Text.Trim()) == password))\n    {\n      FormsAuthentication.RedirectFromLoginPage(TextboxUsername.Text.Trim(), false); \n    }\n    else\n    {\n      LabelInfo.Text = \"Ung\u00fcltige Anmeldung.\";\n    }\n  }\n\n  \/\/ MD5-Hash erzeugen zum Vergleich mit dem codierten Passwort\n  private static string GetMd5Hash(string input)\n  {\n    MD5 md5Hasher = MD5.Create();\n    byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));\n    StringBuilder sBuilder = new StringBuilder();\n    for (int i = 0; i &lt; data.Length; i++)\n      sBuilder.Append(data[i].ToString(\"x2\"));\n\n    return sBuilder.ToString().ToUpper();\n  }\n}<\/pre>\n<p><strong>root\/CMS\/Default.aspx<\/strong><\/p>\n<pre>&lt;%@ Page Language=\"C#\" AutoEventWireup=\"true\" \n  CodeFile=\"Default.aspx.cs\" Inherits=\"CMS_Default\" %&gt;\n\n&lt;!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \n  \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\"&gt;\n\n&lt;html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\"&gt;\n&lt;head runat=\"server\"&gt;\n  &lt;title&gt;Gesch\u00fctzte Seite&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n  &lt;form id=\"form1\" runat=\"server\"&gt;\n  &lt;asp:LoginName ID=\"LoginName1\" runat=\"server\" FormatString =\"Hallo {0}\" \/&gt;\n  &lt;asp:Button ID=\"Button1\" runat=\"server\" \n    Text=\"Logout\" OnClick=\"Button1_Click\" \/&gt;\n  &lt;\/form&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/pre>\n<p><strong>root\/CMS\/Default.aspx.cs<\/strong><\/p>\n<pre>using System;\nusing System.Web.Security;\n\npublic partial class CMS_Default : System.Web.UI.Page\n{ \n  protected void Page_Load(object sender, EventArgs e) { }\n\n  \/\/ Logout protected void Button1_Click(object sender, EventArgs e)\n  {\n    FormsAuthentication.SignOut();\n    Response.Redirect(\"~\/Login.aspx\");\n  }\n}<\/pre>\n<p>Quellen:<br \/>\n<a href=\"http:\/\/dotnet-snippets.de\/dns\/c-erstellt-einen-md5-hash-aus-einem-string-SID629.aspx\" target=\"_blank\" rel=\"noopener\">.Net-Snippets.de: Erstellt einen md5-Hash aus einem string<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hier mal eine Copy&#8217;n&#8217;Paste-Vorlage: Auf alle Inhalte eines Verzeichnisses &#8222;CMS&#8220; kann nur bei erfolgreicher Anmeldung zugegriffen werden. Benutzername und MD5-kodiertes Passwort werden in der web.config hinterlegt. root\/web.config &lt;?xml version=&#8220;1.0&#8243; encoding=&#8220;utf-8&#8243;?&gt; &lt;configuration&gt; &lt;appSettings&gt; &lt;add key=&#8220;username&#8220; value=&#8220;admin&#8220; \/&gt; &lt;add key=&#8220;password&#8220; value=&#8220;A13EE062EFF9D72&#8230;&#8220; \/&gt; &lt;\/appSettings&gt; &lt;connectionStrings \/&gt; &lt;system.web&gt; &lt;compilation debug=&#8220;true&#8220; \/&gt; &lt;authentication mode=&#8220;Forms&#8220;&gt; &lt;forms cookieless=&#8220;UseUri&#8220; defaultUrl=&#8220;~\/CMS\/Default.aspx&#8220; loginUrl=&#8220;~\/Login.aspx&#8220;&gt; &lt;\/forms&gt; &lt;\/authentication&gt; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71],"tags":[],"class_list":["post-174","post","type-post","status-publish","format-standard","hentry","category-webdesign"],"_links":{"self":[{"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/posts\/174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/comments?post=174"}],"version-history":[{"count":1,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/posts\/174\/revisions"}],"predecessor-version":[{"id":839,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/posts\/174\/revisions\/839"}],"wp:attachment":[{"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/media?parent=174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/categories?post=174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unckel.de\/blog\/wp-json\/wp\/v2\/tags?post=174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}