General Steps for Creating site in Asp.NET

Object: General Steps for Creating site in


1. Create Database named 'Sample'

2. Register Database from vs command prompt

Aspnet_regsql –S servername –U username –P password –A all –d Sample

3. Set Connection String: Create new website project in vs2005 and open web.config

In configuration tag


<remove name="LocalSqlServer"/>

<add name="LocalSqlServer" connectionString="Data Source=Servername;Initial Catalog=Sample;User Id=username;Password=password;" providerName="System.Data.SqlClient"/>


You can access connection string by code

string strConnString = ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString;

4. Now You can test connection by in VS website ->ASP.NET Configuration ->Provider -> Select Single provider-> test

5. Set FormAuthentication and Authorization:

In system.web section:

<authentication mode="Forms">

<forms loginUrl="Login.aspx"









enableCrossAppRedirects="false" />



<deny users="?" />


The default attribute values are described below:

· loginUrl points to your application's custom logon page. You should place the logon page in a folder that requires Secure Sockets Layer (SSL). This helps ensure the integrity of the credentials when they are passed from the browser to the Web server.

· protection is set to All to specify privacy and integrity for the forms authentication ticket. This causes the authentication ticket to be encrypted using the algorithm specified on the machineKey element, and to be signed using the hashing algorithm that is also specified on the machineKey element.

· timeout is used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime of the persistent cookie.

· name and path are set to the values defined in the application's configuration file.

· requireSSL is set to false. This configuration means that authentication cookies can be transmitted over channels that are not SSL-encrypted. If you are concerned about session hijacking, you should consider setting requireSSL to true.

· slidingExpiration is set to true to enforce a sliding session lifetime. This means that the session timeout is periodically reset as long as a user stays active on the site.

· defaultUrl is set to the Default.aspx page for the application.

· cookieless is set to UseDeviceProfile to specify that the application use cookies for all browsers that support cookies. If a browser that does not support cookies accesses the site, then forms authentication packages the authentication ticket on the URL.

· enableCrossAppRedirects is set to false to indicate that forms authentication does not support automatic processing of tickets that are passed between applications on the query string or as part of a form POST.

6. In WAT(website ->ASP.NET Configuration)->Security->Enable Roles ->Create Roles Add new role Admin.

7. Back->Create User fill form and select role admin.

8. Create login.aspx page, drag login control,Select format.

protected void Login1_LoginError(object sender, EventArgs e)


ClientScript.RegisterStartupScript(this.GetType(), "LoginError", String.Format("alert('{0}');", Login1.FailureText.Replace("'", "\'")), true);


protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)


if (Membership.ValidateUser(Login1.UserName,Login1.Password))


//Only set e.Authenticated to True if ALL checks pass

e.Authenticated = true;




e.Authenticated = false;

Login1.FailureText = "Your username and/or password are invalid.";



No comments:

Post a Comment