Where do I find VB.NET-based guidance on setting up authentication for Web Forms?

David Anderson 206 Reputation points
2021-08-29T15:49:57.937+00:00

I want to add a user authentication process to an existing VB.NET-based ASP.NET Web Application that uses Web Forms and an SQL Server database. Everything I read suggested that using ASP.NET Identity was the way to go, so my first step was to use the NuGet Package Manager in VS 2019 to add the following:

  • Microsoft.AspNet.Identity.Core
  • Microsoft.AspNet.Identity.EntityFramework
  • Microsoft.AspNet.Identity.Owin

I then dragged both a CreateUserWizard and a Login control on to a new aspx Web Form, but it wasn't clear what to do next. Can anyone suggest any useful sources of VB.NET-based guidance? My searches so far have not been successful.

In addition to some sample VB.NET code, I also like to know how to create a dedicated connection string in my Web.config file that tells the authentication process to use my own SQL Server database. I had assumed that a default connection string would be inserted when I installed the packages listed above, but this didn't happen.

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,254 questions
VB
VB
An object-oriented programming language developed by Microsoft that is implemented on the .NET Framework. Previously known as Visual Basic .NET.
2,568 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Anderson 206 Reputation points
    2021-08-31T15:26:45.22+00:00

    The help provided by AgaveJoe resolved my initial problem with getting Identity authentication to work and I have now been able to run a successful test via LocalHost of both Register.aspx and Login.aspx. Since then I have found that App_Start/IdentityConfig.vb has an ApplicationUserManager class containing a Create function, which contains several basic configuration options.

    There are other configuration changes I would like to to make that are not covered by the Create function, such as registering new users with a UserName rather than the default setting of registering with an email address. However, whenever I search for guidance on this I can only find solutions using C# and most of these relate to MVC rather than Web Forms.

    My original question therefore still stands. Can anyone point me to a comprehensive source of VB.NET-based guidance on how to configure the Identity system for Web Forms?

    0 comments
  2. AgaveJoe 26,201 Reputation points
    2021-08-31T19:48:52.477+00:00

    My original question therefore still stands. Can anyone point me to a comprehensive source of VB.NET-based guidance on how to configure the Identity system for Web Forms?

    This is a fundamental Web Forms post back question not Identity configuration.

    If you step through the Register.aspx.vb source code, you'll see the email address is assigned to the ApplicationUser username and email fields. The makers of the Individual Account template decided to use the email as both the email address and username. 

    Dim userName As String = Email.Text  
  
Dim user = New ApplicationUser() With {.UserName = userName, .Email = userName}

    Later, the UserManger service saves the ApplicationUser. 

    Dim result = manager.Create(user, Password.Text)

    You are free to modify the code to suite your needs. Simply add a Username input to the Register.aspx form. In the code behind, assign the username input to the ApplicationUser().UserName field and the email input to the ApplicationUser().Email field.

    You'll make a similar change in the Login.aspx page as it uses an Email input field not Username.

    Keep in mind, all you're doing is passing user inputs to Identity service methods. The service methods are openly published.

    The actual Identity Configuration is located in the App_Start folder. The file is named IdentityConfig.vb. The Startup.Auth.vb in the same folder contains the OWIN start up logic which calls the configuration and contains a bit of configuration too like setting up cookie authentication.

    0 comments
  3. David Anderson 206 Reputation points
    2021-08-31T22:49:14.407+00:00

    Hi Joe,
    Thanks for your input, but as it happens, I worked out that solution for myself earlier today. I added a UserName TextBox to Register.aspx and modified Register.aspx.vb to save the UserName and Email as separate items. A test proved that these changes had worked. A similar change was also made to Login.aspx, though I'm not yet sure if that works, as I failed to find a database table that tells me whether a user is logged in.

    I had also looked at Startup.Auth.vb, but didn't see anything of much relevance to my needs. Using third party login providers is not part of my plan, so I would have no need to uncomment the authentication sections for Microsoft accounts, Twitter, FaceBook, and Google. Tweaking cookie timespans is also something I am unlikely to do, as I'm not sure I have the knowledge to understand when that might be helpful.

    As soon as I made the above-mentioned progress, I had to leave home immediately for the rest of the day and thus was unable to update this thread before you made your post. I'm sorry this meant you spent time on this when it was no longer necessary. Please accept my sincere apologies for that.

    No doubt I will find plenty of other things to tax my brain as I work through the authentication process. I still find it rather disappointing that I can't find a user friendly introduction to this stuff for VB.NET and Web Forms for people like me who just want a helping hand to speed up the learning process without going into unnecessary detail about the internal nuts and bolts (Do I really need to understand what OWIN Claims are?).

    0 comments
  4. David Anderson 206 Reputation points
    2021-09-01T15:39:46.533+00:00

    Hi Joe,
    After adding that edit to my last post, I found some C# code for specifying my email service within the SendAsync function. I used the Telerik converter to convert that to VB.NET and then managed to get the basics of sending a confirmation email working. I therefore deleted that edit text from my last post several hours before you posted your response. Would it have been better if I had left the edit in place and made another post to say I had made some progress?

    However, your reply still served a very useful purpose as I had failed to find the correct syntax for specifying the From email address (to override the default I have in Web.config). I had also forgotten all about adding my own error checking code, so thanks for that reminder.

    Everything I've read about OWIN has either been a very basic description or so complex that it went right over my head. So far, I've not written any code that required me to have any detailed knowledge of the subject. I've been a part time unpaid self-taught VB.NET Web Forms programmer since 2009 and have always made it a practice to go no deeper into a subject than is required to make my coding work. If I spent any more time in front of a computer my wife would probably kill me!

  5. AgaveJoe 26,201 Reputation points
    2021-09-01T14:26:46.497+00:00

    Do I really need to understand what OWIN Claims are?

    Of course. OWIN is the mechanism that injects Identity into your web application. Claims are bits of information about a user. This information is often used to authorize access to resources similar to a role. Claims are a very common feature in modern authentication/authorization.

    EDIT: I'm currently struggling with how to activate email confirmation. Within IdentityConfig.vb, the function SendAsync asks me to "Plug in your email service here to send an email". I have mailSettings set up in Web.Config and know how to send an email via code, but I've no idea what "plug in your email service" means.

    You are struggling with the concept of an Interface. "Plug in" means add the code you typically use to send emails. Basically, the "Individual Account" template developer provided a place where you get to insert your email client code.

    First, take a look at the IdentityMessage input parameters of the SendAsync method. The Identity API, through configuration, populates these values. 

        '  
    ' Summary:  
    '     Represents a message  
    Public Class IdentityMessage  
        Public Sub New()  
  
        '  
        ' Summary:  
        '     Destination, i.e. To email, or SMS phone number  
        Public Overridable Property Destination As String  
        '  
        ' Summary:  
        '     Subject  
        Public Overridable Property Subject As String  
        '  
        ' Summary:  
        '     Message contents  
        Public Overridable Property Body As String  
    End Class

    You get to use these three properties to populate the email message. However, you must know how to configure your email client according to the email service provider you are using.

    Below is an SmtpClient example that uses gmail. Your configuration will most likely differ. Keep in mind, the code below is not production ready but it should give you the general idea. 

    Public Class EmailService  
    Implements IIdentityMessageService  
    Public Function SendAsync(message As IdentityMessage) As Task Implements IIdentityMessageService.SendAsync  
        ' Plug in your email service here to send an email.  
  
        Dim Smtp_Server As New SmtpClient  
        Dim e_mail As New MailMessage()  
        Smtp_Server.UseDefaultCredentials = False  
        Smtp_Server.Credentials = New Net.NetworkCredential("username@gmail.com", "password")  
        Smtp_Server.Port = 587  
        Smtp_Server.EnableSsl = True  
        Smtp_Server.Host = "smtp.gmail.com"  
  
        e_mail = New MailMessage()  
        e_mail.From = New MailAddress("username@gmail.com")  
        e_mail.To.Add(message.Destination)  
        e_mail.Subject = message.Subject  
        e_mail.IsBodyHtml = False  
        e_mail.Body = message.Body  
        Smtp_Server.Send(e_mail)  
  
        Return Task.FromResult(0)  
  
    End Function  
End Class