question

DavidAnderson-4633 avatar image
0 Votes"
DavidAnderson-4633 asked LeeRogers-5864 published

Where do I find VB.NET-based guidance on setting up authentication for Web Forms?

I want to add a user authentication process to an existing VB.NET-based ASP.NET Web Application that uses Web Forms and an SQL Server database. Everything I read suggested that using ASP.NET Identity was the way to go, so my first step was to use the NuGet Package Manager in VS 2019 to add the following:

  • Microsoft.AspNet.Identity.Core

  • Microsoft.AspNet.Identity.EntityFramework

  • Microsoft.AspNet.Identity.Owin

I then dragged both a CreateUserWizard and a Login control on to a new aspx Web Form, but it wasn't clear what to do next. Can anyone suggest any useful sources of VB.NET-based guidance? My searches so far have not been successful.

In addition to some sample VB.NET code, I also like to know how to create a dedicated connection string in my Web.config file that tells the authentication process to use my own SQL Server database. I had assumed that a default connection string would be inserted when I installed the packages listed above, but this didn't happen.

dotnet-visual-basicdotnet-aspnet-webforms
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Create a new project and select the "Individual account" option. The template has everything you're requesting including login and account creation aspx pages. Just review the code.

127348-capture.png

I then dragged both a CreateUserWizard and a Login control on to a new aspx Web Form, but it wasn't clear what to do next.

The CreateUserWizard interfaces with the Membership Provider which is an older version of the ASP.NET Identity. If you want to go with the Membership provider, then you'll need to read the docs but Identity is a more modern approach and comes with Entity Framework.


0 Votes 0 ·
capture.png (60.0 KiB)

Hi Joe,
Thanks for clarifying that the Login controls in the VS 2019 Toolbox relate to the old Membership Provider. Rather oddly, those controls still appear if you create a new Web Application using the default setting of ‘No Authentication’.

I had already created a temporary new Web Application using the 'Individual Users Accounts' authentication option (I used that to help identify which NuGet packages to install for Identity-based authentication). You nudged me to look a little harder at the code and that's when I noticed the new 'Accounts' folder for the first time!

That folder contains all the aspx pages for registration and login, etc, so many thanks for pointing me in the right direction.


0 Votes 0 ·
YijingSun-MSFT avatar image YijingSun-MSFT DavidAnderson-4633 ·

Hi @DavidAnderson-4633 ,
Now,do you have solved your problems?If you still have problems,you could post to us.We're willing to help you.
Best regards,
Yijing Sun

0 Votes 0 ·
DavidAnderson-4633 avatar image
0 Votes"
DavidAnderson-4633 answered DavidAnderson-4633 edited

The help provided by AgaveJoe resolved my initial problem with getting Identity authentication to work and I have now been able to run a successful test via LocalHost of both Register.aspx and Login.aspx. Since then I have found that App_Start/IdentityConfig.vb has an ApplicationUserManager class containing a Create function, which contains several basic configuration options.

There are other configuration changes I would like to to make that are not covered by the Create function, such as registering new users with a UserName rather than the default setting of registering with an email address. However, whenever I search for guidance on this I can only find solutions using C# and most of these relate to MVC rather than Web Forms.

My original question therefore still stands. Can anyone point me to a comprehensive source of VB.NET-based guidance on how to configure the Identity system for Web Forms?




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AgaveJoe avatar image
0 Votes"
AgaveJoe answered AgaveJoe edited

My original question therefore still stands. Can anyone point me to a comprehensive source of VB.NET-based guidance on how to configure the Identity system for Web Forms?

This is a fundamental Web Forms post back question not Identity configuration.

If you step through the Register.aspx.vb source code, you'll see the email address is assigned to the ApplicationUser username and email fields. The makers of the Individual Account template decided to use the email as both the email address and username.

 Dim userName As String = Email.Text
    
 Dim user = New ApplicationUser() With {.UserName = userName, .Email = userName}

Later, the UserManger service saves the ApplicationUser.

 Dim result = manager.Create(user, Password.Text)

You are free to modify the code to suite your needs. Simply add a Username input to the Register.aspx form. In the code behind, assign the username input to the ApplicationUser().UserName field and the email input to the ApplicationUser().Email field.

You'll make a similar change in the Login.aspx page as it uses an Email input field not Username.

Keep in mind, all you're doing is passing user inputs to Identity service methods. The service methods are openly published.

The actual Identity Configuration is located in the App_Start folder. The file is named IdentityConfig.vb. The Startup.Auth.vb in the same folder contains the OWIN start up logic which calls the configuration and contains a bit of configuration too like setting up cookie authentication.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DavidAnderson-4633 avatar image
0 Votes"
DavidAnderson-4633 answered DavidAnderson-4633 edited

Hi Joe,
Thanks for your input, but as it happens, I worked out that solution for myself earlier today. I added a UserName TextBox to Register.aspx and modified Register.aspx.vb to save the UserName and Email as separate items. A test proved that these changes had worked. A similar change was also made to Login.aspx, though I'm not yet sure if that works, as I failed to find a database table that tells me whether a user is logged in.

I had also looked at Startup.Auth.vb, but didn't see anything of much relevance to my needs. Using third party login providers is not part of my plan, so I would have no need to uncomment the authentication sections for Microsoft accounts, Twitter, FaceBook, and Google. Tweaking cookie timespans is also something I am unlikely to do, as I'm not sure I have the knowledge to understand when that might be helpful.

As soon as I made the above-mentioned progress, I had to leave home immediately for the rest of the day and thus was unable to update this thread before you made your post. I'm sorry this meant you spent time on this when it was no longer necessary. Please accept my sincere apologies for that.

No doubt I will find plenty of other things to tax my brain as I work through the authentication process. I still find it rather disappointing that I can't find a user friendly introduction to this stuff for VB.NET and Web Forms for people like me who just want a helping hand to speed up the learning process without going into unnecessary detail about the internal nuts and bolts (Do I really need to understand what OWIN Claims are?).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AgaveJoe avatar image
0 Votes"
AgaveJoe answered LeeRogers-5864 published

Do I really need to understand what OWIN Claims are?

Of course. OWIN is the mechanism that injects Identity into your web application. Claims are bits of information about a user. This information is often used to authorize access to resources similar to a role. Claims are a very common feature in modern authentication/authorization.

EDIT: I'm currently struggling with how to activate email confirmation. Within IdentityConfig.vb, the function SendAsync asks me to "Plug in your email service here to send an email". I have mailSettings set up in Web.Config and know how to send an email via code, but I've no idea what "plug in your email service" means.

You are struggling with the concept of an Interface. "Plug in" means add the code you typically use to send emails. Basically, the "Individual Account" template developer provided a place where you get to insert your email client code.

First, take a look at the IdentityMessage input parameters of the SendAsync method. The Identity API, through configuration, populates these values.

     '
     ' Summary:
     '     Represents a message
     Public Class IdentityMessage
         Public Sub New()
    
         '
         ' Summary:
         '     Destination, i.e. To email, or SMS phone number
         Public Overridable Property Destination As String
         '
         ' Summary:
         '     Subject
         Public Overridable Property Subject As String
         '
         ' Summary:
         '     Message contents
         Public Overridable Property Body As String
     End Class

You get to use these three properties to populate the email message. However, you must know how to configure your email client according to the email service provider you are using.

Below is an SmtpClient example that uses gmail. Your configuration will most likely differ. Keep in mind, the code below is not production ready but it should give you the general idea.

 Public Class EmailService
     Implements IIdentityMessageService
     Public Function SendAsync(message As IdentityMessage) As Task Implements IIdentityMessageService.SendAsync
         ' Plug in your email service here to send an email.
    
         Dim Smtp_Server As New SmtpClient
         Dim e_mail As New MailMessage()
         Smtp_Server.UseDefaultCredentials = False
         Smtp_Server.Credentials = New Net.NetworkCredential("username@gmail.com", "password")
         Smtp_Server.Port = 587
         Smtp_Server.EnableSsl = True
         Smtp_Server.Host = "smtp.gmail.com"
    
         e_mail = New MailMessage()
         e_mail.From = New MailAddress("username@gmail.com")
         e_mail.To.Add(message.Destination)
         e_mail.Subject = message.Subject
         e_mail.IsBodyHtml = False
         e_mail.Body = message.Body
         Smtp_Server.Send(e_mail)
    
         Return Task.FromResult(0)
    
     End Function
 End Class


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AgaveJoe, you are a lifesaver. I was going to kill myself after 4 hours of working on this :-)

0 Votes 0 ·
DavidAnderson-4633 avatar image
0 Votes"
DavidAnderson-4633 answered YijingSun-MSFT commented

Hi Joe,
After adding that edit to my last post, I found some C# code for specifying my email service within the SendAsync function. I used the Telerik converter to convert that to VB.NET and then managed to get the basics of sending a confirmation email working. I therefore deleted that edit text from my last post several hours before you posted your response. Would it have been better if I had left the edit in place and made another post to say I had made some progress?

However, your reply still served a very useful purpose as I had failed to find the correct syntax for specifying the From email address (to override the default I have in Web.config). I had also forgotten all about adding my own error checking code, so thanks for that reminder.

Everything I've read about OWIN has either been a very basic description or so complex that it went right over my head. So far, I've not written any code that required me to have any detailed knowledge of the subject. I've been a part time unpaid self-taught VB.NET Web Forms programmer since 2009 and have always made it a practice to go no deeper into a subject than is required to make my coding work. If I spent any more time in front of a computer my wife would probably kill me!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @DavidAnderson-4633 ,

Would it have been better if I had left the edit in place and made another post to say I had made some progress?

If you have other problems,you could post a new thread.More community's experts to help you.
Best regards,
Yijing Sun

0 Votes 0 ·