It doesn't have to be so hard.
Add code like this in the Authenticate event:
Protected Sub Login1_Authenticate(ByVal sender As Object, _
ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) _
Handles Login1.Authenticate
e.Authenticated = True
FormsAuthentication.RedirectFromLoginPage(Login1.U serName, True)
End Sub
Instead of setting Authenticated to True, call your database and pass in the username and password.
After that, the user will be seen as authenticated.
Search the MSDN site for FormsAuthentication.RedirectFromLoginPage and for the web.config settings for the Authentication and Authorization nodes.
In short, you need something like this:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
This blocks access for all users, unless they are authenticated.
IMO, this is a much cleaner solution than rolling your own security stuff.
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of
ASP.NET 2.0 Instant Results and
Beginning Dreamweaver MX / MX 2004