A in depth tutorial please

[Juwar]

Can someone show me step by step how to make a membership site? I am only working with visual studio, vb.net and asp.net, MSAccess database.

Actually I need someone to show me how to write code to create a secure site.

I am trying to create a site where users must pay to subscribe and have access to member pages. The problem is what I've done so far is not secure at all. All one has to do to get to some of the member pages is just type the URL in the browser.

Secondly, I need someone to show me how I can have certain pages (aspx) to be viewed by the public, and certain pages (aspx) + (html) + folders that only can be accessed after the person has logged in.

Please, I need this tutorial in detail. All the articles are vague and assume certain things.

 

[Paszt]

First, are you using FrameWork V1 or V2? The Framework V2 has many new improvements which makes doing above much easier.

If you are using V1, as always with VB.NET, there are many ways to do the above.
It would probably be best for you to attempt some code and when you have specific questions, post those.
Some things you'll need to learn:
ADO.NET: to save userName/Passwords
Security: look to the HttpContext class for one example. Also you'll probably want to use cookies.

Good luck!

 

[levyuk]

And possibly web.config files to secure folders.

 

[Juwar]

I am using Framework 1.1.

I've done some reading and I have attempted to do a Forms Authentication. I went into the web config file for the project and under the <authentication, mode=Forms> tag I put <forms name=RG_Book loginUrl="login.aspx" Then I went to <authorization> tag. Under that I put <deny user="?">

I then created a login page and some other aspx pages. The problem is that with what I've created in web config, it denies me every page. I do not want that. Just some pages need to be restricted.

I have already written code that checks the username and password against an access database, but this alone is not enough. How can I configure it, so that after the username and password is checked and verified, the authorization is overwritten, and the member has access to the other pages.

Also, one thread says to secure my folders, add web config files. This is the problem Im having with talking to computer people. Specifically explain to me how to add web config files to a folder. I've looked all over visual studio.net and have no idea how to do this....

 

[levyuk]

You simply right click and add a new item to that folder. Then select web.config

This is what I would do. Any pages that you want secure put them in a secure folder with access to only authorised users. Then any files that you want everyone to access just leave those in the root folder.

 

[Paszt]

FYI: You can download the Visual Web Developer 2005 Express Edition Beta 2 to see the great improvements that have been made in FrameWork V2.