Web Forms & Access Rights

A consideration before displaying our data to the world is whether we want the users to be registered on our site first (and later we can consider how to restrict registrations to approved users).

This tutorial will start with creating basic restrictions to allow only registered users to access a web page and prompting users to login or register when required.

Before attempting this tutorial you should have an 'ASP.NET Web Application' created in Visual Studio with 'Individual User Accounts' ('Option 2: Template Users DB').



To get started we will need to add a new web page, right-click on the solution file in Solution Explorer, select 'Add', and then 'New Item...'.

On the left pane, navigate to the 'Web' category of your chosen language (C# shown below), and select 'Web Form with Master Page' from the list.

Name this page appropriately, in this example we will prepare a web page to display a list of sites and so have named it: "SiteList.aspx"

Click 'Add'.

Select a master page file (this assumes you have created a solution with master pages). In the worked example select 'Site.Master' and click 'OK'.

You should be brought to the HTML code view for the new page and it will look something like the file below.

Be sure to set you pages title (this will appear in the web browsers title bar and the menu system), e.g. "Site List", as shown below.

You will notice that there is not a lot of markup script here and that is because this is just the main content area of the web page. Everything around it, the header, menus, footer and margins have all been determined by the master page. You can select this from the Solution Explorer to view its contents (its default name is 'Site.Master'.) 

The code below shows a section of markup script from the master page and on line 77 you can see where a Content Placeholder has been place and is where the individual web page content will slot in.

Back to our SiteList.aspx page, we can include an h2 tag to automatically insert the Title of the page. This should appear between the open and close 'asp:Content' tags.

Run your code to view in a browser and you should get something similar to the web page below. The red-dotted line has been drawn around the invisible border of the asp:Content block. Everything outside of this area is set by the master page.

Next we will add a new folder to store all the restricted web pages in. In the Solution Explorer, right-click the project file (e.g. AssetManagementSystem), select 'Add', then 'New Folder'.

The new folder will be added to Solution Explorer and you will have the opportunity to rename it. Give it the name "Restricted".

You can now click-and-drag the 'SiteList.aspx' web form we created earlier, and drop it into the new 'Restricted' folder.

Note: 'SiteList.aspx' has two sub-files with the further extensions of '.cs' and '.designer.cs'. Ensure you move the parent file as shown below.

Using the same method as before, you can right-click on the new 'Restricted' folder, select 'Add' then 'New Item...'. On the left pane under 'Web', select 'General' and select a 'Web Configuration File' from the list.

It should be named, "Web.config", but DO NOT overwrite the original one in the parent 'Project' folder - the new one should be within the 'Restricted' folder.

Replace the code of the Web.config file with the script below.

<?xml version="1.0"?>

 <location path="">
        <deny users="?"/>


Run the web page and the user should be redirected to the 'Log in' page (unless you are logged in already, in which case log out to check that users are re-directed here).

Any pages within this folder will now be restricted to registered users.

Note: By default, users can register themselves, but later we can look to disable this and only allow an administrator to create new users.

In addition to 'SiteList.aspx', you should now create a second web form called 'SiteView.aspx' based on the Master Page and within the 'Restricted' folder. Your Solution Explorer should look like this:

In the markup script of this new web form, insert a title, "Site View" as shown below and add the code shown between the 'asp:Content' tags.

Well done, you should now have your first web forms that display their titles to the user within the master page template. These pages can only be accessed by registered users of the site.

You will build on these pages in the next few tutorials.