Running Your Secure Site

You will now run the site to verify that the security you configured in the previous lesson is working as expected.

1. In the Solution Explorer, select Login.aspx. Press F5 to run the application.

2.  Log in as "marys" with the wrong password. Notice that the Login control displays an appropriate message.

3.  Now log in as "marys" using the correct password: "Pa$$word!". When authenticated you are taken to authors.aspx. Notice the LoginView control displays the message you specified for a logged-in user, and the LoginStatus control displays a Log Out link.

4. In the navigation menu select Home | Admin. Notice that you are redirected back to the Log In page.

Recall that Mary is the user who is not a member of the Administrator role. Because of this she is denied access, which by default prompts the user to log in as a different user. In the real world you would obviously want to display a message telling the user that access has been denied.

Also notice the ReturnUrl querystring parameter. This parameter is automatically added to the login.aspx URL when a user unsuccessfuly attempts to enter a secure area. When present, the ReturnUrl value overrides the Login control's DestinationPageUrl property, as you will see when you log in now as "johns".

5. Log in as "johns" with the same password.

John is a member of the Administrator role, so he was given access to the secure area.

This series of lessons has shown you how easy it is to configure security for your ASP.NET application. The new suite of login controls, as well as the Web Site Administration Tool and built-in SQL Express provider, make setting up a robust security mechanism easier than ever before. And you did this all without any manual coding.