by

How to Add Simple Authentication to Azure Website

Labels: ,
During my last Azure Website project, we had to setup a staging environment in order to test the website being deployed. By nature, all Azure Websites are opened to everyone to see, however the need to protect the content being tested came up for several reasons. We were running on a tight deadline and we did not want to spend too much on configuring this authentication. The solution we found was to leverage from the provided IIS and .NET capabilities already provided by Azure and setup a simple authentication mechanism using a static username and password.

Blueprint


For this case we needed 3 things:
  1. a web.config file with the authentication configuration
  2. a Login.aspx page that comes up for the visitors to enter the credentials
  3. a javascript hookup binding the page and the web.config

Once you have all these elements, what you do is to upload these files (via FTP) to your Azure Website. The IIS hosting will automatically recognize them and the changes will take effect immediately.

Solution


The solution took about 10 minutes to build and to save you this valuable time here is the code for both web.config and login.aspx (included with the javascript) you need:
<?xml version="1.0"?>
<configuration>
    <system.web>
        <compilation debug="false" />
        <authentication mode="Forms">
            <forms>
                <credentials passwordFormat="Clear">
                    <user name="AddYourUserNameHere" password="AddYourPasswordHere" />
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <!-- Allow access to all who can match the username and password -->
            <allow users="*" />
            <!-- Denies access to anonymous users -->
            <deny users="?" />
        </authorization>
    </system.web>
 
    <system.webServer>
        <modules>
            <remove name="FormsAuthenticationModule" />
            <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />            
            <remove name="UrlAuthorization" />
            <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
        </modules>
    </system.webServer>
</configuration>



And here’s the code for the login.aspx file you will need.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat='server'>
public void Login_OnClick(object sender, EventArgs args)
{
    if (FormsAuthentication.Authenticate(UsernameTextbox.Text, PasswordTextbox.Text))
    {
        FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
    }
    else
    {
        Msg.Text = "Login failed.";
    }
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>Simple Login Authentication</title></head>
<body>
    <form id="form1" runat="server">
    <h3>Simple Login Authentication</h3>
    <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
    Enter the user name: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
    Enter the password : <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
    <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
    <asp:CheckBox id="NotPublicCheckBox" runat="server" />
    </form>
</body>
</html>


Well, that’s it. I hope you liked and it saved you some Google searches and time Smile

by
No comments:
Subscribe to: Posts (Atom)