secure a web application

Question

Ok... I have created a web application using Visual Studio 2008 using C#..

Now i need to secure this website; for that i need to add a login page.

I am not using the login control of visualstudio.. i am just entering the username and password and there is an API which returns true or false after authentication...

If it returns true the user is allowed to access my application and if false an error page is displayed... Is there a secure way to do this

Currently what is happening is that when i publish my web application and store it in the webroot directory of the server... the webpage can be opened simply by typing "http://ip address/Default.aspx" or "http://ip address/Page1.aspx". So i dont want this to happen instead if this is typed an error page should open. But if the user goes to the login page and logs in then only it should open these pages....

Any suggestions on how to achieve this.. thanks

Answer 1

use FORMS authentication in asp.net

Forms authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie. However, ASP.NET version 2.0 supports cookieless forms authentication, which results in the ticket being passed in a query string.

http://msdn.microsoft.com/en-us/library/aa480476.aspx

http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx