custom-login.aspx

This is a book about vb.you could learn this from this book

<%@Page Language="VB" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.OleDb" %>
<%@Import Namespace="System.Xml" %>

<html>
<head>
<title>Login Form</title>
<style type="text/css">
body, input {font-family:Tahoma,Arial,sans-serif; font-size:10pt }
</style>
</head>
<body>
<form runat="server">

  Authenticate against:
  <input type="radio" id="chkXML" name="chkReadFrom" checked="true" runat="server" />
  XML document &nbsp;
  <input type="radio" id="chkSQL" name="chkReadFrom" runat="server" />
  Database table<p />

  UserName: <input id="txtUsr" type="text" runat="server" /><p />
  Password: <input id="txtPwd" type="password" runat="server" /><p />

  <ASP:CheckBox id="chkPersist" runat="server" />
  Remember my credentials<p />

  <input type="submit" value="Login" runat="server" onserverclick="DoLogin" /><p />

  <div id="outMessage" runat="server" />

</form>
Available username/password combinations are: &nbsp;"billjones" and "test", &nbsp;
"marthasmith" and "test", &nbsp; "joesoap" and "test"
<hr />
<b>The web.config file used in this example is:</b><pre>
&lt;configuration&gt;
&lt;system.web&gt;

  &lt;authentication mode="Forms"&gt;
    &lt;forms name="MyApp01" path="/" loginUrl="custom-login.aspx"
           protection="All"  timeout="30" &gt;
    &lt;/forms&gt;
  &lt;/authentication&gt;

  &lt;authorization&gt;
    &lt;deny users="?" /&gt;
  &lt;/authorization&gt;

&lt;/system.web&gt;
&lt;/configuration&gt;</pre>
</body>
</html>

<script language="VB" runat="server">
Sub DoLogin(objSender As Object, objArgs As EventArgs)

  'specify the connection string - edit to suit your database
  Dim strConnect As String
  strConnect = ConfigurationSettings.AppSettings("DsnUserList")

  'get username and password from form
  Dim strUsr As String = txtUsr.Value
  Dim strPwd As String = txtPwd.Value

  'set a flag to indicate successful authentication
  Dim blnIsAuthenticated As Boolean = False   'default value


  'see which method we're using to authenticate the user
  If chkXML.Checked Then

    'load the XML document containing the user credentials
    Dim strCurrentPath As String = Request.PhysicalPath
    Dim strXMLPath As String = Left(strCurrentPath, _
                      InStrRev(strCurrentPath, "\")) & "userlist.xml"

    'create a new XMLDocument object
    Dim objXMLDoc As New XMLDocument()

    Try

       'load the XML file into the XMLDocument object
       objXMLDoc.Load(strXMLPath)

    Catch objError As Exception

       'display error details
       outMessage.innerHTML = "<b>* Error while accessing XML document</b>.<br />" _
           & objError.Message & "<br />" & objError.Source
       Exit Sub  ' and stop execution

    End Try

    'create a NodeList collection of all matching child nodes
    'there should be only one for this user
    Dim colUser As XmlNodeList
    colUser = objXMLDoc.GetElementsByTagname(strUsr)

    'see if we found an element with this username
    If colUser.Count > 0 Then

      'check if the value of the element (the child #text node)
      'is equal to the password that the user entered
      If strPwd = colUser(0).FirstChild().Value Then
        blnIsAuthenticated = True
      End If

    End If

  Else

    'create a suitable SQL statement to retrieve the values
    Dim strSQL As String
    strSQL = "SELECT Password FROM Users WHERE UserName='" _
           & strUsr & "' AND Password='" & strPwd & "'"

    Try

      'create a new Connection object
      Dim objConnect As New OleDbConnection(strConnect)

      'open the connection to the database
      objConnect.Open()

      'create a new Command using the connection object and select statement
      Dim objCommand As New OleDbCommand(strSQL, objConnect)

      'declare a variable to hold a DataReader object
      Dim objDataReader As OleDbDataReader

      'execute the SQL statement against the command to fill the DataReader
      objDataReader = objCommand.ExecuteReader()

      'if we get a row back, check password for same letter case
      '(usually a SQL SELECT WHERE clause is not case sensitive)
      If objDataReader.Read() Then
         If objDataReader("Password") = strPwd Then
           blnIsAuthenticated = True
         End If
      End If

      'close the DataReader and Connection
      objDataReader.Close()
      objConnect.Close()

    Catch objError As Exception

      'display error details
      outMessage.InnerHtml = "<b>* Error while accessing database</b>.<br />" _
          & objError.Message & "<br />" & objError.Source
      Exit Sub  ' and stop execution

    End Try

  End If

  If blnIsAuthenticated Then
     FormsAuthentication.RedirectFromLoginPage(txtUsr.Value, chkPersist.Checked)
  Else
     outMessage.InnerHtml = "<b>Invalid credentials</b> please re-enter..."
  End If

End Sub
</script>