Professional Web Applications Themes

Authentication code - ASP.NET General

"VB Programmer" <growNO-SPAMgo-intech.com> wrote in message news:uZ$oYCFXDHA.2200TK2MSFTNGP09.phx.gbl... > PLEASE HELP.... > > ... > PROBLEM 1: In Application_AuthenticateRequest the If statement for > "IsInRole" ALWAYS drops to the Else, like it doesn't recognize what I filled > in for form login. Any ideas? Remember that HTTP is stateless, and so is ASP.NET. By the time you get to Application_AuthenticateRequest, everything you ever did in Login is gone. You need to persist it, probably in the Forms Authentication ticket. See my response to your earlier post, " Question: COntext.User.IsInRole". > > PROBLEM 2: In my Login code I actually had "Context.User ...

  1. #1

    Default Re: Authentication code

    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:uZ$oYCFXDHA.2200TK2MSFTNGP09.phx.gbl...
    > PLEASE HELP....
    >
    > ...
    > PROBLEM 1: In Application_AuthenticateRequest the If statement for
    > "IsInRole" ALWAYS drops to the Else, like it doesn't recognize what I
    filled
    > in for form login. Any ideas?
    Remember that HTTP is stateless, and so is ASP.NET. By the time you get to
    Application_AuthenticateRequest, everything you ever did in Login is gone.
    You need to persist it, probably in the Forms Authentication ticket. See my
    response to your earlier post, "
    Question: COntext.User.IsInRole".
    >
    > PROBLEM 2: In my Login code I actually had "Context.User =" line outside
    > the case statement but it kept saying "Name 'arrRoles' is not declared."
    > even though I did declare it in the case statement. Any ideas?
    It looks like the case clauses each introduce a new scope. Did you notice
    that you were able to declare the same name three times? When that case
    clause is done, the scope is gone, and so are any variables declared in that
    scope. Declare your array before the "Select" and just set it in each Case
    clause.
    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]


    John Saunders Guest

  2. #2

    Default HOW TO: Setting Up Forms Authentication

    To use forms authentication...

    1. Modify <Web.config>
    Turn on forms authentication...
    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="Login.aspx" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    Insert before the end of the file add the section for Secured dir....
    <location path="Secured">
    <system.web>
    <authorization>
    <allow roles="admin"/>
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    2. Login.aspx
    After user is verified (in db, xml, etc...) add this:

    System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(txtUserName.Te
    xt.Trim, True)

    3. Global.asax.vb
    First add imports statement "Imports System.Security.Principal"

    Then...
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    EventArgs)
    ' Fires upon attempting to authenticate the use
    If Request.IsAuthenticated Then
    ' Get the user's role
    Dim cnnMyConnection As SqlConnection = New
    SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
    Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah FROM
    blah WHERE blah", cnnMyConnection)
    Dim drUsers As SqlDataReader

    cnnMyConnection.Open()
    drUsers = cmdMyCmd.ExecuteReader

    While drUsers.Read
    Select Case drUsers.GetValue(1)
    Case 0 ' guest (read only)
    Dim arrRoles() As String = {"guest"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    Case 1 ' user (start/stop engines)
    Dim arrRoles() As String = {"guest", "user"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    Case 2 ' admin (everything)
    Dim arrRoles() As String = {"guest", "user",
    "admin"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    End Select
    End While

    cnnMyConnection .Close()

    'If Context.User.IsInRole("guest") Then Response.Write("GUEST "
    & Context.User.Identity.Name)
    End If
    End Sub


    VB Programmer Guest

  3. #3

    Default Re: HOW TO: Setting Up Forms Authentication

    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:eO9%23dmFXDHA.2312TK2MSFTNGP10.phx.gbl...
    > To use forms authentication...
    >
    ....
    > 3. Global.asax.vb
    > First add imports statement "Imports System.Security.Principal"
    >
    > Then...
    > Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    > EventArgs)
    > ' Fires upon attempting to authenticate the use
    > If Request.IsAuthenticated Then
    > ' Get the user's role
    > Dim cnnMyConnection As SqlConnection = New
    > SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
    > Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah FROM
    > blah WHERE blah", cnnMyConnection)
    > Dim drUsers As SqlDataReader
    >
    > cnnMyConnection.Open()
    > drUsers = cmdMyCmd.ExecuteReader
    >
    > While drUsers.Read
    > Select Case drUsers.GetValue(1)
    > Case 0 ' guest (read only)
    > Dim arrRoles() As String = {"guest"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > Case 1 ' user (start/stop engines)
    > Dim arrRoles() As String = {"guest", "user"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > Case 2 ' admin (everything)
    > Dim arrRoles() As String = {"guest", "user",
    > "admin"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > End Select
    > End While
    >
    > cnnMyConnection .Close()
    >
    > 'If Context.User.IsInRole("guest") Then Response.Write("GUEST
    "
    > & Context.User.Identity.Name)
    > End If
    > End Sub
    >
    >
    Your code will work fine, and will run on every request made to a page in
    your web application. That's a lot of database work.

    I suggest you put the database code into Login, save the resultant roles in
    the UserData of the Forms Authentication Ticket, and retrieve them in
    Application_AuthenticateRequest.
    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]


    John Saunders Guest

  4. #4

    Default Re: HOW TO: Setting Up Forms Authentication

    Should I put that code in my login form or global.asax.vb?

    "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    news:u12tQvFXDHA.1896TK2MSFTNGP12.phx.gbl...
    > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > news:eO9%23dmFXDHA.2312TK2MSFTNGP10.phx.gbl...
    > > To use forms authentication...
    > >
    > ...
    > > 3. Global.asax.vb
    > > First add imports statement "Imports System.Security.Principal"
    > >
    > > Then...
    > > Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
    As
    > > EventArgs)
    > > ' Fires upon attempting to authenticate the use
    > > If Request.IsAuthenticated Then
    > > ' Get the user's role
    > > Dim cnnMyConnection As SqlConnection = New
    > > SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
    > > Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah
    FROM
    > > blah WHERE blah", cnnMyConnection)
    > > Dim drUsers As SqlDataReader
    > >
    > > cnnMyConnection.Open()
    > > drUsers = cmdMyCmd.ExecuteReader
    > >
    > > While drUsers.Read
    > > Select Case drUsers.GetValue(1)
    > > Case 0 ' guest (read only)
    > > Dim arrRoles() As String = {"guest"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > Case 1 ' user (start/stop engines)
    > > Dim arrRoles() As String = {"guest", "user"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > Case 2 ' admin (everything)
    > > Dim arrRoles() As String = {"guest", "user",
    > > "admin"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > End Select
    > > End While
    > >
    > > cnnMyConnection .Close()
    > >
    > > 'If Context.User.IsInRole("guest") Then
    Response.Write("GUEST
    > "
    > > & Context.User.Identity.Name)
    > > End If
    > > End Sub
    > >
    > >
    >
    > Your code will work fine, and will run on every request made to a page in
    > your web application. That's a lot of database work.
    >
    > I suggest you put the database code into Login, save the resultant roles
    in
    > the UserData of the Forms Authentication Ticket, and retrieve them in
    > Application_AuthenticateRequest.
    > --
    > John Saunders
    > Internet Engineer
    > [email]john.saunderssurfcontrol.com[/email]
    >
    >

    VB Programmer Guest

  5. #5

    Default Re: HOW TO: Setting Up Forms Authentication

    Cool. That's basically what I did.

    1. What defines where the custom cookie is stored? I used to see the
    default cookie in "C:\Doents and Settings\Administrator\Cookies", but now
    I can't find my custom cookie?

    2. How do I retrieve the roles that are stored in UserData (ticket)?

    3. What is a common reason why you would access this in
    Application_AuthenticateRequest? This seems to work with no code in
    Application_AuthenticateRequest.

    You're a great resource! Thanks.

    "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    news:OxXoyRPXDHA.3248tk2msftngp13.phx.gbl...
    > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > news:%23yM8NLPXDHA.388TK2MSFTNGP10.phx.gbl...
    > > Should I put that code in my login form or global.asax.vb?
    >
    > I suggest you put the database code into Login, save the resultant roles
    > into the UserData of the Forms Authentication Ticket, and retrieve them in
    > Application_AuthenticateRequest.
    >
    > >
    > > "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    > > news:u12tQvFXDHA.1896TK2MSFTNGP12.phx.gbl...
    > > > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > > > news:eO9%23dmFXDHA.2312TK2MSFTNGP10.phx.gbl...
    > > > > To use forms authentication...
    > > > >
    > > > ...
    > > > > 3. Global.asax.vb
    > > > > First add imports statement "Imports System.Security.Principal"
    > > > >
    > > > > Then...
    > > > > Sub Application_AuthenticateRequest(ByVal sender As Object,
    ByVal
    > e
    > > As
    > > > > EventArgs)
    > > > > ' Fires upon attempting to authenticate the use
    > > > > If Request.IsAuthenticated Then
    > > > > ' Get the user's role
    > > > > Dim cnnMyConnection As SqlConnection = New
    > > > > SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
    > > > > Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah
    > > FROM
    > > > > blah WHERE blah", cnnMyConnection)
    > > > > Dim drUsers As SqlDataReader
    > > > >
    > > > > cnnMyConnection.Open()
    > > > > drUsers = cmdMyCmd.ExecuteReader
    > > > >
    > > > > While drUsers.Read
    > > > > Select Case drUsers.GetValue(1)
    > > > > Case 0 ' guest (read only)
    > > > > Dim arrRoles() As String = {"guest"}
    > > > > Context.User = New
    > > > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > > > Case 1 ' user (start/stop engines)
    > > > > Dim arrRoles() As String = {"guest", "user"}
    > > > > Context.User = New
    > > > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > > > Case 2 ' admin (everything)
    > > > > Dim arrRoles() As String = {"guest", "user",
    > > > > "admin"}
    > > > > Context.User = New
    > > > > System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
    > > > > End Select
    > > > > End While
    > > > >
    > > > > cnnMyConnection .Close()
    > > > >
    > > > > 'If Context.User.IsInRole("guest") Then
    > > Response.Write("GUEST
    > > > "
    > > > > & Context.User.Identity.Name)
    > > > > End If
    > > > > End Sub
    > > > >
    > > > >
    > > >
    > > > Your code will work fine, and will run on every request made to a page
    > in
    > > > your web application. That's a lot of database work.
    > > >
    > > > I suggest you put the database code into Login, save the resultant
    roles
    > > in
    > > > the UserData of the Forms Authentication Ticket, and retrieve them in
    > > > Application_AuthenticateRequest.
    > > > --
    > > > John Saunders
    > > > Internet Engineer
    > > > [email]john.saunderssurfcontrol.com[/email]
    > > >
    > > >
    > >
    > >
    >
    >

    VB Programmer Guest

  6. #6

    Default Re: HOW TO: Setting Up Forms Authentication

    Please answer #1 and #2.

    Ignore #3: I figured out that this is where you need to setup the new
    GenericPrincipal BASED on the role that is stored in the UserData (in the
    cookie).... I think. ;)

    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:uAMxYlPXDHA.1896TK2MSFTNGP12.phx.gbl...
    > Cool. That's basically what I did.
    >
    > 1. What defines where the custom cookie is stored? I used to see the
    > default cookie in "C:\Doents and Settings\Administrator\Cookies", but
    now
    > I can't find my custom cookie?
    >
    > 2. How do I retrieve the roles that are stored in UserData (ticket)?
    >
    > 3. What is a common reason why you would access this in
    > Application_AuthenticateRequest? This seems to work with no code in
    > Application_AuthenticateRequest.
    >
    > You're a great resource! Thanks.
    >
    > "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    > news:OxXoyRPXDHA.3248tk2msftngp13.phx.gbl...
    > > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > > news:%23yM8NLPXDHA.388TK2MSFTNGP10.phx.gbl...
    > > > Should I put that code in my login form or global.asax.vb?
    > >
    > > I suggest you put the database code into Login, save the resultant roles
    > > into the UserData of the Forms Authentication Ticket, and retrieve them
    in
    > > Application_AuthenticateRequest.
    > >
    > > >
    > > > "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    > > > news:u12tQvFXDHA.1896TK2MSFTNGP12.phx.gbl...
    > > > > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > > > > news:eO9%23dmFXDHA.2312TK2MSFTNGP10.phx.gbl...
    > > > > > To use forms authentication...
    > > > > >
    > > > > ...
    > > > > > 3. Global.asax.vb
    > > > > > First add imports statement "Imports System.Security.Principal"
    > > > > >
    > > > > > Then...
    > > > > > Sub Application_AuthenticateRequest(ByVal sender As Object,
    > ByVal
    > > e
    > > > As
    > > > > > EventArgs)
    > > > > > ' Fires upon attempting to authenticate the use
    > > > > > If Request.IsAuthenticated Then
    > > > > > ' Get the user's role
    > > > > > Dim cnnMyConnection As SqlConnection = New
    > > > > > SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
    > > > > > Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT
    blah
    > > > FROM
    > > > > > blah WHERE blah", cnnMyConnection)
    > > > > > Dim drUsers As SqlDataReader
    > > > > >
    > > > > > cnnMyConnection.Open()
    > > > > > drUsers = cmdMyCmd.ExecuteReader
    > > > > >
    > > > > > While drUsers.Read
    > > > > > Select Case drUsers.GetValue(1)
    > > > > > Case 0 ' guest (read only)
    > > > > > Dim arrRoles() As String = {"guest"}
    > > > > > Context.User = New
    > > > > > System.Security.Principal.GenericPrincipal(User.Id entity,
    arrRoles)
    > > > > > Case 1 ' user (start/stop engines)
    > > > > > Dim arrRoles() As String = {"guest",
    "user"}
    > > > > > Context.User = New
    > > > > > System.Security.Principal.GenericPrincipal(User.Id entity,
    arrRoles)
    > > > > > Case 2 ' admin (everything)
    > > > > > Dim arrRoles() As String = {"guest",
    "user",
    > > > > > "admin"}
    > > > > > Context.User = New
    > > > > > System.Security.Principal.GenericPrincipal(User.Id entity,
    arrRoles)
    > > > > > End Select
    > > > > > End While
    > > > > >
    > > > > > cnnMyConnection .Close()
    > > > > >
    > > > > > 'If Context.User.IsInRole("guest") Then
    > > > Response.Write("GUEST
    > > > > "
    > > > > > & Context.User.Identity.Name)
    > > > > > End If
    > > > > > End Sub
    > > > > >
    > > > > >
    > > > >
    > > > > Your code will work fine, and will run on every request made to a
    page
    > > in
    > > > > your web application. That's a lot of database work.
    > > > >
    > > > > I suggest you put the database code into Login, save the resultant
    > roles
    > > > in
    > > > > the UserData of the Forms Authentication Ticket, and retrieve them
    in
    > > > > Application_AuthenticateRequest.
    > > > > --
    > > > > John Saunders
    > > > > Internet Engineer
    > > > > [email]john.saunderssurfcontrol.com[/email]
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    VB Programmer Guest

  7. #7

    Default Re: HOW TO: Setting Up Forms Authentication

    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:uAMxYlPXDHA.1896TK2MSFTNGP12.phx.gbl...
    > Cool. That's basically what I did.
    >
    > 1. What defines where the custom cookie is stored? I used to see the
    > default cookie in "C:\Doents and Settings\Administrator\Cookies", but
    now
    > I can't find my custom cookie?
    If you don't set an expiration date on a cookie, it will be a "session
    cookie", which I don't believe is stored on disk. Session cookies are a Good
    Thing, as browsers are more likely to be set to accept them than permanent
    cookies.
    > 2. How do I retrieve the roles that are stored in UserData (ticket)?
    By doing the opposite of of what you did to put them there. :-)

    For instance, if your database code in login produced an array of roles, you
    might use:

    string[] roles = GetRolesForUser(userName);
    string userData = String.Join(",", roles);
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    1,
    userName,
    System.DateTime.Now,
    System.DateTime.Now.AddMinutes(30),
    isPersistent,
    userData,
    FormsAuthentication.FormsCookiePath);

    // Encrypt the ticket.
    string encTicket = FormsAuthentication.Encrypt(ticket);

    // Create the cookie.
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    encTicket));

    // Redirect back to original URL.
    Response.Redirect(FormsAuthentication.GetRedirectU rl(userName,isPersistent))
    ;


    Well, in this case you'll want to do the following in
    Application_AuthenticateRequest:

    FormsIdentity fi = User.Identity as FormsIdentity;
    if (fi == null) return; // don't know how _that_ happened!
    FormsAuthenticationTicket ticket = fi.Ticket;
    string userData = ticket.UserData;
    string roles[] = userData.Split(',');
    Request.User = new GenericPrincipal(fi, roles);
    > 3. What is a common reason why you would access this in
    > Application_AuthenticateRequest? This seems to work with no code in
    > Application_AuthenticateRequest.
    But it's not working. If you put the user in a role right now, is he still
    in the same role on all subsequent requests? I doubt it. You need to set the
    Principal on each request - remember we're talking "stateless".
    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]
    > You're a great resource! Thanks.
    You're welcome.

    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]


    John Saunders Guest

  8. #8

    Default HOW TO: Setting Up Forms Authentication (Revised)

    John, it works like a champ. Thanks for ALL of your help! ;)

    FYI, this is what I changed...

    (1) In my login page it calls...
    Public Sub RedirectFromLoginPage(ByVal strUserName As String, ByVal
    strUserData As String, ByVal strDefaultRedirectUrl As String)
    Dim ctxMyContext As HttpContext = HttpContext.Current
    Dim fatTicket As New FormsAuthenticationTicket( _
    1, txtUserName.Text.ToUpper.Trim, DateTime.Now, _
    DateTime.Now.AddMinutes(30), False, strUserData)
    Dim strCookieValue As String =
    FormsAuthentication.Encrypt(fatTicket)
    Dim cookieMyCookie As HttpCookie = New
    HttpCookie(FormsAuthentication.FormsCookieName)
    Dim strReturnUrl As String

    With cookieMyCookie
    .Path = FormsAuthentication.FormsCookiePath
    .Value = strCookieValue
    .Expires = DateTime.Now.AddMinutes(30)
    End With
    ctxMyContext.Response.Cookies.Add(cookieMyCookie)

    If ctxMyContext.Request.QueryString("ReturnUrl") Is Nothing Then
    strReturnUrl = strDefaultRedirectUrl
    Else
    strReturnUrl = ctxMyContext.Request.QueryString("ReturnUrl")
    End If

    ctxMyContext.Response.Redirect(strReturnUrl)
    End Sub

    (2)
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    EventArgs)
    ' Fires upon attempting to authenticate the use
    If Request.IsAuthenticated Then
    Dim fiIndentity As FormsIdentity = CType(User.Identity,
    FormsIdentity)
    If fiIndentity Is Nothing Then Exit Sub

    Dim fatTicket As Security.FormsAuthenticationTicket =
    fiIndentity.Ticket
    Dim strUserData As String = fatTicket.UserData

    Select Case strUserData
    Case "guest"
    Dim arrRoles() As String = {"guest"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    Case "user"
    Dim arrRoles() As String = {"guest", "user"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    Case "admin"
    Dim arrRoles() As String = {"guest", "user", "admin"}
    Context.User = New
    System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    End Select
    End If
    End Sub


    VB Programmer Guest

  9. #9

    Default Re: HOW TO: Setting Up Forms Authentication (Revised)

    This looks good, but one thing was lost in the translation. Ctype doesn't do
    the same thing as the "as" operator does in C#.

    "object as Type" will return null (Nothing) if object cannot be cast to
    Type, otherwise it will do the cast and return the result. On the other
    hand, if somehow User.Identify were not a FormsIdentify, CType would throw
    an exception.

    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]


    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:%233AE5eQXDHA.2204TK2MSFTNGP12.phx.gbl...
    > John, it works like a champ. Thanks for ALL of your help! ;)
    >
    > FYI, this is what I changed...
    >
    > (1) In my login page it calls...
    > Public Sub RedirectFromLoginPage(ByVal strUserName As String, ByVal
    > strUserData As String, ByVal strDefaultRedirectUrl As String)
    > Dim ctxMyContext As HttpContext = HttpContext.Current
    > Dim fatTicket As New FormsAuthenticationTicket( _
    > 1, txtUserName.Text.ToUpper.Trim, DateTime.Now, _
    > DateTime.Now.AddMinutes(30), False, strUserData)
    > Dim strCookieValue As String =
    > FormsAuthentication.Encrypt(fatTicket)
    > Dim cookieMyCookie As HttpCookie = New
    > HttpCookie(FormsAuthentication.FormsCookieName)
    > Dim strReturnUrl As String
    >
    > With cookieMyCookie
    > .Path = FormsAuthentication.FormsCookiePath
    > .Value = strCookieValue
    > .Expires = DateTime.Now.AddMinutes(30)
    > End With
    > ctxMyContext.Response.Cookies.Add(cookieMyCookie)
    >
    > If ctxMyContext.Request.QueryString("ReturnUrl") Is Nothing Then
    > strReturnUrl = strDefaultRedirectUrl
    > Else
    > strReturnUrl = ctxMyContext.Request.QueryString("ReturnUrl")
    > End If
    >
    > ctxMyContext.Response.Redirect(strReturnUrl)
    > End Sub
    >
    > (2)
    > Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    > EventArgs)
    > ' Fires upon attempting to authenticate the use
    > If Request.IsAuthenticated Then
    > Dim fiIndentity As FormsIdentity = CType(User.Identity,
    > FormsIdentity)
    > If fiIndentity Is Nothing Then Exit Sub
    >
    > Dim fatTicket As Security.FormsAuthenticationTicket =
    > fiIndentity.Ticket
    > Dim strUserData As String = fatTicket.UserData
    >
    > Select Case strUserData
    > Case "guest"
    > Dim arrRoles() As String = {"guest"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > Case "user"
    > Dim arrRoles() As String = {"guest", "user"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > Case "admin"
    > Dim arrRoles() As String = {"guest", "user", "admin"}
    > Context.User = New
    > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > End Select
    > End If
    > End Sub
    >
    >

    John Saunders Guest

  10. #10

    Default Re: HOW TO: Setting Up Forms Authentication (Revised)

    The reason I changed it from...
    Dim fiIndentity As FormsIdentity = User.Identity
    to...
    Dim fiIndentity As FormsIdentity = CType(User.Identity, FormsIdentity)
    ....was that I go a squiggly under User.Identity stating "Option Strict On
    disallows implicit conversions from 'System.Security.Principle.Iidentity' to
    'System.Web.Security.FormsIdentity.'" Should I do it an alternate way?

    "John Saunders" <john.saunderssurfcontrol.com> wrote in message
    news:OEjapoQXDHA.384TK2MSFTNGP12.phx.gbl...
    > This looks good, but one thing was lost in the translation. Ctype doesn't
    do
    > the same thing as the "as" operator does in C#.
    >
    > "object as Type" will return null (Nothing) if object cannot be cast to
    > Type, otherwise it will do the cast and return the result. On the other
    > hand, if somehow User.Identify were not a FormsIdentify, CType would throw
    > an exception.
    >
    > --
    > John Saunders
    > Internet Engineer
    > [email]john.saunderssurfcontrol.com[/email]
    >
    >
    > "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    > news:%233AE5eQXDHA.2204TK2MSFTNGP12.phx.gbl...
    > > John, it works like a champ. Thanks for ALL of your help! ;)
    > >
    > > FYI, this is what I changed...
    > >
    > > (1) In my login page it calls...
    > > Public Sub RedirectFromLoginPage(ByVal strUserName As String, ByVal
    > > strUserData As String, ByVal strDefaultRedirectUrl As String)
    > > Dim ctxMyContext As HttpContext = HttpContext.Current
    > > Dim fatTicket As New FormsAuthenticationTicket( _
    > > 1, txtUserName.Text.ToUpper.Trim, DateTime.Now, _
    > > DateTime.Now.AddMinutes(30), False, strUserData)
    > > Dim strCookieValue As String =
    > > FormsAuthentication.Encrypt(fatTicket)
    > > Dim cookieMyCookie As HttpCookie = New
    > > HttpCookie(FormsAuthentication.FormsCookieName)
    > > Dim strReturnUrl As String
    > >
    > > With cookieMyCookie
    > > .Path = FormsAuthentication.FormsCookiePath
    > > .Value = strCookieValue
    > > .Expires = DateTime.Now.AddMinutes(30)
    > > End With
    > > ctxMyContext.Response.Cookies.Add(cookieMyCookie)
    > >
    > > If ctxMyContext.Request.QueryString("ReturnUrl") Is Nothing Then
    > > strReturnUrl = strDefaultRedirectUrl
    > > Else
    > > strReturnUrl = ctxMyContext.Request.QueryString("ReturnUrl")
    > > End If
    > >
    > > ctxMyContext.Response.Redirect(strReturnUrl)
    > > End Sub
    > >
    > > (2)
    > > Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
    As
    > > EventArgs)
    > > ' Fires upon attempting to authenticate the use
    > > If Request.IsAuthenticated Then
    > > Dim fiIndentity As FormsIdentity = CType(User.Identity,
    > > FormsIdentity)
    > > If fiIndentity Is Nothing Then Exit Sub
    > >
    > > Dim fatTicket As Security.FormsAuthenticationTicket =
    > > fiIndentity.Ticket
    > > Dim strUserData As String = fatTicket.UserData
    > >
    > > Select Case strUserData
    > > Case "guest"
    > > Dim arrRoles() As String = {"guest"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > > Case "user"
    > > Dim arrRoles() As String = {"guest", "user"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > > Case "admin"
    > > Dim arrRoles() As String = {"guest", "user",
    "admin"}
    > > Context.User = New
    > > System.Security.Principal.GenericPrincipal(fiInden tity, arrRoles)
    > > End Select
    > > End If
    > > End Sub
    > >
    > >
    >
    >

    VB Programmer Guest

  11. #11

    Default Re: HOW TO: Setting Up Forms Authentication (Revised)

    "VB Programmer" <growNO-SPAMgo-intech.com> wrote in message
    news:OlJPBSRXDHA.2476tk2msftngp13.phx.gbl...
    > The reason I changed it from...
    > Dim fiIndentity As FormsIdentity = User.Identity
    > to...
    > Dim fiIndentity As FormsIdentity = CType(User.Identity, FormsIdentity)
    > ...was that I go a squiggly under User.Identity stating "Option Strict On
    > disallows implicit conversions from 'System.Security.Principle.Iidentity'
    to
    > 'System.Web.Security.FormsIdentity.'" Should I do it an alternate way?
    No, but you should first check to make sure it's a FormsIdentity - and I
    can't remember right now how VB.NET does that!
    --
    John Saunders
    Internet Engineer
    [email]john.saunderssurfcontrol.com[/email]



    John Saunders Guest

Similar Threads

  1. Sharepoint (WSS) authentication issues in code/web service
    By Ken McAndrew in forum ASP.NET Web Services
    Replies: 1
    Last Post: May 17th, 04:10 AM
  2. How logout in code that using Window Authentication?
    By Neil in forum ASP.NET Security
    Replies: 1
    Last Post: August 19th, 12:51 PM
  3. Why Code Authentication At All?
    By Brian in forum ASP.NET Security
    Replies: 2
    Last Post: June 11th, 06:34 PM
  4. Replies: 1
    Last Post: October 20th, 06:04 PM
  5. HELP: Authentication code
    By VB Programmer in forum ASP.NET Security
    Replies: 12
    Last Post: August 7th, 06:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139