Validation/Authentication Techniques

[rhnewfie]

Hi All

I am moving from classic ASP to ASP.NET so of course still like to use some of the old ways

What I want to do (have started) is on validation of user/pass I pass the returned id into a user object which then populates the user data.

If I successfully authenticate the user what is the best way to then have that users authentication known throughout the entire site?

I have been playing around with this sort of stuff:

m_User = new User(i_LoggedIn);
if (m_User.UserID != 0)
{
FormsAuthentication.SetAuthCookie(m_User.UserID.ToString(), true);
FormsAuthentication.RedirectFromLoginPage("test", true);
}
else
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}

All the material that I read deals with the login processes that use the asp:login and the aspnetdb as opposed to custom code.

Any help or direction would be appreciated!

I am almost out of questions ;-)

 

[link9]

What you have there is pretty much the meat of it.

You can then access the user's identity on other pages in the site by accessing:

HttpContext.Current.User.Identity

Are you having a specific problem with the code you posted?

-paul

The answer to getting answered -- faq855-2992

 

[rhnewfie]

A bit.

For instance I have this in my page layout:

<asp:LoginView ID="userlogin" runat="server">
                       <LoggedInTemplate>
                           <asp:LoginName ID="loginname1" runat="server" FormatString="Hello:   {0}"/><br />
                           Last Login:
                           <asp:Button ID="logout" runat="server" Text="Log Out" OnClick="logout_Click" PostBackUrl="~/Default.aspx" />
                       </LoggedInTemplate>
                       <AnonymousTemplate>
                           You are Not Currently Logged In
                       </AnonymousTemplate>
                   </asp:LoginView>
                    <asp:Login ID="Login1" runat="server" DestinationPageUrl="~/Default.aspx" OnAuthenticate="Login1_Authenticate"
                        VisibleWhenLoggedIn="False">
                    </asp:Login>

However, when I login to the site I get the loggedintemplate but the login box stays too, not sure how to get rid of it.

When I click the logout button the following code runs:

FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();

but I can still type in the address to an actual page on the site and it lets me get there instead of redirecting to the login page.

 

[rhnewfie]

Also;

Is there a way for me to access or pass m_User to all other pages as the user travels around?

Thanks!

 

[rhnewfie]

Oh

When I have done this:

m_User = new User(i_LoggedIn);

Can I do the following in my aspx page? It keeps giving me errors.

<%=m_User.LastLogin.toString();

Thanks!

 

[jbenson001]

You can assing the value to a label for example:
label1.text = m_User.LastLogin.toString();

 

[rhnewfie]

Cool! Thanks!

 

[rhnewfie]

Alright...

Say I create my m_User in Default.aspx

Is there a way to access that m_User on other pages?

 

[jbenson001]

Yes, expose it as a property of Default.aspx

 

[rhnewfie]

Is that the best way?

Again, I am learning up the curve here

 

[jbenson001]

Yes using properties is the best way and the Object Oriented (OO) way of doing things which is what .NET is all about.