Here is one way to handle this:
[color=blue][color=green]
>> So you need to use Forms Authentication to authenticate a given UID and
>> PWD
>> combination. These values can be in your DB and you need to look them up
>> and
>> verify that the typped in values match the ones in the DB. (Note that the
>> connection string for your DB has nothing to do with this. You use those
>> credentials to make the connection and take advantage of the connection
>> pool. You do NOT vary the conenct string with each user as this is a true
>> scalabilit killer.)
>>
>> Sample code requires you to have a login method on your Principal class
>> (which calls your Identity class).
>>
>> mUser.Login(txtUserId.Text, txtPassword.Text)
>> mUser = CType(Thread.CurrentPrincipal, myUser)
>>
>> If mUser.Identity.IsAuthenticated = True Then
>> HttpContext.Current.User = mUser
>> Session("myPrincipal") = mUser
>>
>> Web.Security.FormsAuthentication.RedirectFromLogin Page(txtUserId.Text,
>> False)
>> Else
>> 'do something else
>> End If
>>
>>
>> I use code like this in my Global.asax file to re-use the principal value
>> on
>> each hit:
>>
>> Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e
>> As
>> System.EventArgs) Handles MyBase.AcquireRequestState
>>
>> If Not Session("myPrincipal") Is Nothing Then
>> Thread.CurrentPrincipal = DirectCast(Session("myPrincipal"),
>> myUser)
>> HttpContext.Current.User =DirectCast(Session("myPrincipal"),
>> myUser)
>> Else
>> If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
>> Web.Security.FormsAuthentication.SignOut()
>> Server.Transfer(Request.ApplicationPath + "/Login.aspx")
>> End If
>> End If
>>
>> End Sub
>>
>> Rocky Lhotka explains these concepts very well in his book on Business
>> Objects.
>>
http://www.lhotka.net/ArticleIndex.a...ea=CSLA%20.NET[/color][/color]
--
Joe Fallon
"GreggTB" <bremdevnet@yahoo.com> wrote in message
news:1116621328.846805.326910@o13g2000cwo.googlegr oups.com...[color=blue]
> I've got an page (LOGIN.ASPX) that receives the user's login
> information. During the page load, it checks the credentials against a
> database and, if validation is successful, creates an instance of an
> object that stores the user's basic profile data (username, user type,
> associated sales region, etc.).
>
> I've been taking this user info and placing it in the Session object
> like so...
>
> Session["USER"] = user;
>
>
> Originally, I'd been trying to use Response.Redirect to send the users
> to the next appropriate page in the application but it seems that the
> Redirect kills the current thread and thus the session data is lost.
>
> So I tried using Server.Transfer which seems to work but, of course,
> the client's browser still shows "LOGIN.ASPX" in the address field. Not
> really a problem except for two things...
>
> ....when the user hits F5 to refresh the page, the page executes from
> the beginning and walks through the login process all over again.
>
> ...,if the page displays a link to another page in the same
> application, clicking the link will also cause the contents of the
> Session object to disappear.
>
>
> My questions are:
>
> 1.) Is there any way to use Redirect from the login page without losing
> the contents of the Session object?
>
> 2.) Is there a more effective/efficient way to use Server.Transfer?
>
> Any assistance would be greatly appreciated! Thanks!
>[/color]
