Rocky Lhotka explains very clearly how to do all this in his book.
http://www.lhotka.net/ArticleIndex.a...ea=CSLA%20.NET
The basic idea is to create a custom Principal class which contains a
reference to the Identity class.
They each implement the appropriate interfaces.
(Rocky provides sample clases.)
Then you can modify your class to include other pieces of information (like
UserID, CompanyName, etc.).
Then just use AcquireRequestS tate to pull your Principal class out of
session at the beginning of each hit.
This way all of the data in it is available throughout the request.
When the user logs in - that is when the class authenticates the user
against a DB (or some other mechanism).
If the login succeeds, you store the Principal class in session for later
use then RedirectFromLog inPage.
=============== =============== =============== =============== =============== ===
Dim mUser As MyPrincipal
mUser.Login(Use rId, Password)
mUser = CType(Thread.Cu rrentPrincipal, MyPrincipal)
If mUser.Identity. IsAuthenticated = True Then
HttpContext.Cur rent.User = mUser
State.CSLA_Prin cipal = mUser
Web.Security.Fo rmsAuthenticati on.RedirectFrom LoginPage(txtUs erId.Text,
False)
Else
'do something about a failed login
End If
=============== =============== =============== =============== =============== ===
Here is the VB code in my Global.asax file:
Private Sub Global_AcquireR equestState(ByV al sender As Object, ByVal e As
System.EventArg s) Handles MyBase.AcquireR equestState
'See pages 509-510 for a lengthy explanation of this code
If Not State.CSLA_Prin cipal Is Nothing Then
Thread.CurrentP rincipal = State.CSLA_Prin cipal
HttpContext.Cur rent.User = State.CSLA_Prin cipal
Else
If Thread.CurrentP rincipal.Identi ty.IsAuthentica ted = True Then
Web.Security.Fo rmsAuthenticati on.SignOut()
Server.Transfer (Request.Applic ationPath + "/Login.aspx")
Else
'Anonymous User
MyPrincipal.Log inAnonymous()
State.CSLA_Prin cipal = CType(Thread.Cu rrentPrincipal, MyPrincipal)
HttpContext.Cur rent.User = State.CSLA_Prin cipal
End If
End If
End Sub
The only "odd" thing in there is the use of a State class for handling
Session variables using strong typing.
These two are equivalent statements:
1. Thread.CurrentP rincipal = State.CSLA_Prin cipal
2. Thread.CurrentP rincipal = Ctype(Session(" CSLA_Principal" ), MyPrincipal)
The first one has intellisense, is easier to read and avoids typos.
Also, I added a LoginAnonymous( ) method to my custom Principal class to
allow some BOs to hit the DB prior to the user logging in.
e.g the login page displays data from the DB so the BO needs to fetch it and
yet no one is logged in yet.
--
Joe Fallon
"Beren" <be***@angband. me> wrote in message
news:KP******** *************@p hobos.telenet-ops.be...
Hello
With trial and error I'm attempting to create an extended identity to
store some more data than just the Name, for example a Subscription and a
LastSearchPerfo rmed property...
Is this a good idea ? I'm coming from ASP and Session variables, but I
explicitly wanted to avoid that for .NET.
The problem I'm facing is that I don't find a good way to bring my source
data from the login routine to the AuthenticateReq uest event, as followed
in a little pseudocode which hopefully shows my thoughts and my errors...
[login.aspx]
Button_Click_Ev ent
< GetUserDataFrom Database >
....
FormsAuthentica tion.Redirect(s UserName, False)
End
[global.asax]
Application_Aut henticateReques t( s , e ){
If Request.IsAuthe nticated Then
Dim objIdentity As
myCustomIdentit yClass(Context. User.Identity.N ame)
'/// This is where I need to get the data from <
GetUserDataFrom Database >
'/// which is called in the button click event from the
unrelated page.
'/// How do I get that data here without having to call the
database for every Request ?
....
<assign roles & custom identity to Context.User>
End If
End
The main question is commented in that event,
I hope someone can help me to find the best way to do it, or just tell me
I'm completely on the wrong way to do this.
Thanks,
Beren
