Hi all,
I'm testing ASP.NET 1.1 authentications and cookies features, and I've
red tons of tutorials and articles about this, but not all is clear for me.
My goal is to create a basic site with authentication process, like my
other ASP 3.0 sites that I developed with classical session variables to
follow each user with some personal data (like role, e-mail address,
preferences, ect.).
In .NET 1.1 I understand the basic web.config settings with
<authentication > node and <authorize> and so on... I've tested the
global.asax "onauthenticati onrequest" to cast an identities to principal
for use "isInRole" properties, but this hint not solve the problem of
save in temporary memory some other data for not access to database
everytime, also I want to use a database table for storing my users
data, also their role in this application.
My questions are:
1) if I use a database table, can I use "If
FormsAuthentica tion.Authentica te(txtUsername. Text, txtPassword.Tex t)
Then ..."? (I don't think so, I think this is only possible with users
and passwords definition on web.config, so I've to check with an "IF
statement" the value with my datareader relative values.)
2) How can I menage efficently roles? I don't want to ask to database
the user credential every page access... I've tried a trick to add to
user name the role value with ":rolevalue " and then retrieve with a
substring method the relative values (in this case I can pass user name
and role simply, but I can't pass efficently other informations).
2.1) Can I use temporary cookies to store this informations?
2.2) Can I eventually encript this cookies (there's some builtin .NET
functions?)
2.3) Can I use sessions variables? Many people say that is not a good
idea...
3) There's a way to add other values to the cookie that ASP.NET generate
for authentication? Or I've to set another cookie for that? I see that
this auto-generated cookie is encrypted, so it would be a good and
simple possibility for my goals ;-)
4) I've tried to set up a clear-text cookie in the meaning of:
If FormsAuthentica tion.Authentica te(txtUsername. Text, txtPassword.Tex t) Then
Dim cook As New HttpCookie("tri alcookie")
cook.Values.Add ("role", "1")
Response.Cookie s.Add(cook)
FormsAuthentica tion.RedirectFr omLoginPage(txt Username.Text, False)
End If
but in the protected page, now visible after this authentication, I
can't see "role" value of the cookie... why?
5) If I've two subdirectories "users" and "admins" (each contain
specific content pages), and If I can't manage group in web.config with
form authentication, how can I denied access to this specific
directories? I think I've to add code at "load" event to each page to
check user role (take by cookies, sesssion variables or other
suggestions see at top questions), in fact, I can't use <location>
node to specify group roles...
Really thanks for your patience, I think that this post can be usefull
for some other .NET newbie developer like me :-).
Nicola 2 1840
Nicola here is a good article here at :-(Which uses Database to store its
Roles and secures drirectories) http://www.codeproject.com/aspnet/formsroleauth.asp
Hope this helps
Patrick
**Any more questions pls do post it
"Nicola Farina" <"sciagu[nospam]"@libero.it > wrote in message
news:Oe******** ******@TK2MSFTN GP10.phx.gbl... Hi all,
I'm testing ASP.NET 1.1 authentications and cookies features, and I've red tons of tutorials and articles about this, but not all is clear for
me. My goal is to create a basic site with authentication process, like my other ASP 3.0 sites that I developed with classical session variables to follow each user with some personal data (like role, e-mail address, preferences, ect.).
In .NET 1.1 I understand the basic web.config settings with <authentication > node and <authorize> and so on... I've tested the global.asax "onauthenticati onrequest" to cast an identities to principal for use "isInRole" properties, but this hint not solve the problem of save in temporary memory some other data for not access to database everytime, also I want to use a database table for storing my users data, also their role in this application.
My questions are:
1) if I use a database table, can I use "If FormsAuthentica tion.Authentica te(txtUsername. Text, txtPassword.Tex t) Then ..."? (I don't think so, I think this is only possible with users and passwords definition on web.config, so I've to check with an "IF statement" the value with my datareader relative values.)
2) How can I menage efficently roles? I don't want to ask to database the user credential every page access... I've tried a trick to add to user name the role value with ":rolevalue " and then retrieve with a substring method the relative values (in this case I can pass user name and role simply, but I can't pass efficently other informations).
2.1) Can I use temporary cookies to store this informations? 2.2) Can I eventually encript this cookies (there's some builtin .NET functions?) 2.3) Can I use sessions variables? Many people say that is not a good idea...
3) There's a way to add other values to the cookie that ASP.NET generate for authentication? Or I've to set another cookie for that? I see that this auto-generated cookie is encrypted, so it would be a good and simple possibility for my goals ;-)
4) I've tried to set up a clear-text cookie in the meaning of: If FormsAuthentica tion.Authentica te(txtUsername. Text, txtPassword.Tex t)
Then Dim cook As New HttpCookie("tri alcookie") cook.Values.Add ("role", "1") Response.Cookie s.Add(cook) FormsAuthentica tion.RedirectFr omLoginPage(txt Username.Text, False) End If but in the protected page, now visible after this authentication, I can't see "role" value of the cookie... why?
5) If I've two subdirectories "users" and "admins" (each contain specific content pages), and If I can't manage group in web.config with form authentication, how can I denied access to this specific directories? I think I've to add code at "load" event to each page to check user role (take by cookies, sesssion variables or other suggestions see at top questions), in fact, I can't use <location> node to specify group roles...
Really thanks for your patience, I think that this post can be usefull for some other .NET newbie developer like me :-).
Nicola
Patrick.O.Ige ha scritto: Nicola here is a good article here at :-(Which uses Database to store its Roles and secures drirectories)
ok but for other user relate data? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
# No warranty express or implied for the accuracy, fitness to purpose
|
by: Jay |
last post by:
I have authentication set for my site but I need one page to be an exception
case. Namely my forgot password page. How do I tell the webconfig file to
authenciate all pages except one page?
Thank You for any input on this matter!
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this...
|
by: Joey Powell |
last post by:
This message was originally posted to the aspnet.security newsgroup,
but no one there has ever heard of this before. That is why I am
posting this message here, so that more people will see it...
On my asp.net application, suddenly the forms authentication cookies
for clients have quit expiring. This results in users being able to
access...
|
by: Peter Row |
last post by:
Hi,
I better get the background stuff out the way first, so here goes:
- Porting a VB6 webclass app to VB.NET using HttpHandlers and
FormsAuthentication
- When someone visits my site unbeknown to them they are automatically
logged in as a guest
via the .NET forms authentication.
| |
by: Mike |
last post by:
1. For some reason after the session has ended and the authentication cookie has expired I'm not being redirected to the login page. Insted I'm be assigned a new authentication cookie? Anyone have any ideas as to what may be causing this? (I'm using Microsoft's example
2. I'm also transferring a forms authentication cookie recieved from a web...
|
by: pv_kannan |
last post by:
I recently found out that my authentication cookies are not expiring
even though I have set the persist property to false. As a result,
users are able to access the secure websites with indifferent results.
Any pointers/suggestions would be very appreciated.
Things were running as usual till until recently.
Here are the relevant pieces...
|
by: Mark Olbert |
last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly
because I don't want to create my own provider at this point, and the supplied stuff comes with a lot of baggage I don't want/need).
In ASPNET1.1 what I would do was something like the following, after...
|
by: =?Utf-8?B?TFc=?= |
last post by:
Hello!
I am just learning about forms authentication so please excuse this basic
question. I am using .NET 1.1 and C#.
I have created my web.config file and my login.aspx and the associated cs
file using
examples on MSDN. I have created a FormsAuthenticationTicket and cookie and
added the cookie to the response and then set the...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |