How I did it, in ASP.NET 1.1:
//global.asax
protected void Application_Aut henticateReques t(Object sender, EventArgs e)
{
if (HttpContext.Cu rrent.User != null)
{
if (HttpContext.Cu rrent.User.Iden tity.IsAuthenti cated)
{
if (HttpContext.Cu rrent.User.Iden tity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id =
(FormsIdentity) HttpContext.Cur rent.User.Ident ity;
// Get Forms Ticket From Identity object
FormsAuthentica tionTicket ticket = id.Ticket;
// Retrieve stored user-data (our roles from db)
string userData = ticket.UserData ;
string[] roles = userData.Split( ',');
// Create a new Generic Principal Instance and assign to
Current User
HttpContext.Cur rent.User = new GenericPrincipa l(id, roles);
}
}
}
}
// web.config:
<authenticati on mode="Forms">
<forms name="FormsAuth DB.AspxAuth"
loginUrl="defau lt.aspx"
protection="All "
timeout ="10"
path="/"/>
</authentication>
<authorizatio n>
<deny users="?" />
<allow users="*"/>
</authorization>
// loging page:
private void Button1_Click(o bject sender, System.EventArg s e)
{
// Initialize FormsAuthentica tion (reads the configuration and gets
// the cookie values and encryption keys for the given application)
FormsAuthentica tion.Initialize ();
// Create connection and command objects
SqlConnection conn =
new SqlConnection(" Data Source=PETER;Da tabase=Northwin d;User
ID=sa;password= ;");
conn.Open();
SqlCommand cmd = conn.CreateComm and();
cmd.CommandText = "SELECT roles FROM Employees WHERE username=@usern ame " +
"AND password=@passw ord"; // this should really be a stored procedure,
right?
// Fill our parameters
cmd.Parameters. Add("@username" , SqlDbType.NVarC har, 64).Value = TextBox1.Text;
cmd.Parameters. Add("@password" , SqlDbType.NVarC har, 64).Value = TextBox2.Text;
FormsAuthentica tion.HashPasswo rdForStoringInC onfigFile(TextB ox2.Text,"sha1" );
// you can use the above method for encrypting passwords to be stored in the
database
// Execute the command
SqlDataReader reader = cmd.ExecuteRead er();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthentica tionTicket ticket = new FormsAuthentica tionTicket(
1, // Ticket version
TextBox1.Text, // Username to be associated with this ticket
DateTime.Now, // Date/time issued
DateTime.Now.Ad dMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie (could be a checkbox on form)
reader.GetStrin g(0), // User-data (the roles from this user record in our
database)
FormsAuthentica tion.FormsCooki ePath); // Path cookie is valid for
// Hash the cookie for transport over the wire
string hash = FormsAuthentica tion.Encrypt(ti cket);
HttpCookie cookie = new HttpCookie(
FormsAuthentica tion.FormsCooki eName, // Name of auth cookie (it's the
name specified in web.config)
hash); // Hashed ticket
// Add the cookie to the list for outbound response
Response.Cookie s.Add(cookie);
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QuerySt ring["ReturnUrl"];
if (returnUrl == null) returnUrl = "LoggedIn.aspx" ;
// Don't call the FormsAuthentica tion.RedirectFr omLoginPage since it could
// replace the authentication ticket we just added...
Response.Redire ct(returnUrl);
}
else
{
// Username and or password not found in our database...
ErrorLabel.Text = "Username / password incorrect. Please login again.";
ErrorLabel.Visi ble = true;
}
}
--Hope that helps.
Peter
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
"thomson" wrote:
Hi Peter,
i tried with ur solution but its on a loop , Help me
out
Thanks in Advance
thomson
thomson wrote:
Hi,
if i implement the HTTP Module section, and use the
Application_Aut henticateReques t, will it fire for each and every
request between projects,
since i do have multiple Web Projects?
Regards
thomson
Peter Bromberg [ C# MVP ] wrote:
In every page request, the Application_Aut henticateReques t even fires. This
is the typicaly place where you perform whatever authentication you want to
do .
Peter
>
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
>
>
>
>
"thomson" wrote:
>
Hi All,
i do hae a solution in which i do have mulitple projects
including Web Projects,, Depending on the functionality it gets
redirected to different web projects and it is working fine,
for eg: http:DomainName/MainProject/index.aspx, If i login, it gets
redirectes to a different Web Project inside the solution like
http://DomainName/MainProject/ChildProject/MyPage.aspx..
This works perfectly fine.
My issue is
:
I need to add redirect a set of request to a different page based on
some criteria, for eg; i do have certain calls like
http://DomainName/username, when a request come like this i need to
authenticate the username with the database and redirect to a
dynamically constructed page which can be a different Web Project
inside the same solution.
Can anyone please guide me how do i solve this issue, should i use a
HTTP Module for this: since it has multipl;e projects i guess some
thing wrong