Here's bit of forms authentication from my project
// Register.aspx.cs - register and log user the first time
private void btnRegister_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
FormsAuthentication.Initialize();
UserDetail myUser = new UserDetail();
myUser.Email = txtEmail.Text;
myUser.PasswordHash =
FormsAuthentication.HashPasswordForStoringInConfig File(txtPassword.Text,
"md5");
UsersDB myUserDB = new UsersDB();
bool UserAdded = myUserDB.SetUserInfo(ref myUser);
if(UserAdded == false)
{
lblUserExists.Visible = true;
return;
}
else
{
LoggedUserInfo myUserInfo = myUserDB.GetRoles(myUser.Email,
myUser.PasswordHash);
if(myUserInfo.Role != null && myUserInfo.Role != "")
{
Security.SetUserInfo(myUserInfo, false);
// Redirect to the requested URL
string returnURL;
if(ViewState["returnURL"] != null)
returnURL = (string)ViewState["returnURL"];
else
returnURL = "/";
Response.Redirect(returnURL);
}
}
}
}
----------------------------------------------------------------------------
------------------
// Security.cs containing Security Class // used to set the authentication
ticket and cookie
public static void SetUserInfo(LoggedUserInfo myUser, bool persistant)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
1, // Ticket Version
myUser.UserID + ", " + myUser.Name, // UserName associated with the
ticket
DateTime.Now, // Date time issued
DateTime.Now.AddMinutes(30), // date time to expire
persistant, // cookie persistance
myUser.Role, // user data
FormsAuthentication.FormsCookiePath // cookie path configured
);
// Encrypt the cookie using machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
hash);
// set cookie's expiration time to ticket's expiration time
if(ticket.IsPersistent)
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
}
----------------------------------------------------------------------------
---------------------
// Login.aspx - Log user in
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
FormsAuthentication.Initialize();
UsersDB myUser = new UsersDB();
string email, passwordHash;
email = txtEmail.Text;
passwordHash =
FormsAuthentication.HashPasswordForStoringInConfig File(txtPassword.Text,
"md5");
LoggedUserInfo myUserInfo = myUser.GetRoles(email, passwordHash);
if(myUserInfo.Role != null && myUserInfo.Role != "")
{
Security.SetUserInfo(myUserInfo, chkRememberMe.Checked);
// Redirect to the requested URL
string returnURL;
if(ViewState["returnURL"] != null)
returnURL = (string)ViewState["returnURL"];
else
returnURL = "/";
Response.Redirect(returnURL);
}
else
{
lblErrorMsg.Text = "UserName / Password Incorrect Please try again.";
}
}
}
----------------------------------------------------------------------------
---------------------------------
// Web.config file
// under configuration >> system.web
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="Login.aspx"
timeout = "30"
slidingExpiration="true"
protection="All"
path="/" />
</authentication>
----------------------------------------------------------------------------
----------------------------------
// Last but not the least....
// Global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if(HttpContext.Current.User != null)
{
if(HttpContext.Current.User.Identity.IsAuthenticat ed)
{
if(HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// get data stored in cookie
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
----------------------------------------------------------------------------
--------
should be working now.. i can access my user info using
HttpContext.Current.User
can validate whether user is in a particular role or what his name is or his
id is.
hope this helps... know its a long post but didnt have an option...
--
Regards,
HD
"Martin" <du***@somewhere.nl> wrote in message
news:3f***********************@news.wanadoo.nl...
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials>
tag in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained in the
configured credential store, given the supplied credentials."
I figured it wouldn't be too hard to by-pass the retrieval of credentials
to some other source and that it could probably be done declaratively in
web.config. Well I still hope this is the case but I cannot find anything
about it anywhere except a couple more references that state that it is
very easy to do so. If anyone actually knows how I sure would like to know.
I have my own xml fle with credentials now. My problem is that, since I am
authenticating myself and do not use
FormsAuthentication.Authenticate() anymore, the user name is no longer
available from the read-only property
httpContext.Current.User.Identity.Name which was pretty nice. I can of course store my user name in some session
variable but this doesn't seem right, I want to do this properly.
I am also confused about the authentication cookie. Is it in any way
related to the session cookie or are sessions and authentication sessions
separate, independent animals?
Martin.