By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,870 Members | 1,212 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,870 IT Pros & Developers. It's quick & easy.

Pricipal object

P: n/a
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #1
Share this Question
Share on Google+
11 Replies


P: n/a
application_authenticaterequest

and yes each request is a unique by itself. the only way you say that it
belong to this user from a server's prespective is
a. session id
b. principal based on authentication

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004

Nov 18 '05 #2

P: n/a
I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp

'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
' Attach the new principal object to the current HttpContext object
Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004

Nov 18 '05 #3

P: n/a
thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?

i doubt no!

amit

"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles) ' Attach the new principal object to the current HttpContext object Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #4

P: n/a
yes it is accessible everywhere... even your middle tier components as long
as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the username
which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?

i doubt no!

amit

"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
I assume you are talking about doing this along with authentication.
Here
is what I've done, and it works great. This was taken from an example on
MSDN.

http://msdn.microsoft.com/library/de...SecNetHT04.asp

'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie =
Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,

roles)
' Attach the new principal object to the current HttpContext

object
Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
> where is the place to attach pricipall object to identity.
>
> global file
> and is it necessary to attach each time user roles to principal
> object..
>
> amit
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004

Nov 18 '05 #5

P: n/a
Hello
thx for ur reply
have used this implementation on a live site
how is it showing results!!!

yhx amit

"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles) ' Attach the new principal object to the current HttpContext object Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #6

P: n/a
hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)

instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session

thats it ,,

what do u feel

please comment on it

amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oe**************@TK2MSFTNGP09.phx.gbl...
yes it is accessible everywhere... even your middle tier components as long as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the username which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?

i doubt no!

amit

"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
I assume you are talking about doing this along with authentication.
Here
is what I've done, and it works great. This was taken from an example on MSDN.

http://msdn.microsoft.com/library/de...SecNetHT04.asp

'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie =
Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,

roles)
' Attach the new principal object to the current HttpContext

object
Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
> where is the place to attach pricipall object to identity.
>
> global file
> and is it necessary to attach each time user roles to principal
> object..
>
> amit
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #7

P: n/a
this concept can work for cookieless mode:?
i guess not
then are we handicapped..?

please reply

amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user

'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If

Dim authTicket As FormsAuthenticationTicket

Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try

If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If

Dim roles() As String = {"role1","role2","role3"}

' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)

' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles) ' Attach the new principal object to the current HttpContext object Context.User = principal
End Sub

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User

'username
Response.Write ("Your username " & p.Identity.Name)

If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub

"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
where is the place to attach pricipall object to identity.

global file
and is it necessary to attach each time user roles to principal object..

amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #8

P: n/a
but if you are encrypting the ticket before writing the ticket to the cookie
whats the problem ?

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl...
hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)

instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session

thats it ,,

what do u feel

please comment on it

amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oe**************@TK2MSFTNGP09.phx.gbl...
yes it is accessible everywhere... even your middle tier components as

long
as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the

username
which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
> thx for ur reply...
> is user.identity.name
> accessible in class modules and ascx controls?
>
> i doubt no!
>
> amit
>
> "Michael" <raterus@localhost> wrote in message
> news:ek**************@TK2MSFTNGP09.phx.gbl...
>> I assume you are talking about doing this along with authentication.
>> Here
>> is what I've done, and it works great. This was taken from an example on >> MSDN.
>>
> http://msdn.microsoft.com/library/de...SecNetHT04.asp >>
>> 'in global.asax
>> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal
>> e
>> As
>> EventArgs)
>> ' Fires upon attempting to authenticate the user
>>
>> 'Extract the forms authentication cookie
>> Dim cookieName As String = FormsAuthentication.FormsCookieName
>> Dim authCookie As HttpCookie =
>> Context.Request.Cookies(cookieName)
>>
>> If authCookie Is Nothing Then
>> 'There is no authentication cookie.
>> Return
>> End If
>>
>> Dim authTicket As FormsAuthenticationTicket
>>
>> Try
>> authTicket = FormsAuthentication.Decrypt(authCookie.Value)
>> Catch ex As Exception
>> ' Log exception details (omitted for simplicity)
>> Return
>> End Try
>>
>> If authTicket Is Nothing Then
>> ' Cookie failed to decrypt.
>> Return
>> End If
>>
>> Dim roles() As String = {"role1","role2","role3"}
>>
>> ' Create an Identity object
>> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>>
>> ' This principal will flow throughout the request.
>> Dim principal As GenericPrincipal = New GenericPrincipal(id,
> roles)
>> ' Attach the new principal object to the current HttpContext
> object
>> Context.User = principal
>>
>>
>> End Sub
>>
>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> System.EventArgs) Handles MyBase.Load
>> 'Put user code to initialize the page here
>> Dim p As System.Security.Principal.IPrincipal =
>> HttpContext.Current.User
>>
>> 'username
>> Response.Write ("Your username " & p.Identity.Name)
>>
>> If p.IsInRole("role1") Then
>> Response.Write("User is in role1")
>> Else
>> Response.Write("User is not in role1")
>> End If
>> End Sub
>>
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> > where is the place to attach pricipall object to identity.
>> >
>> > global file
>> > and is it necessary to attach each time user roles to principal
>> > object..
>> >
>> > amit
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004

Nov 18 '05 #9

P: n/a
here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.

amit

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
but if you are encrypting the ticket before writing the ticket to the cookie whats the problem ?

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl...
hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)

instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session

thats it ,,

what do u feel

please comment on it

amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message news:Oe**************@TK2MSFTNGP09.phx.gbl...
yes it is accessible everywhere... even your middle tier components as

long
as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the

username
which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind... user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
> thx for ur reply...
> is user.identity.name
> accessible in class modules and ascx controls?
>
> i doubt no!
>
> amit
>
> "Michael" <raterus@localhost> wrote in message
> news:ek**************@TK2MSFTNGP09.phx.gbl...
>> I assume you are talking about doing this along with authentication.
>> Here
>> is what I've done, and it works great. This was taken from an example
on
>> MSDN.
>>
>

http://msdn.microsoft.com/library/de...SecNetHT04.asp >>
>> 'in global.asax
>> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal >> e
>> As
>> EventArgs)
>> ' Fires upon attempting to authenticate the user
>>
>> 'Extract the forms authentication cookie
>> Dim cookieName As String = FormsAuthentication.FormsCookieName >> Dim authCookie As HttpCookie =
>> Context.Request.Cookies(cookieName)
>>
>> If authCookie Is Nothing Then
>> 'There is no authentication cookie.
>> Return
>> End If
>>
>> Dim authTicket As FormsAuthenticationTicket
>>
>> Try
>> authTicket = FormsAuthentication.Decrypt(authCookie.Value) >> Catch ex As Exception
>> ' Log exception details (omitted for simplicity)
>> Return
>> End Try
>>
>> If authTicket Is Nothing Then
>> ' Cookie failed to decrypt.
>> Return
>> End If
>>
>> Dim roles() As String = {"role1","role2","role3"}
>>
>> ' Create an Identity object
>> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>>
>> ' This principal will flow throughout the request.
>> Dim principal As GenericPrincipal = New GenericPrincipal(id,
> roles)
>> ' Attach the new principal object to the current HttpContext
> object
>> Context.User = principal
>>
>>
>> End Sub
>>
>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> System.EventArgs) Handles MyBase.Load
>> 'Put user code to initialize the page here
>> Dim p As System.Security.Principal.IPrincipal =
>> HttpContext.Current.User
>>
>> 'username
>> Response.Write ("Your username " & p.Identity.Name)
>>
>> If p.IsInRole("role1") Then
>> Response.Write("User is in role1")
>> Else
>> Response.Write("User is not in role1")
>> End If
>> End Sub
>>
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> > where is the place to attach pricipall object to identity.
>> >
>> > global file
>> > and is it necessary to attach each time user roles to principal
>> > object..
>> >
>> > amit
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Nov 18 '05 #10

P: n/a
oh well, don't know much about cookieless forms authentication.. but if you
do get anywhere (ie get it working)... please do drop in a line...

--
Regards,
HD
Once a Geek.... Always a Geek
".NET Follower" <anonymn@rediffcom> wrote in message
news:uV**************@TK2MSFTNGP10.phx.gbl...
here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.

amit

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
but if you are encrypting the ticket before writing the ticket to the

cookie
whats the problem ?

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl...
> hi,
> my prj manager is saying
> not to store roles in ticket i.e on clients m/c(cookie)
>
> instead store it in sesion
> then i feel there is mo need to store roles in principal
> jus create a method IsInRole() and pass role like admin
> and check for specified role in rolearray which is in session
>
> thats it ,,
>
> what do u feel
>
> please comment on it
>
> amit
>
>
> "Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message > news:Oe**************@TK2MSFTNGP09.phx.gbl...
>> yes it is accessible everywhere... even your middle tier components as
> long
>> as they get hold of HttpContext Object
>> if you assigned the userid or the FirstName + " " + LastName to the
> username
>> which creating the forms authentication ticket,
>> then you can read that value anywhere in your code.. be it code behind... >> user controls... or even your custom components.
>> as long as you bind the ticket to the principal in
>> Applicaiton_AuthenticateRequest
>>
>> --
>>
>> Regards,
>> HD
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:%2****************@TK2MSFTNGP12.phx.gbl...
>> > thx for ur reply...
>> > is user.identity.name
>> > accessible in class modules and ascx controls?
>> >
>> > i doubt no!
>> >
>> > amit
>> >
>> > "Michael" <raterus@localhost> wrote in message
>> > news:ek**************@TK2MSFTNGP09.phx.gbl...
>> >> I assume you are talking about doing this along with
>> >> authentication.
>> >> Here
>> >> is what I've done, and it works great. This was taken from an example > on
>> >> MSDN.
>> >>
>> >
> http://msdn.microsoft.com/library/de...SecNetHT04.asp >> >>
>> >> 'in global.asax
>> >> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal >> >> e
>> >> As
>> >> EventArgs)
>> >> ' Fires upon attempting to authenticate the user
>> >>
>> >> 'Extract the forms authentication cookie
>> >> Dim cookieName As String = FormsAuthentication.FormsCookieName >> >> Dim authCookie As HttpCookie =
>> >> Context.Request.Cookies(cookieName)
>> >>
>> >> If authCookie Is Nothing Then
>> >> 'There is no authentication cookie.
>> >> Return
>> >> End If
>> >>
>> >> Dim authTicket As FormsAuthenticationTicket
>> >>
>> >> Try
>> >> authTicket = FormsAuthentication.Decrypt(authCookie.Value) >> >> Catch ex As Exception
>> >> ' Log exception details (omitted for simplicity)
>> >> Return
>> >> End Try
>> >>
>> >> If authTicket Is Nothing Then
>> >> ' Cookie failed to decrypt.
>> >> Return
>> >> End If
>> >>
>> >> Dim roles() As String = {"role1","role2","role3"}
>> >>
>> >> ' Create an Identity object
>> >> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>> >>
>> >> ' This principal will flow throughout the request.
>> >> Dim principal As GenericPrincipal = New
>> >> GenericPrincipal(id,
>> > roles)
>> >> ' Attach the new principal object to the current
>> >> HttpContext
>> > object
>> >> Context.User = principal
>> >>
>> >>
>> >> End Sub
>> >>
>> >> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> >> System.EventArgs) Handles MyBase.Load
>> >> 'Put user code to initialize the page here
>> >> Dim p As System.Security.Principal.IPrincipal =
>> >> HttpContext.Current.User
>> >>
>> >> 'username
>> >> Response.Write ("Your username " & p.Identity.Name)
>> >>
>> >> If p.IsInRole("role1") Then
>> >> Response.Write("User is in role1")
>> >> Else
>> >> Response.Write("User is not in role1")
>> >> End If
>> >> End Sub
>> >>
>> >> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> >> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> >> > where is the place to attach pricipall object to identity.
>> >> >
>> >> > global file
>> >> > and is it necessary to attach each time user roles to principal
>> >> > object..
>> >> >
>> >> > amit
>> >> >
>> >> >
>> >> > ---
>> >> > Outgoing mail is certified Virus Free.
>> >> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> >> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004

Nov 18 '05 #11

P: n/a
hi
this is a site which i found
http://www.codeproject.com/aspnet/cookieless.asp

keep in touch
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:ef**************@TK2MSFTNGP11.phx.gbl...
oh well, don't know much about cookieless forms authentication.. but if you do get anywhere (ie get it working)... please do drop in a line...

--
Regards,
HD
Once a Geek.... Always a Geek
".NET Follower" <anonymn@rediffcom> wrote in message
news:uV**************@TK2MSFTNGP10.phx.gbl...
here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.

amit

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl...
but if you are encrypting the ticket before writing the ticket to the

cookie
whats the problem ?

--

Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl...
> hi,
> my prj manager is saying
> not to store roles in ticket i.e on clients m/c(cookie)
>
> instead store it in sesion
> then i feel there is mo need to store roles in principal
> jus create a method IsInRole() and pass role like admin
> and check for specified role in rolearray which is in session
>
> thats it ,,
>
> what do u feel
>
> please comment on it
>
> amit
>
>
> "Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in

message
> news:Oe**************@TK2MSFTNGP09.phx.gbl...
>> yes it is accessible everywhere... even your middle tier components as > long
>> as they get hold of HttpContext Object
>> if you assigned the userid or the FirstName + " " + LastName to the
> username
>> which creating the forms authentication ticket,
>> then you can read that value anywhere in your code.. be it code

behind...
>> user controls... or even your custom components.
>> as long as you bind the ticket to the principal in
>> Applicaiton_AuthenticateRequest
>>
>> --
>>
>> Regards,
>> HD
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:%2****************@TK2MSFTNGP12.phx.gbl...
>> > thx for ur reply...
>> > is user.identity.name
>> > accessible in class modules and ascx controls?
>> >
>> > i doubt no!
>> >
>> > amit
>> >
>> > "Michael" <raterus@localhost> wrote in message
>> > news:ek**************@TK2MSFTNGP09.phx.gbl...
>> >> I assume you are talking about doing this along with
>> >> authentication.
>> >> Here
>> >> is what I've done, and it works great. This was taken from an

example
> on
>> >> MSDN.
>> >>
>> >
>

http://msdn.microsoft.com/library/de...SecNetHT04.asp
>> >>
>> >> 'in global.asax
>> >> Sub Application_AuthenticateRequest(ByVal sender As Object,

ByVal
>> >> e
>> >> As
>> >> EventArgs)
>> >> ' Fires upon attempting to authenticate the user
>> >>
>> >> 'Extract the forms authentication cookie
>> >> Dim cookieName As String =

FormsAuthentication.FormsCookieName
>> >> Dim authCookie As HttpCookie =
>> >> Context.Request.Cookies(cookieName)
>> >>
>> >> If authCookie Is Nothing Then
>> >> 'There is no authentication cookie.
>> >> Return
>> >> End If
>> >>
>> >> Dim authTicket As FormsAuthenticationTicket
>> >>
>> >> Try
>> >> authTicket =

FormsAuthentication.Decrypt(authCookie.Value)
>> >> Catch ex As Exception
>> >> ' Log exception details (omitted for simplicity)
>> >> Return
>> >> End Try
>> >>
>> >> If authTicket Is Nothing Then
>> >> ' Cookie failed to decrypt.
>> >> Return
>> >> End If
>> >>
>> >> Dim roles() As String = {"role1","role2","role3"}
>> >>
>> >> ' Create an Identity object
>> >> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>> >>
>> >> ' This principal will flow throughout the request.
>> >> Dim principal As GenericPrincipal = New
>> >> GenericPrincipal(id,
>> > roles)
>> >> ' Attach the new principal object to the current
>> >> HttpContext
>> > object
>> >> Context.User = principal
>> >>
>> >>
>> >> End Sub
>> >>
>> >> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As >> >> System.EventArgs) Handles MyBase.Load
>> >> 'Put user code to initialize the page here
>> >> Dim p As System.Security.Principal.IPrincipal =
>> >> HttpContext.Current.User
>> >>
>> >> 'username
>> >> Response.Write ("Your username " & p.Identity.Name)
>> >>
>> >> If p.IsInRole("role1") Then
>> >> Response.Write("User is in role1")
>> >> Else
>> >> Response.Write("User is not in role1")
>> >> End If
>> >> End Sub
>> >>
>> >> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> >> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> >> > where is the place to attach pricipall object to identity.
>> >> >
>> >> > global file
>> >> > and is it necessary to attach each time user roles to principal
>> >> > object..
>> >> >
>> >> > amit
>> >> >
>> >> >
>> >> > ---
>> >> > Outgoing mail is certified Virus Free.
>> >> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> >> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004 >> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.573 / Virus Database: 363 - Release Date: 1/28/2004
Nov 18 '05 #12

This discussion thread is closed

Replies have been disabled for this discussion.