473,396 Members | 1,975 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > authentication by url parameter?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Authentication by URL parameter?

My ASP.NET application is a league-management system (for soccer
etc.). The league which is being viewed is determined in a URL
parameter, eg.:

http://www.mydomain.com/default.aspx?leagueid=3

(although I'm using URL rewriting to make this nicer, eg
http://www.mydomain.com/myleague/default.aspx, but all the leagues are
driven by the same set of pages - dynamically includes different CSS
to change look and feel for each league).

My problem is this:

For each league, I want users to be able to register, and log in to
see sensitive information (contact details etc).

But the user list has to be different for each league - eg users who
have registered for league A don't automatically get access to league
B's sensitive information, unless they register for league B as well.

If both leagues are driven by the same set of pages, and the only
difference is a URL parameter, how can I check whether they're logged
in or not?

I don't think I can use Forms Authentication, as it can't determine
authorization by URL parameter (as far as I can tell). Also, I'm
already using Forms authentication for a central admin system for the
whole application which is different again... (yipe)

Was thinking of just writing classic ASP-style authentication for the
front end, using Session variables or something...

eg if(Session["league"+thisleagueid+"LoggedIn"]...etc

Would this be evil?

Mike Taylor
Nov 18 '05 #1
2 1926
There are a bunch of ways you can pull this off...

One way ... If in the userID table let's say you make a field "league".
When they log on, you can still use asp.net and forms authentication. Then
store their userID to a session variable. Then for each view or page from
there on, have the userID as a parameter - and in any sql select or sp, you
can filter based on the league for the specific userID. Does that make
sense or am I already incoherent? :)
"Mike Taylor" <mi**@mjt.org.uk> wrote in message
news:98**************************@posting.google.c om...
My ASP.NET application is a league-management system (for soccer
etc.). The league which is being viewed is determined in a URL
parameter, eg.:

http://www.mydomain.com/default.aspx?leagueid=3

(although I'm using URL rewriting to make this nicer, eg
http://www.mydomain.com/myleague/default.aspx, but all the leagues are
driven by the same set of pages - dynamically includes different CSS
to change look and feel for each league).

My problem is this:

For each league, I want users to be able to register, and log in to
see sensitive information (contact details etc).

But the user list has to be different for each league - eg users who
have registered for league A don't automatically get access to league
B's sensitive information, unless they register for league B as well.

If both leagues are driven by the same set of pages, and the only
difference is a URL parameter, how can I check whether they're logged
in or not?

I don't think I can use Forms Authentication, as it can't determine
authorization by URL parameter (as far as I can tell). Also, I'm
already using Forms authentication for a central admin system for the
whole application which is different again... (yipe)

Was thinking of just writing classic ASP-style authentication for the
front end, using Session variables or something...

eg if(Session["league"+thisleagueid+"LoggedIn"]...etc

Would this be evil?

Mike Taylor

Nov 18 '05 #2
That would be the way I would suggest (which is how I do it.)
"Mike Taylor" <mi**@mjt.org.uk> wrote in message
news:98**************************@posting.google.c om...
My ASP.NET application is a league-management system (for soccer
etc.). The league which is being viewed is determined in a URL
parameter, eg.:

http://www.mydomain.com/default.aspx?leagueid=3

(although I'm using URL rewriting to make this nicer, eg
http://www.mydomain.com/myleague/default.aspx, but all the leagues are
driven by the same set of pages - dynamically includes different CSS
to change look and feel for each league).

My problem is this:

For each league, I want users to be able to register, and log in to
see sensitive information (contact details etc).

But the user list has to be different for each league - eg users who
have registered for league A don't automatically get access to league
B's sensitive information, unless they register for league B as well.

If both leagues are driven by the same set of pages, and the only
difference is a URL parameter, how can I check whether they're logged
in or not?

I don't think I can use Forms Authentication, as it can't determine
authorization by URL parameter (as far as I can tell). Also, I'm
already using Forms authentication for a central admin system for the
whole application which is different again... (yipe)

Was thinking of just writing classic ASP-style authentication for the
front end, using Session variables or something...

eg if(Session["league"+thisleagueid+"LoggedIn"]...etc

Would this be evil?

Mike Taylor

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Authentication at Instance Vs Authentication at Database
by: Raquel | last post by:
I am confused between Authentication at Instance Vs Authentication at Database. Instance authentication is specified at Instance creation time (db2icrt) and is stored in db mgr. cfg. file while...
DB2 Database
2
using Forms Authentication
by: VR | last post by:
Hi, I am using Forms type of authentication, but having problems redirecting users to default page after they get authenticated. My default page is default.aspx, but it's in 'public'...
ASP.NET
4
MSDE Authentication
by: Anthony P. Mancini | last post by:
Does anyone know how to make the MSDE do SQL authentication ? It appears to authenticate using Windows at all times. Thanks, Anthony
ASP.NET
1
Authentication Not Required When it Should Be?
by: David Krussow | last post by:
I have implemented ASP.NET Forms authentication in a test app. The app has a number of forms - only one of which requires authentication in order to be viewed (the "secured form"). Everything works...
ASP.NET
0
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
ASP.NET
2
forms authentication returns 401 instead of going to login page
by: Andy Fish | last post by:
Hi, I have an app in the 1.1 framework that uses forms authentication . In the normal case, if the user requests a page and is not logged in, he is redirected to the login page. However, I...
ASP.NET
0
parameter cant past after authentication page
by: kean yeoh via DotNetMonster.com | last post by:
hi, I am trying to past the parameter with value into an authentication page. for example: http://test.com/authpage.aspx?param1=value1&param2=value2 authpage is an authentication page which...
ASP.NET
10
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to...
Visual Basic .NET
7
How do I protect my login page from prying eyes (forms authentication)?
by: Alan Silver | last post by:
Hello, Sorry this is a bit wordy, but it's a pretty simple question... I have a web site, http://domain/ which is a public site, part of which (http://domain/a/) is protected by forms...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!