Rocky Lhotka explains very clearly how to do all this in his book.
http://www.lhotka.net/ArticleIndex.a...ea=CSLA%20.NET
The basic idea is to create a custom Principal class which contains a
reference to the Identity class.
They each implement the appropriate interfaces.
(Rocky provides sample clases.)
Then you can modify your class to include other pieces of information (like
UserID, CompanyName, etc.).
Then just use AcquireRequestState to pull your Principal class out of
session at the beginning of each hit.
This way all of the data in it is available throughout the request.
When the user logs in - that is when the class authenticates the user
against a DB (or some other mechanism).
If the login succeeds, you store the Principal class in session for later
use then RedirectFromLoginPage.
================================================== ============================
Dim mUser As MyPrincipal
mUser.Login(UserId, Password)
mUser = CType(Thread.CurrentPrincipal, MyPrincipal)
If mUser.Identity.IsAuthenticated = True Then
HttpContext.Current.User = mUser
State.CSLA_Principal = mUser
Web.Security.FormsAuthentication.RedirectFromLogin Page(txtUserId.Text,
False)
Else
'do something about a failed login
End If
================================================== ============================
Here is the VB code in my Global.asax file:
Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.AcquireRequestState
'See pages 509-510 for a lengthy explanation of this code
If Not State.CSLA_Principal Is Nothing Then
Thread.CurrentPrincipal = State.CSLA_Principal
HttpContext.Current.User = State.CSLA_Principal
Else
If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
Web.Security.FormsAuthentication.SignOut()
Server.Transfer(Request.ApplicationPath + "/Login.aspx")
Else
'Anonymous User
MyPrincipal.LoginAnonymous()
State.CSLA_Principal = CType(Thread.CurrentPrincipal, MyPrincipal)
HttpContext.Current.User = State.CSLA_Principal
End If
End If
End Sub
The only "odd" thing in there is the use of a State class for handling
Session variables using strong typing.
These two are equivalent statements:
1. Thread.CurrentPrincipal = State.CSLA_Principal
2. Thread.CurrentPrincipal = Ctype(Session("CSLA_Principal"), MyPrincipal)
The first one has intellisense, is easier to read and avoids typos.
Also, I added a LoginAnonymous() method to my custom Principal class to
allow some BOs to hit the DB prior to the user logging in.
e.g the login page displays data from the DB so the BO needs to fetch it and
yet no one is logged in yet.
--
Joe Fallon
"Beren" <be***@angband.me> wrote in message
news:KP*********************@phobos.telenet-ops.be...
Hello
With trial and error I'm attempting to create an extended identity to
store some more data than just the Name, for example a Subscription and a
LastSearchPerformed property...
Is this a good idea ? I'm coming from ASP and Session variables, but I
explicitly wanted to avoid that for .NET.
The problem I'm facing is that I don't find a good way to bring my source
data from the login routine to the AuthenticateRequest event, as followed
in a little pseudocode which hopefully shows my thoughts and my errors...
[login.aspx]
Button_Click_Event
< GetUserDataFromDatabase >
....
FormsAuthentication.Redirect(sUserName, False)
End
[global.asax]
Application_AuthenticateRequest( s , e ){
If Request.IsAuthenticated Then
Dim objIdentity As
myCustomIdentityClass(Context.User.Identity.Name)
'/// This is where I need to get the data from <
GetUserDataFromDatabase >
'/// which is called in the button click event from the
unrelated page.
'/// How do I get that data here without having to call the
database for every Request ?
....
<assign roles & custom identity to Context.User>
End If
End
The main question is commented in that event,
I hope someone can help me to find the best way to do it, or just tell me
I'm completely on the wrong way to do this.
Thanks,
Beren