Greetings,
I need to implement GenericPrincipal based authentication without using
ASP.NET Forms Authentication.
I know it is much simpler using Forms Authentication, but in this case,
I have no control over the matter.
I have two pages - login.aspx and home.aspx.
Following is the Click event of the login button on the login.aspx page
protected void btnLogin_Click(Object sender, EventArgs e)
{
if(txtUserID.Text.Trim().ToUpper().Equals("USER1") )
{
buildSecurityContext("USER1");
Response.Redirect("Home.aspx");
}
else if(txtUserID.Text.Trim().ToUpper().Equals("User2") )
{
buildSecurityContext("USER2");
Response.Redirect("Home2.aspx");
else
{
lblMessage.Text = "Invalid User ID. Please re-enter.";
}
}
private void buildSecurityContext(string userName)
{
System.Security.Principal.GenericIdentity curIdentity = null;
System.Security.Principal.GenericPrincipal curPrincipal = null;
string[] roles = {"Role1","Role2"};
curIdentity = new System.Security.Principal.GenericIdentity(userName );
curPrincipal = new
System.Security.Principal.GenericPrincipal(curIden tity, roles);
HttpContext.Current.User = curPrincipal;
}
Following is the OnLoad event of the Home.aspx page
IPrincipal p = HttpContext.Current.User;
string userName = p.Identity.Name;
bool auth = p.Identity.IsAuthenticated;
bool isInRole = p.IsInRole("Role1");
lblUserName.Text = "Welcome " + userName + "<br>Your authentication
status is " + Convert.ToString(auth);
lblRoles.Text = "Your permission for Role1 is " +
Convert.ToString(isInRole);
The problem is that when the home page loads, the current request is
not authenticated.
At the end of the login process, the current identity is authenticated
and contains the correct user name and role.
But after the redirect to the home page, all that is getting lost
somehow.
What am I doing wrong?
Any help appreciated.
-Harold
