How I did it, in ASP.NET 1.1:
//global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Retrieve stored user-data (our roles from db)
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to
Current User
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
// web.config:
<authentication mode="Forms">
<forms name="FormsAuthDB.AspxAuth"
loginUrl="default.aspx"
protection="All"
timeout ="10"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
// loging page:
private void Button1_Click(object sender, System.EventArgs e)
{
// Initialize FormsAuthentication (reads the configuration and gets
// the cookie values and encryption keys for the given application)
FormsAuthentication.Initialize();
// Create connection and command objects
SqlConnection conn =
new SqlConnection("Data Source=PETER;Database=Northwind;User
ID=sa;password=;");
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT roles FROM Employees WHERE username=@username " +
"AND password=@password"; // this should really be a stored procedure,
right?
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = TextBox1.Text;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 64).Value = TextBox2.Text;
FormsAuthentication.HashPasswordForStoringInConfig File(TextBox2.Text,"sha1");
// you can use the above method for encrypting passwords to be stored in the
database
// Execute the command
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
TextBox1.Text, // Username to be associated with this ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie (could be a checkbox on form)
reader.GetString(0), // User-data (the roles from this user record in our
database)
FormsAuthentication.FormsCookiePath); // Path cookie is valid for
// Hash the cookie for transport over the wire
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie (it's the
name specified in web.config)
hash); // Hashed ticket
// Add the cookie to the list for outbound response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "LoggedIn.aspx";
// Don't call the FormsAuthentication.RedirectFromLoginPage since it could
// replace the authentication ticket we just added...
Response.Redirect(returnUrl);
}
else
{
// Username and or password not found in our database...
ErrorLabel.Text = "Username / password incorrect. Please login again.";
ErrorLabel.Visible = true;
}
}
--Hope that helps.
Peter
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
"thomson" wrote:
Hi Peter,
i tried with ur solution but its on a loop , Help me
out
Thanks in Advance
thomson
thomson wrote:
Hi,
if i implement the HTTP Module section, and use the
Application_AuthenticateRequest, will it fire for each and every
request between projects,
since i do have multiple Web Projects?
Regards
thomson
Peter Bromberg [ C# MVP ] wrote:
In every page request, the Application_AuthenticateRequest even fires. This
is the typicaly place where you perform whatever authentication you want to
do .
Peter
>
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
>
>
>
>
"thomson" wrote:
>
Hi All,
i do hae a solution in which i do have mulitple projects
including Web Projects,, Depending on the functionality it gets
redirected to different web projects and it is working fine,
for eg: http:DomainName/MainProject/index.aspx, If i login, it gets
redirectes to a different Web Project inside the solution like
http://DomainName/MainProject/ChildProject/MyPage.aspx..
This works perfectly fine.
My issue is
:
I need to add redirect a set of request to a different page based on
some criteria, for eg; i do have certain calls like
http://DomainName/username, when a request come like this i need to
authenticate the username with the database and redirect to a
dynamically constructed page which can be a different Web Project
inside the same solution.
Can anyone please guide me how do i solve this issue, should i use a
HTTP Module for this: since it has multipl;e projects i guess some
thing wrong