469,946 Members | 1,992 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,946 developers. It's quick & easy.

Authentication help.

Hi all

I am new to asp.net. I want to implement authentication in all pages.
What i want to do is validate user from database table. So currently
what i am doing is on login page validating user and storing valid
user id in sesstion.

On every page i am checking userid from session.. But i don't want to
behavirour. what i want is to provide authentication to all pages
once not on every page .

So how will i do this. And if session expire in between what will
happen if user try to access the page after that.

Please correct me if i am wrong in any concept.

thanks in advance.

Oct 22 '07 #1
5 1182

You need an authentication section in the web.config, once the user has
authenticated then they will be able to access your pages.
"archana" <tr**************@yahoo.comwrote in message
news:11**********************@i13g2000prf.googlegr oups.com...
Hi all

I am new to asp.net. I want to implement authentication in all pages.
What i want to do is validate user from database table. So currently
what i am doing is on login page validating user and storing valid
user id in sesstion.

On every page i am checking userid from session.. But i don't want to
behavirour. what i want is to provide authentication to all pages
once not on every page .

So how will i do this. And if session expire in between what will
happen if user try to access the page after that.

Please correct me if i am wrong in any concept.

thanks in advance.

Oct 22 '07 #2
Hi,

thanks for reply.
but what authentication do i need to use as i have to validate
username in database.

So how will i combine this with form/windows authentication?

please help me asap.

thanks.

Oct 22 '07 #3
Your best bet is to use A Membership or Role Provider and Forms
Authentication in your application. The Provider Model is built in to the
ASP.Net Framework, can work from a custom database back-end, and manages
permissions across the web application in a uniform, easy to maintain
manner. In addition, it can be combined with XML Site Maps for
login-specific menuing that is handled automatically. See the following
references:

http://msdn2.microsoft.com/en-us/library/aa479030.aspx
http://msdn2.microsoft.com/en-us/library/aa530801.aspx
http://msdn2.microsoft.com/en-us/library/aa478958.aspx

--
HTH,

Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP

"archana" <tr**************@yahoo.comwrote in message
news:11**********************@v29g2000prd.googlegr oups.com...
Hi,

thanks for reply.
but what authentication do i need to use as i have to validate
username in database.

So how will i combine this with form/windows authentication?

please help me asap.

thanks.

Oct 22 '07 #4
On 22 Oct, 06:16, archana <trialproduct2...@yahoo.comwrote:
Hi all

I am new to asp.net. I want to implement authentication in all pages.
What i want to do is validate user from database table. So currently
what i am doing is on login page validating user and storing valid
user id in sesstion.

On every page i am checking userid from session.. But i don't want to
behavirour. what i want is to provide authentication to all pages
once not on every page .

So how will i do this. And if session expire in between what will
happen if user try to access the page after that.

Please correct me if i am wrong in any concept.

thanks in advance.
No need to keep checking the session. For example with forms
authentification:

(1) Include a forms authentification entry something like the one
below:

<authentication mode="Forms">
<forms name="mydomain" loginUrl="~/Default.aspx" defaultUrl="~/
News/News.aspx" protection="All" cookieless="AutoDetect"
slidingExpiration="true" timeout="30"/>
</authentication>

The forms authentification entry above allows users with a good cookie
set to go straight to the "~/News/News.aspx", the defaultUrl. Users
whose cookies fail authentification will land at the login page (see
(4) below).

(2) You may need to edit your machineKey entry too, so that you can
deal with encrypted cookies, etc.:

<machineKey decryption="AES" validation="SHA1"
decryptionKey="_____,IsolateApps" validationKey="_____,IsolateApps"/>

The underlined bits in the above code are where you put your keys.
These are big hexadecimal numbers.

(3) Each area of the site needs to be told what sorts of users are
allowed to visit those pages. In the entry below, all files inside the
Administration directory are being made available to users who are in
any one of 4 mwAdmin_ roles: Super,Editor,Demo,Full. These roles are
just some text which I store in the user's encrypted cookie.

<location path="Administration">
<system.web>
<authorization>
<allow
roles="mwAdmin_Super,mwAdmin_Editor,mwAdmin_Demo,m wAdmin_Full"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

You will need a separate entry like this for each individual page in
your root but only one entry is needed for directories containing
files provided that the files within a subdirectory have the same
security settings.

(4) The process of checking whether your visitors have their cookies
set is done in Global.asax, in the
FormsAuthentication_OnAuthenticate() event - which you may need to
add. In general, I (a) read their cookie and get their ticket. (b) I
get their userID from the ticket, (c) then look up the database to get
their roles and the period for which their cookie remains valid. (d)
make the user:
User user = new User(Ticket.Name, strRoles, PersistentCookieDays,
iLoginId);
I then write this information to a new ticket and store it back to
their cookie. (e) If they're an authentic user I add their userID to
the their security Context. Google to find some examples.
Oct 22 '07 #5
On 22 Oct, 15:19, mark4asp <mark4...@gmail.comwrote:
On 22 Oct, 06:16, archana <trialproduct2...@yahoo.comwrote:
Hi all
I am new to asp.net. I want to implement authentication in all pages.
Ooops I forgot, check out: <http://forums.asp.net/thread/1177390.aspx>
for FormsAuthentication_OnAuthenticate() event.

Oct 22 '07 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Bob Everland | last post: by
8 posts views Thread by tcg_gilbert | last post: by
3 posts views Thread by Stephanie Stowe | last post: by
6 posts views Thread by Ming Zhang | last post: by
2 posts views Thread by Bruce Groen | last post: by
5 posts views Thread by Rory Becker | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.