By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,506 Members | 1,891 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,506 IT Pros & Developers. It's quick & easy.

Session variables with forms based authentication

P: n/a
Hi!

I've been implementing forms based authentication in a web project. It works
pretty good. When I log on by clicking the "login" button the following code
is executed:

if (ValidateUser(strUserName,txtUserPass.Value))
{
DBFunctions Commoncode;
Commoncode = new DBFunctions();
string strAdminRights;
Session["UserID"] = Commoncode.GetDBValue ("SELECT userID FROM Users WHERE
uname = '" + strUserName + "'", "Users", "userID");
strAdminRights = Commoncode.GetDBValue ("SELECT userAdminRights FROM Users
WHERE uname = '" + strUserName + "'", "Users", "userAdminRights");
if (strAdminRights == "1")
{
Session["AdminRights"] = "true";
}
else
{
Session["AdminRights"] = "false";
}
FormsAuthentication.RedirectFromLoginPage(strUserN ame,
chkPersistCookie.Checked);
}

This as you can see sets a couple of session variables. The problem is that
I've made it possible to use a persistent cookie so that users don't have to
key in their credentials everytime they log in.When the cookie is used users
are granted access immediately and the code above is not used and therefore
the session variables are not initialized.

Does anyone know how to solve this?

Thanks in advance

Morten
Nov 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value)) .... This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users don't
have to key in their credentials everytime they log in.When the cookie is
used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt
Nov 16 '05 #2

P: n/a
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))

...
This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users don't have to key in their credentials everytime they log in.When the cookie is used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt

Nov 16 '05 #3

P: n/a
The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason
Morten wrote:
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:

Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))


...
This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users
don't
have to key in their credentials everytime they log in.When the cookie
is
used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt


Nov 16 '05 #4

P: n/a
Hi!

Thanks for your help. The code example you provided works perfectly!

Morten

"Jason DeFontes" <ja***@defontes.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason
Morten wrote:
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name until after I've logged in and one of the session variables depends on the properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))

...

This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users


don't
have to key in their credentials everytime they log in.When the cookie


is
used users are granted access immediately and the code above is not usedand therefore the session variables are not initialized.

You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt


Nov 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.