473,326 Members | 2,168 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Session variables with forms based authentication

Hi!

I've been implementing forms based authentication in a web project. It works
pretty good. When I log on by clicking the "login" button the following code
is executed:

if (ValidateUser(strUserName,txtUserPass.Value))
{
DBFunctions Commoncode;
Commoncode = new DBFunctions();
string strAdminRights;
Session["UserID"] = Commoncode.GetDBValue ("SELECT userID FROM Users WHERE
uname = '" + strUserName + "'", "Users", "userID");
strAdminRights = Commoncode.GetDBValue ("SELECT userAdminRights FROM Users
WHERE uname = '" + strUserName + "'", "Users", "userAdminRights");
if (strAdminRights == "1")
{
Session["AdminRights"] = "true";
}
else
{
Session["AdminRights"] = "false";
}
FormsAuthentication.RedirectFromLoginPage(strUserN ame,
chkPersistCookie.Checked);
}

This as you can see sets a couple of session variables. The problem is that
I've made it possible to use a persistent cookie so that users don't have to
key in their credentials everytime they log in.When the cookie is used users
are granted access immediately and the code above is not used and therefore
the session variables are not initialized.

Does anyone know how to solve this?

Thanks in advance

Morten
Nov 16 '05 #1
4 2108
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value)) .... This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users don't
have to key in their credentials everytime they log in.When the cookie is
used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt
Nov 16 '05 #2
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))

...
This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users don't have to key in their credentials everytime they log in.When the cookie is used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt

Nov 16 '05 #3
The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason
Morten wrote:
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:

Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))


...
This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users
don't
have to key in their credentials everytime they log in.When the cookie
is
used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.


You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt


Nov 16 '05 #4
Hi!

Thanks for your help. The code example you provided works perfectly!

Morten

"Jason DeFontes" <ja***@defontes.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason
Morten wrote:
Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name until after I've logged in and one of the session variables depends on the properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

"matt" <zz1_@_tiscali.fr> wrote in message
news:40***********************@news.free.fr...
Hi,

Morten wrote:
Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value))

...

This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users


don't
have to key in their credentials everytime they log in.When the cookie


is
used users are granted access immediately and the code above is not usedand therefore the session variables are not initialized.

You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt


Nov 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
by: Paul Yanzick | last post by:
Hello, I am trying to develop a book tracking application for my capstone in school, and am running into a problem. The application is an ASP.Net application written in C#. The first page you...
12
by: Geigho | last post by:
Setting session timeout in web.config file does not seem to have any effect. Any explanation or suggestion will be appreciated.
4
by: Cowboy \(Gregory A. Beamer\) | last post by:
Background: ------------- The idea started as a single sign on type of application. Having tested it before, I knew we could institute single sign on using the same Authentication Cookie name (in...
8
by: Radu Colceriu | last post by:
HI, I've an asp.net app like this: login.aspx (no frame) :- save in session the user and pass -> framedoc.html :- frameset 2 content 1. menu.aspx...
1
by: Raed Sawalha | last post by:
Hello: My problem is that in my login page, I authenticate the user and set a session variable: Session("strname") = dr("userlname") & ", " & dr("userfname") & " " & dr("usermi")...
5
by: Oleg Ogurok | last post by:
Hi all, Is there a way to read other people's session variables? I understand it makes sense that session state is on per-user basis, but still... Is there a way to get a collection of all...
2
by: Jim | last post by:
Hi, I am using forms based authentication for my website. Whilst testing I have noticed that occasionaly it appears that the Context.User.Identity.Name is valid however the session variables...
25
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
14
by: GaryDean | last post by:
The web.config in my asp.net application, running on Server2003, has this entry: <sessionState mode="InProc" timeout="40". In IIS the asp.net State Management timeout setting is 40 for my website....
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.