Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio is:
After authentication from AD I want to be able to create a custom authentication ticket in which i can save additional information about user other than roles and authenticated usre id, such as the organization name of the user etc.
I realize that I could use sessions to keep additional info but to me that option is the last thing i want to use.
I have done some research on Iprinciple but it seems that you can only add user name and role informaion to that object.
Can some one please give me some direction.
10  3708   Frinavale 9,735
Recognized Expert Moderator Expert
Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio is:
After authentication from AD I want to be able to create a custom authentication ticket in which i can save additional information about user other than roles and authenticated usre id, such as the organization name of the user etc.
I realize that I could use sessions to keep additional info but to me that option is the last thing i want to use.
I have done some research on Iprinciple but it seems that you can only add user name and role informaion to that object.
Can some one please give me some direction.
Hi Anjummir,
When you create a custom IPrincipal object you must also create a custom IIdentity object. The IIdentity object represents your actual user, whereas the IPrincipal object represents the security context of that user.
The IIdentity object is part of the IPrincipal object.
The IIdentity object can hold extra details about your user.
The IPrincipal object is used to determine what roles/rites the user has...in order to determine what the user is and is not allowed to do.
Does this make sense??
Anyway, if you just want to store a couple of things in the authentication cookie there is a property that you can use when creating the cookie for storing extra details too. This property is called "UserData" and it stores a string containing whatever you would like.
Just be aware that it is less secure to store this extra information in the cookie as apposed to storing it in an IPrincipal (IIdentity) object. Determine how sensitive this extra user information is and place it accordingly.
-Frinny
Thank you very much Frinny for your response. I really want to user Iprincliple. I was just wondering if i can get hold of some sample code? or may be a link?
Hi Anjummir,
When you create a custom IPrincipal object you must also create a custom IIdentity object. The IIdentity object represents your actual user, whereas the IPrincipal object represents the security context of that user.
The IIdentity object is part of the IPrincipal object.
The IIdentity object can hold extra details about your user.
The IPrincipal object is used to determine what roles/rites the user has...in order to determine what the user is and is not allowed to do.
Does this make sense??
Anyway, if you just want to store a couple of things in the authentication cookie there is a property that you can use when creating the cookie for storing extra details too. This property is called "UserData" and it stores a string containing whatever you would like.
Just be aware that it is less secure to store this extra information in the cookie as apposed to storing it in an IPrincipal (IIdentity) object. Determine how sensitive this extra user information is and place it accordingly.
-Frinny
Frinavale 9,735
Recognized Expert Moderator Expert
Thank you very much Frinny for your response. I really want to user Iprincliple. I was just wondering if i can get hold of some sample code? or may be a link?
Check out MSDN (that's where I found my information on the Principal and IIdentity objects when I first started developing custom log-ins)
See:
Happy Coding!
-Frinny
I fianally got it working now here is another challenge. lets say we have one web app opened with an authentication ticket in one browser lets call it browser A. Now from browser A client opens up another window, lets call it B, and we want to keep user authenticated for windonw B with the same signon expet one things lets say the location of the user.
Please advise if i can have two simultaneous Iprincilpe objects with the different browsers on the same machine? if not what are my choices?
Frinavale 9,735
Recognized Expert Moderator Expert
I fianally got it working now here is another challenge. lets say we have one web app opened with an authentication ticket in one browser lets call it browser A. Now from browser A client opens up another window, lets call it B, and we want to keep user authenticated for windonw B with the same signon expet one things lets say the location of the user.
Please advise if i can have two simultaneous Iprincilpe objects with the different browsers on the same machine? if not what are my choices?
The only way you can have 2 IPrincipal objects is to have 2 different flavors of browsers open at the same time.
Eg. You have it open in Internet Explorer and then open it again in Fire Fox.
Your authentication ticket is issued to the browser and stored as a cookie. These cookies are shared amongst every instance of the browser flavor you are issuing it to.
-Frinny
having two flavours of browsers is not an option. can you think of any other solution to it? i mean having two different sessions on the same machine?
in other words how can i have one variable that has the same variable name but two different values for two different browsers?
Frinavale 9,735
Recognized Expert Moderator Expert
in other words how can i have one variable that has the same variable name but two different values for two different browsers?
I'm not sure what you're trying to do here?
Could you explain this in more detail....
having two flavours of browsers is not an option. can you think of any other solution to it? i mean having two different sessions on the same machine?
You can't have two different sessions for the same user (the same web browser).
If a user logs into your system, they are logged in, they'd have to log out to allow another user use the system. You have 1 session per person logged in...
If you explain what you are trying to do in more detail maybe I can help you find the solution to your problem. Right now I'm not sure what you are trying to do.
-Frinny
I believe I'm attempting to do something similar here. I have a web app with forms authentication. What I need is for a user to have multiple instances of IE open and logged in to my system with different username/password credentials. I know it sound odd but I'll save you the details. Just need to be able to have two instances going at the same time while maintaining seperate tickets (ticket has credential info such as roles and db connected to).
Currently, user can do this. The problem is that it appears the tickets are being shared between instances. That is to say, user logs into dbA in one browser and then into dbB in another browser. works fine at first but occassionally, as user clicks around simultaneously in the two apps comparing data, suddently the first browser that started with dbA gets dbB ticket....
I can't seem to create a custom ticket name dynamically b/c the ticketname is defined in the config file.
Thanks for any help
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: e |
last post by:
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8),...
|
by: Rob |
last post by:
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>
|
by: francois |
last post by:
hello,
I am using forms authentication and I would like that my authentication
cookie expires after let say 1 minutes (just for the exemple).
When I log in in my longon page, the user has to input a username, password
and the click a button to effectively login.
In the event handler for my button I have the following code:
// create authentication ticket and encrypt it
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained...
|
by: Matt |
last post by:
Hello all,
We are using Forms Authentication in an application to protect both
sensitive ASP.Net pages and Web services.
This question is relating to Web services and forms authentication,
and I will try to explain the issue by detailing how a client accesses
a secure Web service.
1) The Web service client accesses an unsecured login Web service,
| | |
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
|
by: xenophon |
last post by:
I have a web site with forms authentication and a single logon page. I
have 4 subdirectories, each that should be protected by a different
username/password combination. For testing purposes, the
username/password are hardcoded into the code-behind C# code.
How can I write my web.config to make this happen?
Thanks.
|
by: stevecnz |
last post by:
I'm looking for feedback on an authentication solution we are
considering for an ASP.NET 2.0 project.
The site will be accessed by both internal users who are logged into
the Windows domain, and external (business partner) users via the
internet.
The internal users are required to be authenticated via Windows Integrated Authentication (WIA), and
external users will be authenticated using a custom solution based on a
signed ticket that...
|
by: =?Utf-8?B?RmFyaWJh?= |
last post by:
It know that we can use the following method
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
to form authenticate across multiple applications.
I have created an asp.net application that supports form authentication. My
application is going to be called by another legacy application (HTML) which
does the initial authentication.Something like this:
<form name="form1" action="auth.asp" method="post" >
|
by: Peter Bradley |
last post by:
We are in the process of designing our first ASP.NET 2.0 application and
have discovered that Forms Authentication works completely differently in
ASP.NET 2.0.
For a number of reasons, we cannot use the standard login component supplied
with ASP.NET 2.0 (e.g. we need full control of the look and feel - including
using CSS and not tables for layout - and we need to be able to handle the
authentication cookie ourselves rather than let a...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
