Ken,
I am following an example from WebMatrix called MyPics - - it allows
authorized users to (Login with UserID & Password - verified against the User
database) and to Upload pictures - and I thought anyone could view the
pictures. I am trying to get a site up (for the practice & learning) that
will allow anyone to look around, but allow Logined users more access to
secure pages.
The Login.aspx.cs is:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FGC
{
/// <summary>
/// Summary description for Login.
/// </summary>
public class Login : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Label Label2;
protected System.Web.UI.WebControls.Label Msg;
protected System.Web.UI.WebControls.TextBox UserEMail;
protected System.Web.UI.WebControls.TextBox UserPass;
protected System.Web.UI.WebControls.Button Button2;
protected System.Web.UI.WebControls.LinkButton LinkButton1;
protected System.Web.UI.WebControls.HyperLink Hyperlink1;
protected System.Web.UI.WebControls.HyperLink Hyperlink2;
protected System.Web.UI.WebControls.HyperLink Hyperlink3;
protected System.Web.UI.WebControls.Button Button1;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
//if( !Page.IsPostBack )
//{
// Response.Redirect("Home.aspx");
// Response.Redirect("Default.aspx");
// return;
//}
UserEMail.Text = "ad***@nowhere.com"; //TEMP
UserPass.Text = "password"; //TEMP
//Msg.Text = "Login - Page_Load - Message initialized.";
if (!Page.IsPostBack)
Msg.Text = "Login - Page_Load - First Load.";
//output.Write("Page has just been loaded");
else
//Msg.Text = Msg.Text;
Msg.Text = "Login - Page_Load - Page is PostBack.";
//output.Write("Postback has occured");
}
private void Button1_Click(object sender, System.EventArgs e)
{
if( !Page.IsValid )
{
Msg.Text = "Some required fields are invalid.";
return;
}
int intUserId = -1;
int intRoleId = -1;
if (SSDAL.ValidateUser(UserEMail.Text, UserPass.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(UserEMail.Text, false);
Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;
Session[AppGlobals.sessActualUserId] = UserEMail.Text;
Session[AppGlobals.sessActualRoleId] = UserPass.Text;
Msg.Text = "ReDirecting to MainPic.aspx";
//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
Msg.CssClass = AppGlobals.errMsgCSS;
Msg.Text = AppGlobals.errMsgInvalidUser;
Response.Redirect("AddUser/AddUser.aspx");
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.UserEMail.TextChanged += new
System.EventHandler(this.UserEMail_TextChanged);
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.Button2.Click += new System.EventHandler(this.Button2_Click);
this.LinkButton1.Click += new System.EventHandler(this.LinkButton1_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void UserEMail_TextChanged(object sender, System.EventArgs e)
{
}
private void Button2_Click(object sender, System.EventArgs e)
{
Msg.Text = "ReDirecting to Default.aspx";
Response.Redirect("Default.aspx");
}
private void LinkButton1_Click(object sender, System.EventArgs e)
{
bool MyVar = true;
Msg.Text = "ReDirecting to Home.aspx";
Response.Redirect("Home.aspx",MyVar);
}
}
}
the LinkButton1 & 2 - don't work - they just re-load the Login page.....
================================================== =====
a page that uses security is MainPic and the aspx.cs is:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FGC
{
/// <summary>
/// Summary description for Default.
/// </summary>
public class MainPic : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblUserId;
protected System.Web.UI.WebControls.DropDownList cboImageGroups;
protected System.Web.UI.WebControls.DropDownList cboGridPages;
protected System.Web.UI.WebControls.TextBox txtUserAlias;
protected System.Web.UI.WebControls.TextBox txtUserPassword;
protected System.Web.UI.WebControls.Button btnLogin;
protected System.Web.UI.WebControls.Panel pnlLogin;
protected System.Web.UI.WebControls.Button btnLogout;
protected System.Web.UI.WebControls.HyperLink hlinkNewImage;
protected System.Web.UI.WebControls.Panel pnlLogout;
protected System.Web.UI.WebControls.DataGrid grdImages;
private void Page_Load(object sender, System.EventArgs e)
{
AdjustUI();
//txtUserAlias.Text = "ad***@nowhere.com"; //TEMP
//txtUserPassword.Text = "password"; //TEMP
if ( !Page.IsPostBack )
{
LoadImageGroups();
LoadGridData();
LoadCboPages();
}
}
private void LoadGridData()
{
int intMinRoleId = 0;
if ( User.Identity.IsAuthenticated )
intMinRoleId =
Convert.ToInt32(Session[AppGlobals.sessKeyRoleId]);
//int groupId = 0;
//int groupId = int.Parse(cboImageGroups.SelectedValue);
//int groupIdA = int.Parse(cboImageGroups.DataTextField); //Bad
//int groupIdB = int.Parse(cboImageGroups.SelectedItem.Text); //Bad
//int groupIdC = int.Parse(cboImageGroups.SelectedItem.Value); //Bad
//int groupId = int.Parse(cboImageGroups.DataValueField); //mine Bad
DataView dv = new DataView(SSDAL.AllImages);
dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedItem.Value; //
Mine
// dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedValue;
grdImages.DataSource = dv;
grdImages.DataBind();
}
private void LoadImageGroups()
{
DataView dv = new DataView(SSDAL.ImageGroups);
// Perform Data Binding
if ( dv != null)
{
if ( User.Identity.IsAuthenticated )
dv.RowFilter = "MinRoleId <= " +
Session[AppGlobals.sessKeyRoleId].ToString();
else
dv.RowFilter = "MinRoleId = 0";
cboImageGroups.DataSource = dv;
cboImageGroups.DataValueField = "ImageGroupId";
cboImageGroups.DataTextField = "ImageGroup";
cboImageGroups.DataBind();
cboImageGroups.SelectedIndex = 0;
}
}
public void cboImageGroups_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
LoadGridData();
LoadCboPages();
}
public void grdImages_PageIndexChanged(object sender,
DataGridPageChangedEventArgs e)
{
grdImages.CurrentPageIndex = e.NewPageIndex;
LoadGridData();
}
public void grdImages_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
}
private void LoadCboPages()
{
DataView dv = (DataView)grdImages.DataSource;
int intRowCount = dv.Count;
int intPageSize = 5;
int intRemainder = intRowCount % intPageSize;
int intPages = ((intRowCount - intRemainder) / intPageSize);
if ( intRemainder > 0 )
intPages += 1;
if (intPages == 0)
intPages = 1; // deal with lower bound case
string[] pages = new string[intPages];
for (int i=0; i<intPages; i++)
pages[i] = "Page " + (i+1).ToString();
cboGridPages.DataSource = pages;
cboGridPages.DataBind();
}
//void cboGridPages_SelectedIndexChanged(object sender, EventArgs e) {
// private void cboImageGroups_SelectedIndexChanged
// (object sender, System.EventArgs e) {
// string strSelected = cboGridPages.SelectedValue;
// grdImages.CurrentPageIndex =
// (Convert.ToInt32(strSelected.Substring(5)) - 1);
// LoadGridData();
// }
// }
public void cboGridPages_SelectedIndexChanged(object sender, EventArgs e)
{
//string strSelected = cboGridPages.SelectedValue;
string strSelected = cboGridPages.SelectedItem.Value; // Mine
grdImages.CurrentPageIndex =
(Convert.ToInt32(strSelected.Substring(5)) - 1);
LoadGridData();
}
protected string GetImageUrl(object dataItem, bool isThumbnail)
{
string imageUrl;
string qstring;
if (isThumbnail)
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImageThumbPath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.axd?" + qstring;
}
else
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImagePath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.aspx?" + qstring;
}
return imageUrl;
}
private void btnLogin_Click(object sender, System.EventArgs e)
{
int intUserId = -1;
int intRoleId = -1;
if (SSDAL.ValidateUser(txtUserAlias.Text, txtUserPassword.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(txtUserAlias.Tex t, false);
Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;
Session[AppGlobals.sessActualUserId] = txtUserAlias;
Session[AppGlobals.sessActualRoleId] = txtUserPassword;
//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
lblUserId.CssClass = AppGlobals.errMsgCSS;
lblUserId.Text = AppGlobals.errMsgInvalidUser;
}
}
private void btnLogout_Click(object sender, System.EventArgs e)
{
if ( User.Identity.IsAuthenticated )
{
Session.Remove(AppGlobals.sessKeyUserId);
Session.Remove(AppGlobals.sessKeyRoleId);
// TODO -- Add Session Handling
FormsAuthentication.SignOut();
//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
}
private void AdjustUI()
{
bool fUA = User.Identity.IsAuthenticated;
if ( fUA )
lblUserId.Text = User.Identity.Name;
else
lblUserId.Text = AppGlobals.infoMsgAnonymous;
lblUserId.CssClass = String.Empty;
pnlLogin.Visible = (!fUA);
pnlLogout.Visible = fUA;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.btnLogin.Click += new System.EventHandler(this.btnLogin_Click);
this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
}
}
================================================== ========
I want to do it the 'right' way - but I am not sure I really want Role based
security (do I?) I like the User ability to 'Register' and then have access
to 'secure' functionality.
Thanks so much for your time.
Paul
================================================== =========
================================================== =========
================================================== =========
"Ken Dopierala Jr." wrote:
Hi Paul,
I totally recommend against doing this and instead using a Roles based
security system. But here is a workaround. Create a class and add this
code:
Option Strict On
Option Explicit On
Imports System
Imports System.Web
Imports System.Web.UI
Public Class MyBasePage
Inherits System.Web.UI.Page
Protected Overrides Sub OnLoad(ByVal e As System.EventArgs)
If (User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
End Class
Have every page that you want to have protected inherit from this page. For
every page that you want generic have it still inherit from
"System.Web.UI.Page". Now, if a user isn't authenticated, and this is a
protected page, they will be sent to Login.aspx. Remember to set your
<authentication> tag to allow everyone, you are no longer using the the
ASP.Net built in management for authentication. I wouldn't do it this way
and in the end you'll be totally screwing yourself over. But, this will at
least do what you want it to until you switch over to Roles based
authentication. Good luck! Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.
"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:11**********************************@microsof t.com... I am fighting with XP-Pro and VS.Net trying to allow some of the pages in
my application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes
from a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic
and not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul