I am trying to implement login page using Form Authentication in ASP.net using vb code.I follow the steps in How To Implement Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET. I created a function in login page : - Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) As Boolean
-
and call it in btnLogIn_Click -
Protected Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
-
If ValidateUser(txtUserName.Text, txtPassword.Text) Then
-
Dim tkt As FormsAuthenticationTicket
-
Dim strCookie As String
-
Dim ck As HttpCookie
-
-
tkt = New FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now(), _
-
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "my user data")
-
strCookie = FormsAuthentication.Encrypt(tkt)
-
ck = New HttpCookie(FormsAuthentication.FormsCookieName(), strCookie)
-
If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
-
ck.Path = FormsAuthentication.FormsCookiePath()
-
Response.Cookies.Add(ck)
-
-
Dim strRedirect As String
-
strRedirect = "MaintainUsers.aspx"
-
Response.Redirect(strRedirect, True)
-
-
Else
-
Response.Redirect("Login.aspx", True)
-
End If
-
End Sub
-
-
and in masterpage page_load , the usename is displayed in the welcome message -
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
-
If HttpContext.Current.User.Identity.IsAuthenticated Then
-
Me.lblWelcomeMessage.Text = "Welcome," + " " + HttpContext.Current.User.Identity.Name
-
End If
-
End Sub
-
Things works fine and i can get the username display in label.
However,I need to get more user data like UserName, Fullname and RoleCode. Also, i would to display the user's fullname to instead of usename in welcome message. I was told this can be done using FormsAuthentica tionTicket method to store addictional user data in the "my user data" section. Do i need to create a user data class to store the user data and then use it in the FormAuthenticat ionTicket? If yes, how should i do it? I have been scratching my head several days in googling to get a proper guide to do this,but i still cannot find out the solution.
Please can anyone help me? I am quite lost now , your help is much appreciated. Thank you.
1 3804
Dear all,
I manage to store the additional use data (username, fullname, rolecode) in FormAuthenticat ionTicket. However ,
the user has more than one role , he can be admin, poweruser , executive ,etc... can anyone please tell me how can i concatenate the rodecode return by datareader if it returns more than 1 value? so that i can put it as a string in userdatastring of the authentication ticket? -
drDataReader = cmd.ExecuteReader()
-
While drDataReader.Read()
-
-
strFullName = drDataReader("FullName").ToString
-
strUserName = drDataReader("UserName").ToString
-
strRoleCode = drDataReader("RoleCode").ToString
-
-
userDataString = String.Concat(strFullName, "|", strUserName, "|", strRoleCode)
-
-
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, chkPersistCookie.Checked)
-
-
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
-
-
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userDataString)
-
-
' Update the authCookie's Value to use the encrypted version of newTicket
-
-
authCookie.Value = FormsAuthentication.Encrypt(newTicket)
-
-
' Manually add the authCookie to the Cookies collection
-
Response.Cookies.Add(authCookie)
-
-
' Determine redirect URL and send user there
-
Dim strRedirect As String
-
strRedirect = "MainTainUsers.aspx"
-
Response.Redirect(strRedirect, True)
-
End While
-
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Ben S |
last post by:
framework 1.1
in our webapp, we are using forms authentication.
=================
Auth Section from web.config
=================
<authentication mode="Forms">
<forms name="loginauth" path="/" loginUrl="loginauth.aspx"
|
by: e |
last post by:
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8),...
|
by: francois |
last post by:
hello,
I am using forms authentication and I would like that my authentication
cookie expires after let say 1 minutes (just for the exemple).
When I log in in my longon page, the user has to input a username, password
and the click a button to effectively login.
In the event handler for my button I have the following code:
// create authentication ticket and encrypt it
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained...
|
by: Beginner |
last post by:
I know this is an old question, but searching all over the internet plus
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server in the domain using AD.
ASP.NET applications run on other servers (not neccessary in domain) and
trying to use authentication server. How could this be done?
- Most response says you need to set MachineKey the same, but that alone
doesn't...
| |
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
|
by: chuck rudolph |
last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some
light on why it's as it is. (I'm guessing security, but that seems weak to
me.)
The asp.net web application is using forms authentication.
If I create an FormsAuthTicket with userdata in the approprite place. Then
encode it and create a cookie, add it to the response.cookie collection and
use it all is well.
|
by: JIM.H. |
last post by:
Hello,
I used this site to do form authentication
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp
My code successfully comes to the point:
if (passwordVerified == true )
{
// The user is authenticated
// At this point, an authentication ticket is normally created
// This can subsequently be used to generate a GenericPrincipal
|
by: Rob Kay |
last post by:
Hello.
I would like to know what is the easiest and safest way to extend the
default MemberShip Provider for SQL Server 2005 to include additional user
data (eg HomePhone, City, State etc).
Previous posts suggest deriving from SqlMembershipProvider, others suggest
storing the extra information in the user profile.
Thanks for any help provided.
|
by: anjummir |
last post by:
Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio is:
After authentication from AD I want to be able to create a custom authentication ticket in which i can save additional information about user other than roles and authenticated usre id, such as the organization name of the user etc.
I...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |