I am trying to implement login page using Form Authentication in ASP.net using vb code.I follow the steps in How To Implement Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET. I created a function in login page : - Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) As Boolean
-
and call it in btnLogIn_Click -
Protected Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
-
If ValidateUser(txtUserName.Text, txtPassword.Text) Then
-
Dim tkt As FormsAuthenticationTicket
-
Dim strCookie As String
-
Dim ck As HttpCookie
-
-
tkt = New FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now(), _
-
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "my user data")
-
strCookie = FormsAuthentication.Encrypt(tkt)
-
ck = New HttpCookie(FormsAuthentication.FormsCookieName(), strCookie)
-
If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
-
ck.Path = FormsAuthentication.FormsCookiePath()
-
Response.Cookies.Add(ck)
-
-
Dim strRedirect As String
-
strRedirect = "MaintainUsers.aspx"
-
Response.Redirect(strRedirect, True)
-
-
Else
-
Response.Redirect("Login.aspx", True)
-
End If
-
End Sub
-
-
and in masterpage page_load , the usename is displayed in the welcome message -
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
-
If HttpContext.Current.User.Identity.IsAuthenticated Then
-
Me.lblWelcomeMessage.Text = "Welcome," + " " + HttpContext.Current.User.Identity.Name
-
End If
-
End Sub
-
Things works fine and i can get the username display in label.
However,I need to get more user data like UserName, Fullname and RoleCode. Also, i would to display the user's fullname to instead of usename in welcome message. I was told this can be done using FormsAuthenticationTicket method to store addictional user data in the "my user data" section. Do i need to create a user data class to store the user data and then use it in the FormAuthenticationTicket? If yes, how should i do it? I have been scratching my head several days in googling to get a proper guide to do this,but i still cannot find out the solution.
Please can anyone help me? I am quite lost now , your help is much appreciated. Thank you.
1  3780 
Dear all,
I manage to store the additional use data (username, fullname, rolecode) in FormAuthenticationTicket. However ,
the user has more than one role , he can be admin, poweruser , executive ,etc... can anyone please tell me how can i concatenate the rodecode return by datareader if it returns more than 1 value? so that i can put it as a string in userdatastring of the authentication ticket? -
drDataReader = cmd.ExecuteReader()
-
While drDataReader.Read()
-
-
strFullName = drDataReader("FullName").ToString
-
strUserName = drDataReader("UserName").ToString
-
strRoleCode = drDataReader("RoleCode").ToString
-
-
userDataString = String.Concat(strFullName, "|", strUserName, "|", strRoleCode)
-
-
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, chkPersistCookie.Checked)
-
-
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
-
-
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userDataString)
-
-
' Update the authCookie's Value to use the encrypted version of newTicket
-
-
authCookie.Value = FormsAuthentication.Encrypt(newTicket)
-
-
' Manually add the authCookie to the Cookies collection
-
Response.Cookies.Add(authCookie)
-
-
' Determine redirect URL and send user there
-
Dim strRedirect As String
-
strRedirect = "MainTainUsers.aspx"
-
Response.Redirect(strRedirect, True)
-
End While
-
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Ben S |
last post by:
framework 1.1
in our webapp, we are using forms authentication.
=================
Auth Section from web.config
=================
<authentication mode="Forms">
<forms name="loginauth"...
|
by: e |
last post by:
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and...
|
by: francois |
last post by:
hello,
I am using forms authentication and I would like that my authentication
cookie expires after let say 1 minutes (just for the exemple).
When I log in in my longon page, the user has to...
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I...
|
by: Beginner |
last post by:
I know this is an old question, but searching all over the internet plus
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server...
|
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in...
|
by: chuck rudolph |
last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some
light on why it's as it is. (I'm guessing security, but that seems weak to
me.)
The asp.net web application is using...
|
by: JIM.H. |
last post by:
Hello,
I used this site to do form authentication
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp
My code successfully comes to the point:
if...
|
by: Rob Kay |
last post by:
Hello.
I would like to know what is the easiest and safest way to extend the
default MemberShip Provider for SQL Server 2005 to include additional user
data (eg HomePhone, City, State etc).
...
|
by: anjummir |
last post by:
Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
