Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > GenericPrincipal without Forms Authentication

Reply
Thread Tools

GenericPrincipal without Forms Authentication

 
 
Harold Crump
Guest
Posts: n/a
 
      08-24-2005
Greetings,

I need to implement GenericPrincipal based authentication without using
ASP.NET Forms Authentication.
I know it is much simpler using Forms Authentication, but in this case,
I have no control over the matter.

I have two pages - login.aspx and home.aspx.

Following is the Click event of the login button on the login.aspx page

protected void btnLogin_Click(Object sender, EventArgs e)
{
if(txtUserID.Text.Trim().ToUpper().Equals("USER1") )
{
buildSecurityContext("USER1");
Response.Redirect("Home.aspx");
}
else if(txtUserID.Text.Trim().ToUpper().Equals("User2") )
{
buildSecurityContext("USER2");
Response.Redirect("Home2.aspx");
else
{
lblMessage.Text = "Invalid User ID. Please re-enter.";
}
}

private void buildSecurityContext(string userName)
{
System.Security.Principal.GenericIdentity curIdentity = null;
System.Security.Principal.GenericPrincipal curPrincipal = null;
string[] roles = {"Role1","Role2"};
curIdentity = new System.Security.Principal.GenericIdentity(userName );
curPrincipal = new
System.Security.Principal.GenericPrincipal(curIden tity, roles);
HttpContext.Current.User = curPrincipal;
}

Following is the OnLoad event of the Home.aspx page

IPrincipal p = HttpContext.Current.User;
string userName = p.Identity.Name;
bool auth = p.Identity.IsAuthenticated;
bool isInRole = p.IsInRole("Role1");
lblUserName.Text = "Welcome " + userName + "<br>Your authentication
status is " + Convert.ToString(auth);
lblRoles.Text = "Your permission for Role1 is " +
Convert.ToString(isInRole);

The problem is that when the home page loads, the current request is
not authenticated.
At the end of the login process, the current identity is authenticated
and contains the correct user name and role.

But after the redirect to the home page, all that is getting lost
somehow.

What am I doing wrong?

Any help appreciated.

-Harold

 
Reply With Quote
 
 
 
 
Yunus Emre ALP÷ZEN [MCSD.NET]
Guest
Posts: n/a
 
      08-24-2005
U should handle Application AuthorizeRequest event at global.asax. And
authorize request at this stage...

--
HTH

Thanks,
Yunus Emre ALP÷ZEN
BSc, MCSD.NET

"Harold Crump" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Greetings,
>
> I need to implement GenericPrincipal based authentication without using
> ASP.NET Forms Authentication.
> I know it is much simpler using Forms Authentication, but in this case,
> I have no control over the matter.
>
> I have two pages - login.aspx and home.aspx.
>
> Following is the Click event of the login button on the login.aspx page
>
> protected void btnLogin_Click(Object sender, EventArgs e)
> {
> if(txtUserID.Text.Trim().ToUpper().Equals("USER1") )
> {
> buildSecurityContext("USER1");
> Response.Redirect("Home.aspx");
> }
> else if(txtUserID.Text.Trim().ToUpper().Equals("User2") )
> {
> buildSecurityContext("USER2");
> Response.Redirect("Home2.aspx");
> else
> {
> lblMessage.Text = "Invalid User ID. Please re-enter.";
> }
> }
>
> private void buildSecurityContext(string userName)
> {
> System.Security.Principal.GenericIdentity curIdentity = null;
> System.Security.Principal.GenericPrincipal curPrincipal = null;
> string[] roles = {"Role1","Role2"};
> curIdentity = new System.Security.Principal.GenericIdentity(userName );
> curPrincipal = new
> System.Security.Principal.GenericPrincipal(curIden tity, roles);
> HttpContext.Current.User = curPrincipal;
> }
>
> Following is the OnLoad event of the Home.aspx page
>
> IPrincipal p = HttpContext.Current.User;
> string userName = p.Identity.Name;
> bool auth = p.Identity.IsAuthenticated;
> bool isInRole = p.IsInRole("Role1");
> lblUserName.Text = "Welcome " + userName + "<br>Your authentication
> status is " + Convert.ToString(auth);
> lblRoles.Text = "Your permission for Role1 is " +
> Convert.ToString(isInRole);
>
> The problem is that when the home page loads, the current request is
> not authenticated.
> At the end of the login process, the current identity is authenticated
> and contains the correct user name and role.
>
> But after the redirect to the home page, all that is getting lost
> somehow.
>
> What am I doing wrong?
>
> Any help appreciated.
>
> -Harold
>



 
Reply With Quote
 
 
 
 
Harold Crump
Guest
Posts: n/a
 
      08-24-2005
Yunus Emre ALP÷ZEN [MCSD.NET] wrote:
> U should handle Application AuthorizeRequest event at global.asax. And
> authorize request at this stage...


Could you elaborate a little further....what code should I put in the
AuthenticateRequest event handler?
And how do I tie that in with the actual authentication check that is
currently being done in the login page button click?

Thanks,
Harold

 
Reply With Quote
 
=?Utf-8?B?QXR1bCBCYWhs?=
Guest
Posts: n/a
 
      08-25-2005
try this out!

string username = "Anonymous";
string[] arrRoles = new string[1];
arrRoles[0] = username;
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1,username,System.DateTi me.Now,
System.DateTime.Now.AddMinutes(20), false, username,
FormsAuthentication.FormsCookiePath);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket));

System.Security.Principal.GenericIdentity objIdentity = new
System.Security.Principal.GenericIdentity(username );
System.Security.Principal.GenericPrincipal objPrincipal = new
System.Security.Principal.GenericPrincipal(objIden tity, arrRoles);
_appContext.Response.Cookies.Add(cookie);
_appContext.User = objPrincipal;

"Harold Crump" wrote:

> Yunus Emre ALP√ĖZEN [MCSD.NET] wrote:
> > U should handle Application AuthorizeRequest event at global.asax. And
> > authorize request at this stage...

>
> Could you elaborate a little further....what code should I put in the
> AuthenticateRequest event handler?
> And how do I tie that in with the actual authentication check that is
> currently being done in the login page button click?
>
> Thanks,
> Harold
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing Session Cache from GenericPrincipal.isInRole() Options Richard Maher ASP .Net 0 09-15-2010 12:32 AM
Using Principal.GenericPrincipal vs SqlRoleProvider Dave ASP .Net Security 1 12-10-2008 11:11 PM
GenericPrincipal Erick ASP .Net Security 6 09-13-2007 12:01 AM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms Authentication - GenericPrincipal- How to use web.config configuration ryan_fagan ASP .Net Security 0 09-09-2003 02:27 PM



Advertisments