Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > newbie: help with Forms Authentication & querystring

Reply
Thread Tools

newbie: help with Forms Authentication & querystring

 
 
Derrick
Guest
Posts: n/a
 
      10-05-2004
Hello all;

Just starting out with ASP.NET. I want to protect a bunch of forms in a
folder using Forms Authentication. This much I have working. So when user
trys to access http://www.mywebsiteURL.com/securefo...ecurepage.aspx they are
automatically routed to www.mywebsiteURL.com/securefolder/login.aspx.

As part of the login process, I download the user's unique identifier
(user_id) from a SQL DB. I want other pages to have access to this
information (in case they need to go to the DB again), without using
cookies. I figured the best method was to stick the ID in the URL as a
querystring parameter. But my question is, how can the login page append
this querystring to the URL, if the URL currently does not have any
querystring parameters?

I.e., user surfs to the http://www.mywebsiteURL.com/securefo...ecurepage.aspx
page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx, and in
turn should get routed to
http://www.mywebsiteURL.com/securefo...spx?user_id=12. The
FormsAuthentication.GetRedirectURL is (obviously) read-only - is there any
way to change it? I also tried catching the Authenticated event and doing
Response.Redirect, but that event isn't being fired for some reason...

I've googled with no luck

Thanks!

Derrick



 
Reply With Quote
 
 
 
 
Derrick
Guest
Posts: n/a
 
      10-05-2004
PS: I'm calling the FormsAuthentication.RedirectFromLoginPage() function
after I validate the username/password. Is this necessary?

I guess in theory I could manually call FormsAuthentication.SetAuthCookie()
and then do a Response.Redirect(), generating the redirect URL from the
FormsAuthentication.GetRedirectURL() and appending the user_id
querystring...

I need a good book!

D

"Derrick" <(E-Mail Removed)> wrote in message
newsMz8d.13372$(E-Mail Removed). ..
> Hello all;
>
> Just starting out with ASP.NET. I want to protect a bunch of forms in a
> folder using Forms Authentication. This much I have working. So when

user
> trys to access http://www.mywebsiteURL.com/securefo...ecurepage.aspx they are
> automatically routed to www.mywebsiteURL.com/securefolder/login.aspx.
>
> As part of the login process, I download the user's unique identifier
> (user_id) from a SQL DB. I want other pages to have access to this
> information (in case they need to go to the DB again), without using
> cookies. I figured the best method was to stick the ID in the URL as a
> querystring parameter. But my question is, how can the login page append
> this querystring to the URL, if the URL currently does not have any
> querystring parameters?
>
> I.e., user surfs to the http://www.mywebsiteURL.com/securefo...ecurepage.aspx
> page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx, and

in
> turn should get routed to
> http://www.mywebsiteURL.com/securefo...spx?user_id=12. The
> FormsAuthentication.GetRedirectURL is (obviously) read-only - is there any
> way to change it? I also tried catching the Authenticated event and doing
> Response.Redirect, but that event isn't being fired for some reason...
>
> I've googled with no luck
>
> Thanks!
>
> Derrick
>
>
>



 
Reply With Quote
 
 
 
 
Derrick
Guest
Posts: n/a
 
      10-05-2004
That worked! Thanks for reading

Derrick


"Derrick" <(E-Mail Removed)> wrote in message
news:B3A8d.13475$(E-Mail Removed). ..
> PS: I'm calling the FormsAuthentication.RedirectFromLoginPage() function
> after I validate the username/password. Is this necessary?
>
> I guess in theory I could manually call

FormsAuthentication.SetAuthCookie()
> and then do a Response.Redirect(), generating the redirect URL from the
> FormsAuthentication.GetRedirectURL() and appending the user_id
> querystring...
>
> I need a good book!
>
> D
>
> "Derrick" <(E-Mail Removed)> wrote in message
> newsMz8d.13372$(E-Mail Removed). ..
> > Hello all;
> >
> > Just starting out with ASP.NET. I want to protect a bunch of forms in a
> > folder using Forms Authentication. This much I have working. So when

> user
> > trys to access http://www.mywebsiteURL.com/securefo...ecurepage.aspx they

are
> > automatically routed to www.mywebsiteURL.com/securefolder/login.aspx.
> >
> > As part of the login process, I download the user's unique identifier
> > (user_id) from a SQL DB. I want other pages to have access to this
> > information (in case they need to go to the DB again), without using
> > cookies. I figured the best method was to stick the ID in the URL as a
> > querystring parameter. But my question is, how can the login page

append
> > this querystring to the URL, if the URL currently does not have any
> > querystring parameters?
> >
> > I.e., user surfs to the

http://www.mywebsiteURL.com/securefo...ecurepage.aspx
> > page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx, and

> in
> > turn should get routed to
> > http://www.mywebsiteURL.com/securefo...spx?user_id=12. The
> > FormsAuthentication.GetRedirectURL is (obviously) read-only - is there

any
> > way to change it? I also tried catching the Authenticated event and

doing
> > Response.Redirect, but that event isn't being fired for some reason...
> >
> > I've googled with no luck
> >
> > Thanks!
> >
> > Derrick
> >
> >
> >

>
>



 
Reply With Quote
 
=?Utf-8?B?S2VuIENveCBbTWljcm9zb2Z0IE1WUF0=?=
Guest
Posts: n/a
 
      10-05-2004
Such a pleasure sitting here watching people think.... <grin>

"Derrick" wrote:

> That worked! Thanks for reading
>
> Derrick
>
>
> "Derrick" <(E-Mail Removed)> wrote in message
> news:B3A8d.13475$(E-Mail Removed). ..
> > PS: I'm calling the FormsAuthentication.RedirectFromLoginPage() function
> > after I validate the username/password. Is this necessary?
> >
> > I guess in theory I could manually call

> FormsAuthentication.SetAuthCookie()
> > and then do a Response.Redirect(), generating the redirect URL from the
> > FormsAuthentication.GetRedirectURL() and appending the user_id
> > querystring...
> >
> > I need a good book!
> >
> > D
> >
> > "Derrick" <(E-Mail Removed)> wrote in message
> > newsMz8d.13372$(E-Mail Removed). ..
> > > Hello all;
> > >
> > > Just starting out with ASP.NET. I want to protect a bunch of forms in a
> > > folder using Forms Authentication. This much I have working. So when

> > user
> > > trys to access http://www.mywebsiteURL.com/securefo...ecurepage.aspx they

> are
> > > automatically routed to www.mywebsiteURL.com/securefolder/login.aspx.
> > >
> > > As part of the login process, I download the user's unique identifier
> > > (user_id) from a SQL DB. I want other pages to have access to this
> > > information (in case they need to go to the DB again), without using
> > > cookies. I figured the best method was to stick the ID in the URL as a
> > > querystring parameter. But my question is, how can the login page

> append
> > > this querystring to the URL, if the URL currently does not have any
> > > querystring parameters?
> > >
> > > I.e., user surfs to the

> http://www.mywebsiteURL.com/securefo...ecurepage.aspx
> > > page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx, and

> > in
> > > turn should get routed to
> > > http://www.mywebsiteURL.com/securefo...spx?user_id=12. The
> > > FormsAuthentication.GetRedirectURL is (obviously) read-only - is there

> any
> > > way to change it? I also tried catching the Authenticated event and

> doing
> > > Response.Redirect, but that event isn't being fired for some reason...
> > >
> > > I've googled with no luck
> > >
> > > Thanks!
> > >
> > > Derrick
> > >
> > >
> > >

> >
> >

>
>
>

 
Reply With Quote
 
Derrick
Guest
Posts: n/a
 
      10-05-2004
I really was stuck on this for a few hours. But I figure it is better to
come up with a solution myself while asking a question than to give up and
wait for you experts to solve my relatively little problems...I swear the
'net has us all spoiled (note the irony in posting to an ASP.NET group!)

Again, thanks for reading!

Derrick


"Ken Cox [Microsoft MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Such a pleasure sitting here watching people think.... <grin>
>
> "Derrick" wrote:
>
> > That worked! Thanks for reading
> >
> > Derrick
> >
> >
> > "Derrick" <(E-Mail Removed)> wrote in message
> > news:B3A8d.13475$(E-Mail Removed). ..
> > > PS: I'm calling the FormsAuthentication.RedirectFromLoginPage()

function
> > > after I validate the username/password. Is this necessary?
> > >
> > > I guess in theory I could manually call

> > FormsAuthentication.SetAuthCookie()
> > > and then do a Response.Redirect(), generating the redirect URL from

the
> > > FormsAuthentication.GetRedirectURL() and appending the user_id
> > > querystring...
> > >
> > > I need a good book!
> > >
> > > D
> > >
> > > "Derrick" <(E-Mail Removed)> wrote in message
> > > newsMz8d.13372$(E-Mail Removed). ..
> > > > Hello all;
> > > >
> > > > Just starting out with ASP.NET. I want to protect a bunch of forms

in a
> > > > folder using Forms Authentication. This much I have working. So

when
> > > user
> > > > trys to access http://www.mywebsiteURL.com/securefo...ecurepage.aspx

they
> > are
> > > > automatically routed to

www.mywebsiteURL.com/securefolder/login.aspx.
> > > >
> > > > As part of the login process, I download the user's unique

identifier
> > > > (user_id) from a SQL DB. I want other pages to have access to this
> > > > information (in case they need to go to the DB again), without using
> > > > cookies. I figured the best method was to stick the ID in the URL

as a
> > > > querystring parameter. But my question is, how can the login page

> > append
> > > > this querystring to the URL, if the URL currently does not have any
> > > > querystring parameters?
> > > >
> > > > I.e., user surfs to the

> > http://www.mywebsiteURL.com/securefo...ecurepage.aspx
> > > > page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx,

and
> > > in
> > > > turn should get routed to
> > > > http://www.mywebsiteURL.com/securefo...spx?user_id=12. The
> > > > FormsAuthentication.GetRedirectURL is (obviously) read-only - is

there
> > any
> > > > way to change it? I also tried catching the Authenticated event and

> > doing
> > > > Response.Redirect, but that event isn't being fired for some

reason...
> > > >
> > > > I've googled with no luck
> > > >
> > > > Thanks!
> > > >
> > > > Derrick
> > > >
> > > >
> > > >
> > >
> > >

> >
> >
> >



 
Reply With Quote
 
navyjax2 navyjax2 is offline
Junior Member
Join Date: Sep 2008
Posts: 12
 
      11-28-2011
I'm having the same issue and am probably more of a noob to Forms Authentication redirects than you are. Any chance you'd be willing to share what you did in code form?
 
Reply With Quote
 
navyjax2 navyjax2 is offline
Junior Member
Join Date: Sep 2008
Posts: 12
 
      11-28-2011
Actually, like my collegue above, I solved it on my own. This is in my Page_Load routine, where "DBAuthenticate()" is my method that returns the user ID if the stored procedure finds a match in the Users table for the UserName and Password values from the textboxes on the screen:

Code:
        if (IsPostBack)
        {
            int userID = DBAuthenticate();
            if (userID > 0)
            {
                string redirectUrl = "";
                string url = HttpContext.Current.Request.Url.ToString();
                string[] baseUrl = url.Split('/');
                for (int i = 0; i < baseUrl.Length-1; i++)
                {
                    redirectUrl += baseUrl[i] + "/";
                }
               // FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); // won't allow QueryString
                FormsAuthentication.SetAuthCookie(txtUser.Text, false);
                Response.Redirect(redirectUrl + "Default.aspx?UserID=" + userID); // ViewState doesn't persist to Default.aspx
            }
        }
HTH, Tom
 

Last edited by navyjax2; 11-28-2011 at 05:21 PM..
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forms Authentication duplicating querystring parameters mohaaron@gmail.com ASP .Net 2 08-20-2008 07:28 PM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
How to get value of QueryString inside QueryString Mehdi ASP .Net 6 04-06-2006 03:41 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments