LOGON API and persistent cookies (Windows and Form authentication)

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Ben Ong (ben.ong_at_natoil.com)
Date: 02/01/05 

Date: 1 Feb 2005 15:50:29 -0800

Hi i integrated windows and forms authentication on my apps. I created
a logon page and used the windows authentication instead of managing
the password and username myself. I can authenticate just fine, but
when i go to set a persistent cookie it(the app) doesnt seem to let me.
I have to always go through the login aspx file. All my code compiles
and runs correctly accept for the part when the persistent cookie is
suppose to be working. here's a snippet of my code:

// this is just sitting in my Login class. not under any method.
// it also allows me to authenticate through windows
[DllImport("C:\\WINDOWS\\System32\\advapi32.dll")]
public static extern bool
LogonUser(String lpszUsername,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
out int phToken);

// this validates the forms username and password

public bool validateUser(string uid,string pwd)
{
try
{
int token1;
bool loggedOn =
LogonUser(uid,"NOI",pwd,2,0,out token1);
IntPtr token2 = new IntPtr(token1);
WindowsIdentity wi =
new WindowsIdentity(token2);
WindowsPrincipal wp =
new WindowsPrincipal(wi);
HttpContext.Current.User = wp;
return true;
}
catch(Exception)
{
return false;
}
}
// this supposedly creates the persistent cookie

private void btnLogin_Click(object sender, System.EventArgs e)
{
/*
* Trace debugging
*/
Trace.Warn("LoginPage.btnLogin_Click(): Testing!");
Trace.Warn( "Logger: " + LOG.Logger.Name );
Trace.Warn( "Log debug: " + LOG.Logger.IsEnabledFor( Level.DEBUG ));
LOG.Info("Login.btnLogin_Click: Testing!");

if (validateUser(txtUsername.Text,txtPassword.Text))
{
// FormsAuthentication.RedirectFromLoginPage( txtUsername.Text,
true );

//
FormsAuthentication.SetAuthCookie(Context.User.Identity.Name,true);
// Response.Redirect("Default.aspx");
FormsAuthentication.SetAuthCookie(txtUsername.Text, true);
FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, true
);
}
else
{
msgLogin.Text = "Invalid Login.";
msgLogin.ForeColor = Color.Red;
msgLogin.ToolTip = "Username and password do not match.";
                        }
                }

Relevant Pages

  • RE: Adding a virtual FTP folder to IIS
    ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
    (microsoft.public.dotnet.framework)
  • Re: IIS Authentication page problem
    ... machines and behaves differently on Windows 2000 and Windows NT machines:(. ... The virtual directory is set to anonymous authentication ... >> Under the IE options I've Prompt for Username and Password is set. ...
    (microsoft.public.inetserver.iis)
  • Re: Windows NT Authentication
    ... >prompting you for Username, Password and Domain? ... >> Website authentication in Windows 2000 and I checked my ... >> The folder on IIS 5.0 has the following settings on the ...
    (microsoft.public.inetserver.iis)
  • Re: Im Friendly... Really...
    ... When a service uses Windows ... Authentication, it polls the PC you're logged in to to get the username & ... >>> Server based application hosted on the server in Network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)