Re: FormsAuthentication Cookie
- From: rn5a@xxxxxxxxxxxxxx
- Date: 29 Sep 2006 02:02:55 -0700
I got your point but have encountered another problem. Keeping the
web.config file shown in post #1 as it is, I am adding the following
setting so that any user can access HomePage.aspx:
<location path="HomePage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Suppose a user comes to HomePage.aspx. From the home page, he tries to
navigate to another ASPX page, say, MyPage.aspx by clicking a link in
the home page. But the web.config file redirects the user to
Login.aspx. Assuming that the user has been validated successfully, he
is then directed to MyPage.aspx. Also assume that the username of the
user is bobby. When this user finally goes to MyPage.aspx, I want to
display a welcome message to him with his username i.e. MyPage.aspx
should display 'Welcome bobby'. To get the username in MyPage.aspx, I
am using the Name & Value properties of the HttpCookie object in
Login.aspx. This is the code in Login.aspx:
Sub LoginUser(obj As Object, ea As EventArgs)
'after successful login
Dim hCookie As HttpCookie
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, True)
hCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, True)
hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Text
hCookie.Expires = DateTime.Now.AddMinutes(2)
Response.Cookies.Add(hCookie)
End Sub
This is the simple code in MyPage.aspx:
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
lblMessage.Text = "Welcome " & Request.Cookies("MyCookie").Value
End Sub
When this user finally comes to MyPage.aspx, he is shown the message
Welcome bobby
Note that in Login.aspx, I have set the cookie to expire after 2
minutes which means that the user sees the welcome message along with
his username if he closes the browser he used to login & opens a new
browser within the next 2 minutes. But when I go to the Temporary
Internet Files folder & click the cookie, I find that the cookie has
been set to expire after 30 minutes though I have set it to expire
after 2 minutes. Why so?
What I found is if I get rid of the lines
hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Text
in Login.aspx, then the cookie gets set to expire after 2 minutes in
the Temporary Internet Files folder but if I get rid of these 2 lines
in Login.aspx, how do I retrieve the username of the user in
MyPage.aspx?
Also is there any way by which MyPage.aspx can access the first
parameter of the methods RedirectFromLoginPage & GetAuthCookie (which
is txtUserName.Text in this case)? If no, then what's the use of the
first parameter in the methods RedirectFromLoginPage & GetAuthCookie?
Y2KPRABU wrote:
storing in cookies etc is taken care by asp.net .
dont add it explicitly.
but if you want to make it persistent.
as u had said use another cookie with diff name to make it persistent
--
Y2KPRABU, MCP, INDIA
WEB APPS
"rn5a@xxxxxxxxxxxxxx" wrote:
A web.config file has the following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="NETConnectCookie" loginUrl="Login.aspx">
<credentials passwordFormat="SHA1"/>
</forms>
</authentication>
</system.web>
<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Assuming that the local m/c does not have the cookie named
NETConnectCookie, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.
When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):
<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
True)
Response.Cookies("NETConnectCookie")("UserName") =
txtUserName.Text
End Sub
</script>
This does create the persistent cookie named NETConnectCookie which
when opened, also shows the text 'UserName=bobby' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Products.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookies line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.
There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCookie is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:
<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write("Welcome " &
Request.Cookies("NETConnectCookie")("UserName"))
End Sub
</script>
If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.
Response.Cookies("Details")("UserName") = txtUserName.Text
& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message
Welcome bobby
But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:
Object reference not set to an instance of an object.
pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby'! Why?
What's the difference between a normal cookie & a cookie created by the
FormsAuthentication object?
.
- Prev by Date: Re: This is a basic overall question. Please note I am new
- Next by Date: Re: How to debug a web appplication?
- Previous by thread: Gridview and ObjectDataSource with Custom object : update problem
- Next by thread: Re: How to debug a web appplication?
- Index(es):
Relevant Pages
|
|
