Re: Forms Authentication in ASP.NET 2.0
- From: "Peter Bradley" <pbradley@xxxxxxxxxx>
- Date: Thu, 17 May 2007 13:53:38 +0100
"Alexey Smirnov" <alexey.smirnov@xxxxxxxxx> wrote in message
news:ecC5yqHmHHA.3280@xxxxxxxxxxxxxxxxxxxxxxx
Hi Peter
design you own login.aspx page
On submit event add the following code
------------------------------
if UserName and Password were correct
// Initialize FormsAuthentication
FormsAuthentication.Initialize();
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
UserName, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMonths(1), // Date/time to expire
true, // "true" for a persistent user cookie
UserRoles, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested homepage
Response.Redirect("/");
------------------------------
That's pretty much all you need for the Forms Authentication without using
the groups.
Hi Alexey,
Thanks for that. This is pretty much what we do now as far as the login
page is concerned. We then add attributes to the classes and methods to
which we wish to restrict access, specifying that the user must be logged in
and a member of the appropriate role in order to execute the code in that
method or access an object of that class (depending on requirements). This
causes an authentication request event to be raised, which is handled in
Global.asax.cs in the Application_AuthenticateRequest() event handler. This
handler fetches the authentication cookie and creates a
FormsAuthenticationTicket to which is assigned the decrypted cookie value.
We then extract the user's roles from that and create a new GenericIdentity
passing in the FormsAuthenticationTicket. Finally, we create a new
GenericPrincipal object passing in the GenericIdentity and the roles.
Lastly, we assign the GenericPrincipal to the user in the current context.
My question, really, is where do we now put this code? Where are
AuthenticateRequest events handled?
Peter
.
- Follow-Ups:
- Re: Forms Authentication in ASP.NET 2.0
- From: Alexey Smirnov
- Re: Forms Authentication in ASP.NET 2.0
- References:
- Forms Authentication in ASP.NET 2.0
- From: Peter Bradley
- Re: Forms Authentication in ASP.NET 2.0
- From: Alexey Smirnov
- Forms Authentication in ASP.NET 2.0
- Prev by Date: Re: Setting value of user control from its containing page.
- Next by Date: Re: custom paging w/ dynamic fields
- Previous by thread: Re: Forms Authentication in ASP.NET 2.0
- Next by thread: Re: Forms Authentication in ASP.NET 2.0
- Index(es):
Relevant Pages
|
Loading
