Re: HOW TO: Setting Up Forms Authentication

From: VB Programmer (growNO-SPAM_at_go-intech.com)
Date: 08/07/03 

Date: Thu, 7 Aug 2003 11:33:43 -0400

Cool. That's basically what I did.

1. What defines where the custom cookie is stored? I used to see the
default cookie in "C:\Documents and Settings\Administrator\Cookies", but now
I can't find my custom cookie?

2. How do I retrieve the roles that are stored in UserData (ticket)?

3. What is a common reason why you would access this in
Application_AuthenticateRequest? This seems to work with no code in
Application_AuthenticateRequest.

You're a great resource! Thanks.

"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:OxXoyRPXDHA.3248@tk2msftngp13.phx.gbl...
> "VB Programmer" <growNO-SPAM@go-intech.com> wrote in message
> news:%23yM8NLPXDHA.388@TK2MSFTNGP10.phx.gbl...
> > Should I put that code in my login form or global.asax.vb?
>
> I suggest you put the database code into Login, save the resultant roles
> into the UserData of the Forms Authentication Ticket, and retrieve them in
> Application_AuthenticateRequest.
>
> >
> > "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> > news:u12tQvFXDHA.1896@TK2MSFTNGP12.phx.gbl...
> > > "VB Programmer" <growNO-SPAM@go-intech.com> wrote in message
> > > news:eO9%23dmFXDHA.2312@TK2MSFTNGP10.phx.gbl...
> > > > To use forms authentication...
> > > >
> > > ...
> > > > 3. Global.asax.vb
> > > > First add imports statement "Imports System.Security.Principal"
> > > >
> > > > Then...
> > > > Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal
> e
> > As
> > > > EventArgs)
> > > > ' Fires upon attempting to authenticate the use
> > > > If Request.IsAuthenticated Then
> > > > ' Get the user's role
> > > > Dim cnnMyConnection As SqlConnection = New
> > > > SqlConnection(ConfigurationSettings.AppSettings("MyDsnString"))
> > > > Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah
> > FROM
> > > > blah WHERE blah", cnnMyConnection)
> > > > Dim drUsers As SqlDataReader
> > > >
> > > > cnnMyConnection.Open()
> > > > drUsers = cmdMyCmd.ExecuteReader
> > > >
> > > > While drUsers.Read
> > > > Select Case drUsers.GetValue(1)
> > > > Case 0 ' guest (read only)
> > > > Dim arrRoles() As String = {"guest"}
> > > > Context.User = New
> > > > System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
> > > > Case 1 ' user (start/stop engines)
> > > > Dim arrRoles() As String = {"guest", "user"}
> > > > Context.User = New
> > > > System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
> > > > Case 2 ' admin (everything)
> > > > Dim arrRoles() As String = {"guest", "user",
> > > > "admin"}
> > > > Context.User = New
> > > > System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
> > > > End Select
> > > > End While
> > > >
> > > > cnnMyConnection .Close()
> > > >
> > > > 'If Context.User.IsInRole("guest") Then
> > Response.Write("GUEST
> > > "
> > > > & Context.User.Identity.Name)
> > > > End If
> > > > End Sub
> > > >
> > > >
> > >
> > > Your code will work fine, and will run on every request made to a page
> in
> > > your web application. That's a lot of database work.
> > >
> > > I suggest you put the database code into Login, save the resultant
roles
> > in
> > > the UserData of the Forms Authentication Ticket, and retrieve them in
> > > Application_AuthenticateRequest.
> > > --
> > > John Saunders
> > > Internet Engineer
> > > john.saunders@surfcontrol.com
> > >
> > >
> >
> >
>
>

Quantcast