Re: Forms Authentication without Login Page
From: Brad (nospam_at_co.lane.or.us)
Date: 12/22/03
- Next message: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Previous message: Rene R?hle: "Free Buffer Overflow Protection Software for Windows 2000/XP/2003 Systems"
- In reply to: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Next in thread: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Reply: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Dec 2003 08:04:22 -0800
In my login control I set the authentication ticket and then immediately
issue a Response.Redirect(Request.Url.AbsoluteUri)
This forces the page to redirect back to itself and on *that* request the
Request.IsAuthenticated will be true for the entire request context.
Brad
"Paul Hodgson" <abc@xyz.com> wrote in message
news:ugbyZRmxDHA.2136@TK2MSFTNGP10.phx.gbl...
> Thanks Brad! That's very useful and *almost* does what I want. The only
> problem is that by doing it that way,
> the authentication seems to be delayed by one page view: In other words,
I
> hit Login in my login control. The code works, and my login control calls
> FormsAuthentication.SetAuthCookie() from the Page_Load() function. The
> trouble is, by that point it's too late: Lots of my other controls have
> already executed Page_Load, displaying their contents on the assumption
that
> we are not logged in. Even worse, even *after* calling SetAuthCookie(),
> my login control still doesn't seem to realise that it's now logged in.
> Request.IsAuthenticated still returns false. I'm guessing it's dependent
on
> having actually read in the cookie from the request. Of course if I hit
> Refresh in the browser, or click on a link to go to another page, then it
> all works.
>
> Is there any way to make sure that the action of servicing any login
request
> is the first thing the page does, before any of the controls on the page
> execute Page_Load()? (I guess if I can do that, I can at least then set
some
> static member of some class to say that we are now authenticated, to get
> round the problem that Request.Authenticated is returning false).
>
> Paul
>
> --
> "Brad" <nospam@co.lane.or.us> wrote in message
> news:%23NGWjSlxDHA.540@tk2msftngp13.phx.gbl...
> > If I read your questions correctly, the quick answer is yes, you can do
> > exactly want your asking.
> > All you have to do is create the forms authentication ticket yourself
when
> > the user logs in using your login dialog.
> >
> > Here's an example of what you'd need to do:
> >
> > Create a web user control which contains your sign-in dialog; a couple
of
> > text boxes for name and password and perhaps a result label to display
if
> > the login was incorrect. Code behind for this control would validate
the
> > user and password, i.e. check them against a database. Then the code
sets
> > the authentication cookie. i.e (very simple).
> > FormsAuthentication.SetAuthCookie(UserName.Text, False)
> >
> > Include above web control in your page(s). Obviously you don't want to
> show
> > this login dialog if they are already logged in so you can just put code
> in
> > the above user control to hide itself or in the page(s) to hide the
> control.
> > i.e. (in the above user control)
> > Me.Visible = Request.IsAuthenticated = False
> >
> > As for what you show in your pages you can simply test like the
following
> > If Request.IsAuthenticated Then
> > ' do stuff to show my authorized content
> > Else
> > ' do stuff to show my unauthorized content
> > End If
> >
> > Some references on this.
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT03.asp
> >
> >
> > Hope this helps some
> >
> >
> > Brad
> >
> >
> >
> > "Paul Hodgson" <abc@xyz.com> wrote in message
> > news:e4ccSfkxDHA.2464@TK2MSFTNGP12.phx.gbl...
> > > Is there any way to log someone in using Forms authentication
*without*
> > > using RedirectFromLoginPage()?
> > >
> > > My reason for asking is that I'm trying to use Forms Authentication to
> > allow
> > > users to login to a site, but I keep coming up against the problem
that
> > all
> > > the MS examples show using a Login page that users are redirected to
if
> > they
> > > try to access a protected page. Trouble is - our site doesn't really
> have
> > > protected pages. Any page is accessible to anyone - but if you're not
> > logged
> > > in then the page will show different information from what it will
show
> if
> > > you are logged in. Also, we don't want a separate login page, instead
we
> > > want users to be able to login inline with small forms inside other
> pages.
> > >
> > > What this means I think is that I need to be able to do the following
> > > whenever a page is loaded:
> > > 1. Check explicitly if the user has been logged in using Forms
> > > Authentication so the code can decide what to display.
> > > 2. If appropriate, explicitly log the user in but without redirecting
to
> > > anywhere else (if the user has just posted back to the page by filling
> in
> > a
> > > Login form).
> > >
> > > Any pointers on how to do that appreciated :-)
> > >
> > >
> >
> >
>
>
>
- Next message: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Previous message: Rene R?hle: "Free Buffer Overflow Protection Software for Windows 2000/XP/2003 Systems"
- In reply to: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Next in thread: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Reply: Paul Hodgson: "Re: Forms Authentication without Login Page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
