DexterJones
asked on
HttpContext.Current.User problem
Hi,
Please kindly assist how come I get redirected to login.aspx even though I'm authenticated?
Thanks.
Login.aspx
Login_click
.....user successfully authenticated to ms sql database
cmd.ExecuteNonQuery()
Dim returnaccessvalue As String = cmd.Parameters("@RETURN_VA LUE").Valu e
returnaccessvalue = cmd.Parameters("@RETURN_VA LUE").Valu e
FormsAuthentication.SetAut hCookie(tx tusername. Text, False)
HttpContext.Current.User = New System.Security.Principal. GenericPri ncipal(New System.Security.Principal. GenericIde ntity(txtu sername.Te xt), New String() {"21"})
response.redirect("admin.a spx")
admin.aspx
page_load
If Me.User.IsInRole("21") Then
'role accepted
Else
System.Web.Security.FormsA uthenticat ion.SignOu t()
Response.Redirect("../Logi n.aspx")
End If
Thanks.
Please kindly assist how come I get redirected to login.aspx even though I'm authenticated?
Thanks.
Login.aspx
Login_click
.....user successfully authenticated to ms sql database
cmd.ExecuteNonQuery()
Dim returnaccessvalue As String = cmd.Parameters("@RETURN_VA
returnaccessvalue = cmd.Parameters("@RETURN_VA
FormsAuthentication.SetAut
HttpContext.Current.User = New System.Security.Principal.
response.redirect("admin.a
admin.aspx
page_load
If Me.User.IsInRole("21") Then
'role accepted
Else
System.Web.Security.FormsA
Response.Redirect("../Logi
End If
Thanks.
ASKER
strickdd,
I found new info, when I check
if Me.User.IsInRole("21") then
on the login page it returnes true. but it returned false on other pages, what could be happening?
Thanks.
I found new info, when I check
if Me.User.IsInRole("21") then
on the login page it returnes true. but it returned false on other pages, what could be happening?
Thanks.
The object is not being passed from one page to another. You have to pass the User object to the next page which is why I recommended a session variable. It just has to be cast as a User type object when you want to use it on the next page.
ASKER
strickdd,
Can you kindly assist in code how can we use an encrytped cookie? I've been reading left and right on the net, sadly i'm lost on how to implement this.
Thanks.
This is the code I have been working with still no luck on the encrypted cookie to be used for passing from one page to another.
Login.aspx
Login_click
.....user successfully authenticated to ms sql database
cmd.ExecuteNonQuery()
Dim returnaccessvalue As String = cmd.Parameters("@RETURN_VA LUE").Valu e
returnaccessvalue = cmd.Parameters("@RETURN_VA LUE").Valu e
FormsAuthentication.SetAut hCookie(tx tusername. Text, False)
HttpContext.Current.User = New System.Security.Principal. GenericPri ncipal(New System.Security.Principal. GenericIde ntity(txtu sername.Te xt), New String() {"21"})
Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket( 1, _
txtusername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30 ), False, returnaccessvalue, _
FormsAuthentication.FormsC ookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentica tion.Forms CookieName , _
FormsAuthentication.Encryp t(fat)))
Response.Redirect(FormsAut henticatio n.GetRedir ectUrl(txt username.T ext, False)) <----what does this one do?
if me.user.isinrole("21") then
response.redirect("admin.a spx")
elseif me.user.isinrole("22") then
response.redirect("power.a spx")
elseif me.user.isinrole("23") then
response.redirect("standar d.aspx")
Thanks.
Can you kindly assist in code how can we use an encrytped cookie? I've been reading left and right on the net, sadly i'm lost on how to implement this.
Thanks.
This is the code I have been working with still no luck on the encrypted cookie to be used for passing from one page to another.
Login.aspx
Login_click
.....user successfully authenticated to ms sql database
cmd.ExecuteNonQuery()
Dim returnaccessvalue As String = cmd.Parameters("@RETURN_VA
returnaccessvalue = cmd.Parameters("@RETURN_VA
FormsAuthentication.SetAut
HttpContext.Current.User = New System.Security.Principal.
Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(
txtusername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30
FormsAuthentication.FormsC
Response.Cookies.Add(New HttpCookie(FormsAuthentica
FormsAuthentication.Encryp
Response.Redirect(FormsAut
if me.user.isinrole("21") then
response.redirect("admin.a
elseif me.user.isinrole("22") then
response.redirect("power.a
elseif me.user.isinrole("23") then
response.redirect("standar
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
strickdd,
Thanks so much for the info, Got a question for ya, how can we increase the time a session variable times out?
Thanks.
Thanks so much for the info, Got a question for ya, how can we increase the time a session variable times out?
Thanks.
Dexter,
Session.Timeout = 5 '5 minute timeout
If it is working please give all the points to strickdd. I am just helping out while he is most probably asleep ;)
Session.Timeout = 5 '5 minute timeout
If it is working please give all the points to strickdd. I am just helping out while he is most probably asleep ;)
The easiest way to manage sessions is through the web.config file. You can do the Session.Timeout = x, but then you have to recompile the project if you need to change the session.
In the web.config there should be a section like this:
<sessionState
mode="InProc"
stateConnectionString="tcp ip=127.0.0 .1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_C onnection= yes"
cookieless="false"
timeout="20"
/>
Just change the "timeout="20"" to be the length of time you want to give. Note the default is always 20 minutes.
In the web.config there should be a section like this:
<sessionState
mode="InProc"
stateConnectionString="tcp
sqlConnectionString="data source=127.0.0.1;Trusted_C
cookieless="false"
timeout="20"
/>
Just change the "timeout="20"" to be the length of time you want to give. Note the default is always 20 minutes.
ASKER
strickdd,
Amazing, one last question, which is better?
form auth with session as role
or
session role only
Thanks.
Amazing, one last question, which is better?
form auth with session as role
or
session role only
Thanks.
I'm not quite sure what you mean by that. Example code would help if possible.
ASKER
is it more secure to use form auth and session variable for role or session variable for role is more secure?
user login/password is authenticated using database.
user login/password is authenticated using database.
ASKER
I mean if the combination of form auth and session variable is more secure versus
using session variables only
using session variables only
In the code behind for the login form, you can just use the user object. To get the user object to the next page, use the session variable. does that answer your question?
HttpContext.Current.User = New System.Security.Principal.
You never create a variable try a Session variable:
HttpContext.Current.User VARIABLE = New System.Security.Principal.
Session("user") = VARIABLE
admin.aspx
page_load
HttpContext.Current.User VARIABLE = Session("user")
If VARIABLE.IsInRole("21") Then
'role accepted
Else
System.Web.Security.FormsA
Response.Redirect("../Logi
End If