Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 966
  • Last Modified:

Forms Authentication without redirect

I have authentication (username and password textboxes) on my homepage.  The user enters there username and password, and everything works correctly when I have this statement after I build my authentication ticket and cookie.

response.Redirect(FormsAuthentication.GetRedirectUrl(sUserName, False), False)

But since this isn't a login page but rather a homepage, I don't want to redirect.  If I comment out the response.redirect, and then ask If User.Identity.IsAuthenticated it says the user isn't.  Is there a way to get around having to redirect to get the user added to the authentication list??

Here is more of my authentication method

' Initialize FormsAuthentication (reads the configuration and gets
                ' the cookie values and encryption keys for the given application)
                FormsAuthentication.Initialize()

                If cbKeepLoggedIn.Checked Then
                    bKeepLoggedIn = True
                    dLogoutDate = Now.AddDays(8)
                End If

                ' Create a new ticket used for authentication
                Dim Ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, sUserName, _
                                              Now, dLogoutDate, bKeepLoggedIn, dt.Rows(0)("ROLE_CD").ToString, FormsAuthentication.FormsCookiePath)

                ' Hash the cookie for transport over the wire
                Dim hash As String = FormsAuthentication.Encrypt(Ticket)
                Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)

                If (Ticket.IsPersistent) Then
                    cookie.Expires = Ticket.Expiration
                End If

                ' Add the cookie to the list for outbound response
                response.Cookies.Add(cookie)

                'response.Redirect(FormsAuthentication.GetRedirectUrl(sUserName, False), False)
0
macros14
Asked:
macros14
  • 2
  • 2
1 Solution
 
mcgantsCommented:
If you just leave the response.redirect off, you can set the redirect URL, but not use it!
I have done this in one of my projects, it leaves the user logged in, but doesn't take them anywhere:

URL = FormsAuthentication.GetRedirectUrl(sUserName, False)

I'd recommend letting the user know they've logged in, but it should be as simple as that.

Cheers,
mcg
0
 
macros14Author Commented:
Doesn't work, I do like you say

FormsAuthentication.Initialize()

                If cbKeepLoggedIn.Checked Then
                    bKeepLoggedIn = True
                    dLogoutDate = Now.AddDays(8)
                End If

                ' Create a new ticket used for authentication
                Dim Ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, sUserName, _
                                              Now, dLogoutDate, bKeepLoggedIn, dt.Rows(0)("ROLE_CD").ToString, FormsAuthentication.FormsCookiePath)

                ' Hash the cookie for transport over the wire
                Dim hash As String = FormsAuthentication.Encrypt(Ticket)
                Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)

                If (Ticket.IsPersistent) Then
                    cookie.Expires = Ticket.Expiration
                End If

                ' Add the cookie to the list for outbound response
                response.Cookies.Add(cookie)

                Dim sURL As String = FormsAuthentication.GetRedirectUrl(sUserName, False)




The next thing I do is

If User.Identity.IsAuthenticated Then
                BuildAuthenticatedBox()
            End If

but it won't make it into the if statement because it says the isAuthenticated=false
0
 
macros14Author Commented:
I have found this formsauthentication.setauthcookie()

Which is suppose to do the same thing as redirect(authenticate the user) but it won't accept my created cookie but rather wants to build a new cookie which isn't what I want.
0
 
mcgantsCommented:
I think the problem is you need to do a postback between authenticating the user and checking if they've been authenticated. Normally you don't encounter the issue because you redirect (hence posting back).
You could get over it with something like this:

if page.ispostback then
  If User.Identity.IsAuthenticated Then
    BuildAuthenticatedBox()
  End If
else 'first time loaded
  'call your authentication method
end if

I think that should work.
hope this helps,
mcg
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now