amillyard
asked on
asp.net / c# login page -- coordinating a session variable update against authenticated asp user
Development platform: c# asp.net 2.x, Visual Studio Pro utilising Web Developer, IIS6, SQL 2005 server.
Want to create a local session variable once a user has successfully logged in.
The login scripts are the standard simple asp.net login control, within its in own login.aspx page.
I have tried to insert the session variable update at the point of pressing the login button -- but the session variable is not being updated.
The session variable scripting is fine -- i.e. you can put that on another page and force (ie. hardcode) a value to be inserted into session variable (instead of checking the following asp.net variable : Page.User.Identity.Name at time of logging in).
Perhaps this is not picking up the user identity successfully because the log in page is still processing the request and the page still does not know that a user is authenticated at time of the session variable update being run.
Your thoughts are much apprieated on this.
Thank you in advance for your time and efforts with this enquiry.
Want to create a local session variable once a user has successfully logged in.
The login scripts are the standard simple asp.net login control, within its in own login.aspx page.
I have tried to insert the session variable update at the point of pressing the login button -- but the session variable is not being updated.
The session variable scripting is fine -- i.e. you can put that on another page and force (ie. hardcode) a value to be inserted into session variable (instead of checking the following asp.net variable : Page.User.Identity.Name at time of logging in).
Perhaps this is not picking up the user identity successfully because the log in page is still processing the request and the page still does not know that a user is authenticated at time of the session variable update being run.
Your thoughts are much apprieated on this.
Thank you in advance for your time and efforts with this enquiry.
You might also be interested in this
http://www.eggheadcafe.com/articles/20050703.asp
http://www.eggheadcafe.com/articles/20050703.asp
ASKER
Yes, I am using the form's authentication (internet-based, i.e. not windows)
IIS does have 'anonymous access' enabled ... but only the root directory is available. The other directories have been locked-down via asp.net security, to allow only authenticated users.
the reason the iis is set this way is so any user can at least get to see the initial login page (otherwise there is a windows style pop-up frame, requesting for a username and password to enter site.
under the normal circumstances -- this login page is working and authentication is working fine also -- its just that I am trying to update a session variable as soon as possible whena known logged in user credentials have been approved.
IIS does have 'anonymous access' enabled ... but only the root directory is available. The other directories have been locked-down via asp.net security, to allow only authenticated users.
the reason the iis is set this way is so any user can at least get to see the initial login page (otherwise there is a windows style pop-up frame, requesting for a username and password to enter site.
under the normal circumstances -- this login page is working and authentication is working fine also -- its just that I am trying to update a session variable as soon as possible whena known logged in user credentials have been approved.
I think once the user has been authenticated, you should take the username from the textbox and store it to the session. In my opinion using Page.User.Identity.Name would only return the windows identity or nothing when anonymous login is enabled.
ASKER
ok, noting that we are still talking the login.aspx page -- login form scripting (so if you drag and drop this control will essentially have the same as what I am using (except for cosmetic appearance !)
where do I intercept (before the page is then moved away from the login.aspx page) the process, and insert the update session scripting?
I tried the form login button (i.e. double-clicked on button to create a blank procedure) -- but I think this where I was going wrong, as this the code I am adding is most likely being processed to early by iis. Is there another opportunity to place the code before page moves away?
where do I intercept (before the page is then moved away from the login.aspx page) the process, and insert the update session scripting?
I tried the form login button (i.e. double-clicked on button to create a blank procedure) -- but I think this where I was going wrong, as this the code I am adding is most likely being processed to early by iis. Is there another opportunity to place the code before page moves away?
ASKER
have thought some more on what you were saying about using the textbox field variable... that will work as well .. irrespective if the user is authenticated or not... as if not authenticated, the user has to keep updating that text box field until allowed through login stage -- which means that even if the genuine authenication happens slightly after the session variable has been updated -- the timing is slightly irrelevant due to this only being a local session variable (i.e. unique to the web user). if we were updating an application variable -- this process would not be recommended I suspect as a global variable on the iis server.
will give this a go now.
...but I would still like to know if there is a 'last minute' option still to action code before a page changes to the next web-page.
will give this a go now.
...but I would still like to know if there is a 'last minute' option still to action code before a page changes to the next web-page.
ASKER
I am getting the following error as follows:
The name 'UserName' does not exist in the current context
how do I modify the below script to be able to read the textbox variable? (this is the standard login control)
protected void LoginButton_Click(object sender, EventArgs e)
{
if (UserName.Text == "abc")
{
}
}
The name 'UserName' does not exist in the current context
how do I modify the below script to be able to read the textbox variable? (this is the standard login control)
protected void LoginButton_Click(object sender, EventArgs e)
{
if (UserName.Text == "abc")
{
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In IIS have you enabled anonymous access?