Solved

How do I create a VB backcoding session variable from a Login control in Visual Web Developer 2008?

Posted on 2010-09-07
10
499 Views
Last Modified: 2012-05-10
I want to create a VB backcoding session variable called 'UserName' from the UserName box on the Login control in Visual Web Developer 2008. However, whenever I create a sub (blank with no code) the login credentials are rejected. There doesn't even have to be any code---if a sub simply exists in the backcoding, then the login rejects---if I comment everything out, the login accepts. I need to be able to carry the UserName over to the Default.aspx page. How do I do this? Thanks.....
0
Comment
Question by:jazjef
  • 5
  • 3
  • 2
10 Comments
 
LVL 8

Accepted Solution

by:
Yiogi earned 400 total points
ID: 33623452
What kind of authentication are you using? If you are using forms authentication then you can get the username from the context.

HttpContext.Current.User.Identity.Name
0
 
LVL 4

Author Comment

by:jazjef
ID: 33623575
forms authentication is what I am using..... your suggestion seems to work, but every page I have dumps the session variable once it's set. When my login and pass was hardcoded my entire application ran fine. Now that I start putting in users with the asp.net configuration/manager tool and start using the login controls nothing works; session variables evaporate from page to page.
0
 
LVL 9

Expert Comment

by:richard_hughes
ID: 33627506
Hello jazjef

Could you give us an example of how you are using the Session variable?

Thank you very much,

Richard Hughes
0
 
LVL 4

Author Comment

by:jazjef
ID: 33630385
It's a hardcoded login using a couple of textboxes and a session variable.

        If TextBox1.Text = "UserLogName" And TextBox2.Text = "MyPassword" Then
            Session("Authenticate") = "YES"
            Session("UserName") = TextBox1.Text
            Response.Redirect("HomePage.aspx")
        Else
            '_____wrong login
            Response.Redirect("TryAgain.aspx")
            Exit Sub
        End If

What I really want is to use the 'login' control---it will allow me to set up user accounts etc. When I add it I can't set the session.authenticate to 'yes' and the username session variable does not persist when going to the home page. I guess it's just bad design on my part... and lack of know-how with login credentials etc.
0
 
LVL 9

Assisted Solution

by:richard_hughes
richard_hughes earned 100 total points
ID: 33631054
OK

I think you will benifit from having a look at the following links:

http://www.asp.net/general/videos/login-controls
http://www.4guysfromrolla.com/articles/120705-1.aspx
http://www.asp101.com/samples/login_aspx.asp

Let us know if they help!

Thanks,

Richard Hughes
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 8

Expert Comment

by:Yiogi
ID: 33643000
Take a look at this please:
http://support.microsoft.com/kb/308157

You should NOT use session variables to keep whether the user is logged on or not. You should set an authentication ticket. The way you are doing it is not forms authentication. It's what people used a decade ago! And I would certainly never use that in an application today.
0
 
LVL 4

Author Comment

by:jazjef
ID: 33643519
Yiogi:
Isn't this what the aspnet mdf and the Website Configuration Tool are for?..... to allow you so set up user credentials in a database and authenticate against it? This is what I am trying to do..... I'm adding a Login Control and the aspnet mdf to my application and removing the hardcoded session variables as authentication.

The question I posted merely asks why the UserName session variable won't pass on after the Login Control does it's thing......it's not about using the session variable to authenticate. I agree that's a bad idea.

(I only used session variables while I was building the application on my local machine---I always intended on adding the authentication using the aspnet mdf and the Web Config Tool.)

0
 
LVL 4

Author Comment

by:jazjef
ID: 33643529
Oh..... I see what you mean now Yiogi; you are talking about how I set the session authenticate = YES after the authentication occurs.... I'm still holding the session open with a session variable and not an authentication ticket. So, my authentication is good but the means that I am using to hold the session open is bad.... correct?
0
 
LVL 8

Expert Comment

by:Yiogi
ID: 33651779
Yes jazjef. You should not have to use session variables to keep if the user is authenticated. For that you have HttpContext.Current.User.Identity.IsAuthenticated. You can also get the username from HttpContext.Current.User.Identity.Name as indicated in my first post.

Should you need to store anything else that is not provided I recommend to keep it in the authentication ticket cookie that you create. And not in a session variable. Look at the sample code from the Microsoft article link I provided earlier. You can specify custom data inside the cookie.



     tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now(), _

dateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")

      cookiestr = FormsAuthentication.Encrypt(tkt)

      ck = new HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)

      if (chkPersistCookie.Checked) then ck.Expires=tkt.Expiration 

      ck.Path = FormsAuthentication.FormsCookiePath() 

      Response.Cookies.Add(ck)

Open in new window

0
 
LVL 4

Author Closing Comment

by:jazjef
ID: 33686167
Thanks Yiogi for teaching me about the advanced authentication I need to learn/pursue.

Thanks Richard for the 4guysfromrolla resource; very helpful.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now