Link to home
Start Free TrialLog in
Avatar of taz8020
taz8020Flag for United Kingdom of Great Britain and Northern Ireland

asked on

asp.net custom Authentication

Hi I have build a class to create a user, block user and so on. That all works well. The reason i went down this route is we have over 10,000 customers and want to email them all with generated passwords. So we will set up all existing customers for our new site.

How do I set the user as Authenticated = true and username.
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.

So all I really want to do is set the username, userid, role and then mark the user as Authenticated when my class returns that the login in was a match.

This way i can use the code asp uses to log them out but can do what I need.

Hope this makes sense.
Avatar of esolve
esolve
Flag of South Africa image
The best option is to create a Custom Principal class which inherits from a Generic Principal. You can then set any additional properties on this and use the CustomPrincipal and CustomIdentity objects to authenticate the user using forms authentication:

Public Class CustomPrincipal
    Inherits System.Security.Principal.GenericPrincipal

    Private _eyeColor As String
    Public ReadOnly Property EyeColor As String
        Get
            Return _eyeColor
        End Get
    End Property

    Public Sub New(id As System.Security.Principal.Identity, roles As String(), eyeColor As String)
        MyBase.New(id, roles)
        _eyeColor = eyeColor            
    End Sub

End Class

Open in new window


Modify global.asax Global.Application_AuthenticateRequest to use your custom principal:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    ...
    Dim roles() As String = {"examplerole"}         
    Context.User = new CustomPrincipal(Context.User.Identity, roles, "green")
End Sub

Open in new window


You can access properties elsewhere in your code like this:
CType(My.User.CurrentPrincipal, CustomPrincipal).EyeColor

Open in new window


How to implement forms based authentication:
http://support.microsoft.com/kb/301240
Avatar of madgino
madgino
Flag of Romania image
Use FormsAuthentication class, see here a simple example:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.85).aspx
Avatar of taz8020
taz8020
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

on my custom form i dont have e.Authenticated = True how can i do this.
I would like to be able to set the membership but if not some how set Authenticated = True as i think it will work quite well then i can store the userid in a sesion varible.
Avatar of esolve
esolve
Flag of South Africa image
You need to create an identity object and assign it as the user to the current HttpContext object.
 
GenericIdentity i = new GenericIdentity("Username");
      GenericPrincipal principal = new GenericPrincipal(i, new string[]{"AdminRole"});

      HttpContext.Current.User = principal;

      if (Request.IsAuthenticated) 
      {
        Response.Write("Authenticated");
      }

Open in new window


You can then also save the pricipal as a session object should you wish.

HttpContext.Current.User = principal;
Session["_principal"] = principal

Open in new window

Avatar of madgino
madgino
Flag of Romania image
Check my example link:

If ((UserEmail.Text = "jchen@contoso.com") And _
            (UserPass.Text = "37Yj*99Ps")) Then
      FormsAuthentication.RedirectFromLoginPage _
           (UserEmail.Text, Persist.Checked)
    Else
      Msg.Text = "Invalid credentials. Please try again."
    End If
Avatar of Alan Warren
Alan Warren
Flag of Philippines image
Hi Taz,
Re:
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.
Wondering how you created users, if not the asp .net way?
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Alan
Avatar of taz8020
taz8020
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hi, no have created a new table very similar to asp.net but membership is not needed. So when someone logs on is gets all their details returned in a class. like

 Public Class UserDetails
        Public Property UserID As Guid
        Public Property UserName As String
        Public Property Email As String
        Public Property DOB As Date
        Public Property Tel As String
        Public Property Mobile As String
        Public Property LastActivityDate As Date
        Public Property LastLoginDate As Date

        Public Property TimeTaken As TimeSpan
        Public Property HadErrors As Boolean = False
        Public Property ErrorMessage As String = ""
    End Class

Open in new window

Was goint to put this in a session vaible but did not know if that was the best way. Thought i might be able to manually set HttpContext.Current.User = userid or the name and email. Plus my form does not have e As AuthenticateEventArgs so cannot set e.Authenticated = True
ASKER CERTIFIED SOLUTION
Avatar of madgino
madgino
Flag of Romania image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Alan Warren
Alan Warren
Flag of Philippines image
Hi Taz,
still wondering:
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Trying to establish if your class implements the asp .net membership server?

Respectfully yours,
Alan