Solved

asp.net custom Authentication

Posted on 2013-02-02
9
342 Views
Last Modified: 2013-02-20
Hi I have build a class to create a user, block user and so on. That all works well. The reason i went down this route is we have over 10,000 customers and want to email them all with generated passwords. So we will set up all existing customers for our new site.

How do I set the user as Authenticated = true and username.
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.

So all I really want to do is set the username, userid, role and then mark the user as Authenticated when my class returns that the login in was a match.

This way i can use the code asp uses to log them out but can do what I need.

Hope this makes sense.
0
Comment
Question by:taz8020
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:esolve
ID: 38847543
The best option is to create a Custom Principal class which inherits from a Generic Principal. You can then set any additional properties on this and use the CustomPrincipal and CustomIdentity objects to authenticate the user using forms authentication:

Public Class CustomPrincipal
    Inherits System.Security.Principal.GenericPrincipal

    Private _eyeColor As String
    Public ReadOnly Property EyeColor As String
        Get
            Return _eyeColor
        End Get
    End Property

    Public Sub New(id As System.Security.Principal.Identity, roles As String(), eyeColor As String)
        MyBase.New(id, roles)
        _eyeColor = eyeColor            
    End Sub

End Class

Open in new window


Modify global.asax Global.Application_AuthenticateRequest to use your custom principal:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    ...
    Dim roles() As String = {"examplerole"}         
    Context.User = new CustomPrincipal(Context.User.Identity, roles, "green")
End Sub

Open in new window


You can access properties elsewhere in your code like this:
CType(My.User.CurrentPrincipal, CustomPrincipal).EyeColor

Open in new window


How to implement forms based authentication:
http://support.microsoft.com/kb/301240
0
 
LVL 11

Expert Comment

by:madgino
ID: 38848509
Use FormsAuthentication class, see here a simple example:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.85).aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 38865788
on my custom form i dont have e.Authenticated = True how can i do this.
I would like to be able to set the membership but if not some how set Authenticated = True as i think it will work quite well then i can store the userid in a sesion varible.
0
 
LVL 6

Expert Comment

by:esolve
ID: 38867124
You need to create an identity object and assign it as the user to the current HttpContext object.
 
GenericIdentity i = new GenericIdentity("Username");
      GenericPrincipal principal = new GenericPrincipal(i, new string[]{"AdminRole"});

      HttpContext.Current.User = principal;

      if (Request.IsAuthenticated) 
      {
        Response.Write("Authenticated");
      }

Open in new window


You can then also save the pricipal as a session object should you wish.

HttpContext.Current.User = principal;
Session["_principal"] = principal

Open in new window

0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 11

Expert Comment

by:madgino
ID: 38867162
Check my example link:

If ((UserEmail.Text = "jchen@contoso.com") And _
            (UserPass.Text = "37Yj*99Ps")) Then
      FormsAuthentication.RedirectFromLoginPage _
           (UserEmail.Text, Persist.Checked)
    Else
      Msg.Text = "Invalid credentials. Please try again."
    End If
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38872289
Hi Taz,
Re:
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.
Wondering how you created users, if not the asp .net way?
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Alan
0
 
LVL 3

Author Comment

by:taz8020
ID: 38881537
Hi, no have created a new table very similar to asp.net but membership is not needed. So when someone logs on is gets all their details returned in a class. like

 Public Class UserDetails
        Public Property UserID As Guid
        Public Property UserName As String
        Public Property Email As String
        Public Property DOB As Date
        Public Property Tel As String
        Public Property Mobile As String
        Public Property LastActivityDate As Date
        Public Property LastLoginDate As Date

        Public Property TimeTaken As TimeSpan
        Public Property HadErrors As Boolean = False
        Public Property ErrorMessage As String = ""
    End Class

Open in new window

Was goint to put this in a session vaible but did not know if that was the best way. Thought i might be able to manually set HttpContext.Current.User = userid or the name and email. Plus my form does not have e As AuthenticateEventArgs so cannot set e.Authenticated = True
0
 
LVL 11

Accepted Solution

by:
madgino earned 500 total points
ID: 38884496
The fact that you have to store user details somewhere has no direct relation with the authentication, you handle these separately.

For the authentication use
- for declaring user as authenticated
FormsAuthentication.RedirectFromLoginPage or
FormsAuthentication.SetAuthCookie

- for checking authentication
Request.IsAuthenticated

- for ending authentication
FormsAuthentication.SignOut

For these you only need an unique user identifier (username) to pass it as parameter.

To hold on more data about user use a class or variables that you can store in session (recommended) or in viewstate. You have to synchronize storage of this data with authentication process:
- when you use SetAuthCookie/RedirectFromLoginPage you also setup the user values in the session
- when you use SignOut you also call Session.Abandon() to delete the user details from session.


You use e.Authenticated if you use predefined login control from .NET instead of building your own form. Also storing user details in session is the correct way to do it.
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38884561
Hi Taz,
still wondering:
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Trying to establish if your class implements the asp .net membership server?

Respectfully yours,
Alan
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now