Solved

asp.net custom Authentication

Posted on 2013-02-02
9
346 Views
Last Modified: 2013-02-20
Hi I have build a class to create a user, block user and so on. That all works well. The reason i went down this route is we have over 10,000 customers and want to email them all with generated passwords. So we will set up all existing customers for our new site.

How do I set the user as Authenticated = true and username.
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.

So all I really want to do is set the username, userid, role and then mark the user as Authenticated when my class returns that the login in was a match.

This way i can use the code asp uses to log them out but can do what I need.

Hope this makes sense.
0
Comment
Question by:taz8020
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:esolve
ID: 38847543
The best option is to create a Custom Principal class which inherits from a Generic Principal. You can then set any additional properties on this and use the CustomPrincipal and CustomIdentity objects to authenticate the user using forms authentication:

Public Class CustomPrincipal
    Inherits System.Security.Principal.GenericPrincipal

    Private _eyeColor As String
    Public ReadOnly Property EyeColor As String
        Get
            Return _eyeColor
        End Get
    End Property

    Public Sub New(id As System.Security.Principal.Identity, roles As String(), eyeColor As String)
        MyBase.New(id, roles)
        _eyeColor = eyeColor            
    End Sub

End Class

Open in new window


Modify global.asax Global.Application_AuthenticateRequest to use your custom principal:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    ...
    Dim roles() As String = {"examplerole"}         
    Context.User = new CustomPrincipal(Context.User.Identity, roles, "green")
End Sub

Open in new window


You can access properties elsewhere in your code like this:
CType(My.User.CurrentPrincipal, CustomPrincipal).EyeColor

Open in new window


How to implement forms based authentication:
http://support.microsoft.com/kb/301240
0
 
LVL 11

Expert Comment

by:madgino
ID: 38848509
Use FormsAuthentication class, see here a simple example:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.85).aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 38865788
on my custom form i dont have e.Authenticated = True how can i do this.
I would like to be able to set the membership but if not some how set Authenticated = True as i think it will work quite well then i can store the userid in a sesion varible.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:esolve
ID: 38867124
You need to create an identity object and assign it as the user to the current HttpContext object.
 
GenericIdentity i = new GenericIdentity("Username");
      GenericPrincipal principal = new GenericPrincipal(i, new string[]{"AdminRole"});

      HttpContext.Current.User = principal;

      if (Request.IsAuthenticated) 
      {
        Response.Write("Authenticated");
      }

Open in new window


You can then also save the pricipal as a session object should you wish.

HttpContext.Current.User = principal;
Session["_principal"] = principal

Open in new window

0
 
LVL 11

Expert Comment

by:madgino
ID: 38867162
Check my example link:

If ((UserEmail.Text = "jchen@contoso.com") And _
            (UserPass.Text = "37Yj*99Ps")) Then
      FormsAuthentication.RedirectFromLoginPage _
           (UserEmail.Text, Persist.Checked)
    Else
      Msg.Text = "Invalid credentials. Please try again."
    End If
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38872289
Hi Taz,
Re:
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.
Wondering how you created users, if not the asp .net way?
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Alan
0
 
LVL 3

Author Comment

by:taz8020
ID: 38881537
Hi, no have created a new table very similar to asp.net but membership is not needed. So when someone logs on is gets all their details returned in a class. like

 Public Class UserDetails
        Public Property UserID As Guid
        Public Property UserName As String
        Public Property Email As String
        Public Property DOB As Date
        Public Property Tel As String
        Public Property Mobile As String
        Public Property LastActivityDate As Date
        Public Property LastLoginDate As Date

        Public Property TimeTaken As TimeSpan
        Public Property HadErrors As Boolean = False
        Public Property ErrorMessage As String = ""
    End Class

Open in new window

Was goint to put this in a session vaible but did not know if that was the best way. Thought i might be able to manually set HttpContext.Current.User = userid or the name and email. Plus my form does not have e As AuthenticateEventArgs so cannot set e.Authenticated = True
0
 
LVL 11

Accepted Solution

by:
madgino earned 500 total points
ID: 38884496
The fact that you have to store user details somewhere has no direct relation with the authentication, you handle these separately.

For the authentication use
- for declaring user as authenticated
FormsAuthentication.RedirectFromLoginPage or
FormsAuthentication.SetAuthCookie

- for checking authentication
Request.IsAuthenticated

- for ending authentication
FormsAuthentication.SignOut

For these you only need an unique user identifier (username) to pass it as parameter.

To hold on more data about user use a class or variables that you can store in session (recommended) or in viewstate. You have to synchronize storage of this data with authentication process:
- when you use SetAuthCookie/RedirectFromLoginPage you also setup the user values in the session
- when you use SignOut you also call Session.Abandon() to delete the user details from session.


You use e.Authenticated if you use predefined login control from .NET instead of building your own form. Also storing user details in session is the correct way to do it.
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38884561
Hi Taz,
still wondering:
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Trying to establish if your class implements the asp .net membership server?

Respectfully yours,
Alan
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question