Solved

asp.net custom Authentication

Posted on 2013-02-02
9
329 Views
Last Modified: 2013-02-20
Hi I have build a class to create a user, block user and so on. That all works well. The reason i went down this route is we have over 10,000 customers and want to email them all with generated passwords. So we will set up all existing customers for our new site.

How do I set the user as Authenticated = true and username.
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.

So all I really want to do is set the username, userid, role and then mark the user as Authenticated when my class returns that the login in was a match.

This way i can use the code asp uses to log them out but can do what I need.

Hope this makes sense.
0
Comment
Question by:taz8020
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:esolve
ID: 38847543
The best option is to create a Custom Principal class which inherits from a Generic Principal. You can then set any additional properties on this and use the CustomPrincipal and CustomIdentity objects to authenticate the user using forms authentication:

Public Class CustomPrincipal
    Inherits System.Security.Principal.GenericPrincipal

    Private _eyeColor As String
    Public ReadOnly Property EyeColor As String
        Get
            Return _eyeColor
        End Get
    End Property

    Public Sub New(id As System.Security.Principal.Identity, roles As String(), eyeColor As String)
        MyBase.New(id, roles)
        _eyeColor = eyeColor            
    End Sub

End Class

Open in new window


Modify global.asax Global.Application_AuthenticateRequest to use your custom principal:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    ...
    Dim roles() As String = {"examplerole"}         
    Context.User = new CustomPrincipal(Context.User.Identity, roles, "green")
End Sub

Open in new window


You can access properties elsewhere in your code like this:
CType(My.User.CurrentPrincipal, CustomPrincipal).EyeColor

Open in new window


How to implement forms based authentication:
http://support.microsoft.com/kb/301240
0
 
LVL 11

Expert Comment

by:madgino
ID: 38848509
Use FormsAuthentication class, see here a simple example:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.85).aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 38865788
on my custom form i dont have e.Authenticated = True how can i do this.
I would like to be able to set the membership but if not some how set Authenticated = True as i think it will work quite well then i can store the userid in a sesion varible.
0
 
LVL 6

Expert Comment

by:esolve
ID: 38867124
You need to create an identity object and assign it as the user to the current HttpContext object.
 
GenericIdentity i = new GenericIdentity("Username");
      GenericPrincipal principal = new GenericPrincipal(i, new string[]{"AdminRole"});

      HttpContext.Current.User = principal;

      if (Request.IsAuthenticated) 
      {
        Response.Write("Authenticated");
      }

Open in new window


You can then also save the pricipal as a session object should you wish.

HttpContext.Current.User = principal;
Session["_principal"] = principal

Open in new window

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Expert Comment

by:madgino
ID: 38867162
Check my example link:

If ((UserEmail.Text = "jchen@contoso.com") And _
            (UserPass.Text = "37Yj*99Ps")) Then
      FormsAuthentication.RedirectFromLoginPage _
           (UserEmail.Text, Persist.Checked)
    Else
      Msg.Text = "Invalid credentials. Please try again."
    End If
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38872289
Hi Taz,
Re:
I was using the asp.net way and all was working well untill I wanted generate users on our internal system.
Wondering how you created users, if not the asp .net way?
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Alan
0
 
LVL 3

Author Comment

by:taz8020
ID: 38881537
Hi, no have created a new table very similar to asp.net but membership is not needed. So when someone logs on is gets all their details returned in a class. like

 Public Class UserDetails
        Public Property UserID As Guid
        Public Property UserName As String
        Public Property Email As String
        Public Property DOB As Date
        Public Property Tel As String
        Public Property Mobile As String
        Public Property LastActivityDate As Date
        Public Property LastLoginDate As Date

        Public Property TimeTaken As TimeSpan
        Public Property HadErrors As Boolean = False
        Public Property ErrorMessage As String = ""
    End Class

Open in new window

Was goint to put this in a session vaible but did not know if that was the best way. Thought i might be able to manually set HttpContext.Current.User = userid or the name and email. Plus my form does not have e As AuthenticateEventArgs so cannot set e.Authenticated = True
0
 
LVL 11

Accepted Solution

by:
madgino earned 500 total points
ID: 38884496
The fact that you have to store user details somewhere has no direct relation with the authentication, you handle these separately.

For the authentication use
- for declaring user as authenticated
FormsAuthentication.RedirectFromLoginPage or
FormsAuthentication.SetAuthCookie

- for checking authentication
Request.IsAuthenticated

- for ending authentication
FormsAuthentication.SignOut

For these you only need an unique user identifier (username) to pass it as parameter.

To hold on more data about user use a class or variables that you can store in session (recommended) or in viewstate. You have to synchronize storage of this data with authentication process:
- when you use SetAuthCookie/RedirectFromLoginPage you also setup the user values in the session
- when you use SignOut you also call Session.Abandon() to delete the user details from session.


You use e.Authenticated if you use predefined login control from .NET instead of building your own form. Also storing user details in session is the correct way to do it.
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38884561
Hi Taz,
still wondering:
If you open the asp .net database do the users you created exist in the table aspnet_users and do the userids' exist in the table aspnet_membership?

Trying to establish if your class implements the asp .net membership server?

Respectfully yours,
Alan
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now