 |
BOOK: Beginning ASP.NET 1.0  | This is the forum to discuss the Wrox book Beginning ASP.NET 1.0 with C# by Chris Goode, John Kauffman, Christopher L. Miller, Neil Raybould, S. Srinivasa Sivakumar, Dave Sussman, Ollie Cornes, Rob Birdwell, Matt Butler, Gary Johnson, Ajoy Krishnamoorthy, Juan T. Llibre, Chris Ullman; ISBN: 9780764543708 |
|
Welcome to the p2p.wrox.com Forums.
You are currently viewing the BOOK: Beginning ASP.NET 1.0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
|

July 21st, 2004, 11:04 AM
|
|
Authorized User
|
|
Join Date: Jul 2004
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
FormsIdentify
I am trying to use this class. I have a form that I want to see if the user is login (has a authentication cookie) before displaying the form. If the user is not login then redirect to the login.aspx page.
I have read on other forums that the FormsIdentify is the way to go.
Thanks in Advance,
Mark G Rideout
|
|

July 21st, 2004, 11:21 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Yes, the FormsIdentity is the object to use when using Forms-based login.
|
|

July 21st, 2004, 11:33 AM
|
|
Authorized User
|
|
Join Date: Jul 2004
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks. But now the question is how? How does it work...
Mark
|
|

July 21st, 2004, 12:23 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Hey,
Similar to the WindowsIdentity object. The System.Web.Security namespace houses it, which after the user logins to the system, all information about the user can be accessed from the:
HttpContext.Current.User.Identity object
or
Page.User.Identity object
This object is of type IIdentity and needs to be CType'd to the appropriate format.
The FormsAuthentication object handles the authentication of the user, which the credentials can be provided in the web.config file.
Hope this helps some,
Brian
|
|

July 21st, 2004, 02:02 PM
|
|
Authorized User
|
|
Join Date: Jul 2004
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Hey.
Yeah that helps. I am now wondering can I setup a variable called userLoginOk and check that on Page_Load.
EX:
userLoginOK = HttpContext.Current.UserIdentity
If userLoginOk Then
Continue
Else
redirect to login
End IF.
IS this at all right??
Thanks again.
Mark
|
|

July 21st, 2004, 08:22 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Hey,
That's too much work. Forms Authentication does that for you. In the web.config, set up the following under <authorization> (I believe):
<deny users="?"/>
<allow users="*"/>
Set up forms authentication and point to your login page in the web.config file. What happens is when an anonymous user logs in, the browser sees that anonymous users are not allowed (which represents the ?), and redirects to the login page. When the user logs in, the user is known (represented by the *). You can verify the authentication by the IsAuthenticated property under either the User or Identity object mentioned previously.
Most of my discrepancies are because I do all Windows Auth verification at work, and don't really do Forms Auth. I've looked at it before, but can't remember all of the specifics. Everything I mentioned you can find in the MSDN or on the web.
Brian
|
|

July 22nd, 2004, 07:29 AM
|
|
Authorized User
|
|
Join Date: Jul 2004
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Ok. Starting to become clearer.
In my web.cobfig file I have:
----------------
<configuration>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms">
<forms name="somename" loginUrl="somepage.aspx"
protection="All" timeout="1" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
-----------------------
It all works great. However, if a user doesn't signout (destroy cookie) they can still access a page (i.e. http://severname/page.aspx) without logging back in. Also my authentication cookie doesn't expire correctly. Is there a way to determine if the user is login on each page? I guess I use the IsAuthentication you mentioned earlier???
Any help is greatly appreciated.
Thanks in Advance,
Mark
|
|

July 22nd, 2004, 11:46 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Hello,
That's the point of the "Remember my Settings" option for logging in. It's so that the user doesn't have to login next time they access the application. It's similar to this site, where you login, and where the checkbox is to remember your settings, if you check it, the next time you login, you are already logged into the site. It's a convenience thing.
I don't know if you can control it through the forms variables... you may be able to set Response.Cookies(<form cookie name>).Expires = "<value>"
But that is a desired feature. If you don't set the cookie value, it will still authenticate you in the site. You don't need to retain that settings cookie to be validated.
Yes use the IsAuthenticated property to check whether the user is logged in. But remember, the <deny users="?"> will automatically forward the user to the login page if they aren't.
And set the "remember my settings" feature to false when you go to authenticate the user. That way they settings will end.
Overall, the cookies feature is not a bad thing, it makes it convenient for the user.
Brian
|
|

July 22nd, 2004, 01:15 PM
|
|
Authorized User
|
|
Join Date: Jul 2004
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks for your help Brian.
I was just reading something about a session variable. Once the session ends, --> user must log back into the site.
Once again thanks.
Mark
|
|

July 23rd, 2004, 07:23 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Yes, Forms has something similar I believe to the Session (with a timeout property). I don't know if it actually utilizes the session though.
Brian
|
|
 |