Checking IsAuthenticated for new ASP.NET session

Discussion in 'ASP .Net Security' started by Richard, Jan 18, 2005.

  1. Richard

    Richard Guest

    How can I check to see if a user has previously been authenticated with
    FormsAuthentication on a page that is defined as viewable by everyone
    in web.config?

    For example, index.aspx and login.aspx allows everyone to see it via
    web.config entries:
    <authorization>
    <allow users="*" />
    </authorization>

    Then, when someone logs in I use forms authentication, and the user has
    the opportunity to keep the cookie/ticket persistent:
    FormsAuthentication.RedirectFromLoginPage(username, True)

    When the user closes out the session and returns to the website later,
    I would like to check if they had been previously authenticated using
    the index.aspx and login.aspx pages. Initially on those pages,
    Request.IsAuthenticated returns False, but if the user enters a
    restricted page, they are allowed to enter and Request.IsAuthenticated
    returns True from then on.

    Is this possible? Do I need to get into the cookie? If so, how?
    Thanks in advanced.
    Richard, Jan 18, 2005
    #1
    1. Advertising

  2. Richard

    Chris Rolon Guest

    In order to force authentication to occure you will have to disable the
    anonymous user. The framework will verify that the user has been
    authenticated and if not will redirect the user to the defined login page.

    Here is a good sample:
    http://samples.gotdotnet.com/quicks...px?url=/quickstart/aspplus/doc/formsauth.aspx

    Chris Rolon

    "Richard" wrote:

    > How can I check to see if a user has previously been authenticated with
    > FormsAuthentication on a page that is defined as viewable by everyone
    > in web.config?
    >
    > For example, index.aspx and login.aspx allows everyone to see it via
    > web.config entries:
    > <authorization>
    > <allow users="*" />
    > </authorization>
    >
    > Then, when someone logs in I use forms authentication, and the user has
    > the opportunity to keep the cookie/ticket persistent:
    > FormsAuthentication.RedirectFromLoginPage(username, True)
    >
    > When the user closes out the session and returns to the website later,
    > I would like to check if they had been previously authenticated using
    > the index.aspx and login.aspx pages. Initially on those pages,
    > Request.IsAuthenticated returns False, but if the user enters a
    > restricted page, they are allowed to enter and Request.IsAuthenticated
    > returns True from then on.
    >
    > Is this possible? Do I need to get into the cookie? If so, how?
    > Thanks in advanced.
    >
    >
    Chris Rolon, Jan 23, 2005
    #2
    1. Advertising

  3. Richard

    Richard Guest

    I already have formsauthentication set up. Read my original post over
    again...my issue is that I do not want to redirect a user to the login
    page if they go to my index.aspx page. However, on my index.aspx page I
    would like to grab user specific information IF they have a persistant
    cookie.

    With formsauthentication, I am stuck with 2 options that do not work
    for my site:
    1) force authentication by denying authorization to index.aspx for all
    users. Thus, making login.aspx my new default page for new users.

    2) allow authorization for all to see index.aspx, but will not be able
    to tell if they are persistantly authorized (cookie). Thus, no "hello
    'siteUser', you are currently logged in", and no menu specific changes
    on the site.


    To be more specific, lets say you are an admin user and this is your
    first time to the site. When you come to my site without ever having
    logged in, you see 4 javascript menus on the home page, just as any
    other visitor would. Once you log in as admin, you are redirected to
    the home page, but all the pages now have 5 javascript menus. Keep in
    mind, chkPersistantCookie.Checked = true during the login process.

    Now, the session is completely closed...no more browser windows.

    What happens on next visit:
    User as admin goes to the home page and sees 4 menus, even though the
    cookie is persistant and they have already been authorized. If the user
    goes to a protected page, from there on there are 5 menus again. So,
    the user doesn't think he is initially logged in and typically goes to
    the login page without needing to (even though it doesn't look it, but
    the user is authorized).

    What needs to happen on next visit:
    User as admin goes to the home page and sees the 5th menu. Now the user
    knows he is logged in and can navigate to the pages under the 5th menu.
    Richard, Jan 24, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nick
    Replies:
    0
    Views:
    459
  2. Nick
    Replies:
    0
    Views:
    580
  3. Bob
    Replies:
    1
    Views:
    11,944
    Joe Fallon
    Apr 29, 2004
  4. ChInKPoInt [No MCSD]
    Replies:
    0
    Views:
    802
    ChInKPoInt [No MCSD]
    Dec 4, 2004
  5. taylomic
    Replies:
    0
    Views:
    1,824
    taylomic
    Dec 19, 2008
Loading...

Share This Page