Form Authentication and logged in users (newbie)

Discussion in 'ASP .Net Security' started by Lorenzo, Nov 17, 2005.

  1. Lorenzo

    Lorenzo Guest

    Hello I appreciate some guidance on Form based authentication. On a
    training project I successfully log in and off users with simple the simple
    Form authentication.
    I am not storing credentials on the webconfig but on a DataBase, I followed
    the article from Microsoft at the following address:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;308157

    All works fine but how do I get the information from the user that has
    logged in on the protected page. On the page that the user reaches after
    logging in I might want to add his/her name and consequently any additional
    information. In my case I will be needing the ID of the user logged in to
    display related content.

    Where should I look for answers? Can you give also some resources where I
    can study on?

    Thank you in advance.
    Lorenzo
    Lorenzo, Nov 17, 2005
    #1
    1. Advertising

  2. Lorenzo

    Brock Allen Guest

    You need to look into the various forms of state management. Off the top
    of my head you have 3 options:

    1) Always go back to the database every time for whatever data you need
    2) Upon login load the commonly used data and store it in session state
    3) Demand load the data and store it in the data cache

    The downside of #1 is that you'll make lots of roundtrips to the database
    for the same data. This is wasteful. The downside with #2 is that session
    is brittle if stored InProc (which is the default) and it's somewhat inefficient
    if you use an Out of Proc mode. The upside of #2 is that it's fairly easy.
    Personally I like #3, as it's a compromise.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Hello I appreciate some guidance on Form based authentication. On a
    > training project I successfully log in and off users with simple the
    > simple
    > Form authentication.
    > I am not storing credentials on the webconfig but on a DataBase, I
    > followed
    > the article from Microsoft at the following address:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;308157
    > All works fine but how do I get the information from the user that has
    > logged in on the protected page. On the page that the user reaches
    > after logging in I might want to add his/her name and consequently any
    > additional information. In my case I will be needing the ID of the
    > user logged in to display related content.
    >
    > Where should I look for answers? Can you give also some resources
    > where I can study on?
    >
    > Thank you in advance.
    > Lorenzo
    Brock Allen, Nov 17, 2005
    #2
    1. Advertising

  3. Lorenzo

    Lorenzo Guest

    Hello Brock,
    thanks for the hints, I have looked at your resources
    I am trying to do my homework but I am struggling a little. This is what I
    have produced so far...following your suggestion to store data in the cache.

    In the login page I have the following code (I have omitted some for
    brevity)

    ...... ' I open the connection

    ' Create OleDbCommand to select pwd field from the
    users table given a supplied userName.
    cmd = New OleDbCommand("Select strPassword, IDAgenzia
    from tblCredenziali where strUserName=@userName", conn)
    cmd.Parameters.Add("@userName", OleDbType.VarChar, 25)
    cmd.Parameters("@userName").Value = userName

    ' Execute command and fetch pwd field into
    lookupPassword string. SUGGESTION OF THE MICROSOFT ARTICLE
    lookupPassword = cmd.ExecuteScalar() ' so it retrieves
    the one value coming form that record

    ' My own juice is the following...IDAgenzia is the
    unique key that identifies what I need in order to bind future dataset based
    on that id

    Dim objDA as New OleDbDataAdapter(Cmd)
    Dim ds As New DataSet()
    objDA.Fill(ds)
    Dim IDAgenzia As Object ' I deserve a
    whip with a stick on my backhand for this but "object" was the only type
    that

    ' didn't retun an error...I tried String, and Integer (which should be the
    one need to be used since it is an )

    ' If you have a word of advice here too would be greatly appreciated

    IDAgenzia = ds.Tables("tblCredenziali").Rows(1) '
    here I am trying to grab the ID resulting from the query command

    Cache.Insert("Agenzia", IDAgenzia, Nothing,
    DateTime.Now.AddMinutes(1), TimeSpan.Zero) ' here I see that the value is
    available from within the application, but what if a second user logs in
    after 30 seconds from the first one. Will be the value still available and
    free? I got the following error:
    Description: HTTP 404. The resource you are looking for (or one of its
    dependencies) could have been removed, had its name changed, or is
    temporarily unavailable. Please review the following URL and make sure that
    it is spelled correctly.


    ' Cleanup command and connection objects.
    cmd.Dispose()
    conn.Dispose()

    Again thanks for your help in advance.
    Lorenzo


    "Brock Allen" <> ha scritto nel messaggio
    news:...
    > You need to look into the various forms of state management. Off the top
    > of my head you have 3 options:
    >
    > 1) Always go back to the database every time for whatever data you need
    > 2) Upon login load the commonly used data and store it in session state
    > 3) Demand load the data and store it in the data cache
    >
    > The downside of #1 is that you'll make lots of roundtrips to the database
    > for the same data. This is wasteful. The downside with #2 is that session
    > is brittle if stored InProc (which is the default) and it's somewhat
    > inefficient if you use an Out of Proc mode. The upside of #2 is that it's
    > fairly easy. Personally I like #3, as it's a compromise.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >
    >> Hello I appreciate some guidance on Form based authentication. On a
    >> training project I successfully log in and off users with simple the
    >> simple
    >> Form authentication.
    >> I am not storing credentials on the webconfig but on a DataBase, I
    >> followed
    >> the article from Microsoft at the following address:
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308157
    >> All works fine but how do I get the information from the user that has
    >> logged in on the protected page. On the page that the user reaches
    >> after logging in I might want to add his/her name and consequently any
    >> additional information. In my case I will be needing the ID of the
    >> user logged in to display related content.
    >>
    >> Where should I look for answers? Can you give also some resources
    >> where I can study on?
    >>
    >> Thank you in advance.
    >> Lorenzo

    >
    >
    Lorenzo, Nov 18, 2005
    #3
  4. Lorenzo

    Brock Allen Guest

    I'm not 100% sure of what you're looking for, but I think what you want is
    this:

    Dim IDAgenzia as Integer
    IDAgenzia = CType(ds.Tables("tblCredenziali").Rows(1), Integer)

    CType will cast (or convert as necessary) the object to an Integer.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Hello Brock,
    > thanks for the hints, I have looked at your resources
    > I am trying to do my homework but I am struggling a little. This is
    > what I
    > have produced so far...following your suggestion to store data in the
    > cache.
    > In the login page I have the following code (I have omitted some for
    > brevity)
    >
    > ...... ' I open the connection
    >
    > ' Create OleDbCommand to select pwd field from
    > the
    > users table given a supplied userName.
    > cmd = New OleDbCommand("Select strPassword,
    > IDAgenzia
    > from tblCredenziali where strUserName=@userName", conn)
    > cmd.Parameters.Add("@userName",
    > OleDbType.VarChar, 25)
    > cmd.Parameters("@userName").Value = userName
    > ' Execute command and fetch pwd field into
    > lookupPassword string. SUGGESTION OF THE MICROSOFT ARTICLE
    > lookupPassword = cmd.ExecuteScalar() ' so it
    > retrieves
    > the one value coming form that record
    > ' My own juice is the following...IDAgenzia is the
    > unique key that identifies what I need in order to bind future dataset
    > based on that id
    >
    > Dim objDA as New OleDbDataAdapter(Cmd)
    > Dim ds As New DataSet()
    > objDA.Fill(ds)
    > Dim IDAgenzia As Object ' I deserve
    > a
    > whip with a stick on my backhand for this but "object" was the only
    > type
    > that
    >
    > ' didn't retun an error...I tried String, and Integer (which should
    > be the one need to be used since it is an )
    >
    > ' If you have a word of advice here too would be greatly appreciated
    >
    > IDAgenzia = ds.Tables("tblCredenziali").Rows(1)
    > ' here I am trying to grab the ID resulting from the query command
    >
    > Cache.Insert("Agenzia", IDAgenzia, Nothing,
    > DateTime.Now.AddMinutes(1), TimeSpan.Zero) ' here I see that the
    > value is
    > available from within the application, but what if a second user logs
    > in
    > after 30 seconds from the first one. Will be the value still
    > available and
    > free? I got the following error:
    > Description: HTTP 404. The resource you are looking for (or one of its
    > dependencies) could have been removed, had its name changed, or is
    > temporarily unavailable. Please review the following URL and make sure
    > that
    > it is spelled correctly.
    > ' Cleanup command and connection objects.
    > cmd.Dispose()
    > conn.Dispose()
    > Again thanks for your help in advance.
    > Lorenzo
    > "Brock Allen" <> ha scritto nel messaggio
    > news:...
    >
    >> You need to look into the various forms of state management. Off the
    >> top of my head you have 3 options:
    >>
    >> 1) Always go back to the database every time for whatever data you
    >> need 2) Upon login load the commonly used data and store it in
    >> session state 3) Demand load the data and store it in the data cache
    >>
    >> The downside of #1 is that you'll make lots of roundtrips to the
    >> database for the same data. This is wasteful. The downside with #2 is
    >> that session is brittle if stored InProc (which is the default) and
    >> it's somewhat inefficient if you use an Out of Proc mode. The upside
    >> of #2 is that it's fairly easy. Personally I like #3, as it's a
    >> compromise.
    >>
    >> -Brock
    >> DevelopMentor
    >> http://staff.develop.com/ballen
    >>> Hello I appreciate some guidance on Form based authentication. On a
    >>> training project I successfully log in and off users with simple the
    >>> simple
    >>> Form authentication.
    >>> I am not storing credentials on the webconfig but on a DataBase, I
    >>> followed
    >>> the article from Microsoft at the following address:
    >>> http://support.microsoft.com/default.aspx?scid=kb;en-us;308157
    >>> All works fine but how do I get the information from the user that
    >>> has
    >>> logged in on the protected page. On the page that the user reaches
    >>> after logging in I might want to add his/her name and consequently
    >>> any
    >>> additional information. In my case I will be needing the ID of the
    >>> user logged in to display related content.
    >>> Where should I look for answers? Can you give also some resources
    >>> where I can study on?
    >>>
    >>> Thank you in advance.
    >>> Lorenzo
    Brock Allen, Nov 18, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arvind R
    Replies:
    3
    Views:
    449
    Patrick.O.Ige
    Nov 19, 2005
  2. keithb
    Replies:
    0
    Views:
    616
    keithb
    Feb 16, 2006
  3. Replies:
    1
    Views:
    929
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Apr 12, 2007
  4. Replies:
    2
    Views:
    103
  5. gil
    Replies:
    0
    Views:
    103
Loading...

Share This Page