Form Authentication and logged in users (newbie)

[Lorenzo]

Hello I appreciate some guidance on Form based authentication. On a
training project I successfully log in and off users with simple the simple
Form authentication.
I am not storing credentials on the webconfig but on a DataBase, I followed
the article from Microsoft at the following address:
http://support.microsoft.com/default.aspx?scid=kb;en-us;308157

All works fine but how do I get the information from the user that has
logged in on the protected page. On the page that the user reaches after
logging in I might want to add his/her name and consequently any additional
information. In my case I will be needing the ID of the user logged in to
display related content.

Where should I look for answers? Can you give also some resources where I
can study on?

Thank you in advance.
Lorenzo

 

[Brock Allen]

You need to look into the various forms of state management. Off the top
of my head you have 3 options:

1) Always go back to the database every time for whatever data you need
2) Upon login load the commonly used data and store it in session state
3) Demand load the data and store it in the data cache

The downside of #1 is that you'll make lots of roundtrips to the database
for the same data. This is wasteful. The downside with #2 is that session
is brittle if stored InProc (which is the default) and it's somewhat inefficient
if you use an Out of Proc mode. The upside of #2 is that it's fairly easy.
Personally I like #3, as it's a compromise.

 

[Lorenzo]

Hello Brock,
thanks for the hints, I have looked at your resources
I am trying to do my homework but I am struggling a little. This is what I
have produced so far...following your suggestion to store data in the cache.

In the login page I have the following code (I have omitted some for
brevity)

...... ' I open the connection

' Create OleDbCommand to select pwd field from the
users table given a supplied userName.
cmd = New OleDbCommand("Select strPassword, IDAgenzia
from tblCredenziali where strUserName=@userName", conn)
cmd.Parameters.Add("@userName", OleDbType.VarChar, 25)
cmd.Parameters("@userName").Value = userName

' Execute command and fetch pwd field into
lookupPassword string. SUGGESTION OF THE MICROSOFT ARTICLE
lookupPassword = cmd.ExecuteScalar() ' so it retrieves
the one value coming form that record

' My own juice is the following...IDAgenzia is the
unique key that identifies what I need in order to bind future dataset based
on that id

Dim objDA as New OleDbDataAdapter(Cmd)
Dim ds As New DataSet()
objDA.Fill(ds)
Dim IDAgenzia As Object ' I deserve a
whip with a stick on my backhand for this but "object" was the only type
that

' didn't retun an error...I tried String, and Integer (which should be the
one need to be used since it is an )

' If you have a word of advice here too would be greatly appreciated

IDAgenzia = ds.Tables("tblCredenziali").Rows(1) '
here I am trying to grab the ID resulting from the query command

Cache.Insert("Agenzia", IDAgenzia, Nothing,
DateTime.Now.AddMinutes(1), TimeSpan.Zero) ' here I see that the value is
available from within the application, but what if a second user logs in
after 30 seconds from the first one. Will be the value still available and
free? I got the following error:
Description: HTTP 404. The resource you are looking for (or one of its
dependencies) could have been removed, had its name changed, or is
temporarily unavailable. Please review the following URL and make sure that
it is spelled correctly.


' Cleanup command and connection objects.
cmd.Dispose()
conn.Dispose()

Again thanks for your help in advance.
Lorenzo

 

[Brock Allen]

I'm not 100% sure of what you're looking for, but I think what you want is
this:

Dim IDAgenzia as Integer
IDAgenzia = CType(ds.Tables("tblCredenziali").Rows(1), Integer)

CType will cast (or convert as necessary) the object to an Integer.