GenericPrincipal without Forms Authentication

Discussion in 'ASP .Net' started by Harold Crump, Aug 24, 2005.

  1. Harold Crump

    Harold Crump Guest

    Greetings,

    I need to implement GenericPrincipal based authentication without using
    ASP.NET Forms Authentication.
    I know it is much simpler using Forms Authentication, but in this case,
    I have no control over the matter.

    I have two pages - login.aspx and home.aspx.

    Following is the Click event of the login button on the login.aspx page

    protected void btnLogin_Click(Object sender, EventArgs e)
    {
    if(txtUserID.Text.Trim().ToUpper().Equals("USER1"))
    {
    buildSecurityContext("USER1");
    Response.Redirect("Home.aspx");
    }
    else if(txtUserID.Text.Trim().ToUpper().Equals("User2"))
    {
    buildSecurityContext("USER2");
    Response.Redirect("Home2.aspx");
    else
    {
    lblMessage.Text = "Invalid User ID. Please re-enter.";
    }
    }

    private void buildSecurityContext(string userName)
    {
    System.Security.Principal.GenericIdentity curIdentity = null;
    System.Security.Principal.GenericPrincipal curPrincipal = null;
    string[] roles = {"Role1","Role2"};
    curIdentity = new System.Security.Principal.GenericIdentity(userName);
    curPrincipal = new
    System.Security.Principal.GenericPrincipal(curIdentity, roles);
    HttpContext.Current.User = curPrincipal;
    }

    Following is the OnLoad event of the Home.aspx page

    IPrincipal p = HttpContext.Current.User;
    string userName = p.Identity.Name;
    bool auth = p.Identity.IsAuthenticated;
    bool isInRole = p.IsInRole("Role1");
    lblUserName.Text = "Welcome " + userName + "<br>Your authentication
    status is " + Convert.ToString(auth);
    lblRoles.Text = "Your permission for Role1 is " +
    Convert.ToString(isInRole);

    The problem is that when the home page loads, the current request is
    not authenticated.
    At the end of the login process, the current identity is authenticated
    and contains the correct user name and role.

    But after the redirect to the home page, all that is getting lost
    somehow.

    What am I doing wrong?

    Any help appreciated.

    -Harold
    Harold Crump, Aug 24, 2005
    #1
    1. Advertising

  2. U should handle Application AuthorizeRequest event at global.asax. And
    authorize request at this stage...

    --
    HTH

    Thanks,
    Yunus Emre ALPÖZEN
    BSc, MCSD.NET

    "Harold Crump" <> wrote in message
    news:...
    > Greetings,
    >
    > I need to implement GenericPrincipal based authentication without using
    > ASP.NET Forms Authentication.
    > I know it is much simpler using Forms Authentication, but in this case,
    > I have no control over the matter.
    >
    > I have two pages - login.aspx and home.aspx.
    >
    > Following is the Click event of the login button on the login.aspx page
    >
    > protected void btnLogin_Click(Object sender, EventArgs e)
    > {
    > if(txtUserID.Text.Trim().ToUpper().Equals("USER1"))
    > {
    > buildSecurityContext("USER1");
    > Response.Redirect("Home.aspx");
    > }
    > else if(txtUserID.Text.Trim().ToUpper().Equals("User2"))
    > {
    > buildSecurityContext("USER2");
    > Response.Redirect("Home2.aspx");
    > else
    > {
    > lblMessage.Text = "Invalid User ID. Please re-enter.";
    > }
    > }
    >
    > private void buildSecurityContext(string userName)
    > {
    > System.Security.Principal.GenericIdentity curIdentity = null;
    > System.Security.Principal.GenericPrincipal curPrincipal = null;
    > string[] roles = {"Role1","Role2"};
    > curIdentity = new System.Security.Principal.GenericIdentity(userName);
    > curPrincipal = new
    > System.Security.Principal.GenericPrincipal(curIdentity, roles);
    > HttpContext.Current.User = curPrincipal;
    > }
    >
    > Following is the OnLoad event of the Home.aspx page
    >
    > IPrincipal p = HttpContext.Current.User;
    > string userName = p.Identity.Name;
    > bool auth = p.Identity.IsAuthenticated;
    > bool isInRole = p.IsInRole("Role1");
    > lblUserName.Text = "Welcome " + userName + "<br>Your authentication
    > status is " + Convert.ToString(auth);
    > lblRoles.Text = "Your permission for Role1 is " +
    > Convert.ToString(isInRole);
    >
    > The problem is that when the home page loads, the current request is
    > not authenticated.
    > At the end of the login process, the current identity is authenticated
    > and contains the correct user name and role.
    >
    > But after the redirect to the home page, all that is getting lost
    > somehow.
    >
    > What am I doing wrong?
    >
    > Any help appreciated.
    >
    > -Harold
    >
    Yunus Emre ALPÖZEN [MCSD.NET], Aug 24, 2005
    #2
    1. Advertising

  3. Harold Crump

    Harold Crump Guest

    Yunus Emre ALPÖZEN [MCSD.NET] wrote:
    > U should handle Application AuthorizeRequest event at global.asax. And
    > authorize request at this stage...


    Could you elaborate a little further....what code should I put in the
    AuthenticateRequest event handler?
    And how do I tie that in with the actual authentication check that is
    currently being done in the login page button click?

    Thanks,
    Harold
    Harold Crump, Aug 24, 2005
    #3
  4. try this out!

    string username = "Anonymous";
    string[] arrRoles = new string[1];
    arrRoles[0] = username;
    FormsAuthenticationTicket ticket = new
    FormsAuthenticationTicket(1,username,System.DateTime.Now,
    System.DateTime.Now.AddMinutes(20), false, username,
    FormsAuthentication.FormsCookiePath);
    HttpCookie cookie = new
    HttpCookie(FormsAuthentication.FormsCookieName,
    FormsAuthentication.Encrypt(ticket));

    System.Security.Principal.GenericIdentity objIdentity = new
    System.Security.Principal.GenericIdentity(username);
    System.Security.Principal.GenericPrincipal objPrincipal = new
    System.Security.Principal.GenericPrincipal(objIdentity, arrRoles);
    _appContext.Response.Cookies.Add(cookie);
    _appContext.User = objPrincipal;

    "Harold Crump" wrote:

    > Yunus Emre ALPÖZEN [MCSD.NET] wrote:
    > > U should handle Application AuthorizeRequest event at global.asax. And
    > > authorize request at this stage...

    >
    > Could you elaborate a little further....what code should I put in the
    > AuthenticateRequest event handler?
    > And how do I tie that in with the actual authentication check that is
    > currently being done in the login page button click?
    >
    > Thanks,
    > Harold
    >
    >
    =?Utf-8?B?QXR1bCBCYWhs?=, Aug 25, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard Maher
    Replies:
    0
    Views:
    486
    Richard Maher
    Sep 15, 2010
  2. ryan_fagan
    Replies:
    0
    Views:
    306
    ryan_fagan
    Sep 9, 2003
  3. Eric
    Replies:
    2
    Views:
    501
  4. Erick

    GenericPrincipal

    Erick, Sep 9, 2007, in forum: ASP .Net Security
    Replies:
    6
    Views:
    352
    Dominick Baier
    Sep 13, 2007
  5. Dave
    Replies:
    1
    Views:
    934
    Alexey Smirnov
    Dec 10, 2008
Loading...

Share This Page