F
Fresh Air Rider
Hi
I have implemented a system of Role-based Security with Forms
Authentication in my website which retrieves a comma separated list of
user roles via a SQL Server stored procedure. The system all works
fine except for one part.
If I log into the system, I get authenticated as expected. If I then
close my browser, change the "Username" and "Password" values in the
database and revisit the website, I still get authenticated
successfully.
I want to add some code, probably within the Session_Start event of
Global.asax to read the username / password values from the cookie and
ensure that they still match those in the database.
Could anyone please supply me with a code snippet (preferably in C#)
for retrieving the username and password from the
FormsAuthenticationTicket. I think that I probably need to use
FormsIdentity somewhere.
Many thanks in advance
John
I have implemented a system of Role-based Security with Forms
Authentication in my website which retrieves a comma separated list of
user roles via a SQL Server stored procedure. The system all works
fine except for one part.
If I log into the system, I get authenticated as expected. If I then
close my browser, change the "Username" and "Password" values in the
database and revisit the website, I still get authenticated
successfully.
I want to add some code, probably within the Session_Start event of
Global.asax to read the username / password values from the cookie and
ensure that they still match those in the database.
Could anyone please supply me with a code snippet (preferably in C#)
for retrieving the username and password from the
FormsAuthenticationTicket. I think that I probably need to use
FormsIdentity somewhere.
Many thanks in advance
John