How to handle authentication?

Discussion in 'ASP .Net Mobile' started by rodrigo, Aug 6, 2003.

  1. rodrigo

    rodrigo Guest

    Who handles the authentication?
    I configured IIS to handle security for .doc files as an application.
    When I try to access a file through HTTP, I am able to successfully
    get the login page.

    When I try to access a file first time:
    Web.config redirects to the following URL:
    http://localhost/DOCS/Login.aspx?ReturnUrl=file1.doc


    After I fill in the password and get authenticated I am redirected to
    a opendoc.aspx page which process the binary doc file and a file
    download screen asks to save as.

    Now here comes the problem.

    After I am authenticated whenever I browse other doc files, no screen
    to save as shows up. It just opens them up right away in the browser.


    Example:
    http://www.mypage.com/file1.doc
    http://www.mypage.com/file2.doc
    http://www.mypage.com/file3.doc

    <configuration>
    <location>
    <system.web>
    <compilation debug="true"/>

    <authentication mode="Forms">
    <forms name=".AUTH1" loginUrl="Login.aspx" protection="All"
    timeout="1"></forms>
    </authentication>

    <authorization>
    <deny users="?" />
    </authorization>

    </system.web>
    </location>

    </configuration>


    <%@ Page Language="c#" %>
    <%@ import Namespace="System.Data" %>
    <%@ import Namespace="System.Data.SqlClient" %>
    <%@ import Namespace="System.Web.Security " %>
    <script runat="server">

    private void Page_Load(Object sender, EventArgs e )
    {

    cmdLogin_ServerClick();

    }

    private bool ValidateUser(string uid, string passwd)
    {
    SqlConnection conn;
    SqlCommand cmd;
    SqlDataReader dr;
    conn = new SqlConnection("my conn string");
    cmd = new SqlCommand("Select * from Sn_RegisteredUsers where
    FirstName='" + uid + "'",conn);

    conn.Open();
    dr = cmd.ExecuteReader();
    while (dr.Read())
    {

    if (string.Compare(dr["Pwd"].ToString(),passwd,false)==0)
    {
    conn.Close();
    return true;
    }
    }
    conn.Close();
    return false;
    }

    private void cmdLogin_ServerClick()
    {


    if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    {
    FormsAuthenticationTicket tkt;
    string cookiestr;
    HttpCookie ck;
    tkt = new FormsAuthenticationTicket(1, txtUserName.Value,
    DateTime.Now, DateTime.Now.AddMinutes(1), chkPersistCookie.Checked,
    "your custom data");
    cookiestr = FormsAuthentication.Encrypt(tkt);
    ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);

    if (chkPersistCookie.Checked)
    ck.Expires=tkt.Expiration;
    Response.Cookies.Add(ck);

    string strRedirect;
    strRedirect = "opendoc.aspx?ReturnUrl="+Request["ReturnUrl"];

    if (strRedirect==null)
    strRedirect = "securitymessage.aspx";

    Response.Redirect(strRedirect, true);

    }
    else
    //Response.Write(Request["ReturnUrl"]);

    // In this condition, when the I am authenticated, the web.config is
    handling it but it seems to be letting it go without calling
    login.aspx during the cookie session duration. I need a way to check
    authentication here but I don't have control since asp.NET is handling
    it.

    }


    thanks
    Rod
     
    rodrigo, Aug 6, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dietrich
    Replies:
    1
    Views:
    670
    Joe Smith
    Jul 22, 2004
  2. =?Utf-8?B?TmF5?=

    Handle end session for win authentication

    =?Utf-8?B?TmF5?=, Apr 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    770
    Brock Allen
    Apr 3, 2005
  3. sck10
    Replies:
    4
    Views:
    397
    Walter Wang [MSFT]
    Jun 24, 2006
  4. Leon
    Replies:
    2
    Views:
    567
  5. =?ISO-8859-1?Q?KLEIN_St=E9phane?=
    Replies:
    3
    Views:
    476
    hanumizzle
    Oct 6, 2006
Loading...

Share This Page