[.NET 1.1] Authentication and cookies clarifications

Discussion in 'ASP .Net' started by Nicola Farina, Jan 20, 2006.

  1. Hi all,

    I'm testing ASP.NET 1.1 authentications and cookies features, and I've
    red tons of tutorials and articles about this, but not all is clear for me.

    My goal is to create a basic site with authentication process, like my
    other ASP 3.0 sites that I developed with classical session variables to
    follow each user with some personal data (like role, e-mail address,
    preferences, ect.).

    In .NET 1.1 I understand the basic web.config settings with
    <authentication> node and <authorize> and so on... I've tested the
    global.asax "onauthenticationrequest" to cast an identities to principal
    for use "isInRole" properties, but this hint not solve the problem of
    save in temporary memory some other data for not access to database
    everytime, also I want to use a database table for storing my users
    data, also their role in this application.

    My questions are:

    1) if I use a database table, can I use "If
    FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text)
    Then ..."? (I don't think so, I think this is only possible with users
    and passwords definition on web.config, so I've to check with an "IF
    statement" the value with my datareader relative values.)

    2) How can I menage efficently roles? I don't want to ask to database
    the user credential every page access... I've tried a trick to add to
    user name the role value with ":rolevalue" and then retrieve with a
    substring method the relative values (in this case I can pass user name
    and role simply, but I can't pass efficently other informations).

    2.1) Can I use temporary cookies to store this informations?
    2.2) Can I eventually encript this cookies (there's some builtin .NET
    functions?)
    2.3) Can I use sessions variables? Many people say that is not a good
    idea...

    3) There's a way to add other values to the cookie that ASP.NET generate
    for authentication? Or I've to set another cookie for that? I see that
    this auto-generated cookie is encrypted, so it would be a good and
    simple possibility for my goals ;-)

    4) I've tried to set up a clear-text cookie in the meaning of:
    If FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text) Then
    Dim cook As New HttpCookie("trialcookie")
    cook.Values.Add("role", "1")
    Response.Cookies.Add(cook)
    FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
    End If
    but in the protected page, now visible after this authentication, I
    can't see "role" value of the cookie... why?

    5) If I've two subdirectories "users" and "admins" (each contain
    specific content pages), and If I can't manage group in web.config with
    form authentication, how can I denied access to this specific
    directories? I think I've to add code at "load" event to each page to
    check user role (take by cookies, sesssion variables or other
    suggestions see at top questions), in fact, I can't use <location>
    node to specify group roles...


    Really thanks for your patience, I think that this post can be usefull
    for some other .NET newbie developer like me :).

    Nicola
     
    Nicola Farina, Jan 20, 2006
    #1
    1. Advertising

  2. Patrick.O.Ige ha scritto:
    > Nicola here is a good article here at :-(Which uses Database to store its
    > Roles and secures drirectories)


    ok but for other user relate data?
     
    Nicola Farina, Jan 21, 2006
    #2
    1. Advertising

  3. Nicola here is a good article here at :-(Which uses Database to store its
    Roles and secures drirectories)
    http://www.codeproject.com/aspnet/formsroleauth.asp
    Hope this helps
    Patrick
    **Any more questions pls do post it


    "Nicola Farina" <"sciagu[nospam]"@libero.it> wrote in message
    news:OevX#...
    > Hi all,
    >
    > I'm testing ASP.NET 1.1 authentications and cookies features, and I've
    > red tons of tutorials and articles about this, but not all is clear for

    me.
    >
    > My goal is to create a basic site with authentication process, like my
    > other ASP 3.0 sites that I developed with classical session variables to
    > follow each user with some personal data (like role, e-mail address,
    > preferences, ect.).
    >
    > In .NET 1.1 I understand the basic web.config settings with
    > <authentication> node and <authorize> and so on... I've tested the
    > global.asax "onauthenticationrequest" to cast an identities to principal
    > for use "isInRole" properties, but this hint not solve the problem of
    > save in temporary memory some other data for not access to database
    > everytime, also I want to use a database table for storing my users
    > data, also their role in this application.
    >
    > My questions are:
    >
    > 1) if I use a database table, can I use "If
    > FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text)
    > Then ..."? (I don't think so, I think this is only possible with users
    > and passwords definition on web.config, so I've to check with an "IF
    > statement" the value with my datareader relative values.)
    >
    > 2) How can I menage efficently roles? I don't want to ask to database
    > the user credential every page access... I've tried a trick to add to
    > user name the role value with ":rolevalue" and then retrieve with a
    > substring method the relative values (in this case I can pass user name
    > and role simply, but I can't pass efficently other informations).
    >
    > 2.1) Can I use temporary cookies to store this informations?
    > 2.2) Can I eventually encript this cookies (there's some builtin .NET
    > functions?)
    > 2.3) Can I use sessions variables? Many people say that is not a good
    > idea...
    >
    > 3) There's a way to add other values to the cookie that ASP.NET generate
    > for authentication? Or I've to set another cookie for that? I see that
    > this auto-generated cookie is encrypted, so it would be a good and
    > simple possibility for my goals ;-)
    >
    > 4) I've tried to set up a clear-text cookie in the meaning of:
    > If FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text)

    Then
    > Dim cook As New HttpCookie("trialcookie")
    > cook.Values.Add("role", "1")
    > Response.Cookies.Add(cook)
    > FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
    > End If
    > but in the protected page, now visible after this authentication, I
    > can't see "role" value of the cookie... why?
    >
    > 5) If I've two subdirectories "users" and "admins" (each contain
    > specific content pages), and If I can't manage group in web.config with
    > form authentication, how can I denied access to this specific
    > directories? I think I've to add code at "load" event to each page to
    > check user role (take by cookies, sesssion variables or other
    > suggestions see at top questions), in fact, I can't use <location>
    > node to specify group roles...
    >
    >
    > Really thanks for your patience, I think that this post can be usefull
    > for some other .NET newbie developer like me :).
    >
    > Nicola
     
    Patrick.O.Ige, Jan 22, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thierry Lam

    Need some clarifications on xhtml

    Thierry Lam, Sep 28, 2006, in forum: HTML
    Replies:
    8
    Views:
    373
    Jukka K. Korpela
    Sep 29, 2006
  2. Phil Bouchard

    Re: smart pointer clarifications

    Phil Bouchard, Aug 21, 2008, in forum: C++
    Replies:
    3
    Views:
    277
    Phil Bouchard
    Aug 23, 2008
  3. _Who
    Replies:
    7
    Views:
    2,686
  4. peteshinners

    Clarifications on compiling for Windows

    peteshinners, Jan 8, 2010, in forum: Python
    Replies:
    3
    Views:
    272
    Martin v. Loewis
    Jan 9, 2010
  5. Panagiotis Atmatzidis

    Few clarifications on recursion

    Panagiotis Atmatzidis, Jan 3, 2010, in forum: Ruby
    Replies:
    9
    Views:
    142
    Bob Hutchison
    Jan 3, 2010
Loading...

Share This Page