User authentication

[sravan_reddy001]

is there any possibility to authenticate the user without using the
new login contorls.

i'm ready to create new tables and design. all that i need is track
weather the user is online or not. If he is logged in, he is capable
of viewing his details and some special pages

 

[Guest]

is there any possibility to authenticate the user without using the
new login contorls.

You can write your own membership provider or you can just use the classic
ASP.NET 1.1 style of login (with forms auth).

 

[sravan_reddy001]

I don't know the classic way ASP.NET 1.1 style for login.

But i think i can do it by collecting the username and password and
searching for them in the database. One more thing that stuck me is
When the user is about to use the unauthorised page he should be
redirected to the Login Page and this sholud be stored in the cache;

 

[sravan_reddy001]

I read the contents in the Document u gave. got everything about the
project. but

suppose i have a users table in myproject.mdb;

where should i provide these settings in project, should i edit the
webconfig file?. The solution explorer(in the project u gave) is a
great confusion for me. did't got what those properties and settings
meant for

 

[Peter Bradley]

Sorry. Haven't a clue what you mean.

What settings? If you main the usernames and passwords, you have to provide
facilities to get them - either from the user in some sort of registration
process, or by some allocation process carried out by an administrator. If
you use AD instead of a database, you'll get the details from AD.

As for the solution explorer... it just contains the UI (presentation layer)
project, a Typed DataSet for easy access to the data (look it up on msdn,
there's loads there), and a data manager that represents the data access
layer. For simplicity, I didn't code up a business logic layer. In a real
project I'd have only called the Data Access Layer through a business tier.
So it's all just ADO.NET stuff.

If you aren't familiar with ADO.NET you won't have much success with your
project (if it uses a database for authentication. If you use Active
Directory, you'll need to be familiar with Directory Services programming..

I think you need to walk before you can run. If you don't understand the
project I sent and the accompanying document then you're really not ready to
implement forms authentication. You need to get the basics first. This
project is simplified. Real applications would be more complex still.

Sorry


Peter

 

[sravan_reddy001]

thank u...

i' familiar with ADO.NET but new to the ASP.NET

i hav created some simple applications in C# and VB using ADO.NET.

i think i han handle that database access. what i need is how to
redirect the user to login page if he is not authenticated.
(and if possible he should be able to view the Home page even though
he is not authenticated)

user authentication is the only topic where i got stuck in ASP.NET

 

[Peter Bradley]

Ysgrifennodd sravan_reddy001:

thank u...

i' familiar with ADO.NET but new to the ASP.NET

i hav created some simple applications in C# and VB using ADO.NET.

i think i han handle that database access. what i need is how to
redirect the user to login page if he is not authenticated.
(and if possible he should be able to view the Home page even though
he is not authenticated)

user authentication is the only topic where i got stuck in ASP.NET

Hmm. ADO.NET didn't exist until ASP.NET arrived. If you're thinking of
the old 'classic' ADO, then you need to throw all those ideas away and
start again. ADO.NET is not at all like ADO as used before the days of
..NET.

As to how the authentication works, it is all explained in the Word
document and the code, but to give you a start try looking at this from
Global.asax:

<code>

protected void Application_AuthenticateRequest(object sender,
EventArgs e)
{
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie)
{
// There is no authentication cookie
return;
}

FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch
{
// Log exception details (omitted for simplicity)
return;
}

if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}

// When the ticket was created, the user's role was assigned
// to the UserData part of the cookie.
String[] groups = { authTicket.UserData };

// Create an Identity object
GenericIdentity id = new GenericIdentity(authTicket.Name);

// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, groups);
// Attach the new principal object to the current HttpContext
object
Context.User = principal;
}

</code>

Sections 2.2, 3 and 5 in the Word document explain how this works in
conjunction with the attributes in the code to raise security challenges
that are satisfied (or not) from the information in the GenericPrincipal
that is stored in the current context.

I really don't think I can be much clearer than that

If you don't know how the Attributes work, you need to look them up on
msdn (look for PrincipalPermissionAttribute, for example).



Peter