L
Lauchlan M
Hi.
For forms authentication, the standard way to go would be something like
<<
1. Get user name and password
2. Look it up against database store
3. Create an authentication ticket
4. Create an authentication cookie (based on the ticket)
5. Redirect as required/appropriate
6. In the Global_AuthenticateRequest event handler, code it something like:
<<
// private void Global_AuthenticateRequest(object sender, System.EventArgs
e)
// (if authentication ticket is recovered from a cookie or session
variable then
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'});
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket );
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
// (else bounce them back to the login page)
Now, I don't want to use cookies (ie operate cookieless). If I created an
authentication ticket in my login.aspx, encrypted it (ie to a string) and
put it in a session variable and caught this session variable, decrypted it
and recreated the Context.user principal in in the
Global_AuthenticateRequest handler, would it be logged in at that point
(regardless of the fact that I never created any cookie)?
Thanks!
Lauchlan M
For forms authentication, the standard way to go would be something like
<<
1. Get user name and password
2. Look it up against database store
3. Create an authentication ticket
4. Create an authentication cookie (based on the ticket)
5. Redirect as required/appropriate
6. In the Global_AuthenticateRequest event handler, code it something like:
<<
// private void Global_AuthenticateRequest(object sender, System.EventArgs
e)
// (if authentication ticket is recovered from a cookie or session
variable then
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'});
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket );
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
// (else bounce them back to the login page)
Now, I don't want to use cookies (ie operate cookieless). If I created an
authentication ticket in my login.aspx, encrypted it (ie to a string) and
put it in a session variable and caught this session variable, decrypted it
and recreated the Context.user principal in in the
Global_AuthenticateRequest handler, would it be logged in at that point
(regardless of the fact that I never created any cookie)?
Thanks!
Lauchlan M