windows authentication and putting queried data into session state

N

nem.usenet

Hi everyone,

I searched for this but with little luck. I'm working on a project and
need to do the following:
1. have a user authenticate to an ASP.net site using windows
authentication
2. take either HttpContext.User or HttpContext.Current.User as the
parameter for a stored procedure that will draw some simple data on
that user.
3. put those bits of data into session (just a handful of fields,
nothing big).
4. then use that session data for prepopulating forms, pulling up
relevant data and navigation, etc.

I will use security settings from IIS to control access to particular
directories or files, but wondered if this is a smart way to do it?
Any big security risks? I want to capitalize on about 200 users
already having active directory accounts, but favor using session to
hold data that AD doesn't have in it.

Any suggestions? What would that query look like (from #2 above)?

thanks,
NEM
 
J

Jeff T

Hi everyone,

I searched for this but with little luck. I'm working on a project and
need to do the following:
1. have a user authenticate to an ASP.net site using windows
authentication
2. take either HttpContext.User or HttpContext.Current.User as the
parameter for a stored procedure that will draw some simple data on
that user.
3. put those bits of data into session (just a handful of fields,
nothing big).
4. then use that session data for prepopulating forms, pulling up
relevant data and navigation, etc.

I will use security settings from IIS to control access to particular
directories or files, but wondered if this is a smart way to do it?
Any big security risks? I want to capitalize on about 200 users
already having active directory accounts, but favor using session to
hold data that AD doesn't have in it.

Any suggestions? What would that query look like (from #2 above)?

thanks,
NEM
Click to expand...

In your web.config file you would be using
<system.web>
<authentication mode="Windows">
</system.web>

To get the username you would use the following code:
HttpContext.Current.User.Identity.Name

What I have done in the past is to create my own CustomUser class that
takes care of that for me. So you would have properties for all of
the various things you are storing in the database (first name, last
name, email, birthdate, etc). Then I would have a constructor with no
parameters that grabs the username from the current context (as above)
and then calls a stored procedure that would return the information
and set all of the properties of the object.

That way you still use an object to store your user information
keeping it all in one tightly bundled place instead of using
Session["userFirstName"], Session["userLastName"], etc. You can still
store the CustomUser object in Session so that you don't ahve to hit
up the database every page.

Hope that helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to enable Windows Authentication 4
Forms Authentication and session timeout 0
Session state and multiple windows/frames 1
Windows authentication times out (?) 0
IIS 7.0 and Windows Integrated Authentication? 1
Permissions on new Text File - IIS6 and Windows authentication. 1
Windows Authentication and Session State 2
Authentication 6

Members online

Total: 33 (members: 1, guests: 32)
Robots: 470

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top