newbie: help with Forms Authentication & querystring

Hello all;

Just starting out with ASP.NET. I want to protect a bunch of forms in a
folder using Forms Authentication. This much I have working. So when user
trys to access www.mywebsiteURL.com/securefolder/securepage.aspx they are
automatically routed to www.mywebsiteURL.com/securefolder/login.aspx.

As part of the login process, I download the user's unique identifier
(user_id) from a SQL DB. I want other pages to have access to this
information (in case they need to go to the DB again), without using
cookies. I figured the best method was to stick the ID in the URL as a
querystring parameter. But my question is, how can the login page append
this querystring to the URL, if the URL currently does not have any
querystring parameters?

I.e., user surfs to the www.mywebsiteURL.com/securefolder/securepage.aspx
page, gets directed to www.mywebsiteURL.com/securefolder/login.aspx, and in
turn should get routed to
www.mywebsiteURL.com/securefolder/securepage.aspx?user_id=12. The
FormsAuthentication.GetRedirectURL is (obviously) read-only - is there any
way to change it? I also tried catching the Authenticated event and doing
Response.Redirect, but that event isn't being fired for some reason...

I've googled with no luck

Thanks!

Derrick

 

PS: I'm calling the FormsAuthentication.RedirectFromLoginPage() function
after I validate the username/password. Is this necessary?

I guess in theory I could manually call FormsAuthentication.SetAuthCookie()
and then do a Response.Redirect(), generating the redirect URL from the
FormsAuthentication.GetRedirectURL() and appending the user_id
querystring...

I need a good book!

D

 

That worked! Thanks for reading

Derrick

 

Such a pleasure sitting here watching people think.... <grin>

 

I really was stuck on this for a few hours. But I figure it is better to
come up with a solution myself while asking a question than to give up and
wait for you experts to solve my relatively little problems...I swear the
'net has us all spoiled (note the irony in posting to an ASP.NET group!)

Again, thanks for reading!

Derrick

 

Code?

I'm having the same issue and am probably more of a noob to Forms Authentication redirects than you are. Any chance you'd be willing to share what you did in code form?

 

Redirect with a QueryString Parameter

Actually, like my collegue above, I solved it on my own. This is in my Page_Load routine, where "DBAuthenticate()" is my method that returns the user ID if the stored procedure finds a match in the Users table for the UserName and Password values from the textboxes on the screen:

Code (Text):

        if (IsPostBack)
        {
            int userID = DBAuthenticate();
            if (userID > 0)
            {
                string redirectUrl = "";
                string url = HttpContext.Current.Request.Url.ToString();
                string[] baseUrl = url.Split('/');
                for (int i = 0; i < baseUrl.Length-1; i++)
                {
                    redirectUrl += baseUrl[i] + "/";
                }
               // FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); // won't allow QueryString
                FormsAuthentication.SetAuthCookie(txtUser.Text, false);
                Response.Redirect(redirectUrl + "Default.aspx?UserID=" + userID); // ViewState doesn't persist to Default.aspx
            }
        }

HTH, Tom