W
WhiskyRomeo
We have forms authentication working on a website. A user is presented the
login page where he can login or press a button to go to the Registration
page.
In the Registration page, he puts in his data and submits it. If
successful, he is taken to the login page to reenter is his username,
password. Can we elminate this second step without compromising security?
That is have the system login a user?
I attempted to redirect him from the Registration page, but forms
authentication will not allow that.
The code to do the redirections is very simple:
Private Sub RedirectUser(ByVal strUserName As String)
Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))
'Create encrypted string representation of ticket
Dim strEncryptedTicket As String
Try
strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try
'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try
'Redirect the request
Response.Redirect(FormsAuthentication.GetRedirectUrl(strUserName,
True))
End Sub
login page where he can login or press a button to go to the Registration
page.
In the Registration page, he puts in his data and submits it. If
successful, he is taken to the login page to reenter is his username,
password. Can we elminate this second step without compromising security?
That is have the system login a user?
I attempted to redirect him from the Registration page, but forms
authentication will not allow that.
The code to do the redirections is very simple:
Private Sub RedirectUser(ByVal strUserName As String)
Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))
'Create encrypted string representation of ticket
Dim strEncryptedTicket As String
Try
strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try
'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try
'Redirect the request
Response.Redirect(FormsAuthentication.GetRedirectUrl(strUserName,
True))
End Sub