Results 1 to 8 of 8

Thread: Custom Login Authentication

Threaded View

  1. Jul 29th, 2005, 09:20 PM #1
    Wokawidget
    Wokawidget is offline

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632

    Custom Login Authentication

    Unzip the code from the zip file, and create a VD in IIS called CustomAuthenticationDemo2003, which points at the dir you just unzipped.

    This example uses cookies again, but this time we manually set them up. This gives you a little more contol as you can add time out limits.

    All pages inherit my base page, which is:
    VB Code:
    1. Public Class MyBasePage

    2.     Inherits System.Web.UI.Page

    3.  
    4.     Public Sub ValidateLogin()

    5.         Dim Cookie As HttpCookie = Request.Cookies.Item("SECURITY")

    6.         If Cookie Is Nothing Then

    7.             Dim RedirectPage As String = Page.ToString.Substring(4).Replace("_", ".")

    8.             Response.Redirect("Login.aspx?Redirect=" & RedirectPage)

    9.         End If

    10.     End Sub

    11.  
    12.     Public ReadOnly Property Username() As String

    13.         Get

    14.             Dim Cookie As HttpCookie = Request.Cookies.Item("SECURITY")

    15.             If Not (Cookie Is Nothing) Then

    16.                 Return Cookie.Values.Item("USERNAME")

    17.             End If

    18.         End Get

    19.     End Property
    So in your web site your pages inherit MyBaseClass.
    If in the Page Load event of a form if you want to secure it from unauthorised users just add:
    VB Code:
    1. MyBase.ValidateLogin()
    As you can see from the above base page code that if the cookie doesn't exist then you get redirected to the login page. I have added a little bit of code in there for a redirect once you have logged in. This is very rough code and has some problems, ie it doesn't cater for querystrings, but it's only for an example anyways.

    In the login.aspx page we have the login code:
    VB Code:
    1. Private Sub Login(ByVal Username As String, ByVal Password As String)

    2.         If ValidateLogin(Username, Password) Then

    3.             Dim Cookie As New HttpCookie("SECURITY")

    4.             Cookie.Values.Add("USERNAME", Username)

    5.             Response.Cookies.Add(Cookie)

    6.             Dim RedirectPage As String = Request.QueryString.Item("Redirect")

    7.             If RedirectPage = String.Empty Then

    8.                 RedirectPage = "Main.aspx"

    9.             End If

    10.             Response.Redirect(RedirectPage)

    11.         End If

    12.     End Sub
    As you can see if the login is validated then a new cookie is created that stores the username. This is a session based cookie.

    This where it's slightly better at Forms Auth as we can now add a timeout period onto the site.
    So say if our user didn't access the site for say 20 minutes, we would want their session to timeout. This can be done by adding:
    VB Code:
    1. Cookie.Expires = Date.Now.AddMinutes(20)
    just after you've decalred it.

    One good thing about this method is that it can be easily changed. Maybe u don't want to use cookies. Maybe you want to use SQL server and store session GUIDs, which is what we do at work. Personally I prefer the cookie method. Bu the SQL sevrer way does have it's advantages.

    Woka
    Attached Files Attached Files
    My .NET Tutorials:
    Silverlight Enabled WebPart in WSS

    My VB.NET Code Examples:
    Create IIS Virtual DirectoryValidate Login Against Active DirectoryAutomatically retrieve Identity field value from inserted DataRow using SQL Server and ADO.NET

    My ASP.NET Code Examples:
    Login To Website (Forms Authentication)Login To Website (Custom Authentication)

    My VB6 Code Projects:
    Multithreading In VB6Custom TooltipsMulti Language SupportItem Selector ControlAnnimated Systray IconSimple Effective Graph ControlDownload From WebLiveUpdate, download application updates from the web automaticallySystray Notification MessagesSkin A FormAPI TimerBadger Messenger, an MSN clone that uses the MSN NetworkWokawidgets VB6 Component Suite
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width