|
-
Jun 10th, 2003, 12:01 PM
#9
PowerPoster
Originally posted by hellswraith
Up to you to make sense of it...lol.
My Login page code when they click the login button (Assumes a username textbox, password textbox, and a checkbox to see if the user wants to stay logged in from that computer):
PHP Code:
private void LogonButton_Click(object sender, System.EventArgs e)
{
// Get the application variables.
string bannedMessage = "You have been banned from posting on this forum.";
string logonIncorrect = "Your login information is incorrect.";
string roles;
bool keepLoggedIn = KeepLoggedInCheckBox.Checked;
DataAccess.Security sec = new DataAccess.Security();
DataAccess.User uo = new DataAccess.User();
DataRow dr = uo.RetrieveFromUserName(HttpUtility.HtmlEncode(UserNameTextBox.Text.Trim()));
// Obtain the roles the user is allowed to use.
roles = sec.GetUserRoles(HttpUtility.HtmlEncode(dr["UserName"].ToString()), PasswordTextBox.Text);
// If the login was correct, the user should have at least one role.
if(!(roles.Length > 0))
{
// No roles were returned, need to let the user know the login
// was incorrect.
MessageLabel.Font.Bold = true;
MessageLabel.Text = logonIncorrect;
MessageLabel.Visible = true;
return;
}
// Check to see if the user validated their email address.
if(!uo.EmailVerified(HttpUtility.HtmlEncode(dr["UserName"].ToString())))
{
// The users email hasn't been verified yet, need to get them
// to verify it.
Session["PageCameFrom"] = Request.Path.ToString() + "?" + Request.QueryString.ToString();
Response.Redirect("VerifyEmail.aspx");
return;
}
if(uo.IsUserBanned(HttpUtility.HtmlEncode(dr["UserName"].ToString())))
{
MessageLabel.Font.Bold = true;
MessageLabel.Visible = true;
MessageLabel.Text = bannedMessage;
return;
}
if(!keepLoggedIn)
{
// Create a new ticket with the roles attached, this one expires in 30 minutes.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, HttpUtility.HtmlEncode(dr["UserName"].ToString()), DateTime.Now, DateTime.Now.AddMinutes(30), true, roles, FormsAuthentication.FormsCookiePath);
// Encrypt the ticket and create a cookie with it.
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
// Add the cookie to the users computer.
Response.Cookies.Add(cookie);
// Redirect the user to where they came from.
if(Session["PageCameFrom"] != null)
{
Response.Redirect(Session["PageCameFrom"].ToString());
return;
}
else
{
Response.Redirect("Index.aspx");
return;
}
}
else
{
// Need to persist the cookie so everytime the user
// returns they don't have to log in.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, HttpUtility.HtmlEncode(dr["UserName"].ToString()), DateTime.Now, DateTime.Now.AddMonths(6), true, roles, FormsAuthentication.FormsCookiePath);
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
Response.Cookies.Add(cookie);
if(Session["PageCameFrom"] != null)
{
Response.Redirect(Session["PageCameFrom"].ToString());
return;
}
else
{
Response.Redirect("Index.aspx");
return;
}
}
}
And in the Global.asax file I have this:
PHP Code:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if(HttpContext.Current.User != null)
{
// Check to see if the user is banned.
DataAccess.User uo = new DataAccess.User();
if(!uo.IsUserBanned(HttpContext.Current.User.Identity.Name))
{
if(HttpContext.Current.User.Identity.IsAuthenticated)
{
if(HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity))
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
else
{
HttpContext.Current.User = null;
}
}
}
I am having a problem though. For some reason, the user is not remembered next time they come back like they should be. I add six months to the cookies expiration date, but it doesn't work. I have to read through some documentation to get that working right. Probably something I am missing. But for the actual logging it, it works fine, and while you are using it, it stays logged in.
I have this object/function that returns a comma delimited string of roles. That is how my security is ran. So that
sec.GetUserRoles(HttpUtility.HtmlEncode(dr["UserName"].ToString()), PasswordTextBox.Text)
function takes in the username and password, and verifies they match up and gets the roles for that user. You would have to implement that functionality.
Which namespace is DataAccess.Security tied to???
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote