User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the ASP.NET section within the Web Development category of DaniWeb, a massive community of 361,053 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,193 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our ASP.NET advertiser: Lunarpages ASP Web Hosting

URGENT! Loading Roles From ticket.UserData

Join Date: Jul 2005
Posts: 10
Reputation: jhoop2002 is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
jhoop2002 jhoop2002 is offline Offline
Newbie Poster

Help URGENT! Loading Roles From ticket.UserData

  #1  
Aug 1st, 2005
I don't know what happened to my site, a file must have been overwritten or something. I don't know what i need to get asp.net to look into the UserData section of the authentication ticket so forms based authentication works, as far as i can tell it should work.

I have my login, global.asax, and web.config file below. The global.asax file is where asp.net should be told what role the user is in, but i don't know.

LOGIN.aspx
Help with Code Tags 
<%@ Page Language="VB" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>

<script runat="server">
    Dim conMyData As SqlConnection
    Dim conUserData As SqlConnection
    Dim cmdSelect As SqlCommand
    Dim cmdSelectRoles As SqlCommand
    Dim parmReturnValue As SqlParameter
    Dim intResult As Integer
    Dim strLinkPath As String
    Dim objTicket As FormsAuthenticationTicket
    Dim objCookie As HttpCookie
    Dim strReturnURL As String

    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
        If IsValid Then
            'load stored procedure DBAuthenticate
            If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
                Dim conRoles As SqlConnection
                Dim cmdSelectRoles As SqlCommand
                Dim dtrRoles As String

                conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
                conRoles.Open()
                cmdSelectRoles = New SqlCommand("SELECT g.name FROM dbo.Groups g WHERE g.group_id IN (SELECT r.group_id FROM dbo.Roles r WHERE r.user_id IN (SELECT ui.user_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password))", conRoles)
                cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
                cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
                dtrRoles = cmdSelectRoles.ExecuteScalar

                'create authentication ticket
                objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
                conRoles.Close()
                'create cookie UserName
                Response.Cookies("UserName").Value = txtUsername.Text
                objCookie = New HttpCookie(".ASPXAUTH")
                objCookie.Value = FormsAuthentication.Encrypt(objTicket)
                Response.Cookies.Add(objCookie)
                strReturnURL = Request.Params("ReturnURL")
                If strReturnURL <> Nothing Then
                    'returns user to previous page if greater authorization was required
                    Response.Redirect(strReturnURL)
                Else
                    'forwards user after login
                    Response.Redirect("role_page.aspx")
                End If
            End If
        End If
    End Sub
    
    'check failed login attempt count and if greater than 3 pauses for 2 hours
    Sub Page_Load()
        Dim objCounter As Object = Session("counter")
        If Session("counter") > 3 Then
            Thread.Sleep(7200000)
            Response.Redirect("deny.aspx")
        End If
    End Sub
    
    'stored procedure, returns 1 if successful login, -1 it not
    Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
        conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
        cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
        cmdSelect.CommandType = CommandType.StoredProcedure
        parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
        parmReturnValue.Direction = ParameterDirection.ReturnValue
        cmdSelect.Parameters.AddWithValue("@Username", strUsername)
        cmdSelect.Parameters.AddWithValue("@Password", strPassword)
        conMyData.Open()
        cmdSelect.ExecuteNonQuery()
        intResult = cmdSelect.Parameters("RETURN_VALUE").Value
        conMyData.Close()
        'if unsuccessful login display message and increase failed attempt count by 1 then
        'pauses for 10, then 20, then 30 seconds if user keeps failign
        If intResult = -1 Then
            lblMessage.Text = "Your Username or Password is incorrect.  Please try again."
            Dim objCounter As Object = Session("counter")
            If objCounter Is Nothing Then objCounter = 0
            Session("counter") = CInt(objCounter) + 1
            Thread.Sleep(10000 * (CInt(objCounter)))
        End If
        Return intResult
    End Function
    
</script>

<html>
<head>
    <title>Login.aspx</title>
    <script>
        if (document.images)
        {
            img1on = new Image();
            img1off = new Image();
            img1on.src = "images/bMore-on.gif";
            img1off.src = "images/bMore.gif";
            img2on = new Image();
            img2off = new Image();
            img2on.src = "images/bHome-on.gif";
            img2off.src = "images/bHome.gif";
        }
        function jRollover(imgName)
        { 
            document.images [imgName].src = (document.images [imgName].src == eval(imgName+"on.src")) ? eval(imgName+"off.src"):eval(imgName+"on.src");
        }
    </script>
</head>
<body style="text-align: center; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid;">
    <form id="Form1" runat="server">
        <table style="width: 290px; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid; height: 1px;">
            <tr align=center valign=top>
                <td bgcolor="#eff3fb" style="width: 272px; text-align: left; height: 146px;" bordercolorlight="#b5c7de">
                    <table style="width: 293px; height: 140px;">
                        <tr>
                            <td colspan="2" 
                                style="text-align: center">
                                <strong><span style="font-weight: bold; 
                                            width: 280px; 
                                            color: white;
                                            height: 14px; 
                                            background-color: #507cd1; font-family: Verdana;">Log In</span></strong></td>
                        </tr>
                        <tr align="center">
                            <td colspan="2" style="height: 8px">
                            <asp:Label
                                ID="lblMessage"
                                ForeColor="Red"
                                Runat="server" /></td>
                        </tr>
                        <tr valign=top>
                            <td style="width: 81px;">
                                <asp:Label ID="UserNameLabel" 
                                    runat="server" Font-Names="Verdana" Font-Size="0.8em">User Name:</asp:Label></td>
                            <td style="width: 9px;">
                                <asp:TextBox ID="txtUsername" 
                                    runat="server" 
                                    Width="160px" />
                                    
                                <asp:RequiredFieldValidator ID="RequiredFieldValidator1"
                                    runat=server
                                    ControlToValidate="txtUsername"
                                    Text="You must enter a User Name." Width="186px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
                        </tr>
                        <tr valign=top>
                            <td style="width: 81px; height: 39px;">
                                <asp:Label ID="PasswordLabel" 
                                    runat="server" Font-Names="Verdana" Font-Size="0.8em">Password:</asp:Label></td>
                            <td style="width: 9px; height: 39px;">
                                <asp:TextBox ID="txtPassword" 
                                    runat="server" 
                                    TextMode="Password" 
                                    Width="160px" TabIndex="1" />
                                    
                                <asp:RequiredFieldValidator ID="RequiredFieldValidator2" 
                                    runat=server
                                    ControlToValidate="txtPassword"
                                    Text="You must enter a Password." Width="178px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
                        </tr>
                        <tr align="center">
                            <td colspan="2" 
                                style="text-align: right;">
                                <asp:Button ID="Button1" 
                                    runat="server" 
                                    BackColor="White" 
                                    BorderColor="#507CD1" 
                                    BorderStyle="Solid"
                                    BorderWidth="1px" 
                                    OnClick="Button_Click" 
                                    Font-Names="Verdana" 
                                    Font-Size="0.8em"
                                    ForeColor="#284E98" 
                                    Text="Log In" TabIndex="2" /></td>
                        </tr>
                    </table>
                    <span style="font-size: 0.8em; color: red"></span></td>
            </tr>
        </table>
        <br />
        <hr>
    </form>
</body>
</html>

GLOBAL.asax
Help with Code Tags 
<%@ Import Namespace="System.Security.Principal" %>
<script language="C#" runat="server">

protected void Application_OnAuthenticateRequest(Object sender, EventArgs e)
{
  if (HttpContext.Current.User != null)
  {
    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
      if (HttpContext.Current.User.Identity is FormsIdentity)
      {
        // Get Forms Identity From Current User
        FormsIdentity id = (FormsIdentity)
        HttpContext.Current.User.Identity;

        // Get Forms Ticket From Identity object
        FormsAuthenticationTicket ticket = id.Ticket;

		// Retrieve stored user-data (role information is assigned when the ticket
		// is created, separate multiple roles with commas)
        string userData = ticket.UserData;
        string[] roles = userData.Split(',');

		// Create a new Generic Principal Instance and assign to Current User
        HttpContext.Current.User = new GenericPrincipal(id, roles);
      }
    }
  }
} 


	protected void Application_OnStart()
	{
	// Application startup code goes here.
	}
	protected void Session_OnStart()
	{
	//  ' Session startup code goes here.
	}
	protected void Session_OnEnd()
	{
	//  ' Session cleanup code goes here.
	}

	protected void Application_OnEnd()
	{
	// ' Application cleanup code goes here.
	}
</script>

WEB.config
Help with Code Tags 
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <add name="Safety_TrainingConnectionString" connectionString="Data Source=INTRANET;Initial Catalog=Safety_Training;User ID=sa"
      providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <authentication mode="Forms" />
    <customErrors mode="Off" />
    <compilation debug="true" />
    <authorization>
      <deny users="?" />
      <!--<allow roles="Admin" />-->
    </authorization>
    </system.web>
  <appSettings>
    <add key="MM_CONNECTION_HANDLER_sql" value="sqlserver.htm" />
    <add key="MM_CONNECTION_STRING_sql" value="Data Source=INTRANET;Initial Catalog=safety_training;User ID=sa;" />
    <add key="MM_CONNECTION_DATABASETYPE_sql" value="SQLServer" />
    <add key="MM_CONNECTION_SCHEMA_sql" />
    <add key="MM_CONNECTION_CATALOG_sql" value=" Safety_Training" />
  </appSettings>
</configuration>
AddThis Social Bookmark Button
Reply With Quote  
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 11:59 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC