Please support our ASP.NET advertiser: Lunarpages ASP Web Hosting
Views: 2282 | Replies: 4
 |
•
•
Join Date: Jul 2005
Posts: 10
Reputation: 
Rep Power: 4
Solved Threads: 0
Newbie Poster
So ive got my login page almost completed, now for whatever reason i am stuck trying to get the roles for each user from my database into the authorization cookie. In regular old asp this wouldn't be a problem for me, but don't see what im doing wrong in .net
so you can see where i create my ticket, and i hard coded Admin in there, and tested that to make sure everything works, and since it does i need it to be dynamic so when a regular user logs in they will only have user rights.
Here is the code to my login page
so you can see where i create my ticket, and i hard coded Admin in there, and tested that to make sure everything works, and since it does i need it to be dynamic so when a regular user logs in they will only have user rights.
Here is the code to my login page
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>
<script runat="server">
Dim conMyData As SqlConnection
Dim conUserData As SqlConnection
Dim cmdSelect As SqlCommand
Dim cmdSelectRoles As SqlCommand
Dim parmReturnValue As SqlParameter
Dim intResult As Integer
Dim strLinkPath As String
Dim objTicket As FormsAuthenticationTicket
Dim objCookie As HttpCookie
Dim strReturnURL As String
Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
If IsValid Then
'load stored procedure DBAuthenticate
If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
'create authentication ticket
objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, "Admin")
'create cookie UserName
Response.Cookies("UserName").Value = txtUsername.Text
objCookie = New HttpCookie(".ASPXAUTH")
objCookie.Value = FormsAuthentication.Encrypt(objTicket)
Response.Cookies.Add(objCookie)
strReturnURL = Request.Params("ReturnURL")
If strReturnURL <> Nothing Then
'returns user to previous page if greater authorization was required
Response.Redirect(strReturnURL)
Else
'forwards user after logi
Response.Redirect("role_page.aspx")
End If
End If
End If
End Sub
'check failed login attempt count and if greater than 3 pauses for 2 hours
Sub Page_Load()
Dim objCounter As Object = Session("counter")
If Session("counter") > 3 Then
thread.sleep(7200000)
Response.Redirect("deny.aspx")
End If
End Sub
'stored procedure, returns 1 if successful login, -1 it not
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
cmdSelect.CommandType = CommandType.StoredProcedure
parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
parmReturnValue.Direction = ParameterDirection.ReturnValue
cmdSelect.Parameters.AddWithValue("@Username", strUsername)
cmdSelect.Parameters.AddWithValue("@Password", strPassword)
conMyData.Open()
cmdSelect.ExecuteNonQuery()
intResult = cmdSelect.Parameters("RETURN_VALUE").Value
conMyData.Close()
'if unsuccessful login display message and increase failed attempt count by 1 then
'pauses for 10, then 20, then 30 seconds if user keeps failign
If intResult = -1 Then
lblMessage.Text = "Your Username or Password is incorrect. Please try again."
Dim objCounter As Object = Session("counter")
If objCounter Is Nothing Then objCounter = 0
Session("counter") = CInt(objCounter) + 1
Thread.Sleep(10000 * (CInt(objCounter)))
End If
Return intResult
End Function
</script>
<html>
<head><title>Login.aspx</title></head>
<body style="text-align: center">
<form id="Form1" runat="server">
<table style="width: 264px; height: 155px;">
<tr>
<td colspan="2" style="height: 43px; text-align: center">
<strong><span style="font-size: 16pt">
Please Login:</span></strong></td>
</tr>
<tr>
<td colspan="2" style="text-align: center">
<asp:Label
ID="lblMessage"
ForeColor="Red"
Font-Bold="true"
Runat="server" /></td>
</tr>
<tr>
<td style="width: 60px">
<strong>Username:</strong></td>
<td style="width: 11px">
<asp:TextBox
ID="txtUsername"
Runat="server" Width="160px" /></td>
</tr>
<tr>
<td colspan="2" style="height: 1px">
</td>
</tr>
<tr>
<td style="width: 60px">
<strong>Password:</strong></td>
<td style="width: 11px">
<asp:TextBox
ID="txtPassword"
Runat="server" TextMode="Password" Width="160px" /></td>
</tr>
<tr>
<td colspan="2" style="text-align: right">
<asp:Button
Text="Login"
OnClick="Button_Click"
Runat="server" ID="Button1" /></td>
</tr>
</table>
<hr>
</form>
</body>
</html> 
•
•
Join Date: Feb 2003
Location: Canada
Posts: 786
Reputation:
Rep Power: 9
Solved Threads: 25
Master Poster
Have you tried creating a function that makes a call to the DB 'where UserName = ' & txtUserName.Text and return that value to a string variable you pass into the authentication.ticket method?
Assistant Manager, Regional Pharmacy Information Systems
TLC Services Website (Under Construction)
Updated : ASP.Net Login Code
TLC Services Website (Under Construction)
Updated : ASP.Net Login Code
•
•
Join Date: Jul 2005
Posts: 10
Reputation:
Rep Power: 4
Solved Threads: 0
Newbie Poster
yes, it works with "Admin" hard coded in there, but i am new to .net and still learning everything. Looking at that code, I don't know how to get my stored proceedure to return the users role. I tried writing another one, but it didn't work out to well. I guess this just comes down to writing a query and converting the results to a string and then inserting them into that ticket.
•
•
Join Date: Jul 2005
Posts: 10
Reputation:
Rep Power: 4
Solved Threads: 0
Newbie Poster
Thanks for at least trying to help, but some of the people at aspmessageboard.com helped me out after i took your advice.
Here is the code that made it all work for me. This goes in the login page;
Now since I don't know how to get this page to redirect depending on the role of the user, I redirected to another page and had that page check the role of the user and then they are redirected to the page i want them to start out at.
Here is the code that made it all work for me. This goes in the login page;
Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
If IsValid Then
'load stored procedure DBAuthenticate
If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
Dim conRoles As SqlConnection
Dim cmdSelectRoles As SqlCommand
Dim dtrRoles As String
conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
conRoles.Open()
cmdSelectRoles = New SqlCommand("SELECT g.name FROM dbo.Groups g WHERE g.group_id IN (SELECT r.group_id FROM dbo.Roles r WHERE r.user_id IN (SELECT ui.user_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password))", conRoles)
cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
dtrRoles = cmdSelectRoles.ExecuteScalar
'create authentication ticket
objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
conRoles.Close()Now since I don't know how to get this page to redirect depending on the role of the user, I redirected to another page and had that page check the role of the user and then they are redirected to the page i want them to start out at.
•
•
Join Date: Feb 2003
Location: Canada
Posts: 786
Reputation:
Rep Power: 9
Solved Threads: 25
Master Poster
Good work.
Just an FYI (understanding .NET, doesn't excuse from needing an understanding of SQL)
pseudo-code
Hope this helps!
Glad to see you found another option.
Just an FYI (understanding .NET, doesn't excuse from needing an understanding of SQL)
pseudo-code
CREATE PROCEDURE sp_GetRole /* How it would appear in QUERY ANALYZER */ ( @UserName VARCHAR(50) = NULL, @Password VARCHAR(50) = NULL, @Role VARCHAR(20) = NULL ) AS SET @Role = (SELECT Role FROM UserTable /* or what you called you table with this data */ WHERE UserName = @UserName AND Password = @Password) RETURN @Role
Hope this helps!
Glad to see you found another option.
Assistant Manager, Regional Pharmacy Information Systems
TLC Services Website (Under Construction)
Updated : ASP.Net Login Code
TLC Services Website (Under Construction)
Updated : ASP.Net Login Code
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
