ASP.NET RSS ASP.NET RSS

URGENT! Loading Roles From ticket.UserData

Please support our ASP.NET advertiser: $4.95 a Month - ASP.NET Web Hosting – Click Here!
Reply

Join Date: Jul 2005
Posts: 10
Reputation: jhoop2002 is an unknown quantity at this point 
Solved Threads: 0
jhoop2002 jhoop2002 is offline Offline
Newbie Poster

URGENT! Loading Roles From ticket.UserData

 
0
  #1
Aug 1st, 2005
I don't know what happened to my site, a file must have been overwritten or something. I don't know what i need to get asp.net to look into the UserData section of the authentication ticket so forms based authentication works, as far as i can tell it should work.

I have my login, global.asax, and web.config file below. The global.asax file is where asp.net should be told what role the user is in, but i don't know.

LOGIN.aspx
ASP.NET Syntax (Toggle Plain Text) 
  1. <%@ Page Language="VB" %>
  2.  
  3. <%@ Import Namespace="System.Data" %>
  4. <%@ Import Namespace="System.Data.SqlClient" %>
  5. <%@ Import Namespace="System.Threading" %>
  6.  
  7. <script runat="server">
  8.     Dim conMyData As SqlConnection
  9.     Dim conUserData As SqlConnection
  10.     Dim cmdSelect As SqlCommand
  11.     Dim cmdSelectRoles As SqlCommand
  12.     Dim parmReturnValue As SqlParameter
  13.     Dim intResult As Integer
  14.     Dim strLinkPath As String
  15.     Dim objTicket As FormsAuthenticationTicket
  16.     Dim objCookie As HttpCookie
  17.     Dim strReturnURL As String
  18.  
  19.     Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
  20.         If IsValid Then
  21.             'load stored procedure DBAuthenticate
  22.             If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
  23.                 Dim conRoles As SqlConnection
  24.                 Dim cmdSelectRoles As SqlCommand
  25.                 Dim dtrRoles As String
  26.  
  27.                 conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
  28.                 conRoles.Open()
  29.                 cmdSelectRoles = New SqlCommand("SELECT g.name FROM dbo.Groups g WHERE g.group_id IN (SELECT r.group_id FROM dbo.Roles r WHERE r.user_id IN (SELECT ui.user_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password))", conRoles)
  30.                 cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
  31.                 cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
  32.                 dtrRoles = cmdSelectRoles.ExecuteScalar
  33.  
  34.                 'create authentication ticket
  35.                 objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
  36.                 conRoles.Close()
  37.                 'create cookie UserName
  38.                 Response.Cookies("UserName").Value = txtUsername.Text
  39.                 objCookie = New HttpCookie(".ASPXAUTH")
  40.                 objCookie.Value = FormsAuthentication.Encrypt(objTicket)
  41.                 Response.Cookies.Add(objCookie)
  42.                 strReturnURL = Request.Params("ReturnURL")
  43.                 If strReturnURL <> Nothing Then
  44.                     'returns user to previous page if greater authorization was required
  45.                     Response.Redirect(strReturnURL)
  46.                 Else
  47.                     'forwards user after login
  48.                     Response.Redirect("role_page.aspx")
  49.                 End If
  50.             End If
  51.         End If
  52.     End Sub
  53.  
  54.     'check failed login attempt count and if greater than 3 pauses for 2 hours
  55.     Sub Page_Load()
  56.         Dim objCounter As Object = Session("counter")
  57.         If Session("counter") > 3 Then
  58.             Thread.Sleep(7200000)
  59.             Response.Redirect("deny.aspx")
  60.         End If
  61.     End Sub
  62.  
  63.     'stored procedure, returns 1 if successful login, -1 it not
  64.     Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
  65.         conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
  66.         cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
  67.         cmdSelect.CommandType = CommandType.StoredProcedure
  68.         parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
  69.         parmReturnValue.Direction = ParameterDirection.ReturnValue
  70.         cmdSelect.Parameters.AddWithValue("@Username", strUsername)
  71.         cmdSelect.Parameters.AddWithValue("@Password", strPassword)
  72.         conMyData.Open()
  73.         cmdSelect.ExecuteNonQuery()
  74.         intResult = cmdSelect.Parameters("RETURN_VALUE").Value
  75.         conMyData.Close()
  76.         'if unsuccessful login display message and increase failed attempt count by 1 then
  77.         'pauses for 10, then 20, then 30 seconds if user keeps failign
  78.         If intResult = -1 Then
  79.             lblMessage.Text = "Your Username or Password is incorrect.  Please try again."
  80.             Dim objCounter As Object = Session("counter")
  81.             If objCounter Is Nothing Then objCounter = 0
  82.             Session("counter") = CInt(objCounter) + 1
  83.             Thread.Sleep(10000 * (CInt(objCounter)))
  84.         End If
  85.         Return intResult
  86.     End Function
  87.  
  88. </script>
  89.  
  90. <html>
  91. <head>
  92.     <title>Login.aspx</title>
  93.     <script>
  94.         if (document.images)
  95.         {
  96.             img1on = new Image();
  97.             img1off = new Image();
  98.             img1on.src = "images/bMore-on.gif";
  99.             img1off.src = "images/bMore.gif";
  100.             img2on = new Image();
  101.             img2off = new Image();
  102.             img2on.src = "images/bHome-on.gif";
  103.             img2off.src = "images/bHome.gif";
  104.         }
  105.         function jRollover(imgName)
  106.         { 
  107.             document.images [imgName].src = (document.images [imgName].src == eval(imgName+"on.src")) ? eval(imgName+"off.src"):eval(imgName+"on.src");
  108.         }
  109.     </script>
  110. </head>
  111. <body style="text-align: center; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid;">
  112.     <form id="Form1" runat="server">
  113.         <table style="width: 290px; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid; height: 1px;">
  114.             <tr align=center valign=top>
  115.                 <td bgcolor="#eff3fb" style="width: 272px; text-align: left; height: 146px;" bordercolorlight="#b5c7de">
  116.                     <table style="width: 293px; height: 140px;">
  117.                         <tr>
  118.                             <td colspan="2" 
  119.                                 style="text-align: center">
  120.                                 <strong><span style="font-weight: bold; 
  121.                                             width: 280px; 
  122.                                             color: white;
  123.                                             height: 14px; 
  124.                                             background-color: #507cd1; font-family: Verdana;">Log In</span></strong></td>
  125.                         </tr>
  126.                         <tr align="center">
  127.                             <td colspan="2" style="height: 8px">
  128.                             <asp:Label
  129.                                 ID="lblMessage"
  130.                                 ForeColor="Red"
  131.                                 Runat="server" /></td>
  132.                         </tr>
  133.                         <tr valign=top>
  134.                             <td style="width: 81px;">
  135.                                 <asp:Label ID="UserNameLabel" 
  136.                                     runat="server" Font-Names="Verdana" Font-Size="0.8em">User Name:</asp:Label></td>
  137.                             <td style="width: 9px;">
  138.                                 <asp:TextBox ID="txtUsername" 
  139.                                     runat="server" 
  140.                                     Width="160px" />
  141.  
  142.                                 <asp:RequiredFieldValidator ID="RequiredFieldValidator1"
  143.                                     runat=server
  144.                                     ControlToValidate="txtUsername"
  145.                                     Text="You must enter a User Name." Width="186px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
  146.                         </tr>
  147.                         <tr valign=top>
  148.                             <td style="width: 81px; height: 39px;">
  149.                                 <asp:Label ID="PasswordLabel" 
  150.                                     runat="server" Font-Names="Verdana" Font-Size="0.8em">Password:</asp:Label></td>
  151.                             <td style="width: 9px; height: 39px;">
  152.                                 <asp:TextBox ID="txtPassword" 
  153.                                     runat="server" 
  154.                                     TextMode="Password" 
  155.                                     Width="160px" TabIndex="1" />
  156.  
  157.                                 <asp:RequiredFieldValidator ID="RequiredFieldValidator2" 
  158.                                     runat=server
  159.                                     ControlToValidate="txtPassword"
  160.                                     Text="You must enter a Password." Width="178px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
  161.                         </tr>
  162.                         <tr align="center">
  163.                             <td colspan="2" 
  164.                                 style="text-align: right;">
  165.                                 <asp:Button ID="Button1" 
  166.                                     runat="server" 
  167.                                     BackColor="White" 
  168.                                     BorderColor="#507CD1" 
  169.                                     BorderStyle="Solid"
  170.                                     BorderWidth="1px" 
  171.                                     OnClick="Button_Click" 
  172.                                     Font-Names="Verdana" 
  173.                                     Font-Size="0.8em"
  174.                                     ForeColor="#284E98" 
  175.                                     Text="Log In" TabIndex="2" /></td>
  176.                         </tr>
  177.                     </table>
  178.                     <span style="font-size: 0.8em; color: red"></span></td>
  179.             </tr>
  180.         </table>
  181.         <br />
  182.         <hr>
  183.     </form>
  184. </body>
  185. </html>
  186.  

GLOBAL.asax
ASP.NET Syntax (Toggle Plain Text) 
  1. <%@ Import Namespace="System.Security.Principal" %>
  2. <script language="C#" runat="server">
  3.  
  4. protected void Application_OnAuthenticateRequest(Object sender, EventArgs e)
  5. {
  6.   if (HttpContext.Current.User != null)
  7.   {
  8.     if (HttpContext.Current.User.Identity.IsAuthenticated)
  9.     {
  10.       if (HttpContext.Current.User.Identity is FormsIdentity)
  11.       {
  12.         // Get Forms Identity From Current User
  13.         FormsIdentity id = (FormsIdentity)
  14.         HttpContext.Current.User.Identity;
  15.  
  16.         // Get Forms Ticket From Identity object
  17.         FormsAuthenticationTicket ticket = id.Ticket;
  18.  
  19. 		// Retrieve stored user-data (role information is assigned when the ticket
  20. 		// is created, separate multiple roles with commas)
  21.         string userData = ticket.UserData;
  22.         string[] roles = userData.Split(',');
  23.  
  24. 		// Create a new Generic Principal Instance and assign to Current User
  25.         HttpContext.Current.User = new GenericPrincipal(id, roles);
  26.       }
  27.     }
  28.   }
  29. } 
  30.  
  31.  
  32. 	protected void Application_OnStart()
  33. 	{
  34. 	// Application startup code goes here.
  35. 	}
  36. 	protected void Session_OnStart()
  37. 	{
  38. 	//  ' Session startup code goes here.
  39. 	}
  40. 	protected void Session_OnEnd()
  41. 	{
  42. 	//  ' Session cleanup code goes here.
  43. 	}
  44.  
  45. 	protected void Application_OnEnd()
  46. 	{
  47. 	// ' Application cleanup code goes here.
  48. 	}
  49. </script>

WEB.config
ASP.NET Syntax (Toggle Plain Text) 
  1. <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  2.   <connectionStrings>
  3.     <add name="Safety_TrainingConnectionString" connectionString="Data Source=INTRANET;Initial Catalog=Safety_Training;User ID=sa"
  4.       providerName="System.Data.SqlClient" />
  5.   </connectionStrings>
  6.   <system.web>
  7.     <authentication mode="Forms" />
  8.     <customErrors mode="Off" />
  9.     <compilation debug="true" />
  10.     <authorization>
  11.       <deny users="?" />
  12.       <!--<allow roles="Admin" />-->
  13.     </authorization>
  14.     </system.web>
  15.   <appSettings>
  16.     <add key="MM_CONNECTION_HANDLER_sql" value="sqlserver.htm" />
  17.     <add key="MM_CONNECTION_STRING_sql" value="Data Source=INTRANET;Initial Catalog=safety_training;User ID=sa;" />
  18.     <add key="MM_CONNECTION_DATABASETYPE_sql" value="SQLServer" />
  19.     <add key="MM_CONNECTION_SCHEMA_sql" />
  20.     <add key="MM_CONNECTION_CATALOG_sql" value=" Safety_Training" />
  21.   </appSettings>
  22. </configuration>
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the ASP.NET Forum
Thread Tools Search this Thread



.net 2.0 3.5 activexcontrol ajax alltypeofvideos asp asp.net bc30451 beginner bottomasp.net browser businesslogiclayer c# c#gridviewcolumn cac checkbox class commonfunctions compatible confirmationcodegeneration content contenttype countryselector courier dataaccesslayer database datagrid datagridview datagridviewcheckbox datalist deployment development dgv dropdownlist dropdownmenu dynamic dynamically edit embeddingactivexcontrol fileuploader fill findcontrol flash flv formatdecimal forms formview gridview gudi homeedition iis javascript jquery listbox menu microsoft mouse mssql nameisnotdeclared news opera panelmasterpagebuttoncontrols problem redirect registration relationaldatabases reportemail schoolproject security serializesmo.table sessionvariables silverlight smartcard smoobjects software sql sql-server sqlserver2005 ssl textbox tracking treeview unauthorized validatedate validation vb.net video videos vista visual-studio visualstudio web webapplications webarchitecture webdevelopemnt webdevelopment webprogramming webservice youareanotmemberofthedebuggerusers
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC