Ad:

ASP.NET Discussion Thread
Unsolved
Views: 3702

Jul 19th, 2005

loading roles from DB to auth cookie

Expand Post »

So ive got my login page almost completed, now for whatever reason i am stuck trying to get the roles for each user from my database into the authorization cookie. In regular old asp this wouldn't be a problem for me, but don't see what im doing wrong in .net

so you can see where i create my ticket, and i hard coded Admin in there, and tested that to make sure everything works, and since it does i need it to be dynamic so when a regular user logs in they will only have user rights.

Here is the code to my login page

ASP.NET Syntax (Toggle Plain Text)
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>
 
<script runat="server">
    Dim conMyData As SqlConnection
    Dim conUserData As SqlConnection
    Dim cmdSelect As SqlCommand
    Dim cmdSelectRoles As SqlCommand
    Dim parmReturnValue As SqlParameter
    Dim intResult As Integer
    Dim strLinkPath As String
    Dim objTicket As FormsAuthenticationTicket
    Dim objCookie As HttpCookie
    Dim strReturnURL As String
 
    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
        If IsValid Then
            'load stored procedure DBAuthenticate
            If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
                'create authentication ticket
                objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, "Admin")
                'create cookie UserName
                Response.Cookies("UserName").Value = txtUsername.Text
                objCookie = New HttpCookie(".ASPXAUTH")
                objCookie.Value = FormsAuthentication.Encrypt(objTicket)
                Response.Cookies.Add(objCookie)
                strReturnURL = Request.Params("ReturnURL")
                If strReturnURL <> Nothing Then
                    'returns user to previous page if greater authorization was required
                    Response.Redirect(strReturnURL)
                Else
                    'forwards user after logi
                    Response.Redirect("role_page.aspx")
                End If
            End If
        End If
    End Sub
 
    'check failed login attempt count and if greater than 3 pauses for 2 hours
    Sub Page_Load()
        Dim objCounter As Object = Session("counter")
        If Session("counter") > 3 Then
            thread.sleep(7200000)
            Response.Redirect("deny.aspx")
        End If
    End Sub
 
    'stored procedure, returns 1 if successful login, -1 it not
    Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
        conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
        cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
        cmdSelect.CommandType = CommandType.StoredProcedure
        parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
        parmReturnValue.Direction = ParameterDirection.ReturnValue
        cmdSelect.Parameters.AddWithValue("@Username", strUsername)
        cmdSelect.Parameters.AddWithValue("@Password", strPassword)
        conMyData.Open()
        cmdSelect.ExecuteNonQuery()
        intResult = cmdSelect.Parameters("RETURN_VALUE").Value
        conMyData.Close()
        'if unsuccessful login display message and increase failed attempt count by 1 then
        'pauses for 10, then 20, then 30 seconds if user keeps failign
        If intResult = -1 Then
            lblMessage.Text = "Your Username or Password is incorrect.  Please try again."
            Dim objCounter As Object = Session("counter")
            If objCounter Is Nothing Then objCounter = 0
            Session("counter") = CInt(objCounter) + 1
            Thread.Sleep(10000 * (CInt(objCounter)))
        End If
        Return intResult
    End Function
 
</script>
 
<html>
<head><title>Login.aspx</title></head>
<body style="text-align: center">
<form id="Form1" runat="server">
    &nbsp;<table style="width: 264px; height: 155px;">
        <tr>
            <td colspan="2" style="height: 43px; text-align: center">
                <strong><span style="font-size: 16pt">
                Please Login:</span></strong></td>
        </tr>
        <tr>
            <td colspan="2" style="text-align: center">
 
<asp:Label
    ID="lblMessage"
    ForeColor="Red"
    Font-Bold="true"
    Runat="server" /></td>
        </tr>
        <tr>
            <td style="width: 60px">
                <strong>Username:</strong></td>
            <td style="width: 11px">
<asp:TextBox
    ID="txtUsername"
    Runat="server" Width="160px" /></td>
        </tr>
        <tr>
            <td colspan="2" style="height: 1px">
            </td>
        </tr>
        <tr>
            <td style="width: 60px">
                <strong>Password:</strong></td>
            <td style="width: 11px">
<asp:TextBox
    ID="txtPassword"
    Runat="server" TextMode="Password" Width="160px" /></td>
        </tr>
        <tr>
            <td colspan="2" style="text-align: right">
<asp:Button
    Text="Login"
    OnClick="Button_Click"
    Runat="server" ID="Button1" /></td>
        </tr>
    </table>
<hr>
</form>
</body>
</html>
 
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>

<script runat="server">
    Dim conMyData As SqlConnection
    Dim conUserData As SqlConnection
    Dim cmdSelect As SqlCommand
    Dim cmdSelectRoles As SqlCommand
    Dim parmReturnValue As SqlParameter
    Dim intResult As Integer
    Dim strLinkPath As String
    Dim objTicket As FormsAuthenticationTicket
    Dim objCookie As HttpCookie
    Dim strReturnURL As String

    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
        If IsValid Then
            'load stored procedure DBAuthenticate
            If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
                'create authentication ticket
                objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, "Admin")
                'create cookie UserName
                Response.Cookies("UserName").Value = txtUsername.Text
                objCookie = New HttpCookie(".ASPXAUTH")
                objCookie.Value = FormsAuthentication.Encrypt(objTicket)
                Response.Cookies.Add(objCookie)
                strReturnURL = Request.Params("ReturnURL")
                If strReturnURL <> Nothing Then
                    'returns user to previous page if greater authorization was required
                    Response.Redirect(strReturnURL)
                Else
                    'forwards user after logi
                    Response.Redirect("role_page.aspx")
                End If
            End If
        End If
    End Sub
    
    'check failed login attempt count and if greater than 3 pauses for 2 hours
    Sub Page_Load()
        Dim objCounter As Object = Session("counter")
        If Session("counter") > 3 Then
            thread.sleep(7200000)
            Response.Redirect("deny.aspx")
        End If
    End Sub
    
    'stored procedure, returns 1 if successful login, -1 it not
    Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
        conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
        cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
        cmdSelect.CommandType = CommandType.StoredProcedure
        parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
        parmReturnValue.Direction = ParameterDirection.ReturnValue
        cmdSelect.Parameters.AddWithValue("@Username", strUsername)
        cmdSelect.Parameters.AddWithValue("@Password", strPassword)
        conMyData.Open()
        cmdSelect.ExecuteNonQuery()
        intResult = cmdSelect.Parameters("RETURN_VALUE").Value
        conMyData.Close()
        'if unsuccessful login display message and increase failed attempt count by 1 then
        'pauses for 10, then 20, then 30 seconds if user keeps failign
        If intResult = -1 Then
            lblMessage.Text = "Your Username or Password is incorrect.  Please try again."
            Dim objCounter As Object = Session("counter")
            If objCounter Is Nothing Then objCounter = 0
            Session("counter") = CInt(objCounter) + 1
            Thread.Sleep(10000 * (CInt(objCounter)))
        End If
        Return intResult
    End Function
    
</script>

<html>
<head><title>Login.aspx</title></head>
<body style="text-align: center">
<form id="Form1" runat="server">
    &nbsp;<table style="width: 264px; height: 155px;">
        <tr>
            <td colspan="2" style="height: 43px; text-align: center">
                <strong><span style="font-size: 16pt">
                Please Login:</span></strong></td>
        </tr>
        <tr>
            <td colspan="2" style="text-align: center">

<asp:Label
    ID="lblMessage"
    ForeColor="Red"
    Font-Bold="true"
    Runat="server" /></td>
        </tr>
        <tr>
            <td style="width: 60px">
                <strong>Username:</strong></td>
            <td style="width: 11px">
<asp:TextBox
    ID="txtUsername"
    Runat="server" Width="160px" /></td>
        </tr>
        <tr>
            <td colspan="2" style="height: 1px">
            </td>
        </tr>
        <tr>
            <td style="width: 60px">
                <strong>Password:</strong></td>
            <td style="width: 11px">
<asp:TextBox
    ID="txtPassword"
    Runat="server" TextMode="Password" Width="160px" /></td>
        </tr>
        <tr>
            <td colspan="2" style="text-align: right">
<asp:Button
    Text="Login"
    OnClick="Button_Click"
    Runat="server" ID="Button1" /></td>
        </tr>
    </table>
<hr>
</form>
</body>
</html>

Similar Threads

Error Loading operating System in Windows NT / 2000 / XP
installing php admin in dreamweaver? in MySQL
Help with Roles Stored in SQL database in ASP.NET
URGENT! Loading Roles From ticket.UserData in ASP.NET
Problems loading websites in Web Browsers

jhoop2002

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Jul 2005

Permalink

Jul 20th, 2005

Re: loading roles from DB to auth cookie

Have you tried creating a function that makes a call to the DB 'where UserName = ' & txtUserName.Text and return that value to a string variable you pass into the authentication.ticket method?

Paladine

Team Colleague

Reputation Points: 211

Solved Threads: 27

Master Poster

Offline

793 posts
since Feb 2003

Permalink

Jul 21st, 2005

Re: loading roles from DB to auth cookie

yes, it works with "Admin" hard coded in there, but i am new to .net and still learning everything. Looking at that code, I don't know how to get my stored proceedure to return the users role. I tried writing another one, but it didn't work out to well. I guess this just comes down to writing a query and converting the results to a string and then inserting them into that ticket.

jhoop2002

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Jul 2005

Permalink

Jul 21st, 2005

Re: loading roles from DB to auth cookie

Thanks for at least trying to help, but some of the people at aspmessageboard.com helped me out after i took your advice.

Here is the code that made it all work for me. This goes in the login page;

(Toggle Plain Text)

    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
        If IsValid Then
            'load stored procedure DBAuthenticate
            If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
                Dim conRoles As SqlConnection
                Dim cmdSelectRoles As SqlCommand
                Dim dtrRoles As String

                conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
                conRoles.Open()
                cmdSelectRoles = New SqlCommand("SELECT g.name FROM dbo.Groups g WHERE g.group_id IN (SELECT r.group_id FROM dbo.Roles r WHERE r.user_id IN (SELECT ui.user_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password))", conRoles)
                cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
                cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
                dtrRoles = cmdSelectRoles.ExecuteScalar

                'create authentication ticket
                objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
                conRoles.Close()

Now since I don't know how to get this page to redirect depending on the role of the user, I redirected to another page and had that page check the role of the user and then they are redirected to the page i want them to start out at.

jhoop2002

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Jul 2005

Permalink

Jul 22nd, 2005

Re: loading roles from DB to auth cookie

Good work.

Just an FYI (understanding .NET, doesn't excuse from needing an understanding of SQL)

pseudo-code

(Toggle Plain Text)

CREATE PROCEDURE sp_GetRole /* How it would appear in QUERY ANALYZER */
	(
		@UserName VARCHAR(50) = NULL,
		@Password VARCHAR(50) = NULL,
		@Role VARCHAR(20) = NULL 
	)
AS
	SET @Role = (SELECT Role
	FROM UserTable /* or what you called you table with this data */
	WHERE UserName = @UserName AND Password = @Password)
RETURN @Role

Hope this helps!

Glad to see you found another option.

Paladine

Team Colleague

Reputation Points: 211

Solved Threads: 27

Master Poster

Offline

793 posts
since Feb 2003

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in ASP.NET Forum Timeline: Listbox selectedItem.value cannot be retrieved

Next Thread in ASP.NET Forum Timeline: sending printscreen file through browser

DaniWeb Message

Cancel Changes

User Name
Password