Hi There,
I have a login in page for the Administrative side of the site i'm building. I have the VS.net 2005 Login Control all wired up to my CLSA principal object and it works great! Except for the Remember Me Option. When I return to the site I am not authenticated.
How do I go about getting the pricipal object to check for a security cookie from the form login control?
OK I just re-read the pages that cover the Login Control for the web project in the book.
How do I get the Forms Authentication to "RE" log in the user securely when thier session expires if they have clicked on "Remember Me".
We don't use sessions for anything but storing the current user. So I just want the session to be regenerated in our administrative side of the application if it times out. Our public section of the application is different and does need to be redirect to another page when the session times out.
If I am using the ASP.net Log in control can I encrypt the password to the UserData section of the AuthCookie?
Then could retrieve the username and password and attempt to log the user back in with the data from the cookie.
Anybody done this before?
Here is the solution that I came up with.
I wrote the code to build the ticket manually and encrypt it and add it to the cookie value but for some reason Response.Cookie.Add(authCookie) was not send it to the client so I figured out this way which is much simplier than adding data to the UserData Field of the auth ticket.
Here is my Log In button click event:
protected
void btnLogIn_Click(object sender, EventArgs e){
FormsAuthentication.Initialize(); if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text)){
FormsAuthentication.RedirectFromLoginPage(((MyIdentity)Csla.ApplicationContext.User.Identity).UserID.ToString(), chkRememberMe.Checked);}
else{
// Username and or password not found in our database...LogInFailure.IsValid =
false;}
}
In Application_AcquireRequestState I do the same as the book to check if the Prinicipal is in the session. If the pricipal is null I check for the Authenication Cookie which I have assigned the USER ID to.
I then call a MyPrincipal.Login(UserID) and assign the session variable again if successful the code is below:
FormsAuthenticationTicket
authTicket = FormsAuthentication.Decrypt(authCookie.Value);Guid UserID = new Guid(authTicket.Name.ToString());
if (MyPrincipal.Login(UserID)){
HttpContext.Current.Session["MyPrincipal"] = Csla.ApplicationContext.User;
principal = (System.Security.Principal.IPrincipal)HttpContext.Current.Session["MyPrincipal"];
}
else
{
//Cookie is not valid so throw an exception
throw new Exception("INVALID USER ID PROVIDED FROM SECURITY COOKIE!");
}
Copyright (c) Marimer LLC