GenericPrincipal without Forms Authentication

H

Harold Crump

Greetings,

I need to implement GenericPrincipal based authentication without using
ASP.NET Forms Authentication.
I know it is much simpler using Forms Authentication, but in this case,
I have no control over the matter.

I have two pages - login.aspx and home.aspx.

Following is the Click event of the login button on the login.aspx page

protected void btnLogin_Click(Object sender, EventArgs e)
{
if(txtUserID.Text.Trim().ToUpper().Equals("USER1"))
{
buildSecurityContext("USER1");
Response.Redirect("Home.aspx");
}
else if(txtUserID.Text.Trim().ToUpper().Equals("User2"))
{
buildSecurityContext("USER2");
Response.Redirect("Home2.aspx");
else
{
lblMessage.Text = "Invalid User ID. Please re-enter.";
}
}

private void buildSecurityContext(string userName)
{
System.Security.Principal.GenericIdentity curIdentity = null;
System.Security.Principal.GenericPrincipal curPrincipal = null;
string[] roles = {"Role1","Role2"};
curIdentity = new System.Security.Principal.GenericIdentity(userName);
curPrincipal = new
System.Security.Principal.GenericPrincipal(curIdentity, roles);
HttpContext.Current.User = curPrincipal;
}

Following is the OnLoad event of the Home.aspx page

IPrincipal p = HttpContext.Current.User;
string userName = p.Identity.Name;
bool auth = p.Identity.IsAuthenticated;
bool isInRole = p.IsInRole("Role1");
lblUserName.Text = "Welcome " + userName + "<br>Your authentication
status is " + Convert.ToString(auth);
lblRoles.Text = "Your permission for Role1 is " +
Convert.ToString(isInRole);

The problem is that when the home page loads, the current request is
not authenticated.
At the end of the login process, the current identity is authenticated
and contains the correct user name and role.

But after the redirect to the home page, all that is getting lost
somehow.

What am I doing wrong?

Any help appreciated.

-Harold
 
Y

Yunus Emre ALPÖZEN [MCSD.NET]

U should handle Application AuthorizeRequest event at global.asax. And
authorize request at this stage...

--
HTH

Thanks,
Yunus Emre ALPÖZEN
BSc, MCSD.NET
 
H

Harold Crump

Yunus said:
U should handle Application AuthorizeRequest event at global.asax. And
authorize request at this stage...
Click to expand...

Could you elaborate a little further....what code should I put in the
AuthenticateRequest event handler?
And how do I tie that in with the actual authentication check that is
currently being done in the login page button click?

Thanks,
Harold
 
G

Guest

try this out!

string username = "Anonymous";
string[] arrRoles = new string[1];
arrRoles[0] = username;
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1,username,System.DateTime.Now,
System.DateTime.Now.AddMinutes(20), false, username,
FormsAuthentication.FormsCookiePath);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket));

System.Security.Principal.GenericIdentity objIdentity = new
System.Security.Principal.GenericIdentity(username);
System.Security.Principal.GenericPrincipal objPrincipal = new
System.Security.Principal.GenericPrincipal(objIdentity, arrRoles);
_appContext.Response.Cookies.Add(cookie);
_appContext.User = objPrincipal;
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Bypass Forms Authentication for IP address range 2
Forms Authentication. Roles problem in IIS7. Any idea? Anyone? 0
Forms authentication cookie handling question (C#) 4
Forms Authentication 4
Forms authentication with Active Directory 0
Forms Authentication, Web Service, and AJAX 0
Forms Authentication issue. works in debugger, not live. 0
Forms Authentication 0

Members online

Total: 80 (members: 3, guests: 77)
Robots: 432

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,815
Latest member
treekmostly22

Latest Threads

Top