Where in User.Identity.Name gets a value in Login control?

[Athena]

Hello,

For a logging application I need to test the value of User.Identity.Name
together with User.Identity.IsAuthenticated to direct the program flow. I
tried Login.Authenticated, LoggedIn and Page_Load events. In all cases the
value is returned as empty. Based on whether this value equal to "admin" I
would like to make a CreateUserWizard control visible if the user is
authenticated. I would appreciate if you give me a code example. Thank you.

Athena

 

[Bryan Porter]

Athena,

Once the user has authenticated successfully through one of the log in
controls, the (and this is from memory, so bear with me) User property of the
current HttpContext instance should be populated. Depending on the membership
provider you are using, HttpContext.Current.User.Identity should hold either
a WindowsIdentity object or a GenericIdentity object.

If they don't, the user can't have been authenticated, or you are using
custom forms authentication (not one of the membership providers) and not
setting the forms authentication ticket properly.

Hope that helps.

 

[Wainage]

Athena,

I’ve looked at your code and your problem stems from a basic
misunderstanding of ASP.NET’s “Forms†authentication. Since I am also a
rookie programmer let me give you a brief break down of how it works.

When a user clicks the login button on the login form the following sequence
occurs:
1. Username and Password are validated against the data store (XML, SQL etc)
2. If valid and Authentication Ticket is created that contains the Username
3. The Ticket is encrypted and passed into the pending Http Response
4. The current page is “Refreshed†with a Response.Redirect (and the cookie
is delivered to the browser)

The user is now logged in and User.Identity.Name and User.Identity will now
be populated. How? The following occurs:
1. Http request begins (before the Page is even created)
2. If the request contains a Authentication cookie it is decrypted (it does.
Step 4 above)
3. A user Principal is created containing the Username
4. This Principal is assigned to the current Context (User.Identity.XXXX is
now available)
5. … rest of the request processing, page processing continues …

This may look confusing at first but understanding it is vital in
understanding how authentication in ASP.NET works.

I’ve included a sample (unfortunately I only speak C# - but there is very
little and it is well commented) that will provide the behavior you are
looking for.

The default.aspx page has a [LoginStatus] control as well as a [LoginView]
to hide our controls from anonymous users. The [CreateUserWizard] control is
part of the <loggedIn> template and visible is false.

In Page_Load we check to see if the user is “adminâ€. If so
[CreateUserWizard].Visible = true;

To make it work, run the “Web Site Administration Toolâ€, enable security and
add a “admin†and a couple of test users.

I hope this lifts the fog.

Wainage

=============================================
[default.aspx]
-------------------------------------------------------------------------
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs"
Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:LoginStatus ID="LoginStatus1" runat="server" />
</div>
<div>
<asp:LoginView ID="LoginView1" runat="server">
<AnonymousTemplate>
To Work on the site u need to log in
</AnonymousTemplate>
<LoggedInTemplate>
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server"
Visible="false">
<WizardSteps>
<asp:CreateUserWizardStep ID="CreateUserWizardStep1"
runat="server">
</asp:CreateUserWizardStep>
<asp:CompleteWizardStep ID="CompleteWizardStep1"
runat="server">
</asp:CompleteWizardStep>
</WizardSteps>
</asp:CreateUserWizard>
<div>
All Logged in users can see this ...
</div>
</LoggedInTemplate>
</asp:LoginView>
</div>
</form>
</body>
</html>
-------------------------------------------------------------------------
protected void Page_Load(object sender, EventArgs e)
{
// the Wizard control is only shown when the user is Authenticated
// so we need to find the control (this.CreateUserWizard1 does not
work)
// We ask LoginView to find the control
CreateUserWizard wizard =
(CreateUserWizard)LoginView1.FindControl("CreateUserWizard1");

// did we find it?
if (wizard != null) // Yes!
{
// check username
if ("admin" == User.Identity.Name)
wizard.Visible = true; // for "admin"
else
wizard.Visible = false; // for everyone else
}
}
=============================================
[login.aspx]
-------------------------------------------------------------------------
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs"
Inherits="login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>

</div>
<asp:Login ID="Login1" runat="server">
</asp:Login>
</form>
</body>
</html>
=============================================

 

[Eliyahu Goldin]

The problem is that the authentication principal won't get set until the
next request to the
server. But you can use the "UserName" property on the Usercontrol
within the LoggedIn event to identify the user.


--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net

 

[Scott Roberts]

When a user clicks the login button on the login form the following
sequence
occurs:
1. Username and Password are validated against the data store (XML, SQL
etc)
2. If valid and Authentication Ticket is created that contains the
Username
3. The Ticket is encrypted and passed into the pending Http Response
4. The current page is “Refreshed†with a Response.Redirect (and the
cookie
is delivered to the browser)

Steps 1-3 all occur on the initial postback, and during that postback the
User.Identity is not populated. Step 4 does not occur automatically. You can
set a redirect url on the login control or manually redirect from the
code-behind, but either way, the User.Identity is still not set for the
initial postback. Your code works because you're checking User.Identity.Name
in default.aspx, which is *after* the login. If I read the OP correctly, he
wants to redirect from within the login page on the initial postback.

As Eliyahu said, to check the username on the initial postback of the login
page, you'll need to use the "Username" property of the login control.

 

[Ian Semmel]

You can check in OnAuthenticate and do the authentication yourself eg

protected void Login1_OnAuthenticate(object sender,
AuthenticateEventArgs e)
{

MembershipUser user =
Membership.GetUser(Login1.UserName, false);

if (user == null)
return;

if (!user.IsApproved)
{
Login1.FailureText = "You have not yet been
approved";
Login1.FailureAction =
LoginFailureAction.Refresh;
e.Authenticated = false;
}
else
{
e.Authenticated = Membership.ValidateUser (
Login1.UserName, Login1.Password );
}

}