Security

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 05 Sep 2007 08:43:42 GMT

Could you put up your code...as to what you did..where did you stopped. Lets try to get this working..:P

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Tue, 04 Sep 2007 22:24:13 GMT

dropped that,

couldn't make it work,

but, if you have any ideas, I would be more than glad to hear!

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Tue, 04 Sep 2007 15:24:30 GMT

Hi Patrick,

How is it going? Where are we with this?

I also thought about using a singleton pattern to acquire authentication once and use the static object around.

Good luck

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Mon, 30 Jul 2007 08:40:09 GMT

Sorry I was away.

Could you please let me know whats remaining. And please could you mark all those answers that helped you.

Regards

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Fri, 27 Jul 2007 18:59:45 GMT

thanx all for your answers,

especially you naturehermit,

couldn't implement the last one,

anyway thanx,

great way for a discussion

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Thu, 19 Jul 2007 13:51:17 GMT

Hi there,

Whats the current state of play with this one.

Thanks

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 18 Jul 2007 13:51:31 GMT

You know i realised that article is for visual studio 2003 and .net framework 1.1. You can download the accompanying zip file for trying..

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Wed, 18 Jul 2007 13:36:01 GMT

I'm not using inproc, i'm using:

as the article suggested

<%@ Application Language="VB" %>

<script runat="server">

  Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    
    Dim userInformation As String = [String].Empty

    If HttpContext.Current.User IsNot Nothing AndAlso _
       HttpContext.Current.User.Identity.IsAuthenticated AndAlso _
       TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
      'If Request.IsAuthenticated Then
      
      Dim sCookieName As String = FormsAuthentication.FormsCookieName
      If Request.Cookies(sCookieName) IsNot Nothing AndAlso Request.Cookies(sCookieName).Value <> "" Then
        Dim fat As FormsAuthenticationTicket = FormsAuthentication.Decrypt(Context.Request.Cookies(sCookieName).Value)
        userInformation = fat.UserData

        Dim info As String() = userInformation.Split(New Char() {";"c})
        If info.GetUpperBound(0) <> 6 Then
          If Context.Session IsNot Nothing Then Context.Session.Abandon()
          FormsAuthentication.SignOut()

          Dim objCookie As New System.Web.HttpCookie(FormsAuthentication.FormsCookieName, String.Empty)
          With objCookie
            .Path = "/"
            .Expires = Date.Now.AddDays(-1)
          End With
          Response.Cookies.Add(objCookie)
          objCookie = Nothing

          Context.User = Nothing
          Return
        End If

        ' this could be a new "illegal" logon, so we need to check
        ' if these credentials are already in the Cache
        Dim sCacheUser As String = Convert.ToString(HttpContext.Current.Cache(helperclasses.CustomPrincipal.GetUser.Email))
        If sCacheUser IsNot Nothing AndAlso sCacheUser <> String.Empty Then
          ' cache item exists, so too bad...
          If Context.Session IsNot Nothing Then Context.Session.Abandon()
          FormsAuthentication.SignOut()

          Dim objCookie As New System.Web.HttpCookie(FormsAuthentication.FormsCookieName, String.Empty)
          With objCookie
            .Path = "/"
            .Expires = Date.Now.AddDays(-1)
          End With
          Response.Cookies.Add(objCookie)
          objCookie = Nothing

          Context.User = Nothing
          Return
        End If

        HttpContext.Current.User = New helperclasses.CustomPrincipal(User.Identity, Convert.ToInt32(info(0).ToString()), info(1).ToString(), info(2).ToString(), Convert.ToInt32(info(3).ToString()), info(4).ToString(), Convert.ToInt32(info(5).ToString()), info(6).ToString())
      End If
    End If

  End Sub
  
  Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)

    ' e.g. this is after an initial logon
    If Session("userkey") IsNot Nothing Then
      Dim sKey As String = Session("userkey").ToString
      ' Accessing the Cache Item extends the Sliding Expiration automatically
      Dim sUser As String = HttpContext.Current.Cache(sKey).ToString
    End If

  End Sub
  
  Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs on application startup

    ' Set our user count to 0 when we start the server 
    Application("ActiveUsers") = 0
    
  End Sub
  
  Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs on application shutdown

  End Sub
      
  Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs when an unhandled error occurs
    Dim ex As Exception = Server.GetLastError()
    Dim sErrorFullMessage As String = String.Empty
    If HttpContext.Current.IsDebuggingEnabled Then
      sErrorFullMessage = GetHTMLError(ex)
    Else
      sErrorFullMessage = "ERROR: " & ex.ToString & ControlChars.NewLine & ControlChars.NewLine & _
                          "MESSAGE: " & ex.Message & ControlChars.NewLine & ControlChars.NewLine & _
                          "SOURCE: " & ex.Source & ControlChars.NewLine & ControlChars.NewLine & _
                          "FORM: " & Request.Form.ToString() & ControlChars.NewLine & ControlChars.NewLine & _
                          "QUERYSTRING: " & Request.QueryString.ToString() & ControlChars.NewLine & ControlChars.NewLine & _
                          "TARGETSITE: " & ex.TargetSite.ToString & ControlChars.NewLine & ControlChars.NewLine & _
                          "STACKTRACE: " & ex.StackTrace
    End If
    Server.ClearError()
    
    If HttpContext.Current.IsDebuggingEnabled Then
      ''If (Context IsNot Nothing) And (Context.User.IsInRole("Administrators")) Then

      Response.Clear()
      Response.Write(sErrorFullMessage)
    Else
      helperclasses.GlobalFunctions.CreateEventLog(sErrorFullMessage, Diagnostics.EventLogEntryType.Error)
      SendHtmlError(ex)
      Response.Redirect(helperclasses.GlobalDeclarations.BasePath & "/errorpage.aspx")
    End If

  End Sub

  Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs when a new session is started
    If HttpContext.Current.IsDebuggingEnabled Then
      'If Context IsNot Nothing AndAlso (Context.User.IsInRole("BUILTIN\Administrators") OrElse Context.User.IsInRole("Debugger Users")) Then
      'helperclasses.GlobalFunctions.MessageMake("Session 500")
      Session.Timeout = 500
    End If
      
    'Session.Timeout = 10
    Session("Start") = Now
    
    If HttpContext.Current.User IsNot Nothing AndAlso _
       HttpContext.Current.User.Identity.IsAuthenticated AndAlso _
       TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
      'If Request.IsAuthenticated Then
      
      ' No Cache item, so sesion is either expired or user is new sign-on
      ' Set the cache item and Session hit-test for this user---
      Dim SessTimeOut As TimeSpan = New TimeSpan(0, 0, helperclasses.GlobalDeclarations.LoginTimeout, 0, 0)
      HttpContext.Current.Cache.Insert(helperclasses.CustomPrincipal.GetUser.Email, helperclasses.CustomPrincipal.GetUser.Email, Nothing, DateTime.MaxValue, SessTimeOut, System.Web.Caching.CacheItemPriority.NotRemovable, Nothing)
      Session("userkey") = helperclasses.CustomPrincipal.GetUser.Email

      Dim sCookieName As String = FormsAuthentication.FormsCookieName
      If Request.Cookies(sCookieName) IsNot Nothing AndAlso Request.Cookies(sCookieName).Value <> "" AndAlso _
        (Session("LastLogin") Is Nothing OrElse Context.Session("LastLogin").ToString = String.Empty) Then
        Dim cust As New helperclasses.Customer
        cust.UpdateLastLogin(helperclasses.CustomPrincipal.GetUser.Email)
        Session("LastLogin") = Date.Now
      End If
    End If
    
    Application.Lock()
    Application("ActiveUsers") = CInt(Application("ActiveUsers")) + 1
    Application.UnLock()
    
    'helperclasses.InstanceMonitor.DbManagerInstances = 0

  End Sub

  Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs when a session ends. 
    ' Note: The Session_End event is raised only when the sessionstate mode
    ' is set to InProc in the Web.config file. If session mode is set to StateServer 
    ' or SQLServer, the event is not raised.
    Application.Lock()
    Application("ActiveUsers") = CInt(Application("ActiveUsers")) - 1
    Application.UnLock()
    
  End Sub
</script>

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 18 Jul 2007 13:16:35 GMT

I thought you were using c#. The above code is in global.asax, can i see complete global.asax please..It looks ok. Have you set inproc session. Also look at this one here... http://www.eggheadcafe.com/articles/20030416.asp. Perhaps you will need to put your all global.asax.

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Wed, 18 Jul 2007 12:08:58 GMT

  Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)

    ' e.g. this is after an initial logon
    If Session("userkey") IsNot Nothing Then
      Dim sKey As String = Session("userkey").ToString
      ' Accessing the Cache Item extends the Sliding Expiration automatically
      Dim sUser As String = HttpContext.Current.Cache(sKey).ToString
    End If

  End Sub

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 18 Jul 2007 10:26:18 GMT

sorry it should be alright, could i see your code again please

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Wed, 18 Jul 2007 10:08:00 GMT

that's what the article suggested, in order to refresh the user in cache,

can anyone figure out a possible workaround?

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 18 Jul 2007 09:51:39 GMT

Edit, sorry could I see your code...please

Re: lastlogindate and FormsAuthentication (cookie) - how?

patrickdrd — Wed, 18 Jul 2007 09:46:42 GMT

session object problems once more...

System.Web.HttpException was unhandled by user code
  ErrorCode=-2147467259
  Message="Session state is not available in this context."
  Source="System.Web"
  StackTrace:
       at System.Web.HttpApplication.get_Session()
       at ASP.global_asax.Application_PreRequestHandlerExecute(Object sender, EventArgs e) in D:\DEV\global.asax:line 65
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Re: lastlogindate and FormsAuthentication (cookie) - how?

naturehermit — Wed, 18 Jul 2007 09:08:15 GMT

Because you said you do not want many db writes... and cache recycles/overwritten if the thread limits is reached or memory limit hits.