Last post Jun 25, 2008 03:30 PM by pcs
Jun 24, 2008 01:05 PM|pcs|LINK
1.I have used windows authentication in IIS and I am
checking if the user exists in Active Directory.
2.I have written the functions in page load event of the aspx page(Start page of the web application).
i.e If the person is a valid user,I display their username and they can access the application.But if the person is not a valid user I have used Response.redirect to a aspx page and display a message ("Not a valid user").
3.Active directory checking is working fine.There are
3 aspx pages in my project.But I am not doing any checking for the remaining 2 aspx pages.
Do I need to write the same functions (active directory checking)that I have written in page load event of the start page in the remaining 2 aspx pages ?
Should I store the windows user name in Session variable ( ie. if the user exists in active directory) and check in all the aspx pages on page load?
Please guide me,it is urgent.
Jun 24, 2008 04:33 PM|dannyLi|LINK
Okay, first it depends on what you are going to do with the user who is authenticated through LDAP? If you do need to identify each user for other processes later, it will be a good idea to store that user Identity in a session.
Now for the rest pages you really do not need to do the same function again, there are many ways to implement. I just list couple of them, you can find more.
1. you can add a Session object call is ISAuthenticated, and once in the Authentication is done, store "True" if user is good, or store"False" if no good. in other page all you need to do inthe page load event you check the Session object ISAuthenticated
value, if true then load the rest, if not redirect.
2. use Httpcontext object. when user is autheticated you can issue a cookie ie FormsAuthentication.SetAuthCookie(userId,
false) , then in other page you need to check bool" Request.IsAuthenticated", if yes do sth, not redirect..
Additionally you can add some routins into to you Globle.asax to help you to make it automated.. Also do not forget to kill the session objects once user log off. I hope it helps.
Jun 24, 2008 05:31 PM|johram|LINK
If you are building an intranet app which requires you to be logged on onto the domain, then there's a much simpler approach than trying to do all this in code. You can simply make sure you've configured the IIS correctly (two settings) and then you'll have
integrated authentication up and running with no code. The actual authentication will be taken care of outside your aspx pages, so when the aspx code runs you will always know that the user is authenticated correctly. No need to store user name or similar
stuff, as you will get this with the request from the browser. Another bonus in letting IIS handle authentication is that you this will be done automatically - the user will not even know they were authenticated, as it just happens (when using IE). If you're
using Firefox (or Opera), a logon form will automatically popup (which is controlled by IIS).
But you might have good reasons to handle this with your own code instead? If not, then I recommend you to consider my suggestion as it is a very simple implementation.
Jun 25, 2008 03:30 PM|pcs|LINK
Thanks for a detailed reply.
Right now in my project I have 2 aspx pages.
1.Form1.aspx //implemented the active directory checking function in the page load event of this aspx page,if user does not exist redirect to Message.aspx(display message that user does not exist)
I have navigation links for Form2 from Form1.aspx and also hyperlink in Form2.aspx to come back to Form1.
I am not doing any checking or storing session variables in Form2.aspx.So based on my code,
Form1.aspx (Start page) i.e in the beginning when the user uses the application active directory checking is done and
everytime when the user comes back to Form1.aspx active directory checking is done.
Is this approach correct? or Do I need to move the active directory checking code to a separate page (for e.g LoginCheck.aspx) and implement
the code there and if user exists in active directory store the username in session variable and check in page load event of Form1.aspx and Form2.aspx.
Please guide me.