<asp:Login ID="Login1" runat="server" onauthenticate="Login1_Authenticate">
</asp:Login>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:MyConnectionString %>"
SelectCommand="SELECT UserID FROM Users WHERE (UserID = @UserID) AND (Password = @Password) GROUP BY UserID">
<SelectParameters>
<asp:ControlParameter ControlID="Login1" Name="UserID" PropertyName="UserName"
Type="String" />
<asp:ControlParameter ControlID="Login1" Name="Password"
PropertyName="Password" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
Dim dt As DataTable = CType(SqlDataSource1.Select(DataSourceSelectArguments.Empty), DataView).Table
If dt.Rows.Count > 0 Then
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
End If
End Sub
Programming to simplify, don't look for difficult way
Suwandi - Non Graduate Programmer
Thank you for your response. I tried your code but I could not get it to work. My login is a little more complicated. Would you please take a look at my post over here:
loginUrl points to your application's custom logon page. You should place the logon page in a folder that requires Secure Sockets Layer (SSL). This helps ensure the integrity of the credentials when they are passed from the browser to the
Web server.
protection is set to All to specify privacy and integrity for the forms authentication ticket. This causes the authentication ticket to be encrypted using the algorithm specified on the machineKey element,
and to be signed using the hashing algorithm that is also specified on the machineKey element.
timeout is used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime
of the persistent cookie.
name and path are set to the values defined in the application's configuration file.
requireSSL is set to false. This configuration means that authentication cookies can be transmitted over channels that are not SSL-encrypted. If you are concerned about session hijacking, you should consider setting requireSSL to true.
slidingExpiration is set to true to enforce a sliding session lifetime. This means that the session timeout is periodically reset as long as a user stays active on the site.
defaultUrl is set to the Default.aspx page for the application.
cookieless is set to UseDeviceProfile to specify that the application use cookies for all browsers that support cookies. If a browser that does not support cookies accesses the site, then forms authentication packages the
authentication ticket on the URL.
enableCrossAppRedirects is set to false to indicate that forms authentication does not support automatic processing of tickets that are passed between applications on the query string or as part of a form POST.
Authorization Configuration
In IIS, anonymous access is enabled for all applications that use forms authentication. The UrlAuthorizationModule class is used to help ensure that only authenticated users can access a page.
Programming to simplify, don't look for difficult way
Suwandi - Non Graduate Programmer
The links you gave are more than enough, no need to copy and paste parts of them. But you said that Forms Authentication is using Session, which is not true. That's it....
The links you gave are more than enough, no need to copy and paste parts of them. But you said that Forms Authentication is using Session, which is not true. That's it....
Let's get on the same page here. My site has not one by TWO login folders. One for the admin who is logging in and one for users. How does FormsAuthentitcation know how to redirect to the proper folder? Where and how are the paths defined so it knows where
to redirect? How are the roles checked so a logged in user can't try to access the admin folder?
Yes, I have a default.aspx which resides in the admin folder and a default.aspx page in the users folder. One login page. It needs to recognize an admin login goes to admin folder and a user goes to the users folder. (default.aspx)
Yes, I have a default.aspx which resides in the admin folder and a default.aspx page in the users folder. One login page. It needs to recognize an admin login goes to admin folder and a user goes to the users folder. (default.aspx)
So then the code, after login, should simply check based upon who the user is (or what role they're in) and do the approproate redirect.
How is this line below supposed to know where to redirect the appropriate user? (admin or user) It has to check the role and based on the role know where to send the user. How is this done? Isn't this line below for a single folder which is protected? I
have read all these pages and I understand that these is supposed to automatically redirect and handle creating the ticket. My code as it exists doesn't use this statement. The redirection and ticket creation is done manually.
http://forums.asp.net/t/1932824.aspx/1?Login+page+issues
I"m using session variables so I can display these items when the user logs in on the default page. Is there another way to display these variables without first storing them into session variables?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Label1.Text = Session("Firstname")
Label2.Text = Session("Email")
You can get user information from database based userid.
To get userid
Dim userid as string=User.Identity.Name
You can also get Roles based the userid
To implement role, you can use Application_AuthenticateRequest event in global.asax
Get current user roles from database, then use 2 dimensional string array Roles()
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If Request.IsAuthenticated Then
Dim Roles() As String = {"admin"} 'set current user as admin role, modify this and get roles from database
Context.User = New GenericPrincipal(User.Identity, Roles)
End If
End Sub
Programming to simplify, don't look for difficult way
Suwandi - Non Graduate Programmer
Conversion failed when converting the nvarchar value 'scot@scotking.com' to data type int.
This is the error I received on your line oned_gk;
Dim dt As DataTable = CType(SqlDataSource1.Select(DataSourceSelectArguments.Empty), DataView).Table
Seem like the problem from your fields or your select command.
In my sample all fields (Userid/pass) are varchars.
You can also try manualy create db connection (without sqldatasource)
Programming to simplify, don't look for difficult way
Suwandi - Non Graduate Programmer
Thanks for your ideas. I made a login website. It's just a login page and 2 folders each with default.aspx. I have the users folder working. I can login and logout, but I can't for the admin folder.
Member
211 Points
1178 Posts
authentication with sql database
Sep 01, 2013 11:36 PM|sking|LINK
is there a good vb tutorial on this someplace?
California Mortgage | California refinance
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 12:30 AM|oned_gk|LINK
<asp:Login ID="Login1" runat="server" onauthenticate="Login1_Authenticate"> </asp:Login> <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:MyConnectionString %>" SelectCommand="SELECT UserID FROM Users WHERE (UserID = @UserID) AND (Password = @Password) GROUP BY UserID"> <SelectParameters> <asp:ControlParameter ControlID="Login1" Name="UserID" PropertyName="UserName" Type="String" /> <asp:ControlParameter ControlID="Login1" Name="Password" PropertyName="Password" Type="String" /> </SelectParameters> </asp:SqlDataSource>Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate Dim dt As DataTable = CType(SqlDataSource1.Select(DataSourceSelectArguments.Empty), DataView).Table If dt.Rows.Count > 0 Then FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet) End If End SubSuwandi - Non Graduate Programmer
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 02:35 AM|sking|LINK
Hi,
Thank you for your response. I tried your code but I could not get it to work. My login is a little more complicated. Would you please take a look at my post over here:
http://forums.asp.net/t/1932824.aspx/1?Login+not+redirecting+to+login+page
You can see what I'm talking about by logging in at the site. Try admin and asdfasdf for pw. Also try a user login test and asdfasdf pw
I appreciate any help you can provide me.
California Mortgage | California refinance
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 03:09 AM|oned_gk|LINK
Using form authentication actualy very simple, you dont need to create procedure how it work
To login simply, check user/pass is right then
You only need to configure it in web.config
Cookies, Session, redirection is already handled by asp.net
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.100).aspx
Suwandi - Non Graduate Programmer
All-Star
25756 Points
7025 Posts
Re: authentication with sql database
Sep 02, 2013 03:23 AM|hans_v|LINK
Session?
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 03:38 AM|oned_gk|LINK
Yeah, FormsAuthentication using session, simply need to configure the timeout period in web.config
http://msdn.microsoft.com/en-us/library/ff647070.aspx
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.aspx
Suwandi - Non Graduate Programmer
All-Star
25756 Points
7025 Posts
Re: authentication with sql database
Sep 02, 2013 03:42 AM|hans_v|LINK
Really? I suggest you start reading!
Session has nothing to do with Forms Authentication whatsover.....
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 04:09 AM|oned_gk|LINK
My english so weak, i hope sking will be better to undertand this
ASP.NET Forms Authentication
ASP.NET forms authentication occurs after IIS authentication is completed. You can configure forms authentication with the forms element.
Forms Authentication Configuration
The default attribute values for forms authentication are shown in the following configuration-file fragment.
<system.web> <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </authentication> </system.web>The default attribute values are described below:
Authorization Configuration
In IIS, anonymous access is enabled for all applications that use forms authentication. The UrlAuthorizationModule class is used to help ensure that only authenticated users can access a page.
Suwandi - Non Graduate Programmer
All-Star
25756 Points
7025 Posts
Re: authentication with sql database
Sep 02, 2013 04:18 AM|hans_v|LINK
The links you gave are more than enough, no need to copy and paste parts of them. But you said that Forms Authentication is using Session, which is not true. That's it....
All-Star
20376 Points
6507 Posts
ASPInsiders
MVP
Re: authentication with sql database
Sep 02, 2013 09:07 AM|BrockAllen|LINK
Let's just hope he means "the login session".
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 01:25 PM|sking|LINK
Let's get on the same page here. My site has not one by TWO login folders. One for the admin who is logging in and one for users. How does FormsAuthentitcation know how to redirect to the proper folder? Where and how are the paths defined so it knows where to redirect? How are the roles checked so a logged in user can't try to access the admin folder?
California Mortgage | California refinance
All-Star
20376 Points
6507 Posts
ASPInsiders
MVP
Re: authentication with sql database
Sep 02, 2013 01:52 PM|BrockAllen|LINK
Sounds like you're conflating authentication and authorization.
Are you saying you have two different login pages (meaning a page that accepts the user's credentials)?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 02:38 PM|sking|LINK
Conversion failed when converting the nvarchar value 'scot@scotking.com' to data type int.
This is the error I received on your line oned_gk;
California Mortgage | California refinance
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 02:40 PM|sking|LINK
Yes, I have a default.aspx which resides in the admin folder and a default.aspx page in the users folder. One login page. It needs to recognize an admin login goes to admin folder and a user goes to the users folder. (default.aspx)
California Mortgage | California refinance
All-Star
20376 Points
6507 Posts
ASPInsiders
MVP
Re: authentication with sql database
Sep 02, 2013 02:58 PM|BrockAllen|LINK
So then the code, after login, should simply check based upon who the user is (or what role they're in) and do the approproate redirect.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 03:20 PM|sking|LINK
How is this line below supposed to know where to redirect the appropriate user? (admin or user) It has to check the role and based on the role know where to send the user. How is this done? Isn't this line below for a single folder which is protected? I have read all these pages and I understand that these is supposed to automatically redirect and handle creating the ticket. My code as it exists doesn't use this statement. The redirection and ticket creation is done manually. http://forums.asp.net/t/1932824.aspx/1?Login+page+issues
California Mortgage | California refinance
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 03:30 PM|sking|LINK
I"m using session variables so I can display these items when the user logs in on the default page. Is there another way to display these variables without first storing them into session variables?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Label1.Text = Session("Firstname")
Label2.Text = Session("Email")
End Sub
California Mortgage | California refinance
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 09:09 PM|oned_gk|LINK
You can get user information from database based userid.
To get userid
You can also get Roles based the userid
To implement role, you can use Application_AuthenticateRequest event in global.asax
Get current user roles from database, then use 2 dimensional string array Roles()
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) If Request.IsAuthenticated Then Dim Roles() As String = {"admin"} 'set current user as admin role, modify this and get roles from database Context.User = New GenericPrincipal(User.Identity, Roles) End If End SubSuwandi - Non Graduate Programmer
All-Star
51281 Points
15126 Posts
Re: authentication with sql database
Sep 02, 2013 09:42 PM|oned_gk|LINK
Seem like the problem from your fields or your select command.
In my sample all fields (Userid/pass) are varchars.
You can also try manualy create db connection (without sqldatasource)
Suwandi - Non Graduate Programmer
Member
211 Points
1178 Posts
Re: authentication with sql database
Sep 02, 2013 10:30 PM|sking|LINK
Thanks for your ideas. I made a login website. It's just a login page and 2 folders each with default.aspx. I have the users folder working. I can login and logout, but I can't for the admin folder.
Here's my post over here:
http://forums.asp.net/p/1933062/5497885.aspx/1?p=True&t=635137562263078273
California Mortgage | California refinance