Author Topic: FormsAuthentication (Read 2064 times)

FuMaN · **on:** May 10, 2006, 20:30:33 PM

FormsAuthentication

on: May 10, 2006, 20:30:33 PM

In VB.Net can someone tell me how you pass a persons ID from a database once they have logged in, to other pages they wish to view.

For example they login from login.asp
Then that directs them to default.asp
If they then wish to view admin.asp

How do I pass the ID through so that its admin.asp?ID=100 please

BigSoy · **Reply #1 on:** May 10, 2006, 20:55:44 PM

Re:FormsAuthentication

Reply #1 on: May 10, 2006, 20:55:44 PM

Im assuming youre talking about using VB. Net to write ASP. Net web stuff, so you can things like;

Assign a session variable:
Session("user_id") = "Dave123"

Retrieve the session variable:
Dim user_id As String = Session("user_id").ToString()

Those variables will be available throughout the duration of a users session unless you explicitly reset the session.

DeltaZero · **Reply #2 on:** May 12, 2006, 19:24:46 PM

FormsAuthentication

Reply #2 on: May 12, 2006, 19:24:46 PM

Dosent .asp suggest classic ASP whereas .aspx suggests ASP.Net ?

If youre using classic ASP then Dim user_id As String = Session("user_id").ToString() wouldent work....itd need to be Dim user_id As String = Session("user_id")

BigSoy · **Reply #3 on:** May 14, 2006, 18:38:14 PM

Re:FormsAuthentication

Reply #3 on: May 14, 2006, 18:38:14 PM

AFAIK you dont use VB. Net with classic asp but I could be wrong on that?

FuMaN · **Reply #4 on:** May 15, 2006, 09:54:28 AM

FormsAuthentication

Reply #4 on: May 15, 2006, 09:54:28 AM

So I take it I need to set the session ID equal to something. Then on every page other than the login page, check to see whether this they are logged it or not?

madmax · **Reply #5 on:** May 16, 2006, 16:17:05 PM

Re:FormsAuthentication

Reply #5 on: May 16, 2006, 16:17:05 PM

im looking into this at the minute,
one thing ive seen is a varible being checked from global.ascx (sp on the extention?)

let me know if either of these work, then ill pinch the code back off of you

:mrgreen:

http://www.codeproject.com/aspnet/cookieless.asp
http://www.codeproject.com/aspnet/custom_authentication.asp

http://www.google.co.uk/search?q=codeproject+formsauthentication&start=0&ie=utf-8&oe=utf-8
http://www.google.co.uk/search?hl=en&q=codeproject+forms+authentication&btnG=Search&meta=

madmax · **Reply #6 on:** May 31, 2006, 12:11:41 PM

Re:FormsAuthentication

Reply #6 on: May 31, 2006, 12:11:41 PM

Found a working solution on the net if your intrested Fuman...

http://www.xoc.net/works/tips/forms-authentication.asp

i altered it slightly on my version to use a control that calls stored procedures and outputs the results back to me instead of the plain text info stored in web.config

Code: [Select]



 Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) As Boolean
        Return true if the username and password is valid, false if it isnt

        Dim sHashedPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5")

        Dim loginOk As Boolean = dbOperations.CheckLogin(strUsername, sHashedPassword)

        Return loginOk

    End Function


   Private Function AssignRoles(ByVal strUsername As String) As String
        Return a | separated list of roles this user is a member of

        Return dbOperations.AssignUserRoles(strUsername)

    End Function

other than that its the same as in the example.

if you need to protect aspx pages, put them in a subfolder from the root of the site and put a web.config file in the directory with this in :

Code: [Select]

the magic code is in the Global.asax file that controls the session data

its also roles based so you can hide important buttons like delete record from an unprivlaged but logged in user by hiding the button if the roles dont match.

should get you running

News:

Author Topic: FormsAuthentication (Read 2064 times)