Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Sitka
Aged Yak Warrior
571 Posts |
 Posted - 2004-05-12 : 09:05:15
|
| FROM http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=433I'm trying to roll my own forms authentication package that uses an existing users datastore. The logins/passwords for the company intranet have traditionally been managed and handled in classic ASP and maintained in session variables. They are stored after client or application server side one way encryption. I want the new ASP.NET applications to share the same login package. I worked out how to get the Session variables from ASP back to ASP.NET. There are variables like "Validated" = true, "Level" = 5, "IsAdmin" = true, UserFullName =..., "ShopEditor" = true , "Roles" = string1,string2,...Basically whatever may be needed per application from a wide range of User Permission or Configurations Tables(s). So now I see that to make the traditional Forms based security and configuration settings in ASP.NET a recommended way maybe to use a Custom FormsAuthenticationTicket. That ticket seems to work as in the article but at what point does the web application recognize the creation of this ticket as being the "thumbs up to authenticating the generic user against the application. That is..if how and when does this HttpContext.Current.User.Identity.IsAuthenticatedget set as true.Most examples reference this method FormsAuthentication.RedirectFromLoginPageThat seems innocent enough but I think there is more that is going on than just the redirect.As I wrote this...since it seems I can access and set that session variables as per usual, maybe just check them each page onload for their validity and ignore the web.config <authorization> tags of what is secure and what isn't. That would follow more closely as to what is done now, and buy time until System.Security.Principal.GenericIdentity is understood. There is also the suspect Userdata limitation on the FormsAuthenticationTicket. |
|
|
|
|
|
HttpContext.Current.User.Identity.IsAuthenticated