Http Module -Multiple Projects

[thomson]

Hi All,
i do hae a solution in which i do have mulitple projects
including Web Projects,, Depending on the functionality it gets
redirected to different web projects and it is working fine,


for eg: httpomainName/MainProject/index.aspx, If i login, it gets
redirectes to a different Web Project inside the solution like
http://DomainName/MainProject/ChildProject/MyPage.aspx..

This works perfectly fine.

My issue is
:


I need to add redirect a set of request to a different page based on
some criteria, for eg; i do have certain calls like
http://DomainName/username, when a request come like this i need to
authenticate the username with the database and redirect to a
dynamically constructed page which can be a different Web Project
inside the same solution.


Can anyone please guide me how do i solve this issue, should i use a
HTTP Module for this: since it has multipl;e projects i guess some
thing wrong

 

[Vadivel Kumar]

Preferably, you can make use of HttpModule and check the requested url
for the username whether it is authenticated or not. This is one way of
solving your problem.

But, I would suggest you to have a different approach which might well
fit in your case.

1. Have a class called "BasePage" which is inherited from
System.Web.UI.Page class.
2. Normally, all your WebForm classes would inherit the ASP.NET Page
class. You have to change that to "BasePage" class.
3. Now, implement your authentication logic inside the BasePage class by
overriding the Page_Load event.

If you implement the authentication code in HttpModule then you would
end up in checking for all the page requests even if you dont need to
authenticate a page. In this approach you have inherit the BasePage
class for the webform's that are needed to be authenticated.

Let me know if you have any issues in understanding this solution.

 

[Guest]

In every page request, the Application_AuthenticateRequest even fires. This
is the typicaly place where you perform whatever authentication you want to
do .
Peter

 

[thomson]

Hi,
if i implement the HTTP Module section, and use the
Application_AuthenticateRequest, will it fire for each and every
request between projects,
since i do have multiple Web Projects?

Regards

thomson

 

[thomson]

I clearly understood ur solution i was using Base Page class Mechanism
to handle most of my validation usage, but what happens it still enters
my system, i dont want that i have to intercept t from the beginning
and redirect a different set all together,

I problem i noticed is that each and every time the request has to go
thru the authentication scheme.

Regards

thomson

 

[thomson]

Hi Peter,
i tried with ur solution but its on a loop , Help me
out

Thanks in Advance

 

[Guest]

How I did it, in ASP.NET 1.1:


//global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Retrieve stored user-data (our roles from db)
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to
Current User
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}


// web.config:

<authentication mode="Forms">
<forms name="FormsAuthDB.AspxAuth"
loginUrl="default.aspx"
protection="All"
timeout ="10"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>

// loging page:

private void Button1_Click(object sender, System.EventArgs e)
{
// Initialize FormsAuthentication (reads the configuration and gets
// the cookie values and encryption keys for the given application)
FormsAuthentication.Initialize();

// Create connection and command objects
SqlConnection conn =
new SqlConnection("Data Source=PETER;Database=Northwind;User
ID=sa;password=;");
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT roles FROM Employees WHERE username=@username " +
"AND password=@password"; // this should really be a stored procedure,
right?

// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = TextBox1.Text;
cmd.Parameters.Add("@Password", SqlDbType.NVarChar, 64).Value = TextBox2.Text;
FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text,"sha1");
// you can use the above method for encrypting passwords to be stored in the
database
// Execute the command
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
TextBox1.Text, // Username to be associated with this ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie (could be a checkbox on form)
reader.GetString(0), // User-data (the roles from this user record in our
database)
FormsAuthentication.FormsCookiePath); // Path cookie is valid for

// Hash the cookie for transport over the wire
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie (it's the
name specified in web.config)
hash); // Hashed ticket

// Add the cookie to the list for outbound response
Response.Cookies.Add(cookie);

// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "LoggedIn.aspx";

// Don't call the FormsAuthentication.RedirectFromLoginPage since it could
// replace the authentication ticket we just added...
Response.Redirect(returnUrl);
}
else
{
// Username and or password not found in our database...
ErrorLabel.Text = "Username / password incorrect. Please login again.";
ErrorLabel.Visible = true;
}
}

--Hope that helps.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com