Session variables with forms based authentication

[Morten]

Hi!

I've been implementing forms based authentication in a web project. It works
pretty good. When I log on by clicking the "login" button the following code
is executed:

if (ValidateUser(strUserName,txtUserPass.Value))
{
DBFunctions Commoncode;
Commoncode = new DBFunctions();
string strAdminRights;
Session["UserID"] = Commoncode.GetDBValue ("SELECT userID FROM Users WHERE
uname = '" + strUserName + "'", "Users", "userID");
strAdminRights = Commoncode.GetDBValue ("SELECT userAdminRights FROM Users
WHERE uname = '" + strUserName + "'", "Users", "userAdminRights");
if (strAdminRights == "1")
{
Session["AdminRights"] = "true";
}
else
{
Session["AdminRights"] = "false";
}
FormsAuthentication.RedirectFromLoginPage(strUserName,
chkPersistCookie.Checked);
}

This as you can see sets a couple of session variables. The problem is that
I've made it possible to use a persistent cookie so that users don't have to
key in their credentials everytime they log in.When the cookie is used users
are granted access immediately and the code above is not used and therefore
the session variables are not initialized.

Does anyone know how to solve this?

Thanks in advance

Morten

 

[matt]

Hi,

Hi!

I've been implementing forms based authentication in a web project. It
works pretty good. When I log on by clicking the "login" button the
following code is executed:

if (ValidateUser(strUserName,txtUserPass.Value)) ....
This as you can see sets a couple of session variables. The problem is
that I've made it possible to use a persistent cookie so that users don't
have to key in their credentials everytime they log in.When the cookie is
used users are granted access immediately and the code above is not used
and therefore the session variables are not initialized.

You can define the method "Session_OnStart" il the global.asax file that
will automatically execute needed code for cookie checking and session
variables initialization.

Hope this will help you.

Matt

 

[Morten]

Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten

 

[Jason DeFontes]

The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason

 

[Morten]

Hi!

Thanks for your help. The code example you provided works perfectly!

Morten

The user name that you set when you call RedirectFromLoginPage() is
available in Session_Start when the persistent auth cookie is used:

protected void Session_Start(Object sender, EventArgs e)
{
// If we're starting a new session, we may have a user
// with a persisted authentication cookie, so we need to
// retrieve their user info and set up the session.
if (Request.IsAuthenticated)
{
string username = Context.User.Identity.Name;
DataManager dataManager = (DataManager)Application["DataManager"];
MyUser user = dataManager.GetUser(username);
if (user != null)
{
Client client = dataManager.GetClient(user.ClientId);
Session["User"] = user;
Session["Client"] = client;
}
}
}

-Jason

Hi Matt!

Thanks for your suggestion. The problem is that I don't get the user name
until after I've logged in and one of the session variables depends on the
properties of the user. The Session_OnStart fires a bit too early...

Best regards

Morten