Form Authentication

Form Authentication

1. In Web.Config

      <authentication mode="Forms">
            <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".MyCookieOfFromAuth"
               path="/"  requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx"
               cookieless="UseDeviceProfile"
               enableCrossAppRedirects="false">
            </forms>
        </authentication>
 --------------------------------------------------------------------------
2.  In Global.asax file
        <%@ Import Namespace="System.Security.Principal" %>
   
  protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        if (HttpContext.Current.User != null)
        {
            FormsIdentity fi;
            fi = (FormsIdentity)(User.Identity);
            FormsAuthenticationTicket tkt;
            tkt = fi.Ticket;
            string ud;
            ud = tkt.UserData;
            string[] ar = ud.Split('|');
            HttpContext.Current.User = new GenericPrincipal(fi, ar);

        }
    }

----------------------------------------------------------------------------

3. On Login Page

   protected void btnlogin_Click(object sender, EventArgs e)
    {
        DataTable dt = new DataTable();
        Hashtable ht = new Hashtable();
        ht.Add("@UserName", txtusername.Text);
        ht.Add("@Password", txtpwd.Text);
        dt = NSBuilder.DataAccess.GetDataSet("Usp_Login", ht).Tables[0];

        if (dt.Rows.Count > 0)
        {
            string username = dt.Rows[0]["UserName"].ToString();
            string userrole =  dt.Rows[0]["Role"].ToString();
            GenerateTicket(username, userrole);
            if(User.IsInRole("Administrator"))
            {
                Response.Redirect("Admin/Administrator.aspx");
            }
            if (User.IsInRole("Member"))
            {
                Response.Redirect("Members/Member.aspx");
            }
            if (User.IsInRole("Guest"))
            {
                Response.Redirect("Guests/Guest.aspx");
            }


            //if (userrole == "Administrator")
            //{
            //    Response.Redirect("Admin/Administrator.aspx");
            //}
            //if (userrole == "Member")
            //{
            //    Response.Redirect("Members/Member.aspx");
            //}
            //if (userrole == "Guest")
            //{
            //    Response.Redirect("Guests/Guest.aspx");
            //}

       }
                   
        //if(HttpContext.Current.User.IsInRole("Administrator"))
        //{
        //    Response.Redirect("Administrator.aspx");
        //}
        //if (HttpContext.Current.User.IsInRole("Member"))
        //{
        //    Response.Redirect("Member.aspx");
        //}
        //if (HttpContext.Current.User.IsInRole("Guest"))
        //{
        //    Response.Redirect("Guest.aspx");
        //}
     
    }
 
   protected void GenerateTicket(string uname,string urole)
    {
        FormsAuthenticationTicket k = new FormsAuthenticationTicket(1, txtusername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, urole, FormsAuthentication.FormsCookiePath);

        string st;
        st = FormsAuthentication.Encrypt(k);
        HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, st);
        Response.Cookies.Add(ck);
    }
 ---------------------------------------------------------------------

Posted in: ASP.NET,FORM_AUTHENTICATION