Help with Form authentication
in [ASP .NET]
|
From: Thomas Sun [MSFT] on 6 Jan 2010 04:32 Hi SAL, I agree with Gregory. When we use ASP.NET Login controls, ASP.NET will automatically use the membership system to validate a user and set cookie using UserName. If you want to use UserId as cookie key, you can create a custom Login Form to obtain credentials from user and to validate them against a user store, and then call FormsAuthentication.SetAuthCookie method with UserId as parameter in codebehind class. By far, we need to retrieve UserId from membership database. To do so, we can create a custom SqlMembershipProvider to add new function: GetUserID(string strUserName) . For example, we assume that we use connection string �LocalSqlServer?and use SQL server as database. 1.The following is custom SqlMembershipProvider class: =============================== public class CustomMembership : SqlMembershipProvider { public string GetUserID(string strUserName) { string strUserID = ""; SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["L ocalSqlServer"].ToString()); SqlCommand com = new SqlCommand("SELECT UserId FROM aspnet_Users WHERE UserName= @UserName"); com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = strUserName; try { com.Connection = con; com.Connection.Open(); object obj = com.ExecuteScalar(); strUserID = Convert.ToString(obj); } catch { } finally { con.Close(); } return strUserID; } } =============================== 2.Create Login Form page and use custom provider to retrieve UserId: =============================== <%@ Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> protected void btnLogin_Click(object sender, EventArgs e) { CustomMembership cms = (CustomMembership)Membership.Provider; if (cms.ValidateUser(txtUserName.Text, txtPWD.Text)) { string strUserId = cms.GetUserID(txtUserName.Text); FormsAuthentication.SetAuthCookie(strUserId, false); Response.Write("UserId is " + strUserId); } } </script> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> </div> <asp:Label ID="lblUserName" runat="server" Text="UserName"></asp:Label> <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox> <br /> <asp:Label ID="lblPWD" runat="server" Text="PWD"></asp:Label> <asp:TextBox ID="txtPWD" runat="server" TextMode="Password"></asp:TextBox> <br /> <br /> <asp:Button ID="btnLogin" runat="server" Text="Login" onclick="btnLogin_Click" /> </form> </body> </html> =============================== 3.Specify custom provider as Membership provider in web.config: =============================== <membership defaultProvider="CustomAspNetSqlMembershipProvider"> <providers> <add name="CustomAspNetSqlMembershipProvider" type="CustomMembership" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" /> </providers> </membership> =============================== For more information, you can refer to implementing a Membership Provider: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx I look forward to receiving your test results. Best Regards, Thomas Sun Microsoft Online Partner Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed to the limited number of phone-based technical support incidents. Complex issues or server-down situations are not recommended for the newsgroups. Issues of this nature are best handled working with a Microsoft Support Engineer using one of your phone-based incidents. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights.
From: SAL on 6 Jan 2010 12:00 Thomas, thank you for the code samples and that doesn't look too bad at all to implement. I will try to do some testing by tomorrow to see how that goes and let you know. SAL "Thomas Sun [MSFT]" <v-thsun(a)online.microsoft.com> wrote in message news:Glw4zMrjKHA.3976(a)TK2MSFTNGHUB02.phx.gbl... > Hi SAL, > > I agree with Gregory. > > When we use ASP.NET Login controls, ASP.NET will automatically use the > membership system to validate a user and set cookie using UserName. > > If you want to use UserId as cookie key, you can create a custom Login > Form > to obtain credentials from user and to validate them against a user store, > and then call FormsAuthentication.SetAuthCookie method with UserId as > parameter in codebehind class. > > By far, we need to retrieve UserId from membership database. To do so, we > can create a custom SqlMembershipProvider to add new function: > GetUserID(string strUserName) . > > For example, we assume that we use connection string "LocalSqlServer?and > use SQL server as database. > > 1.The following is custom SqlMembershipProvider class: > =============================== > public class CustomMembership : SqlMembershipProvider > { > public string GetUserID(string strUserName) > { > string strUserID = ""; > > SqlConnection con = new > SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["L > ocalSqlServer"].ToString()); > SqlCommand com = new SqlCommand("SELECT UserId FROM aspnet_Users > WHERE UserName= @UserName"); > com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = > strUserName; > > try > { > com.Connection = con; > com.Connection.Open(); > object obj = com.ExecuteScalar(); > strUserID = Convert.ToString(obj); > } > catch > { > > } > finally > { > con.Close(); > } > > > return strUserID; > > } > } > =============================== > 2.Create Login Form page and use custom provider to retrieve UserId: > =============================== > <%@ Page Language="C#" %> > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > <script runat="server"> > > protected void btnLogin_Click(object sender, EventArgs e) > { > CustomMembership cms = (CustomMembership)Membership.Provider; > > if (cms.ValidateUser(txtUserName.Text, txtPWD.Text)) > { > string strUserId = cms.GetUserID(txtUserName.Text); > FormsAuthentication.SetAuthCookie(strUserId, false); > Response.Write("UserId is " + strUserId); > } > } > </script> > > <html xmlns="http://www.w3.org/1999/xhtml"> > <head runat="server"> > <title></title> > </head> > <body> > <form id="form1" runat="server"> > <div> > > </div> > <asp:Label ID="lblUserName" runat="server" Text="UserName"></asp:Label> > <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox> > <br /> > <asp:Label ID="lblPWD" runat="server" Text="PWD"></asp:Label> > > <asp:TextBox ID="txtPWD" runat="server" > TextMode="Password"></asp:TextBox> > <br /> > <br /> > <asp:Button ID="btnLogin" runat="server" Text="Login" > onclick="btnLogin_Click" /> > </form> > </body> > </html> > =============================== > 3.Specify custom provider as Membership provider in web.config: > =============================== > <membership defaultProvider="CustomAspNetSqlMembershipProvider"> > > <providers> > > <add > > name="CustomAspNetSqlMembershipProvider" > > type="CustomMembership" > > connectionStringName="LocalSqlServer" > > enablePasswordRetrieval="false" > > enablePasswordReset="true" > > requiresQuestionAndAnswer="true" > > applicationName="/" > > requiresUniqueEmail="false" > > /> > > </providers> > > </membership> > =============================== > > For more information, you can refer to implementing a Membership Provider: > http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx > > > I look forward to receiving your test results. > > > > Best Regards, > Thomas Sun > > Microsoft Online Partner Support > > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed > to the limited number of phone-based technical support incidents. Complex > issues or server-down situations are not recommended for the newsgroups. > Issues of this nature are best handled working with a Microsoft Support > Engineer using one of your phone-based incidents. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no > rights. >
From: Thomas Sun [MSFT] on 6 Jan 2010 21:10 Hi SAL, Thanks for your response. If you have any question, please feel free to let me know. Best Regards, Thomas Sun Microsoft Online Partner Support -------------------- | | Thomas, | thank you for the code samples and that doesn't look too bad at all to | implement. I will try to do some testing by tomorrow to see how that goes | and let you know. | | SAL | |
From: SAL on 7 Jan 2010 12:09 Thomas, it appears we can't go this way after all because of an earlier decision we made to put all users under one application name and hence all applications. This was because management didn't want to have to re-enter users for each application. And, since the aspnet_Users table has a unique constraint on the ApplicationId/UserName fields, we can put duplicate usernames in the database. So, we either need to step back and re-think the thing or redo the whole database. So, we're stepping back. Thanks again for your code samples. I may wind up using them after all. S "Thomas Sun [MSFT]" <v-thsun(a)online.microsoft.com> wrote in message news:Glw4zMrjKHA.3976(a)TK2MSFTNGHUB02.phx.gbl... > Hi SAL, > > I agree with Gregory. > > When we use ASP.NET Login controls, ASP.NET will automatically use the > membership system to validate a user and set cookie using UserName. > > If you want to use UserId as cookie key, you can create a custom Login > Form > to obtain credentials from user and to validate them against a user store, > and then call FormsAuthentication.SetAuthCookie method with UserId as > parameter in codebehind class. > > By far, we need to retrieve UserId from membership database. To do so, we > can create a custom SqlMembershipProvider to add new function: > GetUserID(string strUserName) . > > For example, we assume that we use connection string "LocalSqlServer?and > use SQL server as database. > > 1.The following is custom SqlMembershipProvider class: > =============================== > public class CustomMembership : SqlMembershipProvider > { > public string GetUserID(string strUserName) > { > string strUserID = ""; > > SqlConnection con = new > SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["L > ocalSqlServer"].ToString()); > SqlCommand com = new SqlCommand("SELECT UserId FROM aspnet_Users > WHERE UserName= @UserName"); > com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = > strUserName; > > try > { > com.Connection = con; > com.Connection.Open(); > object obj = com.ExecuteScalar(); > strUserID = Convert.ToString(obj); > } > catch > { > > } > finally > { > con.Close(); > } > > > return strUserID; > > } > } > =============================== > 2.Create Login Form page and use custom provider to retrieve UserId: > =============================== > <%@ Page Language="C#" %> > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > <script runat="server"> > > protected void btnLogin_Click(object sender, EventArgs e) > { > CustomMembership cms = (CustomMembership)Membership.Provider; > > if (cms.ValidateUser(txtUserName.Text, txtPWD.Text)) > { > string strUserId = cms.GetUserID(txtUserName.Text); > FormsAuthentication.SetAuthCookie(strUserId, false); > Response.Write("UserId is " + strUserId); > } > } > </script> > > <html xmlns="http://www.w3.org/1999/xhtml"> > <head runat="server"> > <title></title> > </head> > <body> > <form id="form1" runat="server"> > <div> > > </div> > <asp:Label ID="lblUserName" runat="server" Text="UserName"></asp:Label> > <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox> > <br /> > <asp:Label ID="lblPWD" runat="server" Text="PWD"></asp:Label> > > <asp:TextBox ID="txtPWD" runat="server" > TextMode="Password"></asp:TextBox> > <br /> > <br /> > <asp:Button ID="btnLogin" runat="server" Text="Login" > onclick="btnLogin_Click" /> > </form> > </body> > </html> > =============================== > 3.Specify custom provider as Membership provider in web.config: > =============================== > <membership defaultProvider="CustomAspNetSqlMembershipProvider"> > > <providers> > > <add > > name="CustomAspNetSqlMembershipProvider" > > type="CustomMembership" > > connectionStringName="LocalSqlServer" > > enablePasswordRetrieval="false" > > enablePasswordReset="true" > > requiresQuestionAndAnswer="true" > > applicationName="/" > > requiresUniqueEmail="false" > > /> > > </providers> > > </membership> > =============================== > > For more information, you can refer to implementing a Membership Provider: > http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx > > > I look forward to receiving your test results. > > > > Best Regards, > Thomas Sun > > Microsoft Online Partner Support > > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed > to the limited number of phone-based technical support incidents. Complex > issues or server-down situations are not recommended for the newsgroups. > Issues of this nature are best handled working with a Microsoft Support > Engineer using one of your phone-based incidents. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no > rights. >
From: Thomas Sun [MSFT] on 7 Jan 2010 23:03
Hi SAL, Thanks for your response. We can store information for multiple applications in a single database without duplicate user names, and multiple ASP.NET applications can use the same user database by specifying the same value in the applicationName attribute of SqlMembershipProvider Configuration in web.config. To implement single login for multiple ASP.NET application using Forms Authentication, we need to make sure the validationKey and decryptionKey values in <machineKey> element of these ASP.NET applications are the same. Besides, we also need to ensure the name and path attributes in the <forms> element is same for each application. For more information about SqlMembershipProvider Configuration attribute, see http://msdn.microsoft.com/en-us/library/ms998347.aspx For more information about How do I implement single sign on using forms authentication, see http://msdn.microsoft.com/en-us/library/bb981440.aspx#_How_do_I_7 I look forward to receiving your test results. Best Regards, Thomas Sun Microsoft Online Partner Support -------------------- | | Thomas, | it appears we can't go this way after all because of an earlier decision we | made to put all users under one application name and hence all applications. | This was because management didn't want to have to re-enter users for each | application. And, since the aspnet_Users table has a unique constraint on | the ApplicationId/UserName fields, we can put duplicate usernames in the | database. So, we either need to step back and re-think the thing or redo the | whole database. So, we're stepping back. | | Thanks again for your code samples. I may wind up using them after all. | | S | |