-2

I'm building a web application using the default master template in VS2010 - very new to doing this. I'm also using the Login.aspx page, but instead of using the built in user validation, my user info is in a database table. So Following instructions I found, I'm doing something wery similar to this:

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) 
{ 
    Boolean bauthenticated = false; 
    bauthenticated = isValidUser(Login1.UserName, Login1.Password); 
    if (bauthenticated) 
    { 
        e.Authenticated = true; 
    } 
    else 
    { 
        e.Authenticated = false; 
    } 
}

The problem is that I put the method isValidUser in a .dll so it could be used elsewhere, and it is not receiving the password because the default behaivor is to blank it out. I even tried to set a string variable to Login1.Password, and pass the variable without success. I understand why this is happening, but can't find any info as to how to do this correctly. Do I need to put the user name and password into an object and pass that to my class constructor? I really don't want to connect to my database from every Login.aspx page I create to avoid sending the password over http.

oopbase
  • 11,157
  • 12
  • 40
  • 59
Brian
  • 548
  • 2
  • 8
  • 22
  • check your method isValidUser – Krunal Mevada Aug 09 '12 at 11:40
  • What type of object is `Login1`? – Andre Calil Aug 09 '12 at 11:40
  • 1
    Correct me if I am wrong here, but isn't the answer to simply **not blank out the password**? Can you post the code for `isValidUser`? FYI - your code could be shortened to 1 line: `e.Authenticated = isValidUser(Login1.UserName, Login1.Password)`. – James Aug 09 '12 at 11:40
  • Um - I've spent 2 days researching this, including here. I always post questions as a last resort so not sure why this was marked as not showing effort or not useful. – Brian Aug 09 '12 at 11:52
  • @Andre Calil - Login1 is and asp:login control which is located on Login.aspx – Brian Aug 09 '12 at 11:53
  • See number 4 here: http://forums.asp.net/t/1403132.aspx – Brian Aug 09 '12 at 12:01

1 Answers1

0

Try to use the following code.

protected void LoginButton_Click(object sender, EventArgs e)
    {
        try
        {
            dtUserDetails = new DataTable();
            if (UserRepositoryBL.ValidateUser(LoginUser.UserName.Trim(), LoginUser.Password.Trim(), out dtUserDetails))
            {

                AuthUser au = new AuthUser();
                if (dtUserDetails.Rows.Count > 0)
                {
                    DataRow DR = dtUserDetails.Rows[0];
                    au.UserID = Convert.ToInt32(DR["UserID"].ToString());
                    au.UserNo = DR["UserNo"].ToString();
                    au.UserName = DR["UserName"].ToString();
                    au.Password = DR["Password"].ToString();
                }
                string userData = au.ToString();
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

             1,                             // Version number

             LoginUser.UserName.Trim(),      // Username

             DateTime.Now,                  // Issue date

             DateTime.Now.AddMinutes(60), // Expiration date

             false,                         // Persistent?

             userData                 // User data

         );



                string eticket = FormsAuthentication.Encrypt(ticket);

                HttpCookie cookie = new HttpCookie

                     (FormsAuthentication.FormsCookieName, eticket);

                Response.Cookies.Add(cookie);


                BasePage.ActivityLog("User Login", LoginUser.UserName.Trim(), true, Request.RawUrl);
                string url = FormsAuthentication.GetRedirectUrl(LoginUser.UserName, false);

                Response.Redirect(url);

                //  FormsAuthentication.RedirectFromLoginPage(LoginUser.UserName, false);

            }
            else
            {
                LoginUser.FailureText = "Your login attempt was not successful. Please try again.";
            }

        }
        catch (Exception ex)
        {
            throw ex;
        }
    }

dtUserDetails is a out parameter which contains the user details like password,username,etc.. on successful login.datatable returns empty if invalid login.with in userData string all those information will be available.then u can retrieve those from any page using User Authenticated Ticket

chamara
  • 12,649
  • 32
  • 134
  • 210
  • Thanks, but how am I getting a successful login if I'm authenticating user name and password in my own database? I'm not using the membership model - see my last comment above. – Brian Aug 09 '12 at 12:06
  • this code also doesn't use membership.UserRepositoryBL.ValidateUser(LoginUser.UserName.Trim(), LoginUser.Password.Trim(), out dtUserDetails) methods calls to you'r own database – chamara Aug 09 '12 at 12:59
  • sorry for my confusion, but are you suggesting that I save user name and password in a DataTable and pass it to my .dll? – Brian Aug 09 '12 at 13:25