doubletalkin3
Programmer
Hi,
My ASP.NET application uses a combination of forms and Windows authentication methods. The user is automatically authenticated via their windows login (checking their login name in the database), but the user can login manually into the system if they are not at their named machine.
The way I've coded it also means that roles based security also works (User.IsInRole).
It works perfectly on my machine, but on moving it to the web server, it will either authenticate everyone or get stuck in a never ending loop. I'm unsure if this is because its gone from XP Pro (my machine) to Windows Server 2003.
All other functionality seems to work - although problems also seem to arise when trying to logout. Anybody here got any ideas what could be wrong?
Here is my Global.asax.vb code -
Imports System.Web
Imports System.Web.SessionState
Imports System.Web.Security
Imports System.Security.Principal
Imports System.Data
Imports System.Data.SqlClient
Public Class Global
Inherits System.Web.HttpApplication
Public Shared connectionString As String
Public Shared strRoles As String
Public Shared usrUsername As String
Public Shared usrPassword As String
Public Shared usrIsAuthenticated As Boolean
Public Shared usrLogout As Boolean
Public Shared requestPage As String
#Region " Component Designer Generated Code "
Public Sub New()
MyBase.New()
'This call is required by the Component Designer.
InitializeComponent()
'Add any initialization after the InitializeComponent() call
End Sub
'Required by the Component Designer
Private components As System.ComponentModel.IContainer
'NOTE: The following procedure is required by the Component Designer
'It can be modified using the Component Designer.
'Do not modify it using the code editor.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
components = New System.ComponentModel.Container
End Sub
#End Region
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the application is started
Global.connectionString = "SQL Connection String"
End Sub
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
End Sub
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires at the beginning of each request
End Sub
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If Request.ServerVariables("SCRIPT_NAME").ToLower() <> "/projectwolves/login.aspx" Then
If Global.usrIsAuthenticated = False Then
If isValidUser(Request.ServerVariables("LOGON_USER"), "", False) = False _
Or usrLogout = True Then
Global.requestPage = Request.ServerVariables("SCRIPT_NAME")
If Request.ServerVariables("QUERY_STRING") <> "" Then
Global.requestPage &= "?" & Request.ServerVariables("QUERY_STRING")
End If
Response.Redirect("login.aspx")
Else
Global.usrIsAuthenticated = True
Global.usrLogout = False
Global.usrUsername = Request.ServerVariables("LOGON_USER")
End If
End If
End If
End Sub
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' Fires when an error occurs
End Sub
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the session ends
usrIsAuthenticated = False
End Sub
Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
usrIsAuthenticated = False
End Sub
Public Shared Function isValidUser(ByVal username As String, ByVal password As String, ByVal checkPassword As Boolean) As Boolean
Dim mySQL As String
Dim myCon As SqlConnection
Dim myCommand As SqlCommand
Dim lookupUser As String
myCon = New SqlConnection(connectionString)
lookupUser = Nothing
If checkPassword = True Then
mySQL = "SELECT LoginName FROM pmPeople " & _
"WHERE LoginName = '" & username & "' AND password='" & password & "'"
Else
mySQL = "SELECT LoginName FROM pmPeople " & _
"WHERE LoginName = '" & username & "'"
End If
myCon.Open()
myCommand = New SqlCommand(mySQL, myCon)
lookupUser = myCommand.ExecuteScalar()
myCon.Close()
If Not lookupUser Is Nothing Then
Return True
Else
Return False
End If
End Function
Sub FormsAuthentication_Authenticate(ByVal s As Object, ByVal e As FormsAuthenticationEventArgs)
'This function assigns roles such as admin, manager to the user so that they can access
'certain areas of the site.
Dim mySQL As String
Dim myCon As SqlConnection
Dim myCommand As SqlCommand
Dim roleList As New ArrayList
myCon = New SqlConnection(connectionString)
mySQL = "SELECT RoleName FROM pmUserRoles WHERE LoginName = '" & usrUsername & "'"
myCon.Open()
myCommand = New SqlCommand(mySQL, myCon)
Dim myReader As SqlDataReader
myReader = myCommand.ExecuteReader()
While myReader.Read()
roleList.Add(myReader("RoleName"))
End While
Dim roleListArray As String() = roleList.ToArray(GetType(String))
Dim identity As GenericIdentity = New GenericIdentity(Request.ServerVariables("LOGON_USER"))
e.User = New GenericPrincipal(identity, roleListArray)
myCon.Close()
End Sub
End Class
My ASP.NET application uses a combination of forms and Windows authentication methods. The user is automatically authenticated via their windows login (checking their login name in the database), but the user can login manually into the system if they are not at their named machine.
The way I've coded it also means that roles based security also works (User.IsInRole).
It works perfectly on my machine, but on moving it to the web server, it will either authenticate everyone or get stuck in a never ending loop. I'm unsure if this is because its gone from XP Pro (my machine) to Windows Server 2003.
All other functionality seems to work - although problems also seem to arise when trying to logout. Anybody here got any ideas what could be wrong?
Here is my Global.asax.vb code -
Imports System.Web
Imports System.Web.SessionState
Imports System.Web.Security
Imports System.Security.Principal
Imports System.Data
Imports System.Data.SqlClient
Public Class Global
Inherits System.Web.HttpApplication
Public Shared connectionString As String
Public Shared strRoles As String
Public Shared usrUsername As String
Public Shared usrPassword As String
Public Shared usrIsAuthenticated As Boolean
Public Shared usrLogout As Boolean
Public Shared requestPage As String
#Region " Component Designer Generated Code "
Public Sub New()
MyBase.New()
'This call is required by the Component Designer.
InitializeComponent()
'Add any initialization after the InitializeComponent() call
End Sub
'Required by the Component Designer
Private components As System.ComponentModel.IContainer
'NOTE: The following procedure is required by the Component Designer
'It can be modified using the Component Designer.
'Do not modify it using the code editor.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
components = New System.ComponentModel.Container
End Sub
#End Region
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the application is started
Global.connectionString = "SQL Connection String"
End Sub
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
End Sub
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires at the beginning of each request
End Sub
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If Request.ServerVariables("SCRIPT_NAME").ToLower() <> "/projectwolves/login.aspx" Then
If Global.usrIsAuthenticated = False Then
If isValidUser(Request.ServerVariables("LOGON_USER"), "", False) = False _
Or usrLogout = True Then
Global.requestPage = Request.ServerVariables("SCRIPT_NAME")
If Request.ServerVariables("QUERY_STRING") <> "" Then
Global.requestPage &= "?" & Request.ServerVariables("QUERY_STRING")
End If
Response.Redirect("login.aspx")
Else
Global.usrIsAuthenticated = True
Global.usrLogout = False
Global.usrUsername = Request.ServerVariables("LOGON_USER")
End If
End If
End If
End Sub
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' Fires when an error occurs
End Sub
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the session ends
usrIsAuthenticated = False
End Sub
Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
usrIsAuthenticated = False
End Sub
Public Shared Function isValidUser(ByVal username As String, ByVal password As String, ByVal checkPassword As Boolean) As Boolean
Dim mySQL As String
Dim myCon As SqlConnection
Dim myCommand As SqlCommand
Dim lookupUser As String
myCon = New SqlConnection(connectionString)
lookupUser = Nothing
If checkPassword = True Then
mySQL = "SELECT LoginName FROM pmPeople " & _
"WHERE LoginName = '" & username & "' AND password='" & password & "'"
Else
mySQL = "SELECT LoginName FROM pmPeople " & _
"WHERE LoginName = '" & username & "'"
End If
myCon.Open()
myCommand = New SqlCommand(mySQL, myCon)
lookupUser = myCommand.ExecuteScalar()
myCon.Close()
If Not lookupUser Is Nothing Then
Return True
Else
Return False
End If
End Function
Sub FormsAuthentication_Authenticate(ByVal s As Object, ByVal e As FormsAuthenticationEventArgs)
'This function assigns roles such as admin, manager to the user so that they can access
'certain areas of the site.
Dim mySQL As String
Dim myCon As SqlConnection
Dim myCommand As SqlCommand
Dim roleList As New ArrayList
myCon = New SqlConnection(connectionString)
mySQL = "SELECT RoleName FROM pmUserRoles WHERE LoginName = '" & usrUsername & "'"
myCon.Open()
myCommand = New SqlCommand(mySQL, myCon)
Dim myReader As SqlDataReader
myReader = myCommand.ExecuteReader()
While myReader.Read()
roleList.Add(myReader("RoleName"))
End While
Dim roleListArray As String() = roleList.ToArray(GetType(String))
Dim identity As GenericIdentity = New GenericIdentity(Request.ServerVariables("LOGON_USER"))
e.User = New GenericPrincipal(identity, roleListArray)
myCon.Close()
End Sub
End Class