//********************************************************************* // // Register.aspx // // This page enables users to register when Forms authentication is // enabled. // //********************************************************************* protected void SaveUser(Object s, EventArgs e) { if (Page.IsValid) { ITUser objUser = new ITUser(); objUser.Username = txtUsername.Text; objUser.RoleName = Globals.DefaultRoleForNewUser; objUser.Email = txtEmail.Text; objUser.Password = txtPassword.Text; if (!objUser.Save()) { lblError.Text = "Could not save user"; } else { FormsAuthentication.SetAuthCookie(txtUsername.Text, false); Response.Redirect("~/Issues/IssueList.aspx"); } } }
protected void SaveUser(Object s, EventArgs e) { bool isCurrentUser = false; if (Page.IsValid) { ITUser objUser = new ITUser(); if (UserId != 0) { objUser = ITUser.GetUserById(UserId); } objUser.Username = txtUsername.Text; objUser.RoleName = dropRoles.SelectedItem.Text; objUser.Email = txtEmail.Text; if (txtPassword.Text != String.Empty) { objUser.Password = txtPassword.Text; } if (!objUser.Save()) { lblError.Text = "Could not save user"; } else { if (IsCurrentUser) { FormsAuthentication.SignOut(); } Response.Redirect("UserList.aspx"); } } }
//********************************************************************* // // Application_AuthenticateRequest Event // // If the client is authenticated with the application, then determine // which security roles he/she belongs to and replace the "User" intrinsic // with a custom IPrincipal security object that permits "User.IsInRole" // role checks within the application // // Roles are cached in the browser in an in-memory encrypted cookie. If the // cookie doesn't exist yet for this session, create it. // //********************************************************************* protected void Application_AuthenticateRequest(Object sender, EventArgs e) { string userInformation = String.Empty; if (Request.IsAuthenticated == true) { // Create the roles cookie if it doesn't exist yet for this session. if ((Request.Cookies[Globals.UserRoles] == null) || (Request.Cookies[Globals.UserRoles].Value == "")) { // Retrieve the user's role and ID information and add it to // the cookie ITUser user = ITUser.GetUserByUsername(Context.User.Identity.Name); if (user == null) { // The user was not found in the Issue Tracker database so add them using // the default role. Specifying a UserID of 0 will result in the user being // inserted into the database. ITUser newUser = new ITUser(DefaultValues.GetUserIdMinValue(), Context.User.Identity.Name, Globals.DefaultRoleForNewUser); newUser.Save(); user = newUser; } // Create a string to persist the role and user id userInformation = user.Id + ";" + user.RoleName + ";" + user.Username; // Create a cookie authentication ticket. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // version User.Identity.Name, // user name DateTime.Now, // issue time DateTime.Now.AddHours(1), // expires every hour false, // don't persist cookie userInformation ); // Encrypt the ticket String cookieStr = FormsAuthentication.Encrypt(ticket); // Send the cookie to the client Response.Cookies[Globals.UserRoles].Value = cookieStr; Response.Cookies[Globals.UserRoles].Path = "/"; Response.Cookies[Globals.UserRoles].Expires = DateTime.Now.AddMinutes(1); // Add our own custom principal to the request containing the user's identity, the user id, and // the user's role Context.User = new CustomPrincipal(User.Identity, user.Id, user.RoleName, user.Username); } else { // Get roles from roles cookie FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies[Globals.UserRoles].Value); userInformation = ticket.UserData; // Add our own custom principal to the request containing the user's identity, the user id, and // the user's role from the auth ticket string [] info = userInformation.Split(new char[] { ';' }); Context.User = new CustomPrincipal( User.Identity, Convert.ToInt32(info[0].ToString()), info[1].ToString(), info[2].ToString()); } } }